Date
July 2, 2025, 11:10 a.m.
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 23.236901] ================================================================== [ 23.237389] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 23.237737] Read of size 18446744073709551614 at addr ffff888105895684 by task kunit_try_catch/228 [ 23.238175] [ 23.238286] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.238350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.238363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.238383] Call Trace: [ 23.238395] <TASK> [ 23.238410] dump_stack_lvl+0x73/0xb0 [ 23.238437] print_report+0xd1/0x650 [ 23.238459] ? __virt_addr_valid+0x1db/0x2d0 [ 23.238480] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.238503] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.238528] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.238552] kasan_report+0x141/0x180 [ 23.238573] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.238601] kasan_check_range+0x10c/0x1c0 [ 23.238623] __asan_memmove+0x27/0x70 [ 23.238646] kmalloc_memmove_negative_size+0x171/0x330 [ 23.238669] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.238717] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.238745] kunit_try_run_case+0x1a5/0x480 [ 23.238770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.238792] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.238813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.238834] ? __kthread_parkme+0x82/0x180 [ 23.238854] ? preempt_count_sub+0x50/0x80 [ 23.238876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.238900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.238924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.238947] kthread+0x337/0x6f0 [ 23.238966] ? trace_preempt_on+0x20/0xc0 [ 23.239005] ? __pfx_kthread+0x10/0x10 [ 23.239026] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.239062] ? calculate_sigpending+0x7b/0xa0 [ 23.239085] ? __pfx_kthread+0x10/0x10 [ 23.239106] ret_from_fork+0x116/0x1d0 [ 23.239124] ? __pfx_kthread+0x10/0x10 [ 23.239144] ret_from_fork_asm+0x1a/0x30 [ 23.239174] </TASK> [ 23.239185] [ 23.246911] Allocated by task 228: [ 23.247036] kasan_save_stack+0x45/0x70 [ 23.247165] kasan_save_track+0x18/0x40 [ 23.247335] kasan_save_alloc_info+0x3b/0x50 [ 23.247611] __kasan_kmalloc+0xb7/0xc0 [ 23.248008] __kmalloc_cache_noprof+0x189/0x420 [ 23.248343] kmalloc_memmove_negative_size+0xac/0x330 [ 23.248739] kunit_try_run_case+0x1a5/0x480 [ 23.248958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.249482] kthread+0x337/0x6f0 [ 23.249754] ret_from_fork+0x116/0x1d0 [ 23.249942] ret_from_fork_asm+0x1a/0x30 [ 23.250089] [ 23.250154] The buggy address belongs to the object at ffff888105895680 [ 23.250154] which belongs to the cache kmalloc-64 of size 64 [ 23.250676] The buggy address is located 4 bytes inside of [ 23.250676] 64-byte region [ffff888105895680, ffff8881058956c0) [ 23.251356] [ 23.251481] The buggy address belongs to the physical page: [ 23.251856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105895 [ 23.252100] flags: 0x200000000000000(node=0|zone=2) [ 23.252253] page_type: f5(slab) [ 23.252376] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.253032] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.253407] page dumped because: kasan: bad access detected [ 23.253816] [ 23.253913] Memory state around the buggy address: [ 23.254282] ffff888105895580: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 23.254670] ffff888105895600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.254966] >ffff888105895680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.255302] ^ [ 23.255504] ffff888105895700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.255888] ffff888105895780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.256179] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 23.208990] ================================================================== [ 23.209447] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.209919] Write of size 16 at addr ffff888105898069 by task kunit_try_catch/226 [ 23.210387] [ 23.210507] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.210557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.210571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.210592] Call Trace: [ 23.210606] <TASK> [ 23.210623] dump_stack_lvl+0x73/0xb0 [ 23.210652] print_report+0xd1/0x650 [ 23.210806] ? __virt_addr_valid+0x1db/0x2d0 [ 23.210944] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.210968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.210993] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.211016] kasan_report+0x141/0x180 [ 23.211038] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.211064] kasan_check_range+0x10c/0x1c0 [ 23.211086] __asan_memset+0x27/0x50 [ 23.211109] kmalloc_oob_memset_16+0x166/0x330 [ 23.211130] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.211152] ? __schedule+0x10cc/0x2b60 [ 23.211172] ? __pfx_read_tsc+0x10/0x10 [ 23.211193] ? ktime_get_ts64+0x86/0x230 [ 23.211217] kunit_try_run_case+0x1a5/0x480 [ 23.211242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.211264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.211285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.211318] ? __kthread_parkme+0x82/0x180 [ 23.211338] ? preempt_count_sub+0x50/0x80 [ 23.211360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.211384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.211409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.211432] kthread+0x337/0x6f0 [ 23.211451] ? trace_preempt_on+0x20/0xc0 [ 23.211473] ? __pfx_kthread+0x10/0x10 [ 23.211504] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.211527] ? calculate_sigpending+0x7b/0xa0 [ 23.211549] ? __pfx_kthread+0x10/0x10 [ 23.211570] ret_from_fork+0x116/0x1d0 [ 23.211589] ? __pfx_kthread+0x10/0x10 [ 23.211608] ret_from_fork_asm+0x1a/0x30 [ 23.211638] </TASK> [ 23.211650] [ 23.219085] Allocated by task 226: [ 23.219261] kasan_save_stack+0x45/0x70 [ 23.219472] kasan_save_track+0x18/0x40 [ 23.220525] kasan_save_alloc_info+0x3b/0x50 [ 23.221144] __kasan_kmalloc+0xb7/0xc0 [ 23.221360] __kmalloc_cache_noprof+0x189/0x420 [ 23.221809] kmalloc_oob_memset_16+0xac/0x330 [ 23.221989] kunit_try_run_case+0x1a5/0x480 [ 23.222264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.222749] kthread+0x337/0x6f0 [ 23.222899] ret_from_fork+0x116/0x1d0 [ 23.223215] ret_from_fork_asm+0x1a/0x30 [ 23.223559] [ 23.223809] The buggy address belongs to the object at ffff888105898000 [ 23.223809] which belongs to the cache kmalloc-128 of size 128 [ 23.224325] The buggy address is located 105 bytes inside of [ 23.224325] allocated 120-byte region [ffff888105898000, ffff888105898078) [ 23.225176] [ 23.225388] The buggy address belongs to the physical page: [ 23.225657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 23.226272] flags: 0x200000000000000(node=0|zone=2) [ 23.226623] page_type: f5(slab) [ 23.226852] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.227272] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.227804] page dumped because: kasan: bad access detected [ 23.228130] [ 23.228249] Memory state around the buggy address: [ 23.228718] ffff888105897f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.229147] ffff888105897f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.229561] >ffff888105898000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.230081] ^ [ 23.230401] ffff888105898080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.230894] ffff888105898100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.231373] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 23.186864] ================================================================== [ 23.187369] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 23.187924] Write of size 8 at addr ffff888105887f71 by task kunit_try_catch/224 [ 23.188217] [ 23.188331] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.188403] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.188415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.188435] Call Trace: [ 23.188447] <TASK> [ 23.188479] dump_stack_lvl+0x73/0xb0 [ 23.188518] print_report+0xd1/0x650 [ 23.188540] ? __virt_addr_valid+0x1db/0x2d0 [ 23.188562] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.188583] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.188608] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.188629] kasan_report+0x141/0x180 [ 23.188650] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.188719] kasan_check_range+0x10c/0x1c0 [ 23.188745] __asan_memset+0x27/0x50 [ 23.188789] kmalloc_oob_memset_8+0x166/0x330 [ 23.188812] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.188834] ? __schedule+0x10cc/0x2b60 [ 23.188855] ? __pfx_read_tsc+0x10/0x10 [ 23.188877] ? ktime_get_ts64+0x86/0x230 [ 23.188901] kunit_try_run_case+0x1a5/0x480 [ 23.188925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.188948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.188969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.188991] ? __kthread_parkme+0x82/0x180 [ 23.189010] ? preempt_count_sub+0x50/0x80 [ 23.189033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.189058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.189098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.189124] kthread+0x337/0x6f0 [ 23.189143] ? trace_preempt_on+0x20/0xc0 [ 23.189166] ? __pfx_kthread+0x10/0x10 [ 23.189187] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.189211] ? calculate_sigpending+0x7b/0xa0 [ 23.189234] ? __pfx_kthread+0x10/0x10 [ 23.189272] ret_from_fork+0x116/0x1d0 [ 23.189290] ? __pfx_kthread+0x10/0x10 [ 23.189322] ret_from_fork_asm+0x1a/0x30 [ 23.189352] </TASK> [ 23.189364] [ 23.197258] Allocated by task 224: [ 23.197474] kasan_save_stack+0x45/0x70 [ 23.197806] kasan_save_track+0x18/0x40 [ 23.198024] kasan_save_alloc_info+0x3b/0x50 [ 23.198234] __kasan_kmalloc+0xb7/0xc0 [ 23.198432] __kmalloc_cache_noprof+0x189/0x420 [ 23.198728] kmalloc_oob_memset_8+0xac/0x330 [ 23.198962] kunit_try_run_case+0x1a5/0x480 [ 23.199121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.199338] kthread+0x337/0x6f0 [ 23.199510] ret_from_fork+0x116/0x1d0 [ 23.199757] ret_from_fork_asm+0x1a/0x30 [ 23.199996] [ 23.200098] The buggy address belongs to the object at ffff888105887f00 [ 23.200098] which belongs to the cache kmalloc-128 of size 128 [ 23.200581] The buggy address is located 113 bytes inside of [ 23.200581] allocated 120-byte region [ffff888105887f00, ffff888105887f78) [ 23.201105] [ 23.201172] The buggy address belongs to the physical page: [ 23.201394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 23.202063] flags: 0x200000000000000(node=0|zone=2) [ 23.202243] page_type: f5(slab) [ 23.202452] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.202978] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.203281] page dumped because: kasan: bad access detected [ 23.203542] [ 23.203699] Memory state around the buggy address: [ 23.203930] ffff888105887e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.204223] ffff888105887e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.204590] >ffff888105887f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.204947] ^ [ 23.205220] ffff888105887f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.205554] ffff888105888000: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 23.205981] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 23.161103] ================================================================== [ 23.162323] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.163096] Write of size 4 at addr ffff888104950475 by task kunit_try_catch/222 [ 23.163481] [ 23.163679] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.163727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.163740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.163760] Call Trace: [ 23.163773] <TASK> [ 23.163788] dump_stack_lvl+0x73/0xb0 [ 23.163838] print_report+0xd1/0x650 [ 23.163860] ? __virt_addr_valid+0x1db/0x2d0 [ 23.163882] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.163953] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.163983] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.164006] kasan_report+0x141/0x180 [ 23.164027] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.164064] kasan_check_range+0x10c/0x1c0 [ 23.164087] __asan_memset+0x27/0x50 [ 23.164110] kmalloc_oob_memset_4+0x166/0x330 [ 23.164142] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.164164] ? __schedule+0x10cc/0x2b60 [ 23.164186] ? __pfx_read_tsc+0x10/0x10 [ 23.164207] ? ktime_get_ts64+0x86/0x230 [ 23.164231] kunit_try_run_case+0x1a5/0x480 [ 23.164256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.164280] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.164301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.164331] ? __kthread_parkme+0x82/0x180 [ 23.164352] ? preempt_count_sub+0x50/0x80 [ 23.164383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.164408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.164431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.164465] kthread+0x337/0x6f0 [ 23.164485] ? trace_preempt_on+0x20/0xc0 [ 23.164517] ? __pfx_kthread+0x10/0x10 [ 23.164538] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.164561] ? calculate_sigpending+0x7b/0xa0 [ 23.164584] ? __pfx_kthread+0x10/0x10 [ 23.164606] ret_from_fork+0x116/0x1d0 [ 23.164625] ? __pfx_kthread+0x10/0x10 [ 23.164645] ret_from_fork_asm+0x1a/0x30 [ 23.164708] </TASK> [ 23.164722] [ 23.175614] Allocated by task 222: [ 23.175784] kasan_save_stack+0x45/0x70 [ 23.175931] kasan_save_track+0x18/0x40 [ 23.176060] kasan_save_alloc_info+0x3b/0x50 [ 23.176262] __kasan_kmalloc+0xb7/0xc0 [ 23.176546] __kmalloc_cache_noprof+0x189/0x420 [ 23.176718] kmalloc_oob_memset_4+0xac/0x330 [ 23.176857] kunit_try_run_case+0x1a5/0x480 [ 23.177058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.177316] kthread+0x337/0x6f0 [ 23.177484] ret_from_fork+0x116/0x1d0 [ 23.177648] ret_from_fork_asm+0x1a/0x30 [ 23.177919] [ 23.177998] The buggy address belongs to the object at ffff888104950400 [ 23.177998] which belongs to the cache kmalloc-128 of size 128 [ 23.178398] The buggy address is located 117 bytes inside of [ 23.178398] allocated 120-byte region [ffff888104950400, ffff888104950478) [ 23.178871] [ 23.179063] The buggy address belongs to the physical page: [ 23.179290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.179669] flags: 0x200000000000000(node=0|zone=2) [ 23.179965] page_type: f5(slab) [ 23.180123] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.180372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.180583] page dumped because: kasan: bad access detected [ 23.180743] [ 23.180807] Memory state around the buggy address: [ 23.181135] ffff888104950300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.181476] ffff888104950380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.182033] >ffff888104950400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.182420] ^ [ 23.183009] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.183360] ffff888104950500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.184373] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 23.127253] ================================================================== [ 23.127770] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.128051] Write of size 2 at addr ffff888104950377 by task kunit_try_catch/220 [ 23.128415] [ 23.128559] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.128627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.128640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.128902] Call Trace: [ 23.128922] <TASK> [ 23.128940] dump_stack_lvl+0x73/0xb0 [ 23.128985] print_report+0xd1/0x650 [ 23.129007] ? __virt_addr_valid+0x1db/0x2d0 [ 23.129032] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.129052] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.129077] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.129130] kasan_report+0x141/0x180 [ 23.129151] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.129199] kasan_check_range+0x10c/0x1c0 [ 23.129222] __asan_memset+0x27/0x50 [ 23.129245] kmalloc_oob_memset_2+0x166/0x330 [ 23.129266] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.129288] ? __schedule+0x10cc/0x2b60 [ 23.129318] ? __pfx_read_tsc+0x10/0x10 [ 23.129339] ? ktime_get_ts64+0x86/0x230 [ 23.129364] kunit_try_run_case+0x1a5/0x480 [ 23.129390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.129413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.129435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.129456] ? __kthread_parkme+0x82/0x180 [ 23.129496] ? preempt_count_sub+0x50/0x80 [ 23.129519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.129544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.129567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.129591] kthread+0x337/0x6f0 [ 23.129610] ? trace_preempt_on+0x20/0xc0 [ 23.129633] ? __pfx_kthread+0x10/0x10 [ 23.129654] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.129749] ? calculate_sigpending+0x7b/0xa0 [ 23.129774] ? __pfx_kthread+0x10/0x10 [ 23.129796] ret_from_fork+0x116/0x1d0 [ 23.129814] ? __pfx_kthread+0x10/0x10 [ 23.129835] ret_from_fork_asm+0x1a/0x30 [ 23.129865] </TASK> [ 23.129877] [ 23.142472] Allocated by task 220: [ 23.142816] kasan_save_stack+0x45/0x70 [ 23.143252] kasan_save_track+0x18/0x40 [ 23.143674] kasan_save_alloc_info+0x3b/0x50 [ 23.144113] __kasan_kmalloc+0xb7/0xc0 [ 23.144593] __kmalloc_cache_noprof+0x189/0x420 [ 23.145030] kmalloc_oob_memset_2+0xac/0x330 [ 23.145389] kunit_try_run_case+0x1a5/0x480 [ 23.145913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.146297] kthread+0x337/0x6f0 [ 23.146426] ret_from_fork+0x116/0x1d0 [ 23.146580] ret_from_fork_asm+0x1a/0x30 [ 23.147025] [ 23.147194] The buggy address belongs to the object at ffff888104950300 [ 23.147194] which belongs to the cache kmalloc-128 of size 128 [ 23.148547] The buggy address is located 119 bytes inside of [ 23.148547] allocated 120-byte region [ffff888104950300, ffff888104950378) [ 23.149429] [ 23.149603] The buggy address belongs to the physical page: [ 23.149954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.150194] flags: 0x200000000000000(node=0|zone=2) [ 23.150365] page_type: f5(slab) [ 23.150484] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.151346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.152190] page dumped because: kasan: bad access detected [ 23.152712] [ 23.152969] Memory state around the buggy address: [ 23.153412] ffff888104950200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.154209] ffff888104950280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.154651] >ffff888104950300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.155077] ^ [ 23.155745] ffff888104950380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.156533] ffff888104950400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.157081] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 23.102108] ================================================================== [ 23.103568] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.104493] Write of size 128 at addr ffff888105887e00 by task kunit_try_catch/218 [ 23.105213] [ 23.105320] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.105371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.105385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.105406] Call Trace: [ 23.105419] <TASK> [ 23.105435] dump_stack_lvl+0x73/0xb0 [ 23.105464] print_report+0xd1/0x650 [ 23.105511] ? __virt_addr_valid+0x1db/0x2d0 [ 23.105534] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.105554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.105631] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.105652] kasan_report+0x141/0x180 [ 23.105734] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.105764] kasan_check_range+0x10c/0x1c0 [ 23.105799] __asan_memset+0x27/0x50 [ 23.105821] kmalloc_oob_in_memset+0x15f/0x320 [ 23.105854] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.105876] ? __schedule+0x10cc/0x2b60 [ 23.105896] ? __pfx_read_tsc+0x10/0x10 [ 23.105918] ? ktime_get_ts64+0x86/0x230 [ 23.105942] kunit_try_run_case+0x1a5/0x480 [ 23.105967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.105989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.106010] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.106031] ? __kthread_parkme+0x82/0x180 [ 23.106051] ? preempt_count_sub+0x50/0x80 [ 23.106074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.106098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.106121] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.106144] kthread+0x337/0x6f0 [ 23.106163] ? trace_preempt_on+0x20/0xc0 [ 23.106186] ? __pfx_kthread+0x10/0x10 [ 23.106206] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.106229] ? calculate_sigpending+0x7b/0xa0 [ 23.106252] ? __pfx_kthread+0x10/0x10 [ 23.106273] ret_from_fork+0x116/0x1d0 [ 23.106291] ? __pfx_kthread+0x10/0x10 [ 23.106322] ret_from_fork_asm+0x1a/0x30 [ 23.106351] </TASK> [ 23.106363] [ 23.115488] Allocated by task 218: [ 23.115633] kasan_save_stack+0x45/0x70 [ 23.115946] kasan_save_track+0x18/0x40 [ 23.116139] kasan_save_alloc_info+0x3b/0x50 [ 23.116358] __kasan_kmalloc+0xb7/0xc0 [ 23.116623] __kmalloc_cache_noprof+0x189/0x420 [ 23.116959] kmalloc_oob_in_memset+0xac/0x320 [ 23.117158] kunit_try_run_case+0x1a5/0x480 [ 23.117373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.117568] kthread+0x337/0x6f0 [ 23.117684] ret_from_fork+0x116/0x1d0 [ 23.117825] ret_from_fork_asm+0x1a/0x30 [ 23.117992] [ 23.118060] The buggy address belongs to the object at ffff888105887e00 [ 23.118060] which belongs to the cache kmalloc-128 of size 128 [ 23.118561] The buggy address is located 0 bytes inside of [ 23.118561] allocated 120-byte region [ffff888105887e00, ffff888105887e78) [ 23.119038] [ 23.119126] The buggy address belongs to the physical page: [ 23.119653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 23.120052] flags: 0x200000000000000(node=0|zone=2) [ 23.120288] page_type: f5(slab) [ 23.120445] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.120918] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.121142] page dumped because: kasan: bad access detected [ 23.121317] [ 23.121389] Memory state around the buggy address: [ 23.121743] ffff888105887d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.122074] ffff888105887d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.122453] >ffff888105887e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.122845] ^ [ 23.123154] ffff888105887e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.123402] ffff888105887f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.124000] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 23.075276] ================================================================== [ 23.075747] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 23.076044] Read of size 16 at addr ffff8881048b6380 by task kunit_try_catch/216 [ 23.076489] [ 23.076601] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.076660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.076673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.076704] Call Trace: [ 23.076716] <TASK> [ 23.076731] dump_stack_lvl+0x73/0xb0 [ 23.076760] print_report+0xd1/0x650 [ 23.076781] ? __virt_addr_valid+0x1db/0x2d0 [ 23.076803] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.076823] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.076848] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.076869] kasan_report+0x141/0x180 [ 23.076890] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.076914] __asan_report_load16_noabort+0x18/0x20 [ 23.076938] kmalloc_uaf_16+0x47b/0x4c0 [ 23.076958] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 23.076979] ? __schedule+0x10cc/0x2b60 [ 23.077000] ? __pfx_read_tsc+0x10/0x10 [ 23.077021] ? ktime_get_ts64+0x86/0x230 [ 23.077045] kunit_try_run_case+0x1a5/0x480 [ 23.077070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.077093] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.077114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.077135] ? __kthread_parkme+0x82/0x180 [ 23.077155] ? preempt_count_sub+0x50/0x80 [ 23.077178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.077202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.077226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.077249] kthread+0x337/0x6f0 [ 23.077268] ? trace_preempt_on+0x20/0xc0 [ 23.077291] ? __pfx_kthread+0x10/0x10 [ 23.077323] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.077346] ? calculate_sigpending+0x7b/0xa0 [ 23.077369] ? __pfx_kthread+0x10/0x10 [ 23.077390] ret_from_fork+0x116/0x1d0 [ 23.077409] ? __pfx_kthread+0x10/0x10 [ 23.077429] ret_from_fork_asm+0x1a/0x30 [ 23.077458] </TASK> [ 23.077470] [ 23.084267] Allocated by task 216: [ 23.084402] kasan_save_stack+0x45/0x70 [ 23.084538] kasan_save_track+0x18/0x40 [ 23.084667] kasan_save_alloc_info+0x3b/0x50 [ 23.084869] __kasan_kmalloc+0xb7/0xc0 [ 23.085046] __kmalloc_cache_noprof+0x189/0x420 [ 23.085257] kmalloc_uaf_16+0x15b/0x4c0 [ 23.085596] kunit_try_run_case+0x1a5/0x480 [ 23.085917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.086108] kthread+0x337/0x6f0 [ 23.086222] ret_from_fork+0x116/0x1d0 [ 23.086387] ret_from_fork_asm+0x1a/0x30 [ 23.086563] [ 23.086629] Freed by task 216: [ 23.086738] kasan_save_stack+0x45/0x70 [ 23.086983] kasan_save_track+0x18/0x40 [ 23.087147] kasan_save_free_info+0x3f/0x60 [ 23.087329] __kasan_slab_free+0x56/0x70 [ 23.087546] kfree+0x222/0x3f0 [ 23.087683] kmalloc_uaf_16+0x1d6/0x4c0 [ 23.087848] kunit_try_run_case+0x1a5/0x480 [ 23.088020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.088240] kthread+0x337/0x6f0 [ 23.088414] ret_from_fork+0x116/0x1d0 [ 23.088638] ret_from_fork_asm+0x1a/0x30 [ 23.088822] [ 23.088902] The buggy address belongs to the object at ffff8881048b6380 [ 23.088902] which belongs to the cache kmalloc-16 of size 16 [ 23.090388] The buggy address is located 0 bytes inside of [ 23.090388] freed 16-byte region [ffff8881048b6380, ffff8881048b6390) [ 23.090749] [ 23.090820] The buggy address belongs to the physical page: [ 23.091136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048b6 [ 23.091862] flags: 0x200000000000000(node=0|zone=2) [ 23.092297] page_type: f5(slab) [ 23.092641] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.093358] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.094095] page dumped because: kasan: bad access detected [ 23.094589] [ 23.094707] Memory state around the buggy address: [ 23.095068] ffff8881048b6280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.095283] ffff8881048b6300: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 23.095525] >ffff8881048b6380: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.096187] ^ [ 23.096490] ffff8881048b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.097190] ffff8881048b6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.097930] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 23.054954] ================================================================== [ 23.055379] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 23.055629] Write of size 16 at addr ffff8881048b6320 by task kunit_try_catch/214 [ 23.056018] [ 23.056131] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.056180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.056193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.056213] Call Trace: [ 23.056226] <TASK> [ 23.056242] dump_stack_lvl+0x73/0xb0 [ 23.056271] print_report+0xd1/0x650 [ 23.056292] ? __virt_addr_valid+0x1db/0x2d0 [ 23.056328] ? kmalloc_oob_16+0x452/0x4a0 [ 23.056348] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.056373] ? kmalloc_oob_16+0x452/0x4a0 [ 23.056394] kasan_report+0x141/0x180 [ 23.056415] ? kmalloc_oob_16+0x452/0x4a0 [ 23.056440] __asan_report_store16_noabort+0x1b/0x30 [ 23.056464] kmalloc_oob_16+0x452/0x4a0 [ 23.056484] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.056518] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.056543] kunit_try_run_case+0x1a5/0x480 [ 23.056568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.056591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.056612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.056633] ? __kthread_parkme+0x82/0x180 [ 23.056653] ? preempt_count_sub+0x50/0x80 [ 23.056686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.056711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.056734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.056758] kthread+0x337/0x6f0 [ 23.056778] ? trace_preempt_on+0x20/0xc0 [ 23.056801] ? __pfx_kthread+0x10/0x10 [ 23.056821] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.056845] ? calculate_sigpending+0x7b/0xa0 [ 23.056868] ? __pfx_kthread+0x10/0x10 [ 23.056889] ret_from_fork+0x116/0x1d0 [ 23.056908] ? __pfx_kthread+0x10/0x10 [ 23.056928] ret_from_fork_asm+0x1a/0x30 [ 23.056958] </TASK> [ 23.056969] [ 23.063120] Allocated by task 214: [ 23.063275] kasan_save_stack+0x45/0x70 [ 23.063468] kasan_save_track+0x18/0x40 [ 23.064088] kasan_save_alloc_info+0x3b/0x50 [ 23.064262] __kasan_kmalloc+0xb7/0xc0 [ 23.064454] __kmalloc_cache_noprof+0x189/0x420 [ 23.064688] kmalloc_oob_16+0xa8/0x4a0 [ 23.064937] kunit_try_run_case+0x1a5/0x480 [ 23.065095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.065297] kthread+0x337/0x6f0 [ 23.065444] ret_from_fork+0x116/0x1d0 [ 23.065666] ret_from_fork_asm+0x1a/0x30 [ 23.065863] [ 23.065945] The buggy address belongs to the object at ffff8881048b6320 [ 23.065945] which belongs to the cache kmalloc-16 of size 16 [ 23.066394] The buggy address is located 0 bytes inside of [ 23.066394] allocated 13-byte region [ffff8881048b6320, ffff8881048b632d) [ 23.066813] [ 23.066891] The buggy address belongs to the physical page: [ 23.067198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048b6 [ 23.067555] flags: 0x200000000000000(node=0|zone=2) [ 23.067713] page_type: f5(slab) [ 23.067856] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.068485] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.068794] page dumped because: kasan: bad access detected [ 23.069077] [ 23.069153] Memory state around the buggy address: [ 23.069302] ffff8881048b6200: 00 06 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 23.069838] ffff8881048b6280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.070086] >ffff8881048b6300: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 23.070290] ^ [ 23.070511] ffff8881048b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.070837] ffff8881048b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.071039] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 22.998009] ================================================================== [ 22.998503] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 22.998982] Read of size 1 at addr ffff888100a03a00 by task kunit_try_catch/212 [ 23.000030] [ 23.000329] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.000382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.000395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.000415] Call Trace: [ 23.000427] <TASK> [ 23.000442] dump_stack_lvl+0x73/0xb0 [ 23.000471] print_report+0xd1/0x650 [ 23.000593] ? __virt_addr_valid+0x1db/0x2d0 [ 23.000622] ? krealloc_uaf+0x1b8/0x5e0 [ 23.000643] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.000668] ? krealloc_uaf+0x1b8/0x5e0 [ 23.000760] kasan_report+0x141/0x180 [ 23.000783] ? krealloc_uaf+0x1b8/0x5e0 [ 23.000806] ? krealloc_uaf+0x1b8/0x5e0 [ 23.000827] __kasan_check_byte+0x3d/0x50 [ 23.000848] krealloc_noprof+0x3f/0x340 [ 23.000875] krealloc_uaf+0x1b8/0x5e0 [ 23.000896] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.000972] ? ktime_get_ts64+0x13a/0x230 [ 23.000997] ? ktime_get_ts64+0x86/0x230 [ 23.001020] kunit_try_run_case+0x1a5/0x480 [ 23.001044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.001067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.001088] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.001109] ? __kthread_parkme+0x82/0x180 [ 23.001129] ? preempt_count_sub+0x50/0x80 [ 23.001152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.001176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.001199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.001222] kthread+0x337/0x6f0 [ 23.001241] ? trace_preempt_on+0x20/0xc0 [ 23.001263] ? __pfx_kthread+0x10/0x10 [ 23.001283] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.001317] ? calculate_sigpending+0x7b/0xa0 [ 23.001340] ? __pfx_kthread+0x10/0x10 [ 23.001361] ret_from_fork+0x116/0x1d0 [ 23.001380] ? __pfx_kthread+0x10/0x10 [ 23.001399] ret_from_fork_asm+0x1a/0x30 [ 23.001429] </TASK> [ 23.001441] [ 23.013442] Allocated by task 212: [ 23.013813] kasan_save_stack+0x45/0x70 [ 23.014359] kasan_save_track+0x18/0x40 [ 23.014759] kasan_save_alloc_info+0x3b/0x50 [ 23.015059] __kasan_kmalloc+0xb7/0xc0 [ 23.015187] __kmalloc_cache_noprof+0x189/0x420 [ 23.015347] krealloc_uaf+0xbb/0x5e0 [ 23.015471] kunit_try_run_case+0x1a5/0x480 [ 23.015904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.016375] kthread+0x337/0x6f0 [ 23.016725] ret_from_fork+0x116/0x1d0 [ 23.017059] ret_from_fork_asm+0x1a/0x30 [ 23.017419] [ 23.017570] Freed by task 212: [ 23.017887] kasan_save_stack+0x45/0x70 [ 23.018437] kasan_save_track+0x18/0x40 [ 23.018909] kasan_save_free_info+0x3f/0x60 [ 23.019244] __kasan_slab_free+0x56/0x70 [ 23.019390] kfree+0x222/0x3f0 [ 23.019515] krealloc_uaf+0x13d/0x5e0 [ 23.019830] kunit_try_run_case+0x1a5/0x480 [ 23.020339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.020893] kthread+0x337/0x6f0 [ 23.021180] ret_from_fork+0x116/0x1d0 [ 23.021522] ret_from_fork_asm+0x1a/0x30 [ 23.021930] [ 23.022006] The buggy address belongs to the object at ffff888100a03a00 [ 23.022006] which belongs to the cache kmalloc-256 of size 256 [ 23.022426] The buggy address is located 0 bytes inside of [ 23.022426] freed 256-byte region [ffff888100a03a00, ffff888100a03b00) [ 23.022926] [ 23.023107] The buggy address belongs to the physical page: [ 23.023331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a02 [ 23.023863] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.024130] flags: 0x200000000000040(head|node=0|zone=2) [ 23.024380] page_type: f5(slab) [ 23.024498] raw: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 23.024804] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.025168] head: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 23.025431] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.025859] head: 0200000000000001 ffffea0004028081 00000000ffffffff 00000000ffffffff [ 23.026212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.026759] page dumped because: kasan: bad access detected [ 23.027091] [ 23.027174] Memory state around the buggy address: [ 23.027390] ffff888100a03900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.027619] ffff888100a03980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.027929] >ffff888100a03a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.028314] ^ [ 23.028454] ffff888100a03a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.028704] ffff888100a03b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.029080] ================================================================== [ 23.029798] ================================================================== [ 23.030304] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 23.030642] Read of size 1 at addr ffff888100a03a00 by task kunit_try_catch/212 [ 23.031287] [ 23.031416] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.031463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.031476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.031496] Call Trace: [ 23.031509] <TASK> [ 23.031525] dump_stack_lvl+0x73/0xb0 [ 23.031556] print_report+0xd1/0x650 [ 23.031578] ? __virt_addr_valid+0x1db/0x2d0 [ 23.031601] ? krealloc_uaf+0x53c/0x5e0 [ 23.031621] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.031647] ? krealloc_uaf+0x53c/0x5e0 [ 23.031667] kasan_report+0x141/0x180 [ 23.031688] ? krealloc_uaf+0x53c/0x5e0 [ 23.031713] __asan_report_load1_noabort+0x18/0x20 [ 23.031736] krealloc_uaf+0x53c/0x5e0 [ 23.031757] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.031836] ? ktime_get_ts64+0x13a/0x230 [ 23.031859] ? ktime_get_ts64+0x86/0x230 [ 23.031882] kunit_try_run_case+0x1a5/0x480 [ 23.031908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.031931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.031953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.031975] ? __kthread_parkme+0x82/0x180 [ 23.031995] ? preempt_count_sub+0x50/0x80 [ 23.032018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.032042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.032065] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.032089] kthread+0x337/0x6f0 [ 23.032107] ? trace_preempt_on+0x20/0xc0 [ 23.032130] ? __pfx_kthread+0x10/0x10 [ 23.032150] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.032173] ? calculate_sigpending+0x7b/0xa0 [ 23.032197] ? __pfx_kthread+0x10/0x10 [ 23.032218] ret_from_fork+0x116/0x1d0 [ 23.032237] ? __pfx_kthread+0x10/0x10 [ 23.032257] ret_from_fork_asm+0x1a/0x30 [ 23.032287] </TASK> [ 23.032298] [ 23.039214] Allocated by task 212: [ 23.039477] kasan_save_stack+0x45/0x70 [ 23.039630] kasan_save_track+0x18/0x40 [ 23.039987] kasan_save_alloc_info+0x3b/0x50 [ 23.040180] __kasan_kmalloc+0xb7/0xc0 [ 23.040343] __kmalloc_cache_noprof+0x189/0x420 [ 23.040509] krealloc_uaf+0xbb/0x5e0 [ 23.040729] kunit_try_run_case+0x1a5/0x480 [ 23.040938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.041163] kthread+0x337/0x6f0 [ 23.041323] ret_from_fork+0x116/0x1d0 [ 23.041475] ret_from_fork_asm+0x1a/0x30 [ 23.041666] [ 23.041762] Freed by task 212: [ 23.041899] kasan_save_stack+0x45/0x70 [ 23.042068] kasan_save_track+0x18/0x40 [ 23.042225] kasan_save_free_info+0x3f/0x60 [ 23.042382] __kasan_slab_free+0x56/0x70 [ 23.042923] kfree+0x222/0x3f0 [ 23.043123] krealloc_uaf+0x13d/0x5e0 [ 23.043264] kunit_try_run_case+0x1a5/0x480 [ 23.043463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.043821] kthread+0x337/0x6f0 [ 23.043975] ret_from_fork+0x116/0x1d0 [ 23.044143] ret_from_fork_asm+0x1a/0x30 [ 23.044336] [ 23.044429] The buggy address belongs to the object at ffff888100a03a00 [ 23.044429] which belongs to the cache kmalloc-256 of size 256 [ 23.045035] The buggy address is located 0 bytes inside of [ 23.045035] freed 256-byte region [ffff888100a03a00, ffff888100a03b00) [ 23.045432] [ 23.045520] The buggy address belongs to the physical page: [ 23.045813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a02 [ 23.046171] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.046450] flags: 0x200000000000040(head|node=0|zone=2) [ 23.046881] page_type: f5(slab) [ 23.047015] raw: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 23.047239] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.047557] head: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 23.047886] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.048119] head: 0200000000000001 ffffea0004028081 00000000ffffffff 00000000ffffffff [ 23.048699] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.048924] page dumped because: kasan: bad access detected [ 23.049088] [ 23.049151] Memory state around the buggy address: [ 23.049360] ffff888100a03900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.049868] ffff888100a03980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.050248] >ffff888100a03a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.050795] ^ [ 23.050959] ffff888100a03a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.051203] ffff888100a03b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.051420] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 22.904522] ================================================================== [ 22.905972] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906246] Write of size 1 at addr ffff88810613e0c9 by task kunit_try_catch/210 [ 22.906485] [ 22.906572] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.906620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.906633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.906653] Call Trace: [ 22.906668] <TASK> [ 22.906685] dump_stack_lvl+0x73/0xb0 [ 22.906715] print_report+0xd1/0x650 [ 22.906738] ? __virt_addr_valid+0x1db/0x2d0 [ 22.906762] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906784] ? kasan_addr_to_slab+0x11/0xa0 [ 22.906803] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906826] kasan_report+0x141/0x180 [ 22.906846] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906873] __asan_report_store1_noabort+0x1b/0x30 [ 22.906897] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.906921] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.906943] ? finish_task_switch.isra.0+0x153/0x700 [ 22.906965] ? __switch_to+0x47/0xf50 [ 22.906992] ? __schedule+0x10cc/0x2b60 [ 22.907014] ? __pfx_read_tsc+0x10/0x10 [ 22.907038] krealloc_large_less_oob+0x1c/0x30 [ 22.907059] kunit_try_run_case+0x1a5/0x480 [ 22.907085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.907108] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.907129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.907149] ? __kthread_parkme+0x82/0x180 [ 22.907169] ? preempt_count_sub+0x50/0x80 [ 22.907191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.907214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.907237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.907261] kthread+0x337/0x6f0 [ 22.907280] ? trace_preempt_on+0x20/0xc0 [ 22.907304] ? __pfx_kthread+0x10/0x10 [ 22.907334] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.907357] ? calculate_sigpending+0x7b/0xa0 [ 22.907380] ? __pfx_kthread+0x10/0x10 [ 22.907400] ret_from_fork+0x116/0x1d0 [ 22.907418] ? __pfx_kthread+0x10/0x10 [ 22.907438] ret_from_fork_asm+0x1a/0x30 [ 22.907468] </TASK> [ 22.907479] [ 22.917072] The buggy address belongs to the physical page: [ 22.917343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.917801] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.918138] flags: 0x200000000000040(head|node=0|zone=2) [ 22.918391] page_type: f8(unknown) [ 22.918626] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.919151] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.919517] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.919921] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.920265] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.920635] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.921057] page dumped because: kasan: bad access detected [ 22.921285] [ 22.921385] Memory state around the buggy address: [ 22.921629] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.921911] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.922180] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.922594] ^ [ 22.923014] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.923347] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.923641] ================================================================== [ 22.840482] ================================================================== [ 22.841143] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.841477] Write of size 1 at addr ffff888105fa06eb by task kunit_try_catch/206 [ 22.841788] [ 22.841865] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.841909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.841922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.841942] Call Trace: [ 22.841955] <TASK> [ 22.841969] dump_stack_lvl+0x73/0xb0 [ 22.841995] print_report+0xd1/0x650 [ 22.842015] ? __virt_addr_valid+0x1db/0x2d0 [ 22.842037] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842059] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.842084] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842106] kasan_report+0x141/0x180 [ 22.842128] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842154] __asan_report_store1_noabort+0x1b/0x30 [ 22.842178] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.842202] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.842225] ? finish_task_switch.isra.0+0x153/0x700 [ 22.842256] ? __switch_to+0x47/0xf50 [ 22.842281] ? __schedule+0x10cc/0x2b60 [ 22.842301] ? __pfx_read_tsc+0x10/0x10 [ 22.842342] krealloc_less_oob+0x1c/0x30 [ 22.842363] kunit_try_run_case+0x1a5/0x480 [ 22.842387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.842410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.842430] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.842451] ? __kthread_parkme+0x82/0x180 [ 22.842471] ? preempt_count_sub+0x50/0x80 [ 22.842504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.842529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.842552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.842575] kthread+0x337/0x6f0 [ 22.842594] ? trace_preempt_on+0x20/0xc0 [ 22.842626] ? __pfx_kthread+0x10/0x10 [ 22.842646] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.842669] ? calculate_sigpending+0x7b/0xa0 [ 22.842702] ? __pfx_kthread+0x10/0x10 [ 22.842722] ret_from_fork+0x116/0x1d0 [ 22.842741] ? __pfx_kthread+0x10/0x10 [ 22.842761] ret_from_fork_asm+0x1a/0x30 [ 22.842799] </TASK> [ 22.842809] [ 22.850432] Allocated by task 206: [ 22.850653] kasan_save_stack+0x45/0x70 [ 22.850830] kasan_save_track+0x18/0x40 [ 22.851050] kasan_save_alloc_info+0x3b/0x50 [ 22.851268] __kasan_krealloc+0x190/0x1f0 [ 22.851481] krealloc_noprof+0xf3/0x340 [ 22.851687] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.851912] krealloc_less_oob+0x1c/0x30 [ 22.852125] kunit_try_run_case+0x1a5/0x480 [ 22.852337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.852614] kthread+0x337/0x6f0 [ 22.852750] ret_from_fork+0x116/0x1d0 [ 22.852968] ret_from_fork_asm+0x1a/0x30 [ 22.853189] [ 22.853255] The buggy address belongs to the object at ffff888105fa0600 [ 22.853255] which belongs to the cache kmalloc-256 of size 256 [ 22.853842] The buggy address is located 34 bytes to the right of [ 22.853842] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.854436] [ 22.854553] The buggy address belongs to the physical page: [ 22.854820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.855159] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.855451] flags: 0x200000000000040(head|node=0|zone=2) [ 22.855614] page_type: f5(slab) [ 22.855724] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.855939] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.856153] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.856529] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.856947] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.857417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.858185] page dumped because: kasan: bad access detected [ 22.858465] [ 22.858610] Memory state around the buggy address: [ 22.858847] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.859048] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.859266] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.859812] ^ [ 22.860101] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.860423] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.860772] ================================================================== [ 22.774225] ================================================================== [ 22.774644] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.775117] Write of size 1 at addr ffff888105fa06d0 by task kunit_try_catch/206 [ 22.775479] [ 22.775590] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.775636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.775648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.775668] Call Trace: [ 22.775808] <TASK> [ 22.775837] dump_stack_lvl+0x73/0xb0 [ 22.775866] print_report+0xd1/0x650 [ 22.775887] ? __virt_addr_valid+0x1db/0x2d0 [ 22.775921] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.775944] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.775968] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.775991] kasan_report+0x141/0x180 [ 22.776012] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.776039] __asan_report_store1_noabort+0x1b/0x30 [ 22.776063] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.776087] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.776118] ? finish_task_switch.isra.0+0x153/0x700 [ 22.776139] ? __switch_to+0x47/0xf50 [ 22.776163] ? __schedule+0x10cc/0x2b60 [ 22.776193] ? __pfx_read_tsc+0x10/0x10 [ 22.776217] krealloc_less_oob+0x1c/0x30 [ 22.776237] kunit_try_run_case+0x1a5/0x480 [ 22.776262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.776284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.776315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.776335] ? __kthread_parkme+0x82/0x180 [ 22.776355] ? preempt_count_sub+0x50/0x80 [ 22.776376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.776400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.776423] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.776455] kthread+0x337/0x6f0 [ 22.776474] ? trace_preempt_on+0x20/0xc0 [ 22.776507] ? __pfx_kthread+0x10/0x10 [ 22.776537] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.776560] ? calculate_sigpending+0x7b/0xa0 [ 22.776583] ? __pfx_kthread+0x10/0x10 [ 22.776604] ret_from_fork+0x116/0x1d0 [ 22.776622] ? __pfx_kthread+0x10/0x10 [ 22.776641] ret_from_fork_asm+0x1a/0x30 [ 22.776672] </TASK> [ 22.776734] [ 22.784722] Allocated by task 206: [ 22.784839] kasan_save_stack+0x45/0x70 [ 22.785203] kasan_save_track+0x18/0x40 [ 22.785442] kasan_save_alloc_info+0x3b/0x50 [ 22.785723] __kasan_krealloc+0x190/0x1f0 [ 22.785932] krealloc_noprof+0xf3/0x340 [ 22.786067] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.786230] krealloc_less_oob+0x1c/0x30 [ 22.786388] kunit_try_run_case+0x1a5/0x480 [ 22.786590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.786833] kthread+0x337/0x6f0 [ 22.787078] ret_from_fork+0x116/0x1d0 [ 22.787249] ret_from_fork_asm+0x1a/0x30 [ 22.787392] [ 22.787459] The buggy address belongs to the object at ffff888105fa0600 [ 22.787459] which belongs to the cache kmalloc-256 of size 256 [ 22.788286] The buggy address is located 7 bytes to the right of [ 22.788286] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.789036] [ 22.789158] The buggy address belongs to the physical page: [ 22.789391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.789858] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.790209] flags: 0x200000000000040(head|node=0|zone=2) [ 22.790436] page_type: f5(slab) [ 22.790606] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.790994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.791353] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.791747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.791977] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.792343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.792997] page dumped because: kasan: bad access detected [ 22.793251] [ 22.793438] Memory state around the buggy address: [ 22.793724] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.793965] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.794185] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.794517] ^ [ 22.794958] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.795344] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.795692] ================================================================== [ 22.924025] ================================================================== [ 22.924434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.924873] Write of size 1 at addr ffff88810613e0d0 by task kunit_try_catch/210 [ 22.925222] [ 22.925333] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.925378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.925390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.925409] Call Trace: [ 22.925422] <TASK> [ 22.925435] dump_stack_lvl+0x73/0xb0 [ 22.925463] print_report+0xd1/0x650 [ 22.925524] ? __virt_addr_valid+0x1db/0x2d0 [ 22.925546] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925568] ? kasan_addr_to_slab+0x11/0xa0 [ 22.925588] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925611] kasan_report+0x141/0x180 [ 22.925632] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925732] __asan_report_store1_noabort+0x1b/0x30 [ 22.925770] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.925795] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.925818] ? finish_task_switch.isra.0+0x153/0x700 [ 22.925839] ? __switch_to+0x47/0xf50 [ 22.925865] ? __schedule+0x10cc/0x2b60 [ 22.925886] ? __pfx_read_tsc+0x10/0x10 [ 22.925910] krealloc_large_less_oob+0x1c/0x30 [ 22.925952] kunit_try_run_case+0x1a5/0x480 [ 22.925977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.926000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.926021] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.926042] ? __kthread_parkme+0x82/0x180 [ 22.926062] ? preempt_count_sub+0x50/0x80 [ 22.926085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.926110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.926133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.926175] kthread+0x337/0x6f0 [ 22.926195] ? trace_preempt_on+0x20/0xc0 [ 22.926218] ? __pfx_kthread+0x10/0x10 [ 22.926251] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.926288] ? calculate_sigpending+0x7b/0xa0 [ 22.926322] ? __pfx_kthread+0x10/0x10 [ 22.926344] ret_from_fork+0x116/0x1d0 [ 22.926377] ? __pfx_kthread+0x10/0x10 [ 22.926397] ret_from_fork_asm+0x1a/0x30 [ 22.926427] </TASK> [ 22.926439] [ 22.934226] The buggy address belongs to the physical page: [ 22.934635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.935100] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.935525] flags: 0x200000000000040(head|node=0|zone=2) [ 22.935946] page_type: f8(unknown) [ 22.936102] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.936332] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.936585] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.937073] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.937472] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.937934] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.938273] page dumped because: kasan: bad access detected [ 22.938545] [ 22.938618] Memory state around the buggy address: [ 22.938917] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.939210] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.939425] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.939658] ^ [ 22.940124] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.940499] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.940935] ================================================================== [ 22.977615] ================================================================== [ 22.978118] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.978424] Write of size 1 at addr ffff88810613e0eb by task kunit_try_catch/210 [ 22.978742] [ 22.978924] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.978970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.978983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.979002] Call Trace: [ 22.979015] <TASK> [ 22.979028] dump_stack_lvl+0x73/0xb0 [ 22.979054] print_report+0xd1/0x650 [ 22.979075] ? __virt_addr_valid+0x1db/0x2d0 [ 22.979096] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979118] ? kasan_addr_to_slab+0x11/0xa0 [ 22.979138] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979160] kasan_report+0x141/0x180 [ 22.979181] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979208] __asan_report_store1_noabort+0x1b/0x30 [ 22.979232] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.979257] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.979280] ? finish_task_switch.isra.0+0x153/0x700 [ 22.979301] ? __switch_to+0x47/0xf50 [ 22.979339] ? __schedule+0x10cc/0x2b60 [ 22.979360] ? __pfx_read_tsc+0x10/0x10 [ 22.979384] krealloc_large_less_oob+0x1c/0x30 [ 22.979406] kunit_try_run_case+0x1a5/0x480 [ 22.979430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.979454] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.979495] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.979517] ? __kthread_parkme+0x82/0x180 [ 22.979537] ? preempt_count_sub+0x50/0x80 [ 22.979559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.979583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.979607] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.979630] kthread+0x337/0x6f0 [ 22.979649] ? trace_preempt_on+0x20/0xc0 [ 22.979827] ? __pfx_kthread+0x10/0x10 [ 22.979850] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.979874] ? calculate_sigpending+0x7b/0xa0 [ 22.979897] ? __pfx_kthread+0x10/0x10 [ 22.979918] ret_from_fork+0x116/0x1d0 [ 22.979938] ? __pfx_kthread+0x10/0x10 [ 22.979958] ret_from_fork_asm+0x1a/0x30 [ 22.979988] </TASK> [ 22.979999] [ 22.987390] The buggy address belongs to the physical page: [ 22.987810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.988179] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.988481] flags: 0x200000000000040(head|node=0|zone=2) [ 22.988813] page_type: f8(unknown) [ 22.988948] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.989283] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.989548] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.989904] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.990250] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.990623] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.990917] page dumped because: kasan: bad access detected [ 22.991087] [ 22.991176] Memory state around the buggy address: [ 22.991404] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.991893] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.992213] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.992513] ^ [ 22.992877] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.993170] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.993435] ================================================================== [ 22.958812] ================================================================== [ 22.959132] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.959503] Write of size 1 at addr ffff88810613e0ea by task kunit_try_catch/210 [ 22.960021] [ 22.960135] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.960183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.960196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.960216] Call Trace: [ 22.960231] <TASK> [ 22.960247] dump_stack_lvl+0x73/0xb0 [ 22.960274] print_report+0xd1/0x650 [ 22.960296] ? __virt_addr_valid+0x1db/0x2d0 [ 22.960331] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960374] ? kasan_addr_to_slab+0x11/0xa0 [ 22.960394] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960417] kasan_report+0x141/0x180 [ 22.960455] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960483] __asan_report_store1_noabort+0x1b/0x30 [ 22.960506] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.960531] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.960554] ? finish_task_switch.isra.0+0x153/0x700 [ 22.960575] ? __switch_to+0x47/0xf50 [ 22.960618] ? __schedule+0x10cc/0x2b60 [ 22.960639] ? __pfx_read_tsc+0x10/0x10 [ 22.960669] krealloc_large_less_oob+0x1c/0x30 [ 22.960757] kunit_try_run_case+0x1a5/0x480 [ 22.960838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.960861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.960937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.960959] ? __kthread_parkme+0x82/0x180 [ 22.960978] ? preempt_count_sub+0x50/0x80 [ 22.961000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.961025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.961048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.961072] kthread+0x337/0x6f0 [ 22.961091] ? trace_preempt_on+0x20/0xc0 [ 22.961113] ? __pfx_kthread+0x10/0x10 [ 22.961133] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.961156] ? calculate_sigpending+0x7b/0xa0 [ 22.961180] ? __pfx_kthread+0x10/0x10 [ 22.961201] ret_from_fork+0x116/0x1d0 [ 22.961219] ? __pfx_kthread+0x10/0x10 [ 22.961239] ret_from_fork_asm+0x1a/0x30 [ 22.961269] </TASK> [ 22.961280] [ 22.969539] The buggy address belongs to the physical page: [ 22.969854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.970191] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.970523] flags: 0x200000000000040(head|node=0|zone=2) [ 22.970759] page_type: f8(unknown) [ 22.971024] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.971371] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.971843] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.972190] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.972564] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.972900] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.973337] page dumped because: kasan: bad access detected [ 22.973608] [ 22.973805] Memory state around the buggy address: [ 22.974057] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.974381] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.974695] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.974904] ^ [ 22.975095] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.975528] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.976035] ================================================================== [ 22.796600] ================================================================== [ 22.797043] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.797399] Write of size 1 at addr ffff888105fa06da by task kunit_try_catch/206 [ 22.797813] [ 22.797941] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.797987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.797999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.798019] Call Trace: [ 22.798031] <TASK> [ 22.798046] dump_stack_lvl+0x73/0xb0 [ 22.798072] print_report+0xd1/0x650 [ 22.798094] ? __virt_addr_valid+0x1db/0x2d0 [ 22.798116] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.798163] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798187] kasan_report+0x141/0x180 [ 22.798208] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798246] __asan_report_store1_noabort+0x1b/0x30 [ 22.798270] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.798314] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.798337] ? finish_task_switch.isra.0+0x153/0x700 [ 22.798358] ? __switch_to+0x47/0xf50 [ 22.798383] ? __schedule+0x10cc/0x2b60 [ 22.798403] ? __pfx_read_tsc+0x10/0x10 [ 22.798426] krealloc_less_oob+0x1c/0x30 [ 22.798447] kunit_try_run_case+0x1a5/0x480 [ 22.798471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.798494] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.798514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.798547] ? __kthread_parkme+0x82/0x180 [ 22.798567] ? preempt_count_sub+0x50/0x80 [ 22.798589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.798613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.798636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.798659] kthread+0x337/0x6f0 [ 22.798678] ? trace_preempt_on+0x20/0xc0 [ 22.798708] ? __pfx_kthread+0x10/0x10 [ 22.798791] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.798824] ? calculate_sigpending+0x7b/0xa0 [ 22.798847] ? __pfx_kthread+0x10/0x10 [ 22.798868] ret_from_fork+0x116/0x1d0 [ 22.798897] ? __pfx_kthread+0x10/0x10 [ 22.798917] ret_from_fork_asm+0x1a/0x30 [ 22.798947] </TASK> [ 22.798958] [ 22.806801] Allocated by task 206: [ 22.806925] kasan_save_stack+0x45/0x70 [ 22.807060] kasan_save_track+0x18/0x40 [ 22.807188] kasan_save_alloc_info+0x3b/0x50 [ 22.807497] __kasan_krealloc+0x190/0x1f0 [ 22.807695] krealloc_noprof+0xf3/0x340 [ 22.808059] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.808296] krealloc_less_oob+0x1c/0x30 [ 22.808560] kunit_try_run_case+0x1a5/0x480 [ 22.808984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.809196] kthread+0x337/0x6f0 [ 22.809323] ret_from_fork+0x116/0x1d0 [ 22.809449] ret_from_fork_asm+0x1a/0x30 [ 22.809581] [ 22.809666] The buggy address belongs to the object at ffff888105fa0600 [ 22.809666] which belongs to the cache kmalloc-256 of size 256 [ 22.810523] The buggy address is located 17 bytes to the right of [ 22.810523] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.810891] [ 22.810958] The buggy address belongs to the physical page: [ 22.811399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.812144] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.812880] flags: 0x200000000000040(head|node=0|zone=2) [ 22.813126] page_type: f5(slab) [ 22.813243] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.813733] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.814080] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.814418] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.814832] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.815064] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.815430] page dumped because: kasan: bad access detected [ 22.815674] [ 22.815761] Memory state around the buggy address: [ 22.816009] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.816499] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.817022] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.817338] ^ [ 22.817589] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.817989] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.818289] ================================================================== [ 22.818959] ================================================================== [ 22.819348] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.819899] Write of size 1 at addr ffff888105fa06ea by task kunit_try_catch/206 [ 22.820217] [ 22.820347] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.820392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.820416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.820436] Call Trace: [ 22.820448] <TASK> [ 22.820462] dump_stack_lvl+0x73/0xb0 [ 22.820497] print_report+0xd1/0x650 [ 22.820518] ? __virt_addr_valid+0x1db/0x2d0 [ 22.820540] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820562] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.820587] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820620] kasan_report+0x141/0x180 [ 22.820642] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820669] __asan_report_store1_noabort+0x1b/0x30 [ 22.820704] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.820729] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.820752] ? finish_task_switch.isra.0+0x153/0x700 [ 22.820783] ? __switch_to+0x47/0xf50 [ 22.820808] ? __schedule+0x10cc/0x2b60 [ 22.820829] ? __pfx_read_tsc+0x10/0x10 [ 22.820853] krealloc_less_oob+0x1c/0x30 [ 22.820874] kunit_try_run_case+0x1a5/0x480 [ 22.820898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.820920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.820941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.820963] ? __kthread_parkme+0x82/0x180 [ 22.820983] ? preempt_count_sub+0x50/0x80 [ 22.821005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.821029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.821052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.821076] kthread+0x337/0x6f0 [ 22.821095] ? trace_preempt_on+0x20/0xc0 [ 22.821117] ? __pfx_kthread+0x10/0x10 [ 22.821137] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.821160] ? calculate_sigpending+0x7b/0xa0 [ 22.821183] ? __pfx_kthread+0x10/0x10 [ 22.821204] ret_from_fork+0x116/0x1d0 [ 22.821222] ? __pfx_kthread+0x10/0x10 [ 22.821242] ret_from_fork_asm+0x1a/0x30 [ 22.821272] </TASK> [ 22.821282] [ 22.830609] Allocated by task 206: [ 22.830782] kasan_save_stack+0x45/0x70 [ 22.830990] kasan_save_track+0x18/0x40 [ 22.831158] kasan_save_alloc_info+0x3b/0x50 [ 22.831366] __kasan_krealloc+0x190/0x1f0 [ 22.831501] krealloc_noprof+0xf3/0x340 [ 22.831659] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.831914] krealloc_less_oob+0x1c/0x30 [ 22.832107] kunit_try_run_case+0x1a5/0x480 [ 22.832293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.832471] kthread+0x337/0x6f0 [ 22.832594] ret_from_fork+0x116/0x1d0 [ 22.832805] ret_from_fork_asm+0x1a/0x30 [ 22.833023] [ 22.833114] The buggy address belongs to the object at ffff888105fa0600 [ 22.833114] which belongs to the cache kmalloc-256 of size 256 [ 22.833587] The buggy address is located 33 bytes to the right of [ 22.833587] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.834019] [ 22.834085] The buggy address belongs to the physical page: [ 22.834329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.834811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.835081] flags: 0x200000000000040(head|node=0|zone=2) [ 22.835337] page_type: f5(slab) [ 22.835507] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.835886] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.836193] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.836522] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.836862] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.837149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.837422] page dumped because: kasan: bad access detected [ 22.837674] [ 22.837763] Memory state around the buggy address: [ 22.838091] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.838406] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.838684] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.839073] ^ [ 22.839325] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.839533] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.839878] ================================================================== [ 22.941336] ================================================================== [ 22.941651] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942113] Write of size 1 at addr ffff88810613e0da by task kunit_try_catch/210 [ 22.942446] [ 22.942574] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.942619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.942631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.942650] Call Trace: [ 22.942725] <TASK> [ 22.942742] dump_stack_lvl+0x73/0xb0 [ 22.942770] print_report+0xd1/0x650 [ 22.942791] ? __virt_addr_valid+0x1db/0x2d0 [ 22.942812] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942835] ? kasan_addr_to_slab+0x11/0xa0 [ 22.942855] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942878] kasan_report+0x141/0x180 [ 22.942899] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942926] __asan_report_store1_noabort+0x1b/0x30 [ 22.942950] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.942974] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.942998] ? finish_task_switch.isra.0+0x153/0x700 [ 22.943018] ? __switch_to+0x47/0xf50 [ 22.943043] ? __schedule+0x10cc/0x2b60 [ 22.943063] ? __pfx_read_tsc+0x10/0x10 [ 22.943087] krealloc_large_less_oob+0x1c/0x30 [ 22.943109] kunit_try_run_case+0x1a5/0x480 [ 22.943133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.943156] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.943201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.943223] ? __kthread_parkme+0x82/0x180 [ 22.943258] ? preempt_count_sub+0x50/0x80 [ 22.943280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.943305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.943338] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.943361] kthread+0x337/0x6f0 [ 22.943380] ? trace_preempt_on+0x20/0xc0 [ 22.943402] ? __pfx_kthread+0x10/0x10 [ 22.943422] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.943446] ? calculate_sigpending+0x7b/0xa0 [ 22.943469] ? __pfx_kthread+0x10/0x10 [ 22.943527] ret_from_fork+0x116/0x1d0 [ 22.943546] ? __pfx_kthread+0x10/0x10 [ 22.943582] ret_from_fork_asm+0x1a/0x30 [ 22.943613] </TASK> [ 22.943623] [ 22.951622] The buggy address belongs to the physical page: [ 22.952019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 22.952580] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.953053] flags: 0x200000000000040(head|node=0|zone=2) [ 22.953302] page_type: f8(unknown) [ 22.953480] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.953816] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.954044] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.954525] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.954848] head: 0200000000000002 ffffea0004184f01 00000000ffffffff 00000000ffffffff [ 22.955216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.955591] page dumped because: kasan: bad access detected [ 22.955958] [ 22.956056] Memory state around the buggy address: [ 22.956278] ffff88810613df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.956621] ffff88810613e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.957048] >ffff88810613e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 22.957387] ^ [ 22.957628] ffff88810613e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.957974] ffff88810613e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.958330] ================================================================== [ 22.751534] ================================================================== [ 22.752224] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.752864] Write of size 1 at addr ffff888105fa06c9 by task kunit_try_catch/206 [ 22.753436] [ 22.753615] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.753666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.753678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.753698] Call Trace: [ 22.753710] <TASK> [ 22.753726] dump_stack_lvl+0x73/0xb0 [ 22.753824] print_report+0xd1/0x650 [ 22.753847] ? __virt_addr_valid+0x1db/0x2d0 [ 22.753921] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.753947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.753973] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.753997] kasan_report+0x141/0x180 [ 22.754018] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.754045] __asan_report_store1_noabort+0x1b/0x30 [ 22.754069] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.754093] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.754116] ? finish_task_switch.isra.0+0x153/0x700 [ 22.754139] ? __switch_to+0x47/0xf50 [ 22.754164] ? __schedule+0x10cc/0x2b60 [ 22.754185] ? __pfx_read_tsc+0x10/0x10 [ 22.754209] krealloc_less_oob+0x1c/0x30 [ 22.754230] kunit_try_run_case+0x1a5/0x480 [ 22.754254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.754277] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.754298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.754331] ? __kthread_parkme+0x82/0x180 [ 22.754361] ? preempt_count_sub+0x50/0x80 [ 22.754383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.754407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.754442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.754466] kthread+0x337/0x6f0 [ 22.754486] ? trace_preempt_on+0x20/0xc0 [ 22.754520] ? __pfx_kthread+0x10/0x10 [ 22.754540] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.754563] ? calculate_sigpending+0x7b/0xa0 [ 22.754596] ? __pfx_kthread+0x10/0x10 [ 22.754617] ret_from_fork+0x116/0x1d0 [ 22.754636] ? __pfx_kthread+0x10/0x10 [ 22.754656] ret_from_fork_asm+0x1a/0x30 [ 22.754732] </TASK> [ 22.754746] [ 22.762589] Allocated by task 206: [ 22.762765] kasan_save_stack+0x45/0x70 [ 22.762958] kasan_save_track+0x18/0x40 [ 22.763186] kasan_save_alloc_info+0x3b/0x50 [ 22.763345] __kasan_krealloc+0x190/0x1f0 [ 22.763600] krealloc_noprof+0xf3/0x340 [ 22.763849] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.764160] krealloc_less_oob+0x1c/0x30 [ 22.764493] kunit_try_run_case+0x1a5/0x480 [ 22.764813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.765081] kthread+0x337/0x6f0 [ 22.765232] ret_from_fork+0x116/0x1d0 [ 22.765370] ret_from_fork_asm+0x1a/0x30 [ 22.765505] [ 22.765570] The buggy address belongs to the object at ffff888105fa0600 [ 22.765570] which belongs to the cache kmalloc-256 of size 256 [ 22.766068] The buggy address is located 0 bytes to the right of [ 22.766068] allocated 201-byte region [ffff888105fa0600, ffff888105fa06c9) [ 22.766585] [ 22.766652] The buggy address belongs to the physical page: [ 22.766818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fa0 [ 22.767582] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.768162] flags: 0x200000000000040(head|node=0|zone=2) [ 22.768356] page_type: f5(slab) [ 22.768474] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.768882] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.769345] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.769907] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.770211] head: 0200000000000001 ffffea000417e801 00000000ffffffff 00000000ffffffff [ 22.770522] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.770857] page dumped because: kasan: bad access detected [ 22.771022] [ 22.771170] Memory state around the buggy address: [ 22.771398] ffff888105fa0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.771639] ffff888105fa0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.772044] >ffff888105fa0680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.772372] ^ [ 22.772609] ffff888105fa0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.773054] ffff888105fa0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.773379] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 22.720239] ================================================================== [ 22.721168] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.721619] Write of size 1 at addr ffff888100a038f0 by task kunit_try_catch/204 [ 22.722111] [ 22.722220] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.722269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.722283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.722303] Call Trace: [ 22.722330] <TASK> [ 22.722346] dump_stack_lvl+0x73/0xb0 [ 22.722375] print_report+0xd1/0x650 [ 22.722397] ? __virt_addr_valid+0x1db/0x2d0 [ 22.722419] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.722442] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.722466] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.722633] kasan_report+0x141/0x180 [ 22.722662] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.722690] __asan_report_store1_noabort+0x1b/0x30 [ 22.722714] krealloc_more_oob_helper+0x7eb/0x930 [ 22.722736] ? __schedule+0x10cc/0x2b60 [ 22.722757] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.722815] ? finish_task_switch.isra.0+0x153/0x700 [ 22.722837] ? __switch_to+0x47/0xf50 [ 22.722863] ? __schedule+0x10cc/0x2b60 [ 22.722883] ? __pfx_read_tsc+0x10/0x10 [ 22.722908] krealloc_more_oob+0x1c/0x30 [ 22.722928] kunit_try_run_case+0x1a5/0x480 [ 22.722953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.722977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.722998] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.723018] ? __kthread_parkme+0x82/0x180 [ 22.723039] ? preempt_count_sub+0x50/0x80 [ 22.723061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.723085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.723109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.723135] kthread+0x337/0x6f0 [ 22.723155] ? trace_preempt_on+0x20/0xc0 [ 22.723177] ? __pfx_kthread+0x10/0x10 [ 22.723197] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.723221] ? calculate_sigpending+0x7b/0xa0 [ 22.723244] ? __pfx_kthread+0x10/0x10 [ 22.723265] ret_from_fork+0x116/0x1d0 [ 22.723283] ? __pfx_kthread+0x10/0x10 [ 22.723304] ret_from_fork_asm+0x1a/0x30 [ 22.723344] </TASK> [ 22.723355] [ 22.733795] Allocated by task 204: [ 22.734074] kasan_save_stack+0x45/0x70 [ 22.734327] kasan_save_track+0x18/0x40 [ 22.734640] kasan_save_alloc_info+0x3b/0x50 [ 22.734846] __kasan_krealloc+0x190/0x1f0 [ 22.735018] krealloc_noprof+0xf3/0x340 [ 22.735190] krealloc_more_oob_helper+0x1a9/0x930 [ 22.735398] krealloc_more_oob+0x1c/0x30 [ 22.735817] kunit_try_run_case+0x1a5/0x480 [ 22.736241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.736678] kthread+0x337/0x6f0 [ 22.736960] ret_from_fork+0x116/0x1d0 [ 22.737249] ret_from_fork_asm+0x1a/0x30 [ 22.737603] [ 22.737702] The buggy address belongs to the object at ffff888100a03800 [ 22.737702] which belongs to the cache kmalloc-256 of size 256 [ 22.738194] The buggy address is located 5 bytes to the right of [ 22.738194] allocated 235-byte region [ffff888100a03800, ffff888100a038eb) [ 22.739003] [ 22.739220] The buggy address belongs to the physical page: [ 22.739657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a02 [ 22.740145] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.740684] flags: 0x200000000000040(head|node=0|zone=2) [ 22.741031] page_type: f5(slab) [ 22.741198] raw: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 22.741721] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.742145] head: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 22.742625] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.742934] head: 0200000000000001 ffffea0004028081 00000000ffffffff 00000000ffffffff [ 22.743242] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.743624] page dumped because: kasan: bad access detected [ 22.743853] [ 22.743938] Memory state around the buggy address: [ 22.744141] ffff888100a03780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.744772] ffff888100a03800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.745295] >ffff888100a03880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.745785] ^ [ 22.746260] ffff888100a03900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.746794] ffff888100a03980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.747273] ================================================================== [ 22.884411] ================================================================== [ 22.884842] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.885148] Write of size 1 at addr ffff8881060c60f0 by task kunit_try_catch/208 [ 22.885525] [ 22.885621] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.885664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.885708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.885727] Call Trace: [ 22.885743] <TASK> [ 22.885758] dump_stack_lvl+0x73/0xb0 [ 22.885796] print_report+0xd1/0x650 [ 22.885817] ? __virt_addr_valid+0x1db/0x2d0 [ 22.885838] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.885860] ? kasan_addr_to_slab+0x11/0xa0 [ 22.885879] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.885901] kasan_report+0x141/0x180 [ 22.885922] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.885949] __asan_report_store1_noabort+0x1b/0x30 [ 22.885972] krealloc_more_oob_helper+0x7eb/0x930 [ 22.885993] ? __schedule+0x10cc/0x2b60 [ 22.886013] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.886059] ? finish_task_switch.isra.0+0x153/0x700 [ 22.886079] ? __switch_to+0x47/0xf50 [ 22.886104] ? __schedule+0x10cc/0x2b60 [ 22.886124] ? __pfx_read_tsc+0x10/0x10 [ 22.886147] krealloc_large_more_oob+0x1c/0x30 [ 22.886169] kunit_try_run_case+0x1a5/0x480 [ 22.886208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.886230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.886251] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.886272] ? __kthread_parkme+0x82/0x180 [ 22.886291] ? preempt_count_sub+0x50/0x80 [ 22.886322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.886346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.886369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.886392] kthread+0x337/0x6f0 [ 22.886411] ? trace_preempt_on+0x20/0xc0 [ 22.886433] ? __pfx_kthread+0x10/0x10 [ 22.886453] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.886476] ? calculate_sigpending+0x7b/0xa0 [ 22.886510] ? __pfx_kthread+0x10/0x10 [ 22.886531] ret_from_fork+0x116/0x1d0 [ 22.886549] ? __pfx_kthread+0x10/0x10 [ 22.886580] ret_from_fork_asm+0x1a/0x30 [ 22.886610] </TASK> [ 22.886622] [ 22.894954] The buggy address belongs to the physical page: [ 22.895249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 22.895600] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.895821] flags: 0x200000000000040(head|node=0|zone=2) [ 22.896052] page_type: f8(unknown) [ 22.896253] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.896981] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.897406] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.897923] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.898161] head: 0200000000000002 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 22.898400] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.899071] page dumped because: kasan: bad access detected [ 22.899381] [ 22.899448] Memory state around the buggy address: [ 22.899598] ffff8881060c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.900079] ffff8881060c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.900383] >ffff8881060c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 22.900811] ^ [ 22.901184] ffff8881060c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.901475] ffff8881060c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.901681] ================================================================== [ 22.693278] ================================================================== [ 22.694327] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.695545] Write of size 1 at addr ffff888100a038eb by task kunit_try_catch/204 [ 22.696367] [ 22.696647] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.696711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.696725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.696747] Call Trace: [ 22.696761] <TASK> [ 22.696781] dump_stack_lvl+0x73/0xb0 [ 22.696825] print_report+0xd1/0x650 [ 22.696848] ? __virt_addr_valid+0x1db/0x2d0 [ 22.696872] ? krealloc_more_oob_helper+0x821/0x930 [ 22.696896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.696922] ? krealloc_more_oob_helper+0x821/0x930 [ 22.696944] kasan_report+0x141/0x180 [ 22.696966] ? krealloc_more_oob_helper+0x821/0x930 [ 22.696993] __asan_report_store1_noabort+0x1b/0x30 [ 22.697017] krealloc_more_oob_helper+0x821/0x930 [ 22.697038] ? __schedule+0x10cc/0x2b60 [ 22.697059] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.697082] ? finish_task_switch.isra.0+0x153/0x700 [ 22.697104] ? __switch_to+0x47/0xf50 [ 22.697130] ? __schedule+0x10cc/0x2b60 [ 22.697150] ? __pfx_read_tsc+0x10/0x10 [ 22.697175] krealloc_more_oob+0x1c/0x30 [ 22.697196] kunit_try_run_case+0x1a5/0x480 [ 22.697222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.697244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.697265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.697287] ? __kthread_parkme+0x82/0x180 [ 22.697316] ? preempt_count_sub+0x50/0x80 [ 22.697338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.697362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.697385] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.697409] kthread+0x337/0x6f0 [ 22.697428] ? trace_preempt_on+0x20/0xc0 [ 22.697452] ? __pfx_kthread+0x10/0x10 [ 22.697472] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.697502] ? calculate_sigpending+0x7b/0xa0 [ 22.697526] ? __pfx_kthread+0x10/0x10 [ 22.697547] ret_from_fork+0x116/0x1d0 [ 22.697566] ? __pfx_kthread+0x10/0x10 [ 22.697598] ret_from_fork_asm+0x1a/0x30 [ 22.697629] </TASK> [ 22.697642] [ 22.705702] Allocated by task 204: [ 22.705905] kasan_save_stack+0x45/0x70 [ 22.706105] kasan_save_track+0x18/0x40 [ 22.706289] kasan_save_alloc_info+0x3b/0x50 [ 22.706494] __kasan_krealloc+0x190/0x1f0 [ 22.706699] krealloc_noprof+0xf3/0x340 [ 22.707289] krealloc_more_oob_helper+0x1a9/0x930 [ 22.707727] krealloc_more_oob+0x1c/0x30 [ 22.708062] kunit_try_run_case+0x1a5/0x480 [ 22.708454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.708828] kthread+0x337/0x6f0 [ 22.708991] ret_from_fork+0x116/0x1d0 [ 22.709163] ret_from_fork_asm+0x1a/0x30 [ 22.709353] [ 22.709441] The buggy address belongs to the object at ffff888100a03800 [ 22.709441] which belongs to the cache kmalloc-256 of size 256 [ 22.710340] The buggy address is located 0 bytes to the right of [ 22.710340] allocated 235-byte region [ffff888100a03800, ffff888100a038eb) [ 22.711151] [ 22.711384] The buggy address belongs to the physical page: [ 22.711779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a02 [ 22.712119] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.712433] flags: 0x200000000000040(head|node=0|zone=2) [ 22.712917] page_type: f5(slab) [ 22.713261] raw: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 22.713802] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.714292] head: 0200000000000040 ffff888100041b40 ffffea0004028480 dead000000000002 [ 22.714722] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.715153] head: 0200000000000001 ffffea0004028081 00000000ffffffff 00000000ffffffff [ 22.715476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.715781] page dumped because: kasan: bad access detected [ 22.716004] [ 22.716086] Memory state around the buggy address: [ 22.716287] ffff888100a03780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.716917] ffff888100a03800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.717410] >ffff888100a03880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.718120] ^ [ 22.718625] ffff888100a03900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.719110] ffff888100a03980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.719560] ================================================================== [ 22.864683] ================================================================== [ 22.865364] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.866443] Write of size 1 at addr ffff8881060c60eb by task kunit_try_catch/208 [ 22.866991] [ 22.867087] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.867166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.867178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.867210] Call Trace: [ 22.867223] <TASK> [ 22.867239] dump_stack_lvl+0x73/0xb0 [ 22.867288] print_report+0xd1/0x650 [ 22.867326] ? __virt_addr_valid+0x1db/0x2d0 [ 22.867348] ? krealloc_more_oob_helper+0x821/0x930 [ 22.867370] ? kasan_addr_to_slab+0x11/0xa0 [ 22.867389] ? krealloc_more_oob_helper+0x821/0x930 [ 22.867411] kasan_report+0x141/0x180 [ 22.867432] ? krealloc_more_oob_helper+0x821/0x930 [ 22.867459] __asan_report_store1_noabort+0x1b/0x30 [ 22.867482] krealloc_more_oob_helper+0x821/0x930 [ 22.867519] ? __schedule+0x10cc/0x2b60 [ 22.867540] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.867563] ? finish_task_switch.isra.0+0x153/0x700 [ 22.867584] ? __switch_to+0x47/0xf50 [ 22.867609] ? __schedule+0x10cc/0x2b60 [ 22.867628] ? __pfx_read_tsc+0x10/0x10 [ 22.867652] krealloc_large_more_oob+0x1c/0x30 [ 22.867725] kunit_try_run_case+0x1a5/0x480 [ 22.867753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.867776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.867797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.867818] ? __kthread_parkme+0x82/0x180 [ 22.867837] ? preempt_count_sub+0x50/0x80 [ 22.867859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.867883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.867906] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.867929] kthread+0x337/0x6f0 [ 22.867948] ? trace_preempt_on+0x20/0xc0 [ 22.867971] ? __pfx_kthread+0x10/0x10 [ 22.867991] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.868013] ? calculate_sigpending+0x7b/0xa0 [ 22.868036] ? __pfx_kthread+0x10/0x10 [ 22.868056] ret_from_fork+0x116/0x1d0 [ 22.868074] ? __pfx_kthread+0x10/0x10 [ 22.868094] ret_from_fork_asm+0x1a/0x30 [ 22.868124] </TASK> [ 22.868135] [ 22.877222] The buggy address belongs to the physical page: [ 22.877422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 22.877724] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.878111] flags: 0x200000000000040(head|node=0|zone=2) [ 22.878377] page_type: f8(unknown) [ 22.878576] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.879021] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.879391] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.879851] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.880084] head: 0200000000000002 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 22.880450] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.880826] page dumped because: kasan: bad access detected [ 22.881362] [ 22.881515] Memory state around the buggy address: [ 22.881672] ffff8881060c5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.882123] ffff8881060c6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.882406] >ffff8881060c6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 22.882950] ^ [ 22.883264] ffff8881060c6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.883579] ffff8881060c6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.883914] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 22.497158] ================================================================== [ 22.498316] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 22.499058] Read of size 1 at addr ffff888105f7f000 by task kunit_try_catch/188 [ 22.499764] [ 22.500031] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.500087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.500100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.500144] Call Trace: [ 22.500157] <TASK> [ 22.500177] dump_stack_lvl+0x73/0xb0 [ 22.500210] print_report+0xd1/0x650 [ 22.500232] ? __virt_addr_valid+0x1db/0x2d0 [ 22.500255] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.500278] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.500303] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.500340] kasan_report+0x141/0x180 [ 22.500361] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.500387] __asan_report_load1_noabort+0x18/0x20 [ 22.500410] kmalloc_node_oob_right+0x369/0x3c0 [ 22.500433] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 22.500456] ? __schedule+0x10cc/0x2b60 [ 22.500477] ? __pfx_read_tsc+0x10/0x10 [ 22.500508] ? ktime_get_ts64+0x86/0x230 [ 22.500534] kunit_try_run_case+0x1a5/0x480 [ 22.500560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.500582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.500603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.500624] ? __kthread_parkme+0x82/0x180 [ 22.500645] ? preempt_count_sub+0x50/0x80 [ 22.500668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.500746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.500770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.500793] kthread+0x337/0x6f0 [ 22.500813] ? trace_preempt_on+0x20/0xc0 [ 22.500836] ? __pfx_kthread+0x10/0x10 [ 22.500856] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.500879] ? calculate_sigpending+0x7b/0xa0 [ 22.500902] ? __pfx_kthread+0x10/0x10 [ 22.500923] ret_from_fork+0x116/0x1d0 [ 22.500942] ? __pfx_kthread+0x10/0x10 [ 22.500962] ret_from_fork_asm+0x1a/0x30 [ 22.500992] </TASK> [ 22.501005] [ 22.512458] Allocated by task 188: [ 22.512895] kasan_save_stack+0x45/0x70 [ 22.513064] kasan_save_track+0x18/0x40 [ 22.513196] kasan_save_alloc_info+0x3b/0x50 [ 22.513351] __kasan_kmalloc+0xb7/0xc0 [ 22.513484] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.513730] kmalloc_node_oob_right+0xab/0x3c0 [ 22.514098] kunit_try_run_case+0x1a5/0x480 [ 22.514272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.514521] kthread+0x337/0x6f0 [ 22.514696] ret_from_fork+0x116/0x1d0 [ 22.515455] ret_from_fork_asm+0x1a/0x30 [ 22.515619] [ 22.515715] The buggy address belongs to the object at ffff888105f7e000 [ 22.515715] which belongs to the cache kmalloc-4k of size 4096 [ 22.516493] The buggy address is located 0 bytes to the right of [ 22.516493] allocated 4096-byte region [ffff888105f7e000, ffff888105f7f000) [ 22.517037] [ 22.517133] The buggy address belongs to the physical page: [ 22.517461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f78 [ 22.518386] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.518845] anon flags: 0x200000000000040(head|node=0|zone=2) [ 22.519281] page_type: f5(slab) [ 22.519422] raw: 0200000000000040 ffff888100042140 0000000000000000 dead000000000001 [ 22.519982] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.520429] head: 0200000000000040 ffff888100042140 0000000000000000 dead000000000001 [ 22.520989] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.521400] head: 0200000000000003 ffffea000417de01 00000000ffffffff 00000000ffffffff [ 22.521895] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.522337] page dumped because: kasan: bad access detected [ 22.522574] [ 22.522665] Memory state around the buggy address: [ 22.522869] ffff888105f7ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.523129] ffff888105f7ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.523440] >ffff888105f7f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.523732] ^ [ 22.523883] ffff888105f7f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.524107] ffff888105f7f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.524492] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 22.454725] ================================================================== [ 22.455398] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 22.456383] Read of size 1 at addr ffff8881048b62ff by task kunit_try_catch/186 [ 22.457232] [ 22.457572] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.457631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.457645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.457668] Call Trace: [ 22.457771] <TASK> [ 22.457795] dump_stack_lvl+0x73/0xb0 [ 22.457851] print_report+0xd1/0x650 [ 22.457873] ? __virt_addr_valid+0x1db/0x2d0 [ 22.457897] ? kmalloc_oob_left+0x361/0x3c0 [ 22.457917] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.457942] ? kmalloc_oob_left+0x361/0x3c0 [ 22.457962] kasan_report+0x141/0x180 [ 22.457983] ? kmalloc_oob_left+0x361/0x3c0 [ 22.458007] __asan_report_load1_noabort+0x18/0x20 [ 22.458030] kmalloc_oob_left+0x361/0x3c0 [ 22.458051] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 22.458072] ? __schedule+0x10cc/0x2b60 [ 22.458093] ? __pfx_read_tsc+0x10/0x10 [ 22.458115] ? ktime_get_ts64+0x86/0x230 [ 22.458141] kunit_try_run_case+0x1a5/0x480 [ 22.458167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.458189] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.458211] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.458232] ? __kthread_parkme+0x82/0x180 [ 22.458252] ? preempt_count_sub+0x50/0x80 [ 22.458276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.458299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.458333] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.458356] kthread+0x337/0x6f0 [ 22.458376] ? trace_preempt_on+0x20/0xc0 [ 22.458399] ? __pfx_kthread+0x10/0x10 [ 22.458419] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.458442] ? calculate_sigpending+0x7b/0xa0 [ 22.458466] ? __pfx_kthread+0x10/0x10 [ 22.458504] ret_from_fork+0x116/0x1d0 [ 22.458522] ? __pfx_kthread+0x10/0x10 [ 22.458542] ret_from_fork_asm+0x1a/0x30 [ 22.458574] </TASK> [ 22.458587] [ 22.471759] Allocated by task 21: [ 22.472061] kasan_save_stack+0x45/0x70 [ 22.472280] kasan_save_track+0x18/0x40 [ 22.472591] kasan_save_alloc_info+0x3b/0x50 [ 22.472739] __kasan_kmalloc+0xb7/0xc0 [ 22.472878] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.473346] build_sched_domains+0x38c/0x5dd0 [ 22.473778] partition_sched_domains+0x471/0x9c0 [ 22.474234] rebuild_sched_domains_locked+0x97d/0xd50 [ 22.474573] cpuset_update_active_cpus+0x80f/0x1a90 [ 22.474952] sched_cpu_activate+0x2bf/0x330 [ 22.475352] cpuhp_invoke_callback+0x2a1/0xf00 [ 22.475846] cpuhp_thread_fun+0x2ce/0x5c0 [ 22.476061] smpboot_thread_fn+0x2bc/0x730 [ 22.476200] kthread+0x337/0x6f0 [ 22.476325] ret_from_fork+0x116/0x1d0 [ 22.476451] ret_from_fork_asm+0x1a/0x30 [ 22.476784] [ 22.477031] Freed by task 21: [ 22.477335] kasan_save_stack+0x45/0x70 [ 22.477698] kasan_save_track+0x18/0x40 [ 22.478101] kasan_save_free_info+0x3f/0x60 [ 22.478479] __kasan_slab_free+0x56/0x70 [ 22.478869] kfree+0x222/0x3f0 [ 22.479243] build_sched_domains+0x1fff/0x5dd0 [ 22.479657] partition_sched_domains+0x471/0x9c0 [ 22.479988] rebuild_sched_domains_locked+0x97d/0xd50 [ 22.480249] cpuset_update_active_cpus+0x80f/0x1a90 [ 22.480417] sched_cpu_activate+0x2bf/0x330 [ 22.480589] cpuhp_invoke_callback+0x2a1/0xf00 [ 22.481010] cpuhp_thread_fun+0x2ce/0x5c0 [ 22.481381] smpboot_thread_fn+0x2bc/0x730 [ 22.481833] kthread+0x337/0x6f0 [ 22.482213] ret_from_fork+0x116/0x1d0 [ 22.482609] ret_from_fork_asm+0x1a/0x30 [ 22.483022] [ 22.483185] The buggy address belongs to the object at ffff8881048b62e0 [ 22.483185] which belongs to the cache kmalloc-16 of size 16 [ 22.483551] The buggy address is located 15 bytes to the right of [ 22.483551] allocated 16-byte region [ffff8881048b62e0, ffff8881048b62f0) [ 22.483908] [ 22.483976] The buggy address belongs to the physical page: [ 22.484144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048b6 [ 22.484392] flags: 0x200000000000000(node=0|zone=2) [ 22.484555] page_type: f5(slab) [ 22.484890] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.486195] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.487426] page dumped because: kasan: bad access detected [ 22.487949] [ 22.488035] Memory state around the buggy address: [ 22.488190] ffff8881048b6180: fa fb fc fc fa fb fc fc 00 06 fc fc 00 06 fc fc [ 22.489134] ffff8881048b6200: 00 06 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 22.490088] >ffff8881048b6280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.490928] ^ [ 22.491352] ffff8881048b6300: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.492082] ffff8881048b6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.492978] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 22.384014] ================================================================== [ 22.384818] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.385510] Write of size 1 at addr ffff888105887d73 by task kunit_try_catch/184 [ 22.385951] [ 22.387152] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.387515] Tainted: [N]=TEST [ 22.387549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.387782] Call Trace: [ 22.387851] <TASK> [ 22.388004] dump_stack_lvl+0x73/0xb0 [ 22.388092] print_report+0xd1/0x650 [ 22.388121] ? __virt_addr_valid+0x1db/0x2d0 [ 22.388147] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.388168] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.388192] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.388213] kasan_report+0x141/0x180 [ 22.388234] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.388259] __asan_report_store1_noabort+0x1b/0x30 [ 22.388282] kmalloc_oob_right+0x6f0/0x7f0 [ 22.388303] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.388338] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.388363] kunit_try_run_case+0x1a5/0x480 [ 22.388390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.388412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.388434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.388455] ? __kthread_parkme+0x82/0x180 [ 22.388476] ? preempt_count_sub+0x50/0x80 [ 22.388499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.388536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.388559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.388583] kthread+0x337/0x6f0 [ 22.388601] ? trace_preempt_on+0x20/0xc0 [ 22.388626] ? __pfx_kthread+0x10/0x10 [ 22.388646] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.388683] ? calculate_sigpending+0x7b/0xa0 [ 22.388707] ? __pfx_kthread+0x10/0x10 [ 22.388728] ret_from_fork+0x116/0x1d0 [ 22.388748] ? __pfx_kthread+0x10/0x10 [ 22.388769] ret_from_fork_asm+0x1a/0x30 [ 22.388826] </TASK> [ 22.388894] [ 22.399270] Allocated by task 184: [ 22.400042] kasan_save_stack+0x45/0x70 [ 22.400297] kasan_save_track+0x18/0x40 [ 22.400469] kasan_save_alloc_info+0x3b/0x50 [ 22.400717] __kasan_kmalloc+0xb7/0xc0 [ 22.401136] __kmalloc_cache_noprof+0x189/0x420 [ 22.401365] kmalloc_oob_right+0xa9/0x7f0 [ 22.401546] kunit_try_run_case+0x1a5/0x480 [ 22.401982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.402187] kthread+0x337/0x6f0 [ 22.402372] ret_from_fork+0x116/0x1d0 [ 22.402525] ret_from_fork_asm+0x1a/0x30 [ 22.402805] [ 22.403336] The buggy address belongs to the object at ffff888105887d00 [ 22.403336] which belongs to the cache kmalloc-128 of size 128 [ 22.404137] The buggy address is located 0 bytes to the right of [ 22.404137] allocated 115-byte region [ffff888105887d00, ffff888105887d73) [ 22.404786] [ 22.405215] The buggy address belongs to the physical page: [ 22.405913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 22.406479] flags: 0x200000000000000(node=0|zone=2) [ 22.407113] page_type: f5(slab) [ 22.407667] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.408034] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.408482] page dumped because: kasan: bad access detected [ 22.408910] [ 22.409128] Memory state around the buggy address: [ 22.409786] ffff888105887c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.410115] ffff888105887c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.410461] >ffff888105887d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.411197] ^ [ 22.411628] ffff888105887d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.412194] ffff888105887e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.412652] ================================================================== [ 22.433152] ================================================================== [ 22.433409] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.433883] Read of size 1 at addr ffff888105887d80 by task kunit_try_catch/184 [ 22.434156] [ 22.434238] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.434285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.434298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.434366] Call Trace: [ 22.434404] <TASK> [ 22.434470] dump_stack_lvl+0x73/0xb0 [ 22.434507] print_report+0xd1/0x650 [ 22.434539] ? __virt_addr_valid+0x1db/0x2d0 [ 22.434562] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.434582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.434606] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.434627] kasan_report+0x141/0x180 [ 22.434647] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.434705] __asan_report_load1_noabort+0x18/0x20 [ 22.434760] kmalloc_oob_right+0x68a/0x7f0 [ 22.434781] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.434804] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.434828] kunit_try_run_case+0x1a5/0x480 [ 22.434852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.434875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.434896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.434917] ? __kthread_parkme+0x82/0x180 [ 22.434937] ? preempt_count_sub+0x50/0x80 [ 22.434960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.434984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.435006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.435030] kthread+0x337/0x6f0 [ 22.435049] ? trace_preempt_on+0x20/0xc0 [ 22.435072] ? __pfx_kthread+0x10/0x10 [ 22.435092] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.435115] ? calculate_sigpending+0x7b/0xa0 [ 22.435138] ? __pfx_kthread+0x10/0x10 [ 22.435159] ret_from_fork+0x116/0x1d0 [ 22.435178] ? __pfx_kthread+0x10/0x10 [ 22.435197] ret_from_fork_asm+0x1a/0x30 [ 22.435227] </TASK> [ 22.435238] [ 22.442634] Allocated by task 184: [ 22.442946] kasan_save_stack+0x45/0x70 [ 22.443142] kasan_save_track+0x18/0x40 [ 22.443339] kasan_save_alloc_info+0x3b/0x50 [ 22.443542] __kasan_kmalloc+0xb7/0xc0 [ 22.443669] __kmalloc_cache_noprof+0x189/0x420 [ 22.444058] kmalloc_oob_right+0xa9/0x7f0 [ 22.444270] kunit_try_run_case+0x1a5/0x480 [ 22.444487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.444834] kthread+0x337/0x6f0 [ 22.445039] ret_from_fork+0x116/0x1d0 [ 22.445216] ret_from_fork_asm+0x1a/0x30 [ 22.445363] [ 22.445430] The buggy address belongs to the object at ffff888105887d00 [ 22.445430] which belongs to the cache kmalloc-128 of size 128 [ 22.445786] The buggy address is located 13 bytes to the right of [ 22.445786] allocated 115-byte region [ffff888105887d00, ffff888105887d73) [ 22.446713] [ 22.446810] The buggy address belongs to the physical page: [ 22.447085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 22.447460] flags: 0x200000000000000(node=0|zone=2) [ 22.447695] page_type: f5(slab) [ 22.447879] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.448249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.448642] page dumped because: kasan: bad access detected [ 22.448824] [ 22.448889] Memory state around the buggy address: [ 22.449099] ffff888105887c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.449657] ffff888105887d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.449956] >ffff888105887d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.450226] ^ [ 22.450398] ffff888105887e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.450868] ffff888105887e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.451180] ================================================================== [ 22.414122] ================================================================== [ 22.414480] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.414860] Write of size 1 at addr ffff888105887d78 by task kunit_try_catch/184 [ 22.415354] [ 22.415462] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.415512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.415526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.415549] Call Trace: [ 22.415562] <TASK> [ 22.415579] dump_stack_lvl+0x73/0xb0 [ 22.415606] print_report+0xd1/0x650 [ 22.415628] ? __virt_addr_valid+0x1db/0x2d0 [ 22.415650] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.415670] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.415739] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.415761] kasan_report+0x141/0x180 [ 22.415820] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.415845] __asan_report_store1_noabort+0x1b/0x30 [ 22.415868] kmalloc_oob_right+0x6bd/0x7f0 [ 22.415889] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.415912] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.415937] kunit_try_run_case+0x1a5/0x480 [ 22.415961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.415984] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.416046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.416066] ? __kthread_parkme+0x82/0x180 [ 22.416131] ? preempt_count_sub+0x50/0x80 [ 22.416155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.416179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.416212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.416236] kthread+0x337/0x6f0 [ 22.416255] ? trace_preempt_on+0x20/0xc0 [ 22.416278] ? __pfx_kthread+0x10/0x10 [ 22.416298] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.416329] ? calculate_sigpending+0x7b/0xa0 [ 22.416353] ? __pfx_kthread+0x10/0x10 [ 22.416374] ret_from_fork+0x116/0x1d0 [ 22.416393] ? __pfx_kthread+0x10/0x10 [ 22.416413] ret_from_fork_asm+0x1a/0x30 [ 22.416445] </TASK> [ 22.416456] [ 22.423988] Allocated by task 184: [ 22.424167] kasan_save_stack+0x45/0x70 [ 22.424378] kasan_save_track+0x18/0x40 [ 22.424562] kasan_save_alloc_info+0x3b/0x50 [ 22.424768] __kasan_kmalloc+0xb7/0xc0 [ 22.424944] __kmalloc_cache_noprof+0x189/0x420 [ 22.425191] kmalloc_oob_right+0xa9/0x7f0 [ 22.425360] kunit_try_run_case+0x1a5/0x480 [ 22.425526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.425785] kthread+0x337/0x6f0 [ 22.426061] ret_from_fork+0x116/0x1d0 [ 22.426276] ret_from_fork_asm+0x1a/0x30 [ 22.426556] [ 22.426631] The buggy address belongs to the object at ffff888105887d00 [ 22.426631] which belongs to the cache kmalloc-128 of size 128 [ 22.427143] The buggy address is located 5 bytes to the right of [ 22.427143] allocated 115-byte region [ffff888105887d00, ffff888105887d73) [ 22.427522] [ 22.427614] The buggy address belongs to the physical page: [ 22.427945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105887 [ 22.428301] flags: 0x200000000000000(node=0|zone=2) [ 22.428684] page_type: f5(slab) [ 22.428851] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.429077] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.429418] page dumped because: kasan: bad access detected [ 22.429887] [ 22.430064] Memory state around the buggy address: [ 22.430411] ffff888105887c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.430838] ffff888105887c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.431193] >ffff888105887d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.431568] ^ [ 22.431897] ffff888105887d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.432187] ffff888105887e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.432464] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 179.899643] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2810 [ 179.900322] Modules linked in: [ 179.900476] CPU: 0 UID: 0 PID: 2810 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.901105] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.901387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.901877] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 179.902065] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 d3 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.902805] RSP: 0000:ffff88810937fc78 EFLAGS: 00010286 [ 179.903102] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 179.903464] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff92454b34 [ 179.903742] RBP: ffff88810937fca0 R08: 0000000000000000 R09: ffffed1020bc6080 [ 179.904276] R10: ffff888105e30407 R11: 0000000000000000 R12: ffffffff92454b20 [ 179.904582] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810937fd38 [ 179.904870] FS: 0000000000000000(0000) GS:ffff8881c6c2d000(0000) knlGS:0000000000000000 [ 179.905309] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.905577] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 179.905899] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499482 [ 179.906372] DR3: ffffffff94499483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.906626] Call Trace: [ 179.906760] <TASK> [ 179.906981] drm_test_rect_calc_vscale+0x108/0x270 [ 179.907196] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 179.907567] ? __schedule+0x10cc/0x2b60 [ 179.907744] ? __pfx_read_tsc+0x10/0x10 [ 179.908111] ? ktime_get_ts64+0x86/0x230 [ 179.908352] kunit_try_run_case+0x1a5/0x480 [ 179.908564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.908870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 179.909100] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.909335] ? __kthread_parkme+0x82/0x180 [ 179.909573] ? preempt_count_sub+0x50/0x80 [ 179.909767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.910075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.910304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.910603] kthread+0x337/0x6f0 [ 179.910735] ? trace_preempt_on+0x20/0xc0 [ 179.910877] ? __pfx_kthread+0x10/0x10 [ 179.911035] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.911323] ? calculate_sigpending+0x7b/0xa0 [ 179.911544] ? __pfx_kthread+0x10/0x10 [ 179.911951] ret_from_fork+0x116/0x1d0 [ 179.912134] ? __pfx_kthread+0x10/0x10 [ 179.912345] ret_from_fork_asm+0x1a/0x30 [ 179.912536] </TASK> [ 179.912652] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 179.881283] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2808 [ 179.881623] Modules linked in: [ 179.882119] CPU: 1 UID: 0 PID: 2808 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.882664] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.883145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.883627] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 179.884195] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 d3 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.885369] RSP: 0000:ffff888109ae7c78 EFLAGS: 00010286 [ 179.885627] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 179.886618] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff92454afc [ 179.887261] RBP: ffff888109ae7ca0 R08: 0000000000000000 R09: ffffed1020e41720 [ 179.887568] R10: ffff88810720b907 R11: 0000000000000000 R12: ffffffff92454ae8 [ 179.887874] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888109ae7d38 [ 179.888230] FS: 0000000000000000(0000) GS:ffff8881c6d2d000(0000) knlGS:0000000000000000 [ 179.888568] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.888796] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 179.889150] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499483 [ 179.889420] DR3: ffffffff94499485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.890370] Call Trace: [ 179.890512] <TASK> [ 179.890636] drm_test_rect_calc_vscale+0x108/0x270 [ 179.891053] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 179.891291] ? __schedule+0x10cc/0x2b60 [ 179.891533] ? __pfx_read_tsc+0x10/0x10 [ 179.891719] ? ktime_get_ts64+0x86/0x230 [ 179.891951] kunit_try_run_case+0x1a5/0x480 [ 179.892154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.892374] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 179.892661] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.892875] ? __kthread_parkme+0x82/0x180 [ 179.893086] ? preempt_count_sub+0x50/0x80 [ 179.893291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.893499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.893752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.894052] kthread+0x337/0x6f0 [ 179.894185] ? trace_preempt_on+0x20/0xc0 [ 179.894494] ? __pfx_kthread+0x10/0x10 [ 179.895561] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.895862] ? calculate_sigpending+0x7b/0xa0 [ 179.896081] ? __pfx_kthread+0x10/0x10 [ 179.896269] ret_from_fork+0x116/0x1d0 [ 179.896551] ? __pfx_kthread+0x10/0x10 [ 179.896731] ret_from_fork_asm+0x1a/0x30 [ 179.897057] </TASK> [ 179.897210] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 179.848133] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2798 [ 179.848477] Modules linked in: [ 179.848621] CPU: 0 UID: 0 PID: 2798 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.848969] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.849140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.849405] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 179.849576] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.850065] RSP: 0000:ffff888102cc7c78 EFLAGS: 00010286 [ 179.850983] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 179.851736] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff92454b38 [ 179.852499] RBP: ffff888102cc7ca0 R08: 0000000000000000 R09: ffffed1020bc6da0 [ 179.852986] R10: ffff888105e36d07 R11: 0000000000000000 R12: ffffffff92454b20 [ 179.853763] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102cc7d38 [ 179.854319] FS: 0000000000000000(0000) GS:ffff8881c6c2d000(0000) knlGS:0000000000000000 [ 179.855091] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.855314] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 179.856134] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499482 [ 179.856817] DR3: ffffffff94499483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.857441] Call Trace: [ 179.857587] <TASK> [ 179.857767] drm_test_rect_calc_hscale+0x108/0x270 [ 179.858220] ? __kasan_check_write+0x18/0x20 [ 179.858572] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 179.859012] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 179.859611] ? __pfx_read_tsc+0x10/0x10 [ 179.859979] ? ktime_get_ts64+0x86/0x230 [ 179.860240] kunit_try_run_case+0x1a5/0x480 [ 179.860726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.861275] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 179.861754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.861925] ? __kthread_parkme+0x82/0x180 [ 179.862065] ? preempt_count_sub+0x50/0x80 [ 179.862224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.862550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.862961] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.863150] kthread+0x337/0x6f0 [ 179.863279] ? trace_preempt_on+0x20/0xc0 [ 179.863615] ? __pfx_kthread+0x10/0x10 [ 179.864037] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.864495] ? calculate_sigpending+0x7b/0xa0 [ 179.865009] ? __pfx_kthread+0x10/0x10 [ 179.865466] ret_from_fork+0x116/0x1d0 [ 179.865916] ? __pfx_kthread+0x10/0x10 [ 179.866343] ret_from_fork_asm+0x1a/0x30 [ 179.866768] </TASK> [ 179.866862] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 179.825477] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2796 [ 179.826307] Modules linked in: [ 179.826532] CPU: 0 UID: 0 PID: 2796 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.828085] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.828350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.829128] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 179.829430] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 179.830463] RSP: 0000:ffff88810916fc78 EFLAGS: 00010286 [ 179.830971] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 179.831300] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff92454b00 [ 179.832194] RBP: ffff88810916fca0 R08: 0000000000000000 R09: ffffed1020bc6d80 [ 179.832580] R10: ffff888105e36c07 R11: 0000000000000000 R12: ffffffff92454ae8 [ 179.833141] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810916fd38 [ 179.833620] FS: 0000000000000000(0000) GS:ffff8881c6c2d000(0000) knlGS:0000000000000000 [ 179.834200] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.834596] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 179.835039] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499482 [ 179.835370] DR3: ffffffff94499483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.835971] Call Trace: [ 179.836108] <TASK> [ 179.836261] drm_test_rect_calc_hscale+0x108/0x270 [ 179.836562] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 179.836761] ? __schedule+0x10cc/0x2b60 [ 179.837059] ? __pfx_read_tsc+0x10/0x10 [ 179.837537] ? ktime_get_ts64+0x86/0x230 [ 179.837825] kunit_try_run_case+0x1a5/0x480 [ 179.838082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.838330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 179.838553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 179.838971] ? __kthread_parkme+0x82/0x180 [ 179.839352] ? preempt_count_sub+0x50/0x80 [ 179.839521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 179.839922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.840138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.840772] kthread+0x337/0x6f0 [ 179.840960] ? trace_preempt_on+0x20/0xc0 [ 179.841161] ? __pfx_kthread+0x10/0x10 [ 179.841310] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.841590] ? calculate_sigpending+0x7b/0xa0 [ 179.841875] ? __pfx_kthread+0x10/0x10 [ 179.842158] ret_from_fork+0x116/0x1d0 [ 179.842322] ? __pfx_kthread+0x10/0x10 [ 179.842520] ret_from_fork_asm+0x1a/0x30 [ 179.842682] </TASK> [ 179.842852] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 123.103263] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 59.938619] ================================================================== [ 59.938978] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 59.938978] [ 59.939354] Use-after-free read at 0x(____ptrval____) (in kfence-#157): [ 59.939648] test_krealloc+0x6fc/0xbe0 [ 59.939825] kunit_try_run_case+0x1a5/0x480 [ 59.940024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.940222] kthread+0x337/0x6f0 [ 59.940381] ret_from_fork+0x116/0x1d0 [ 59.940570] ret_from_fork_asm+0x1a/0x30 [ 59.940800] [ 59.940870] kfence-#157: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 59.940870] [ 59.941267] allocated by task 385 on cpu 1 at 59.937976s (0.003288s ago): [ 59.941615] test_alloc+0x364/0x10f0 [ 59.941819] test_krealloc+0xad/0xbe0 [ 59.941960] kunit_try_run_case+0x1a5/0x480 [ 59.942168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.942385] kthread+0x337/0x6f0 [ 59.942593] ret_from_fork+0x116/0x1d0 [ 59.942727] ret_from_fork_asm+0x1a/0x30 [ 59.942861] [ 59.942930] freed by task 385 on cpu 1 at 59.938209s (0.004718s ago): [ 59.943228] krealloc_noprof+0x108/0x340 [ 59.943428] test_krealloc+0x226/0xbe0 [ 59.943987] kunit_try_run_case+0x1a5/0x480 [ 59.944186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.944412] kthread+0x337/0x6f0 [ 59.945041] ret_from_fork+0x116/0x1d0 [ 59.945223] ret_from_fork_asm+0x1a/0x30 [ 59.945414] [ 59.945742] CPU: 1 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 59.946390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 59.946541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 59.946927] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 59.849935] ================================================================== [ 59.850339] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 59.850339] [ 59.850741] Use-after-free read at 0x(____ptrval____) (in kfence-#156): [ 59.851059] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 59.851320] kunit_try_run_case+0x1a5/0x480 [ 59.851478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.851763] kthread+0x337/0x6f0 [ 59.851886] ret_from_fork+0x116/0x1d0 [ 59.852070] ret_from_fork_asm+0x1a/0x30 [ 59.852256] [ 59.852339] kfence-#156: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 59.852339] [ 59.852713] allocated by task 383 on cpu 0 at 59.834694s (0.018017s ago): [ 59.853039] test_alloc+0x2a6/0x10f0 [ 59.853227] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 59.853457] kunit_try_run_case+0x1a5/0x480 [ 59.854388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.854815] kthread+0x337/0x6f0 [ 59.854959] ret_from_fork+0x116/0x1d0 [ 59.855162] ret_from_fork_asm+0x1a/0x30 [ 59.855351] [ 59.855492] freed by task 383 on cpu 0 at 59.834851s (0.020637s ago): [ 59.855779] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 59.856013] kunit_try_run_case+0x1a5/0x480 [ 59.856211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.856433] kthread+0x337/0x6f0 [ 59.856620] ret_from_fork+0x116/0x1d0 [ 59.856816] ret_from_fork_asm+0x1a/0x30 [ 59.856972] [ 59.857097] CPU: 0 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 59.857634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 59.857818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 59.858148] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 34.680817] ================================================================== [ 34.681263] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 34.681263] [ 34.681589] Invalid read at 0x(____ptrval____): [ 34.681758] test_invalid_access+0xf0/0x210 [ 34.682040] kunit_try_run_case+0x1a5/0x480 [ 34.682261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.682637] kthread+0x337/0x6f0 [ 34.682833] ret_from_fork+0x116/0x1d0 [ 34.683080] ret_from_fork_asm+0x1a/0x30 [ 34.683292] [ 34.683429] CPU: 0 UID: 0 PID: 379 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 34.684098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.684266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.684684] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 34.458152] ================================================================== [ 34.458614] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.458614] [ 34.458977] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#152): [ 34.459615] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.459814] kunit_try_run_case+0x1a5/0x480 [ 34.460163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.460371] kthread+0x337/0x6f0 [ 34.460511] ret_from_fork+0x116/0x1d0 [ 34.460799] ret_from_fork_asm+0x1a/0x30 [ 34.460939] [ 34.461009] kfence-#152: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 34.461009] [ 34.461448] allocated by task 373 on cpu 1 at 34.457898s (0.003547s ago): [ 34.461830] test_alloc+0x364/0x10f0 [ 34.462017] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 34.462227] kunit_try_run_case+0x1a5/0x480 [ 34.462425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.462641] kthread+0x337/0x6f0 [ 34.462803] ret_from_fork+0x116/0x1d0 [ 34.462961] ret_from_fork_asm+0x1a/0x30 [ 34.463133] [ 34.463217] freed by task 373 on cpu 1 at 34.458036s (0.005179s ago): [ 34.463468] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.463634] kunit_try_run_case+0x1a5/0x480 [ 34.463799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.464092] kthread+0x337/0x6f0 [ 34.464257] ret_from_fork+0x116/0x1d0 [ 34.464402] ret_from_fork_asm+0x1a/0x30 [ 34.464690] [ 34.464808] CPU: 1 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 34.465259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.465417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.465771] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 34.354114] ================================================================== [ 34.354500] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.354500] [ 34.355165] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#151): [ 34.355695] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.356045] kunit_try_run_case+0x1a5/0x480 [ 34.356248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.356752] kthread+0x337/0x6f0 [ 34.356929] ret_from_fork+0x116/0x1d0 [ 34.357096] ret_from_fork_asm+0x1a/0x30 [ 34.357433] [ 34.357546] kfence-#151: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 34.357546] [ 34.358074] allocated by task 371 on cpu 0 at 34.353911s (0.004159s ago): [ 34.358433] test_alloc+0x364/0x10f0 [ 34.358778] test_kmalloc_aligned_oob_read+0x105/0x560 [ 34.359067] kunit_try_run_case+0x1a5/0x480 [ 34.359369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.359766] kthread+0x337/0x6f0 [ 34.359905] ret_from_fork+0x116/0x1d0 [ 34.360232] ret_from_fork_asm+0x1a/0x30 [ 34.360419] [ 34.360589] CPU: 0 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 34.361237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.361456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.361993] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 28.946265] ================================================================== [ 28.946773] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 28.946773] [ 28.947042] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#99): [ 28.947452] test_corruption+0x2df/0x3e0 [ 28.947603] kunit_try_run_case+0x1a5/0x480 [ 28.947782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.948135] kthread+0x337/0x6f0 [ 28.948368] ret_from_fork+0x116/0x1d0 [ 28.948613] ret_from_fork_asm+0x1a/0x30 [ 28.948765] [ 28.948835] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.948835] [ 28.949256] allocated by task 359 on cpu 1 at 28.946029s (0.003224s ago): [ 28.949510] test_alloc+0x364/0x10f0 [ 28.949702] test_corruption+0x1cb/0x3e0 [ 28.949859] kunit_try_run_case+0x1a5/0x480 [ 28.950001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.950218] kthread+0x337/0x6f0 [ 28.950382] ret_from_fork+0x116/0x1d0 [ 28.950512] ret_from_fork_asm+0x1a/0x30 [ 28.950647] [ 28.950713] freed by task 359 on cpu 1 at 28.946108s (0.004603s ago): [ 28.951014] test_corruption+0x2df/0x3e0 [ 28.951211] kunit_try_run_case+0x1a5/0x480 [ 28.951404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.951623] kthread+0x337/0x6f0 [ 28.951742] ret_from_fork+0x116/0x1d0 [ 28.951904] ret_from_fork_asm+0x1a/0x30 [ 28.952101] [ 28.952217] CPU: 1 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.952871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.953084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.953414] ================================================================== [ 29.778096] ================================================================== [ 29.778480] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 29.778480] [ 29.778946] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#107): [ 29.779320] test_corruption+0x216/0x3e0 [ 29.779469] kunit_try_run_case+0x1a5/0x480 [ 29.779685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.779982] kthread+0x337/0x6f0 [ 29.780157] ret_from_fork+0x116/0x1d0 [ 29.780416] ret_from_fork_asm+0x1a/0x30 [ 29.780700] [ 29.780787] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.780787] [ 29.781174] allocated by task 361 on cpu 0 at 29.777971s (0.003201s ago): [ 29.781477] test_alloc+0x2a6/0x10f0 [ 29.781680] test_corruption+0x1cb/0x3e0 [ 29.781954] kunit_try_run_case+0x1a5/0x480 [ 29.782100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.782361] kthread+0x337/0x6f0 [ 29.782585] ret_from_fork+0x116/0x1d0 [ 29.782768] ret_from_fork_asm+0x1a/0x30 [ 29.782985] [ 29.783077] freed by task 361 on cpu 0 at 29.778024s (0.005052s ago): [ 29.783395] test_corruption+0x216/0x3e0 [ 29.783583] kunit_try_run_case+0x1a5/0x480 [ 29.783724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.784071] kthread+0x337/0x6f0 [ 29.784239] ret_from_fork+0x116/0x1d0 [ 29.784440] ret_from_fork_asm+0x1a/0x30 [ 29.784697] [ 29.784830] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.785267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.785441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.786228] ================================================================== [ 28.842208] ================================================================== [ 28.842707] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 28.842707] [ 28.843076] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#98): [ 28.843809] test_corruption+0x2d2/0x3e0 [ 28.844001] kunit_try_run_case+0x1a5/0x480 [ 28.844172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.844374] kthread+0x337/0x6f0 [ 28.844543] ret_from_fork+0x116/0x1d0 [ 28.844792] ret_from_fork_asm+0x1a/0x30 [ 28.844956] [ 28.845046] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.845046] [ 28.845409] allocated by task 359 on cpu 1 at 28.841970s (0.003436s ago): [ 28.845648] test_alloc+0x364/0x10f0 [ 28.845848] test_corruption+0xe6/0x3e0 [ 28.846041] kunit_try_run_case+0x1a5/0x480 [ 28.846197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.846378] kthread+0x337/0x6f0 [ 28.846541] ret_from_fork+0x116/0x1d0 [ 28.846723] ret_from_fork_asm+0x1a/0x30 [ 28.846890] [ 28.846957] freed by task 359 on cpu 1 at 28.842049s (0.004906s ago): [ 28.847685] test_corruption+0x2d2/0x3e0 [ 28.847911] kunit_try_run_case+0x1a5/0x480 [ 28.848119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.848350] kthread+0x337/0x6f0 [ 28.848471] ret_from_fork+0x116/0x1d0 [ 28.848670] ret_from_fork_asm+0x1a/0x30 [ 28.848848] [ 28.848942] CPU: 1 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.849401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.849594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.849998] ================================================================== [ 29.674082] ================================================================== [ 29.674491] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 29.674491] [ 29.674866] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#106): [ 29.675599] test_corruption+0x131/0x3e0 [ 29.675749] kunit_try_run_case+0x1a5/0x480 [ 29.676070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.676235] kthread+0x337/0x6f0 [ 29.676552] ret_from_fork+0x116/0x1d0 [ 29.676760] ret_from_fork_asm+0x1a/0x30 [ 29.676983] [ 29.677101] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.677101] [ 29.677374] allocated by task 361 on cpu 0 at 29.673939s (0.003433s ago): [ 29.677648] test_alloc+0x2a6/0x10f0 [ 29.677859] test_corruption+0xe6/0x3e0 [ 29.678152] kunit_try_run_case+0x1a5/0x480 [ 29.678382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.678841] kthread+0x337/0x6f0 [ 29.679005] ret_from_fork+0x116/0x1d0 [ 29.679131] ret_from_fork_asm+0x1a/0x30 [ 29.679263] [ 29.679342] freed by task 361 on cpu 0 at 29.673995s (0.005345s ago): [ 29.679666] test_corruption+0x131/0x3e0 [ 29.679993] kunit_try_run_case+0x1a5/0x480 [ 29.680215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.680452] kthread+0x337/0x6f0 [ 29.680566] ret_from_fork+0x116/0x1d0 [ 29.680762] ret_from_fork_asm+0x1a/0x30 [ 29.680977] [ 29.681111] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 29.681678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.681816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.682206] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 28.634112] ================================================================== [ 28.634493] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 28.634493] [ 28.634925] Invalid free of 0x(____ptrval____) (in kfence-#96): [ 28.635243] test_invalid_addr_free+0x1e1/0x260 [ 28.635408] kunit_try_run_case+0x1a5/0x480 [ 28.635641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.635910] kthread+0x337/0x6f0 [ 28.636077] ret_from_fork+0x116/0x1d0 [ 28.636278] ret_from_fork_asm+0x1a/0x30 [ 28.636513] [ 28.636637] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.636637] [ 28.636973] allocated by task 355 on cpu 0 at 28.633978s (0.002992s ago): [ 28.637184] test_alloc+0x364/0x10f0 [ 28.637377] test_invalid_addr_free+0xdb/0x260 [ 28.637612] kunit_try_run_case+0x1a5/0x480 [ 28.637986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.638588] kthread+0x337/0x6f0 [ 28.638868] ret_from_fork+0x116/0x1d0 [ 28.639000] ret_from_fork_asm+0x1a/0x30 [ 28.639160] [ 28.639280] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.640343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.640696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.641144] ================================================================== [ 28.738142] ================================================================== [ 28.738531] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 28.738531] [ 28.738869] Invalid free of 0x(____ptrval____) (in kfence-#97): [ 28.739150] test_invalid_addr_free+0xfb/0x260 [ 28.739339] kunit_try_run_case+0x1a5/0x480 [ 28.739567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.739832] kthread+0x337/0x6f0 [ 28.740000] ret_from_fork+0x116/0x1d0 [ 28.740180] ret_from_fork_asm+0x1a/0x30 [ 28.740380] [ 28.740465] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.740465] [ 28.740810] allocated by task 357 on cpu 1 at 28.738037s (0.002770s ago): [ 28.741139] test_alloc+0x2a6/0x10f0 [ 28.741297] test_invalid_addr_free+0xdb/0x260 [ 28.741523] kunit_try_run_case+0x1a5/0x480 [ 28.741722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.741923] kthread+0x337/0x6f0 [ 28.742086] ret_from_fork+0x116/0x1d0 [ 28.742256] ret_from_fork_asm+0x1a/0x30 [ 28.742430] [ 28.742579] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.743034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.743198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.743594] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 28.530174] ================================================================== [ 28.530725] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 28.530725] [ 28.531109] Invalid free of 0x(____ptrval____) (in kfence-#95): [ 28.531339] test_double_free+0x112/0x260 [ 28.531535] kunit_try_run_case+0x1a5/0x480 [ 28.531772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.532026] kthread+0x337/0x6f0 [ 28.532199] ret_from_fork+0x116/0x1d0 [ 28.532341] ret_from_fork_asm+0x1a/0x30 [ 28.532584] [ 28.532681] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.532681] [ 28.533011] allocated by task 353 on cpu 0 at 28.529999s (0.003010s ago): [ 28.533267] test_alloc+0x2a6/0x10f0 [ 28.533463] test_double_free+0xdb/0x260 [ 28.533771] kunit_try_run_case+0x1a5/0x480 [ 28.533965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.534187] kthread+0x337/0x6f0 [ 28.534370] ret_from_fork+0x116/0x1d0 [ 28.534563] ret_from_fork_asm+0x1a/0x30 [ 28.534777] [ 28.534845] freed by task 353 on cpu 0 at 28.530053s (0.004790s ago): [ 28.535171] test_double_free+0xfa/0x260 [ 28.535352] kunit_try_run_case+0x1a5/0x480 [ 28.535489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.535655] kthread+0x337/0x6f0 [ 28.535769] ret_from_fork+0x116/0x1d0 [ 28.535893] ret_from_fork_asm+0x1a/0x30 [ 28.536024] [ 28.536116] CPU: 0 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.536793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.537135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.538268] ================================================================== [ 28.426290] ================================================================== [ 28.426784] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 28.426784] [ 28.427088] Invalid free of 0x(____ptrval____) (in kfence-#94): [ 28.427389] test_double_free+0x1d3/0x260 [ 28.428033] kunit_try_run_case+0x1a5/0x480 [ 28.428213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.428477] kthread+0x337/0x6f0 [ 28.428665] ret_from_fork+0x116/0x1d0 [ 28.428816] ret_from_fork_asm+0x1a/0x30 [ 28.429013] [ 28.429110] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.429110] [ 28.429475] allocated by task 351 on cpu 1 at 28.426018s (0.003455s ago): [ 28.430291] test_alloc+0x364/0x10f0 [ 28.430612] test_double_free+0xdb/0x260 [ 28.430788] kunit_try_run_case+0x1a5/0x480 [ 28.431101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.431339] kthread+0x337/0x6f0 [ 28.431489] ret_from_fork+0x116/0x1d0 [ 28.431838] ret_from_fork_asm+0x1a/0x30 [ 28.432048] [ 28.432118] freed by task 351 on cpu 1 at 28.426093s (0.006023s ago): [ 28.432532] test_double_free+0x1e0/0x260 [ 28.432840] kunit_try_run_case+0x1a5/0x480 [ 28.433099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.433410] kthread+0x337/0x6f0 [ 28.433609] ret_from_fork+0x116/0x1d0 [ 28.433777] ret_from_fork_asm+0x1a/0x30 [ 28.433952] [ 28.434062] CPU: 1 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.434568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.435049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.435485] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 28.010223] ================================================================== [ 28.010667] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.010667] [ 28.011130] Use-after-free read at 0x(____ptrval____) (in kfence-#90): [ 28.011403] test_use_after_free_read+0x129/0x270 [ 28.011818] kunit_try_run_case+0x1a5/0x480 [ 28.011991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.012215] kthread+0x337/0x6f0 [ 28.012393] ret_from_fork+0x116/0x1d0 [ 28.012600] ret_from_fork_asm+0x1a/0x30 [ 28.012737] [ 28.012849] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.012849] [ 28.013199] allocated by task 343 on cpu 0 at 28.010016s (0.003180s ago): [ 28.013428] test_alloc+0x364/0x10f0 [ 28.013588] test_use_after_free_read+0xdc/0x270 [ 28.013815] kunit_try_run_case+0x1a5/0x480 [ 28.014034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.014249] kthread+0x337/0x6f0 [ 28.014373] ret_from_fork+0x116/0x1d0 [ 28.014776] ret_from_fork_asm+0x1a/0x30 [ 28.015581] [ 28.015816] freed by task 343 on cpu 0 at 28.010067s (0.005664s ago): [ 28.016158] test_use_after_free_read+0x1e7/0x270 [ 28.016402] kunit_try_run_case+0x1a5/0x480 [ 28.016549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.016861] kthread+0x337/0x6f0 [ 28.016979] ret_from_fork+0x116/0x1d0 [ 28.017159] ret_from_fork_asm+0x1a/0x30 [ 28.017356] [ 28.017477] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.017949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.018152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.018486] ================================================================== [ 28.114173] ================================================================== [ 28.114633] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.114633] [ 28.115020] Use-after-free read at 0x(____ptrval____) (in kfence-#91): [ 28.115273] test_use_after_free_read+0x129/0x270 [ 28.115511] kunit_try_run_case+0x1a5/0x480 [ 28.115661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.115924] kthread+0x337/0x6f0 [ 28.116096] ret_from_fork+0x116/0x1d0 [ 28.116284] ret_from_fork_asm+0x1a/0x30 [ 28.116496] [ 28.116600] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.116600] [ 28.116953] allocated by task 345 on cpu 1 at 28.114036s (0.002915s ago): [ 28.117181] test_alloc+0x2a6/0x10f0 [ 28.117362] test_use_after_free_read+0xdc/0x270 [ 28.117607] kunit_try_run_case+0x1a5/0x480 [ 28.117840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.118012] kthread+0x337/0x6f0 [ 28.118129] ret_from_fork+0x116/0x1d0 [ 28.118330] ret_from_fork_asm+0x1a/0x30 [ 28.118515] [ 28.118610] freed by task 345 on cpu 1 at 28.114095s (0.004512s ago): [ 28.118841] test_use_after_free_read+0xfb/0x270 [ 28.118991] kunit_try_run_case+0x1a5/0x480 [ 28.119207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.119475] kthread+0x337/0x6f0 [ 28.119715] ret_from_fork+0x116/0x1d0 [ 28.119894] ret_from_fork_asm+0x1a/0x30 [ 28.120073] [ 28.120185] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 28.120560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.120733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.121170] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 27.698130] ================================================================== [ 27.698548] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.698548] [ 27.699075] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#87): [ 27.699377] test_out_of_bounds_write+0x10d/0x260 [ 27.700012] kunit_try_run_case+0x1a5/0x480 [ 27.700189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.700456] kthread+0x337/0x6f0 [ 27.700867] ret_from_fork+0x116/0x1d0 [ 27.701122] ret_from_fork_asm+0x1a/0x30 [ 27.701382] [ 27.701478] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.701478] [ 27.702048] allocated by task 339 on cpu 0 at 27.698001s (0.004043s ago): [ 27.702463] test_alloc+0x364/0x10f0 [ 27.702831] test_out_of_bounds_write+0xd4/0x260 [ 27.703038] kunit_try_run_case+0x1a5/0x480 [ 27.703343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.703701] kthread+0x337/0x6f0 [ 27.703856] ret_from_fork+0x116/0x1d0 [ 27.704137] ret_from_fork_asm+0x1a/0x30 [ 27.704314] [ 27.704435] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.705095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.705279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.705806] ================================================================== [ 27.906053] ================================================================== [ 27.906458] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.906458] [ 27.906889] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#89): [ 27.907268] test_out_of_bounds_write+0x10d/0x260 [ 27.907438] kunit_try_run_case+0x1a5/0x480 [ 27.907621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.907915] kthread+0x337/0x6f0 [ 27.908153] ret_from_fork+0x116/0x1d0 [ 27.908394] ret_from_fork_asm+0x1a/0x30 [ 27.908611] [ 27.908732] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.908732] [ 27.909011] allocated by task 341 on cpu 1 at 27.905993s (0.003016s ago): [ 27.909328] test_alloc+0x2a6/0x10f0 [ 27.909529] test_out_of_bounds_write+0xd4/0x260 [ 27.909867] kunit_try_run_case+0x1a5/0x480 [ 27.910098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.910285] kthread+0x337/0x6f0 [ 27.910409] ret_from_fork+0x116/0x1d0 [ 27.910733] ret_from_fork_asm+0x1a/0x30 [ 27.910931] [ 27.911052] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.911624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.911904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.912168] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 27.490074] ================================================================== [ 27.490458] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.490458] [ 27.490924] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#85): [ 27.491224] test_out_of_bounds_read+0x126/0x4e0 [ 27.491444] kunit_try_run_case+0x1a5/0x480 [ 27.491596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.491892] kthread+0x337/0x6f0 [ 27.492044] ret_from_fork+0x116/0x1d0 [ 27.492211] ret_from_fork_asm+0x1a/0x30 [ 27.492419] [ 27.492550] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.492550] [ 27.492848] allocated by task 337 on cpu 1 at 27.490017s (0.002828s ago): [ 27.493195] test_alloc+0x2a6/0x10f0 [ 27.493399] test_out_of_bounds_read+0xed/0x4e0 [ 27.493665] kunit_try_run_case+0x1a5/0x480 [ 27.493863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.494107] kthread+0x337/0x6f0 [ 27.494265] ret_from_fork+0x116/0x1d0 [ 27.494420] ret_from_fork_asm+0x1a/0x30 [ 27.494560] [ 27.494652] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.495177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.495331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.495655] ================================================================== [ 27.594112] ================================================================== [ 27.594499] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.594499] [ 27.594853] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#86): [ 27.595212] test_out_of_bounds_read+0x216/0x4e0 [ 27.595396] kunit_try_run_case+0x1a5/0x480 [ 27.595719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.595949] kthread+0x337/0x6f0 [ 27.596103] ret_from_fork+0x116/0x1d0 [ 27.596241] ret_from_fork_asm+0x1a/0x30 [ 27.596391] [ 27.596478] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.596478] [ 27.596895] allocated by task 337 on cpu 1 at 27.594061s (0.002832s ago): [ 27.597233] test_alloc+0x2a6/0x10f0 [ 27.597418] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.597598] kunit_try_run_case+0x1a5/0x480 [ 27.597810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.597981] kthread+0x337/0x6f0 [ 27.598215] ret_from_fork+0x116/0x1d0 [ 27.598415] ret_from_fork_asm+0x1a/0x30 [ 27.598702] [ 27.598796] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.599447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.599735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.600093] ================================================================== [ 27.282897] ================================================================== [ 27.283391] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.283391] [ 27.283953] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#83): [ 27.284420] test_out_of_bounds_read+0x126/0x4e0 [ 27.284607] kunit_try_run_case+0x1a5/0x480 [ 27.284860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.285069] kthread+0x337/0x6f0 [ 27.285188] ret_from_fork+0x116/0x1d0 [ 27.285389] ret_from_fork_asm+0x1a/0x30 [ 27.285755] [ 27.286059] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.286059] [ 27.286587] allocated by task 335 on cpu 1 at 27.281869s (0.004659s ago): [ 27.287234] test_alloc+0x364/0x10f0 [ 27.287488] test_out_of_bounds_read+0xed/0x4e0 [ 27.287727] kunit_try_run_case+0x1a5/0x480 [ 27.287922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.288120] kthread+0x337/0x6f0 [ 27.288285] ret_from_fork+0x116/0x1d0 [ 27.288488] ret_from_fork_asm+0x1a/0x30 [ 27.288747] [ 27.288918] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.289455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.289656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.290107] ================================================================== [ 27.386188] ================================================================== [ 27.386628] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.386628] [ 27.387110] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#84): [ 27.387473] test_out_of_bounds_read+0x216/0x4e0 [ 27.387684] kunit_try_run_case+0x1a5/0x480 [ 27.387835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.388085] kthread+0x337/0x6f0 [ 27.388273] ret_from_fork+0x116/0x1d0 [ 27.388488] ret_from_fork_asm+0x1a/0x30 [ 27.388762] [ 27.388837] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.388837] [ 27.389274] allocated by task 335 on cpu 1 at 27.386013s (0.003258s ago): [ 27.389601] test_alloc+0x364/0x10f0 [ 27.389729] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.389883] kunit_try_run_case+0x1a5/0x480 [ 27.390457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.390868] kthread+0x337/0x6f0 [ 27.391184] ret_from_fork+0x116/0x1d0 [ 27.391479] ret_from_fork_asm+0x1a/0x30 [ 27.391660] [ 27.391783] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.392235] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.392408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.392774] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 23.535291] ================================================================== [ 23.535624] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 23.535831] Read of size 1 at addr ffff888104950600 by task kunit_try_catch/244 [ 23.536191] [ 23.536324] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.536372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.536384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.536405] Call Trace: [ 23.536418] <TASK> [ 23.536435] dump_stack_lvl+0x73/0xb0 [ 23.536463] print_report+0xd1/0x650 [ 23.536485] ? __virt_addr_valid+0x1db/0x2d0 [ 23.536520] ? ksize_uaf+0x5fe/0x6c0 [ 23.536549] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.536575] ? ksize_uaf+0x5fe/0x6c0 [ 23.536595] kasan_report+0x141/0x180 [ 23.536628] ? ksize_uaf+0x5fe/0x6c0 [ 23.536653] __asan_report_load1_noabort+0x18/0x20 [ 23.536676] ksize_uaf+0x5fe/0x6c0 [ 23.536696] ? __pfx_ksize_uaf+0x10/0x10 [ 23.536725] ? __schedule+0x10cc/0x2b60 [ 23.536746] ? __pfx_read_tsc+0x10/0x10 [ 23.536767] ? ktime_get_ts64+0x86/0x230 [ 23.536884] kunit_try_run_case+0x1a5/0x480 [ 23.536918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.536941] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.536974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.536996] ? __kthread_parkme+0x82/0x180 [ 23.537017] ? preempt_count_sub+0x50/0x80 [ 23.537050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.537075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.537098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.537133] kthread+0x337/0x6f0 [ 23.537153] ? trace_preempt_on+0x20/0xc0 [ 23.537176] ? __pfx_kthread+0x10/0x10 [ 23.537196] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.537220] ? calculate_sigpending+0x7b/0xa0 [ 23.537243] ? __pfx_kthread+0x10/0x10 [ 23.537264] ret_from_fork+0x116/0x1d0 [ 23.537283] ? __pfx_kthread+0x10/0x10 [ 23.537304] ret_from_fork_asm+0x1a/0x30 [ 23.537344] </TASK> [ 23.537355] [ 23.544815] Allocated by task 244: [ 23.545037] kasan_save_stack+0x45/0x70 [ 23.545273] kasan_save_track+0x18/0x40 [ 23.545521] kasan_save_alloc_info+0x3b/0x50 [ 23.545841] __kasan_kmalloc+0xb7/0xc0 [ 23.546039] __kmalloc_cache_noprof+0x189/0x420 [ 23.546230] ksize_uaf+0xaa/0x6c0 [ 23.546417] kunit_try_run_case+0x1a5/0x480 [ 23.546885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.547139] kthread+0x337/0x6f0 [ 23.547291] ret_from_fork+0x116/0x1d0 [ 23.547511] ret_from_fork_asm+0x1a/0x30 [ 23.547772] [ 23.547876] Freed by task 244: [ 23.548030] kasan_save_stack+0x45/0x70 [ 23.548213] kasan_save_track+0x18/0x40 [ 23.548391] kasan_save_free_info+0x3f/0x60 [ 23.548634] __kasan_slab_free+0x56/0x70 [ 23.548919] kfree+0x222/0x3f0 [ 23.549097] ksize_uaf+0x12c/0x6c0 [ 23.549272] kunit_try_run_case+0x1a5/0x480 [ 23.549424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.549593] kthread+0x337/0x6f0 [ 23.549708] ret_from_fork+0x116/0x1d0 [ 23.549846] ret_from_fork_asm+0x1a/0x30 [ 23.550117] [ 23.550213] The buggy address belongs to the object at ffff888104950600 [ 23.550213] which belongs to the cache kmalloc-128 of size 128 [ 23.551046] The buggy address is located 0 bytes inside of [ 23.551046] freed 128-byte region [ffff888104950600, ffff888104950680) [ 23.551619] [ 23.551763] The buggy address belongs to the physical page: [ 23.552018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.552256] flags: 0x200000000000000(node=0|zone=2) [ 23.552425] page_type: f5(slab) [ 23.552572] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.552935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.553303] page dumped because: kasan: bad access detected [ 23.553697] [ 23.553894] Memory state around the buggy address: [ 23.554059] ffff888104950500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.554285] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.554892] >ffff888104950600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.555221] ^ [ 23.555391] ffff888104950680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.555708] ffff888104950700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.555916] ================================================================== [ 23.506471] ================================================================== [ 23.507072] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 23.507281] Read of size 1 at addr ffff888104950600 by task kunit_try_catch/244 [ 23.507515] [ 23.507594] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.507640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.507652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.507672] Call Trace: [ 23.507683] <TASK> [ 23.507698] dump_stack_lvl+0x73/0xb0 [ 23.507725] print_report+0xd1/0x650 [ 23.507746] ? __virt_addr_valid+0x1db/0x2d0 [ 23.507768] ? ksize_uaf+0x19d/0x6c0 [ 23.507787] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.507812] ? ksize_uaf+0x19d/0x6c0 [ 23.507833] kasan_report+0x141/0x180 [ 23.507853] ? ksize_uaf+0x19d/0x6c0 [ 23.507876] ? ksize_uaf+0x19d/0x6c0 [ 23.507895] __kasan_check_byte+0x3d/0x50 [ 23.507916] ksize+0x20/0x60 [ 23.507939] ksize_uaf+0x19d/0x6c0 [ 23.507959] ? __pfx_ksize_uaf+0x10/0x10 [ 23.507979] ? __schedule+0x10cc/0x2b60 [ 23.508000] ? __pfx_read_tsc+0x10/0x10 [ 23.508020] ? ktime_get_ts64+0x86/0x230 [ 23.508044] kunit_try_run_case+0x1a5/0x480 [ 23.508068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.508091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.508111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.508132] ? __kthread_parkme+0x82/0x180 [ 23.508152] ? preempt_count_sub+0x50/0x80 [ 23.508175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.508198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.508221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.508245] kthread+0x337/0x6f0 [ 23.508264] ? trace_preempt_on+0x20/0xc0 [ 23.508286] ? __pfx_kthread+0x10/0x10 [ 23.508325] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.508348] ? calculate_sigpending+0x7b/0xa0 [ 23.508371] ? __pfx_kthread+0x10/0x10 [ 23.508391] ret_from_fork+0x116/0x1d0 [ 23.508410] ? __pfx_kthread+0x10/0x10 [ 23.508429] ret_from_fork_asm+0x1a/0x30 [ 23.508459] </TASK> [ 23.508470] [ 23.522996] Allocated by task 244: [ 23.523253] kasan_save_stack+0x45/0x70 [ 23.523662] kasan_save_track+0x18/0x40 [ 23.523857] kasan_save_alloc_info+0x3b/0x50 [ 23.524050] __kasan_kmalloc+0xb7/0xc0 [ 23.524232] __kmalloc_cache_noprof+0x189/0x420 [ 23.524459] ksize_uaf+0xaa/0x6c0 [ 23.524650] kunit_try_run_case+0x1a5/0x480 [ 23.524907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.525098] kthread+0x337/0x6f0 [ 23.525289] ret_from_fork+0x116/0x1d0 [ 23.525454] ret_from_fork_asm+0x1a/0x30 [ 23.525587] [ 23.525653] Freed by task 244: [ 23.525770] kasan_save_stack+0x45/0x70 [ 23.526049] kasan_save_track+0x18/0x40 [ 23.526240] kasan_save_free_info+0x3f/0x60 [ 23.526454] __kasan_slab_free+0x56/0x70 [ 23.526930] kfree+0x222/0x3f0 [ 23.527098] ksize_uaf+0x12c/0x6c0 [ 23.527264] kunit_try_run_case+0x1a5/0x480 [ 23.527488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.527792] kthread+0x337/0x6f0 [ 23.527929] ret_from_fork+0x116/0x1d0 [ 23.528105] ret_from_fork_asm+0x1a/0x30 [ 23.528247] [ 23.528322] The buggy address belongs to the object at ffff888104950600 [ 23.528322] which belongs to the cache kmalloc-128 of size 128 [ 23.528751] The buggy address is located 0 bytes inside of [ 23.528751] freed 128-byte region [ffff888104950600, ffff888104950680) [ 23.529328] [ 23.529399] The buggy address belongs to the physical page: [ 23.529719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.530163] flags: 0x200000000000000(node=0|zone=2) [ 23.530505] page_type: f5(slab) [ 23.530683] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.531242] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.531601] page dumped because: kasan: bad access detected [ 23.531887] [ 23.531957] Memory state around the buggy address: [ 23.532116] ffff888104950500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.532442] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.532731] >ffff888104950600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.533035] ^ [ 23.533207] ffff888104950680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.533584] ffff888104950700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.533992] ================================================================== [ 23.556542] ================================================================== [ 23.557142] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 23.557403] Read of size 1 at addr ffff888104950678 by task kunit_try_catch/244 [ 23.557743] [ 23.557935] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.557996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.558011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.558032] Call Trace: [ 23.558051] <TASK> [ 23.558067] dump_stack_lvl+0x73/0xb0 [ 23.558105] print_report+0xd1/0x650 [ 23.558127] ? __virt_addr_valid+0x1db/0x2d0 [ 23.558150] ? ksize_uaf+0x5e4/0x6c0 [ 23.558180] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.558205] ? ksize_uaf+0x5e4/0x6c0 [ 23.558226] kasan_report+0x141/0x180 [ 23.558247] ? ksize_uaf+0x5e4/0x6c0 [ 23.558278] __asan_report_load1_noabort+0x18/0x20 [ 23.558301] ksize_uaf+0x5e4/0x6c0 [ 23.558337] ? __pfx_ksize_uaf+0x10/0x10 [ 23.558358] ? __schedule+0x10cc/0x2b60 [ 23.558379] ? __pfx_read_tsc+0x10/0x10 [ 23.558399] ? ktime_get_ts64+0x86/0x230 [ 23.558424] kunit_try_run_case+0x1a5/0x480 [ 23.558458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.558481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.558502] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.558543] ? __kthread_parkme+0x82/0x180 [ 23.558563] ? preempt_count_sub+0x50/0x80 [ 23.558586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.558610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.558643] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.558667] kthread+0x337/0x6f0 [ 23.558687] ? trace_preempt_on+0x20/0xc0 [ 23.558730] ? __pfx_kthread+0x10/0x10 [ 23.558750] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.558773] ? calculate_sigpending+0x7b/0xa0 [ 23.558797] ? __pfx_kthread+0x10/0x10 [ 23.558818] ret_from_fork+0x116/0x1d0 [ 23.558837] ? __pfx_kthread+0x10/0x10 [ 23.558857] ret_from_fork_asm+0x1a/0x30 [ 23.558888] </TASK> [ 23.558899] [ 23.566180] Allocated by task 244: [ 23.566369] kasan_save_stack+0x45/0x70 [ 23.566813] kasan_save_track+0x18/0x40 [ 23.567123] kasan_save_alloc_info+0x3b/0x50 [ 23.567357] __kasan_kmalloc+0xb7/0xc0 [ 23.567621] __kmalloc_cache_noprof+0x189/0x420 [ 23.567857] ksize_uaf+0xaa/0x6c0 [ 23.568029] kunit_try_run_case+0x1a5/0x480 [ 23.568241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.568510] kthread+0x337/0x6f0 [ 23.568657] ret_from_fork+0x116/0x1d0 [ 23.568885] ret_from_fork_asm+0x1a/0x30 [ 23.569078] [ 23.569164] Freed by task 244: [ 23.569319] kasan_save_stack+0x45/0x70 [ 23.569529] kasan_save_track+0x18/0x40 [ 23.569788] kasan_save_free_info+0x3f/0x60 [ 23.569995] __kasan_slab_free+0x56/0x70 [ 23.570186] kfree+0x222/0x3f0 [ 23.570354] ksize_uaf+0x12c/0x6c0 [ 23.570508] kunit_try_run_case+0x1a5/0x480 [ 23.570647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.570814] kthread+0x337/0x6f0 [ 23.570927] ret_from_fork+0x116/0x1d0 [ 23.571051] ret_from_fork_asm+0x1a/0x30 [ 23.571183] [ 23.571301] The buggy address belongs to the object at ffff888104950600 [ 23.571301] which belongs to the cache kmalloc-128 of size 128 [ 23.572269] The buggy address is located 120 bytes inside of [ 23.572269] freed 128-byte region [ffff888104950600, ffff888104950680) [ 23.573147] [ 23.573218] The buggy address belongs to the physical page: [ 23.573441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.573931] flags: 0x200000000000000(node=0|zone=2) [ 23.574189] page_type: f5(slab) [ 23.574319] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.574543] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.574761] page dumped because: kasan: bad access detected [ 23.575125] [ 23.575300] Memory state around the buggy address: [ 23.575740] ffff888104950500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.576245] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.576560] >ffff888104950600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.576871] ^ [ 23.577162] ffff888104950680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.577379] ffff888104950700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.577584] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 23.482139] ================================================================== [ 23.482569] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483014] Read of size 1 at addr ffff88810495057f by task kunit_try_catch/242 [ 23.483359] [ 23.483456] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.483518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.483545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.483564] Call Trace: [ 23.483592] <TASK> [ 23.483606] dump_stack_lvl+0x73/0xb0 [ 23.483633] print_report+0xd1/0x650 [ 23.483668] ? __virt_addr_valid+0x1db/0x2d0 [ 23.483703] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.483763] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483799] kasan_report+0x141/0x180 [ 23.483821] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483878] __asan_report_load1_noabort+0x18/0x20 [ 23.483903] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.483926] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.483998] ? finish_task_switch.isra.0+0x153/0x700 [ 23.484023] ? __switch_to+0x47/0xf50 [ 23.484048] ? __schedule+0x10cc/0x2b60 [ 23.484069] ? __pfx_read_tsc+0x10/0x10 [ 23.484090] ? ktime_get_ts64+0x86/0x230 [ 23.484113] kunit_try_run_case+0x1a5/0x480 [ 23.484137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.484160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.484181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.484202] ? __kthread_parkme+0x82/0x180 [ 23.484222] ? preempt_count_sub+0x50/0x80 [ 23.484243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.484289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.484331] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.484356] kthread+0x337/0x6f0 [ 23.484386] ? trace_preempt_on+0x20/0xc0 [ 23.484408] ? __pfx_kthread+0x10/0x10 [ 23.484428] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.484451] ? calculate_sigpending+0x7b/0xa0 [ 23.484474] ? __pfx_kthread+0x10/0x10 [ 23.484502] ret_from_fork+0x116/0x1d0 [ 23.484520] ? __pfx_kthread+0x10/0x10 [ 23.484568] ret_from_fork_asm+0x1a/0x30 [ 23.484598] </TASK> [ 23.484609] [ 23.494254] Allocated by task 242: [ 23.494472] kasan_save_stack+0x45/0x70 [ 23.494668] kasan_save_track+0x18/0x40 [ 23.494918] kasan_save_alloc_info+0x3b/0x50 [ 23.495129] __kasan_kmalloc+0xb7/0xc0 [ 23.495279] __kmalloc_cache_noprof+0x189/0x420 [ 23.495437] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.495731] kunit_try_run_case+0x1a5/0x480 [ 23.496023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.496183] kthread+0x337/0x6f0 [ 23.496293] ret_from_fork+0x116/0x1d0 [ 23.496785] ret_from_fork_asm+0x1a/0x30 [ 23.496990] [ 23.497079] The buggy address belongs to the object at ffff888104950500 [ 23.497079] which belongs to the cache kmalloc-128 of size 128 [ 23.497670] The buggy address is located 12 bytes to the right of [ 23.497670] allocated 115-byte region [ffff888104950500, ffff888104950573) [ 23.498067] [ 23.498131] The buggy address belongs to the physical page: [ 23.498291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.498986] flags: 0x200000000000000(node=0|zone=2) [ 23.499503] page_type: f5(slab) [ 23.499758] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.500122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.500518] page dumped because: kasan: bad access detected [ 23.500848] [ 23.500940] Memory state around the buggy address: [ 23.501182] ffff888104950400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.501465] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.501867] >ffff888104950500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.502064] ^ [ 23.502258] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.502912] ffff888104950600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.503225] ================================================================== [ 23.460515] ================================================================== [ 23.461122] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.461372] Read of size 1 at addr ffff888104950578 by task kunit_try_catch/242 [ 23.461863] [ 23.462048] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.462117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.462131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.462176] Call Trace: [ 23.462190] <TASK> [ 23.462205] dump_stack_lvl+0x73/0xb0 [ 23.462247] print_report+0xd1/0x650 [ 23.462270] ? __virt_addr_valid+0x1db/0x2d0 [ 23.462292] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.462348] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462372] kasan_report+0x141/0x180 [ 23.462394] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462421] __asan_report_load1_noabort+0x18/0x20 [ 23.462445] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.462468] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.462499] ? finish_task_switch.isra.0+0x153/0x700 [ 23.462522] ? __switch_to+0x47/0xf50 [ 23.462547] ? __schedule+0x10cc/0x2b60 [ 23.462568] ? __pfx_read_tsc+0x10/0x10 [ 23.462606] ? ktime_get_ts64+0x86/0x230 [ 23.462630] kunit_try_run_case+0x1a5/0x480 [ 23.462667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.462691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.462712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.462734] ? __kthread_parkme+0x82/0x180 [ 23.462773] ? preempt_count_sub+0x50/0x80 [ 23.462795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.462888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.462915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.462939] kthread+0x337/0x6f0 [ 23.462959] ? trace_preempt_on+0x20/0xc0 [ 23.462981] ? __pfx_kthread+0x10/0x10 [ 23.463001] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.463024] ? calculate_sigpending+0x7b/0xa0 [ 23.463047] ? __pfx_kthread+0x10/0x10 [ 23.463068] ret_from_fork+0x116/0x1d0 [ 23.463086] ? __pfx_kthread+0x10/0x10 [ 23.463106] ret_from_fork_asm+0x1a/0x30 [ 23.463136] </TASK> [ 23.463147] [ 23.472431] Allocated by task 242: [ 23.472613] kasan_save_stack+0x45/0x70 [ 23.472748] kasan_save_track+0x18/0x40 [ 23.472875] kasan_save_alloc_info+0x3b/0x50 [ 23.473213] __kasan_kmalloc+0xb7/0xc0 [ 23.473443] __kmalloc_cache_noprof+0x189/0x420 [ 23.473941] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.474162] kunit_try_run_case+0x1a5/0x480 [ 23.474383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.474652] kthread+0x337/0x6f0 [ 23.474888] ret_from_fork+0x116/0x1d0 [ 23.475079] ret_from_fork_asm+0x1a/0x30 [ 23.475209] [ 23.475276] The buggy address belongs to the object at ffff888104950500 [ 23.475276] which belongs to the cache kmalloc-128 of size 128 [ 23.476101] The buggy address is located 5 bytes to the right of [ 23.476101] allocated 115-byte region [ffff888104950500, ffff888104950573) [ 23.476665] [ 23.476869] The buggy address belongs to the physical page: [ 23.477064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.477290] flags: 0x200000000000000(node=0|zone=2) [ 23.477693] page_type: f5(slab) [ 23.477882] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.478340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.478551] page dumped because: kasan: bad access detected [ 23.478708] [ 23.478906] Memory state around the buggy address: [ 23.479198] ffff888104950400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.479613] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.480100] >ffff888104950500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.480413] ^ [ 23.480625] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.480981] ffff888104950600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.481518] ================================================================== [ 23.437954] ================================================================== [ 23.438482] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.438982] Read of size 1 at addr ffff888104950573 by task kunit_try_catch/242 [ 23.439339] [ 23.439464] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.439515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.439527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.439569] Call Trace: [ 23.439583] <TASK> [ 23.439601] dump_stack_lvl+0x73/0xb0 [ 23.439643] print_report+0xd1/0x650 [ 23.439664] ? __virt_addr_valid+0x1db/0x2d0 [ 23.439825] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.439955] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.439988] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.440011] kasan_report+0x141/0x180 [ 23.440033] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.440060] __asan_report_load1_noabort+0x18/0x20 [ 23.440083] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.440106] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.440128] ? finish_task_switch.isra.0+0x153/0x700 [ 23.440150] ? __switch_to+0x47/0xf50 [ 23.440176] ? __schedule+0x10cc/0x2b60 [ 23.440197] ? __pfx_read_tsc+0x10/0x10 [ 23.440218] ? ktime_get_ts64+0x86/0x230 [ 23.440243] kunit_try_run_case+0x1a5/0x480 [ 23.440269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.440292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.440326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.440348] ? __kthread_parkme+0x82/0x180 [ 23.440367] ? preempt_count_sub+0x50/0x80 [ 23.440389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.440414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.440437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.440461] kthread+0x337/0x6f0 [ 23.440480] ? trace_preempt_on+0x20/0xc0 [ 23.440517] ? __pfx_kthread+0x10/0x10 [ 23.440538] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.440561] ? calculate_sigpending+0x7b/0xa0 [ 23.440584] ? __pfx_kthread+0x10/0x10 [ 23.440605] ret_from_fork+0x116/0x1d0 [ 23.440624] ? __pfx_kthread+0x10/0x10 [ 23.440644] ret_from_fork_asm+0x1a/0x30 [ 23.440690] </TASK> [ 23.440702] [ 23.449845] Allocated by task 242: [ 23.450060] kasan_save_stack+0x45/0x70 [ 23.450325] kasan_save_track+0x18/0x40 [ 23.450522] kasan_save_alloc_info+0x3b/0x50 [ 23.450788] __kasan_kmalloc+0xb7/0xc0 [ 23.451023] __kmalloc_cache_noprof+0x189/0x420 [ 23.451261] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.451509] kunit_try_run_case+0x1a5/0x480 [ 23.451790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.452071] kthread+0x337/0x6f0 [ 23.452234] ret_from_fork+0x116/0x1d0 [ 23.452462] ret_from_fork_asm+0x1a/0x30 [ 23.452786] [ 23.452941] The buggy address belongs to the object at ffff888104950500 [ 23.452941] which belongs to the cache kmalloc-128 of size 128 [ 23.454057] The buggy address is located 0 bytes to the right of [ 23.454057] allocated 115-byte region [ffff888104950500, ffff888104950573) [ 23.454744] [ 23.454950] The buggy address belongs to the physical page: [ 23.455172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 23.455577] flags: 0x200000000000000(node=0|zone=2) [ 23.455878] page_type: f5(slab) [ 23.456090] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.456327] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.456914] page dumped because: kasan: bad access detected [ 23.457243] [ 23.457361] Memory state around the buggy address: [ 23.457545] ffff888104950400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.457823] ffff888104950480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.458289] >ffff888104950500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.458872] ^ [ 23.459248] ffff888104950580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.459518] ffff888104950600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.460034] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 27.073902] ================================================================== [ 27.074345] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 27.074694] Write of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.075248] [ 27.075353] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.075403] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.075417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.075441] Call Trace: [ 27.075457] <TASK> [ 27.075476] dump_stack_lvl+0x73/0xb0 [ 27.075702] print_report+0xd1/0x650 [ 27.075728] ? __virt_addr_valid+0x1db/0x2d0 [ 27.075751] ? strncpy_from_user+0x2e/0x1d0 [ 27.075775] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.075802] ? strncpy_from_user+0x2e/0x1d0 [ 27.075825] kasan_report+0x141/0x180 [ 27.075942] ? strncpy_from_user+0x2e/0x1d0 [ 27.075971] kasan_check_range+0x10c/0x1c0 [ 27.075996] __kasan_check_write+0x18/0x20 [ 27.076021] strncpy_from_user+0x2e/0x1d0 [ 27.076045] ? __kasan_check_read+0x15/0x20 [ 27.076071] copy_user_test_oob+0x760/0x10f0 [ 27.076097] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.076121] ? finish_task_switch.isra.0+0x153/0x700 [ 27.076143] ? __switch_to+0x47/0xf50 [ 27.076170] ? __schedule+0x10cc/0x2b60 [ 27.076193] ? __pfx_read_tsc+0x10/0x10 [ 27.076215] ? ktime_get_ts64+0x86/0x230 [ 27.076241] kunit_try_run_case+0x1a5/0x480 [ 27.076267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.076291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.076326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.076351] ? __kthread_parkme+0x82/0x180 [ 27.076372] ? preempt_count_sub+0x50/0x80 [ 27.076397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.076424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.076449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.076474] kthread+0x337/0x6f0 [ 27.076503] ? trace_preempt_on+0x20/0xc0 [ 27.076527] ? __pfx_kthread+0x10/0x10 [ 27.076549] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.076574] ? calculate_sigpending+0x7b/0xa0 [ 27.076598] ? __pfx_kthread+0x10/0x10 [ 27.076621] ret_from_fork+0x116/0x1d0 [ 27.076641] ? __pfx_kthread+0x10/0x10 [ 27.076663] ret_from_fork_asm+0x1a/0x30 [ 27.076694] </TASK> [ 27.076708] [ 27.086229] Allocated by task 333: [ 27.086405] kasan_save_stack+0x45/0x70 [ 27.086712] kasan_save_track+0x18/0x40 [ 27.087073] kasan_save_alloc_info+0x3b/0x50 [ 27.087275] __kasan_kmalloc+0xb7/0xc0 [ 27.087585] __kmalloc_noprof+0x1c9/0x500 [ 27.087858] kunit_kmalloc_array+0x25/0x60 [ 27.088037] copy_user_test_oob+0xab/0x10f0 [ 27.088212] kunit_try_run_case+0x1a5/0x480 [ 27.088430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.088945] kthread+0x337/0x6f0 [ 27.089128] ret_from_fork+0x116/0x1d0 [ 27.089382] ret_from_fork_asm+0x1a/0x30 [ 27.089593] [ 27.089674] The buggy address belongs to the object at ffff888105898a00 [ 27.089674] which belongs to the cache kmalloc-128 of size 128 [ 27.090375] The buggy address is located 0 bytes inside of [ 27.090375] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.091063] [ 27.091166] The buggy address belongs to the physical page: [ 27.091555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.091887] flags: 0x200000000000000(node=0|zone=2) [ 27.092098] page_type: f5(slab) [ 27.092250] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.092763] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.093143] page dumped because: kasan: bad access detected [ 27.093367] [ 27.093464] Memory state around the buggy address: [ 27.093873] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.094138] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.094561] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.094989] ^ [ 27.095267] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.095739] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.096047] ================================================================== [ 27.096555] ================================================================== [ 27.096829] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.097724] Write of size 1 at addr ffff888105898a78 by task kunit_try_catch/333 [ 27.098143] [ 27.098334] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.098494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.098511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.098533] Call Trace: [ 27.098548] <TASK> [ 27.098564] dump_stack_lvl+0x73/0xb0 [ 27.098593] print_report+0xd1/0x650 [ 27.098615] ? __virt_addr_valid+0x1db/0x2d0 [ 27.098638] ? strncpy_from_user+0x1a5/0x1d0 [ 27.098662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.098688] ? strncpy_from_user+0x1a5/0x1d0 [ 27.098712] kasan_report+0x141/0x180 [ 27.098735] ? strncpy_from_user+0x1a5/0x1d0 [ 27.098763] __asan_report_store1_noabort+0x1b/0x30 [ 27.098787] strncpy_from_user+0x1a5/0x1d0 [ 27.098813] copy_user_test_oob+0x760/0x10f0 [ 27.098840] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.098863] ? finish_task_switch.isra.0+0x153/0x700 [ 27.098886] ? __switch_to+0x47/0xf50 [ 27.098912] ? __schedule+0x10cc/0x2b60 [ 27.098935] ? __pfx_read_tsc+0x10/0x10 [ 27.098958] ? ktime_get_ts64+0x86/0x230 [ 27.098983] kunit_try_run_case+0x1a5/0x480 [ 27.099008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.099056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.099079] ? __kthread_parkme+0x82/0x180 [ 27.099101] ? preempt_count_sub+0x50/0x80 [ 27.099125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.099177] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.099203] kthread+0x337/0x6f0 [ 27.099224] ? trace_preempt_on+0x20/0xc0 [ 27.099248] ? __pfx_kthread+0x10/0x10 [ 27.099270] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.099295] ? calculate_sigpending+0x7b/0xa0 [ 27.099330] ? __pfx_kthread+0x10/0x10 [ 27.099352] ret_from_fork+0x116/0x1d0 [ 27.099372] ? __pfx_kthread+0x10/0x10 [ 27.099394] ret_from_fork_asm+0x1a/0x30 [ 27.099426] </TASK> [ 27.099438] [ 27.109351] Allocated by task 333: [ 27.109695] kasan_save_stack+0x45/0x70 [ 27.109899] kasan_save_track+0x18/0x40 [ 27.110067] kasan_save_alloc_info+0x3b/0x50 [ 27.110516] __kasan_kmalloc+0xb7/0xc0 [ 27.110778] __kmalloc_noprof+0x1c9/0x500 [ 27.110925] kunit_kmalloc_array+0x25/0x60 [ 27.111252] copy_user_test_oob+0xab/0x10f0 [ 27.111417] kunit_try_run_case+0x1a5/0x480 [ 27.111870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.112179] kthread+0x337/0x6f0 [ 27.112345] ret_from_fork+0x116/0x1d0 [ 27.112640] ret_from_fork_asm+0x1a/0x30 [ 27.112782] [ 27.112876] The buggy address belongs to the object at ffff888105898a00 [ 27.112876] which belongs to the cache kmalloc-128 of size 128 [ 27.113365] The buggy address is located 0 bytes to the right of [ 27.113365] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.114124] [ 27.114336] The buggy address belongs to the physical page: [ 27.114604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.115056] flags: 0x200000000000000(node=0|zone=2) [ 27.115347] page_type: f5(slab) [ 27.115544] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.115959] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.116360] page dumped because: kasan: bad access detected [ 27.116636] [ 27.116735] Memory state around the buggy address: [ 27.117111] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.117496] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.117883] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.118250] ^ [ 27.118636] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.119020] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.119284] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 27.006731] ================================================================== [ 27.007678] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.008067] Read of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.008775] [ 27.008897] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.009073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.009090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.009114] Call Trace: [ 27.009135] <TASK> [ 27.009154] dump_stack_lvl+0x73/0xb0 [ 27.009186] print_report+0xd1/0x650 [ 27.009210] ? __virt_addr_valid+0x1db/0x2d0 [ 27.009235] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.009259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.009286] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.009324] kasan_report+0x141/0x180 [ 27.009347] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.009375] kasan_check_range+0x10c/0x1c0 [ 27.009399] __kasan_check_read+0x15/0x20 [ 27.009682] copy_user_test_oob+0x4aa/0x10f0 [ 27.009708] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.009732] ? finish_task_switch.isra.0+0x153/0x700 [ 27.009763] ? __switch_to+0x47/0xf50 [ 27.009789] ? __schedule+0x10cc/0x2b60 [ 27.009813] ? __pfx_read_tsc+0x10/0x10 [ 27.009836] ? ktime_get_ts64+0x86/0x230 [ 27.009863] kunit_try_run_case+0x1a5/0x480 [ 27.009890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.009915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.009938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.009961] ? __kthread_parkme+0x82/0x180 [ 27.009984] ? preempt_count_sub+0x50/0x80 [ 27.010008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.010034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.010060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.010086] kthread+0x337/0x6f0 [ 27.010106] ? trace_preempt_on+0x20/0xc0 [ 27.010132] ? __pfx_kthread+0x10/0x10 [ 27.010153] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.010178] ? calculate_sigpending+0x7b/0xa0 [ 27.010203] ? __pfx_kthread+0x10/0x10 [ 27.010226] ret_from_fork+0x116/0x1d0 [ 27.010247] ? __pfx_kthread+0x10/0x10 [ 27.010269] ret_from_fork_asm+0x1a/0x30 [ 27.010302] </TASK> [ 27.010325] [ 27.019577] Allocated by task 333: [ 27.019735] kasan_save_stack+0x45/0x70 [ 27.019939] kasan_save_track+0x18/0x40 [ 27.020112] kasan_save_alloc_info+0x3b/0x50 [ 27.020301] __kasan_kmalloc+0xb7/0xc0 [ 27.020459] __kmalloc_noprof+0x1c9/0x500 [ 27.021093] kunit_kmalloc_array+0x25/0x60 [ 27.021272] copy_user_test_oob+0xab/0x10f0 [ 27.021666] kunit_try_run_case+0x1a5/0x480 [ 27.021879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.022237] kthread+0x337/0x6f0 [ 27.022496] ret_from_fork+0x116/0x1d0 [ 27.022641] ret_from_fork_asm+0x1a/0x30 [ 27.022843] [ 27.023093] The buggy address belongs to the object at ffff888105898a00 [ 27.023093] which belongs to the cache kmalloc-128 of size 128 [ 27.023589] The buggy address is located 0 bytes inside of [ 27.023589] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.024227] [ 27.024341] The buggy address belongs to the physical page: [ 27.024585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.024903] flags: 0x200000000000000(node=0|zone=2) [ 27.025119] page_type: f5(slab) [ 27.025268] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.025900] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.026175] page dumped because: kasan: bad access detected [ 27.026520] [ 27.026632] Memory state around the buggy address: [ 27.026919] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.027252] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.027677] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.027975] ^ [ 27.028393] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.028745] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.029114] ================================================================== [ 26.989092] ================================================================== [ 26.989469] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 26.989851] Write of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 26.990182] [ 26.990314] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.990367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.990382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.990408] Call Trace: [ 26.990423] <TASK> [ 26.990443] dump_stack_lvl+0x73/0xb0 [ 26.990475] print_report+0xd1/0x650 [ 26.990529] ? __virt_addr_valid+0x1db/0x2d0 [ 26.990554] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.990578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.990606] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.990630] kasan_report+0x141/0x180 [ 26.990653] ? copy_user_test_oob+0x3fd/0x10f0 [ 26.990682] kasan_check_range+0x10c/0x1c0 [ 26.990705] __kasan_check_write+0x18/0x20 [ 26.990729] copy_user_test_oob+0x3fd/0x10f0 [ 26.990755] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.990778] ? finish_task_switch.isra.0+0x153/0x700 [ 26.990802] ? __switch_to+0x47/0xf50 [ 26.990830] ? __schedule+0x10cc/0x2b60 [ 26.990853] ? __pfx_read_tsc+0x10/0x10 [ 26.990877] ? ktime_get_ts64+0x86/0x230 [ 26.990904] kunit_try_run_case+0x1a5/0x480 [ 26.990931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.990954] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.990978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.991001] ? __kthread_parkme+0x82/0x180 [ 26.991023] ? preempt_count_sub+0x50/0x80 [ 26.991047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.991073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.991099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.991125] kthread+0x337/0x6f0 [ 26.991146] ? trace_preempt_on+0x20/0xc0 [ 26.991170] ? __pfx_kthread+0x10/0x10 [ 26.991192] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.991217] ? calculate_sigpending+0x7b/0xa0 [ 26.991242] ? __pfx_kthread+0x10/0x10 [ 26.991265] ret_from_fork+0x116/0x1d0 [ 26.991285] ? __pfx_kthread+0x10/0x10 [ 26.991317] ret_from_fork_asm+0x1a/0x30 [ 26.991350] </TASK> [ 26.991364] [ 26.998258] Allocated by task 333: [ 26.998394] kasan_save_stack+0x45/0x70 [ 26.998656] kasan_save_track+0x18/0x40 [ 26.998843] kasan_save_alloc_info+0x3b/0x50 [ 26.999047] __kasan_kmalloc+0xb7/0xc0 [ 26.999228] __kmalloc_noprof+0x1c9/0x500 [ 26.999412] kunit_kmalloc_array+0x25/0x60 [ 26.999720] copy_user_test_oob+0xab/0x10f0 [ 26.999877] kunit_try_run_case+0x1a5/0x480 [ 27.000064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.000236] kthread+0x337/0x6f0 [ 27.000389] ret_from_fork+0x116/0x1d0 [ 27.000579] ret_from_fork_asm+0x1a/0x30 [ 27.000783] [ 27.000969] The buggy address belongs to the object at ffff888105898a00 [ 27.000969] which belongs to the cache kmalloc-128 of size 128 [ 27.001414] The buggy address is located 0 bytes inside of [ 27.001414] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.001767] [ 27.001946] The buggy address belongs to the physical page: [ 27.002193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.002559] flags: 0x200000000000000(node=0|zone=2) [ 27.002787] page_type: f5(slab) [ 27.002936] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.003184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.003482] page dumped because: kasan: bad access detected [ 27.003736] [ 27.003814] Memory state around the buggy address: [ 27.003965] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.004175] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.004448] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.004924] ^ [ 27.005503] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.005813] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.006086] ================================================================== [ 27.051512] ================================================================== [ 27.051816] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.052555] Read of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.053005] [ 27.053234] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.053287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.053302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.053336] Call Trace: [ 27.053352] <TASK> [ 27.053425] dump_stack_lvl+0x73/0xb0 [ 27.053458] print_report+0xd1/0x650 [ 27.053481] ? __virt_addr_valid+0x1db/0x2d0 [ 27.053506] ? copy_user_test_oob+0x604/0x10f0 [ 27.053530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.053557] ? copy_user_test_oob+0x604/0x10f0 [ 27.053580] kasan_report+0x141/0x180 [ 27.053603] ? copy_user_test_oob+0x604/0x10f0 [ 27.053631] kasan_check_range+0x10c/0x1c0 [ 27.053656] __kasan_check_read+0x15/0x20 [ 27.053681] copy_user_test_oob+0x604/0x10f0 [ 27.053707] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.053731] ? finish_task_switch.isra.0+0x153/0x700 [ 27.053763] ? __switch_to+0x47/0xf50 [ 27.053790] ? __schedule+0x10cc/0x2b60 [ 27.053812] ? __pfx_read_tsc+0x10/0x10 [ 27.053835] ? ktime_get_ts64+0x86/0x230 [ 27.053859] kunit_try_run_case+0x1a5/0x480 [ 27.053885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.053912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.053935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.053958] ? __kthread_parkme+0x82/0x180 [ 27.053980] ? preempt_count_sub+0x50/0x80 [ 27.054004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.054030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.054055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.054081] kthread+0x337/0x6f0 [ 27.054103] ? trace_preempt_on+0x20/0xc0 [ 27.054127] ? __pfx_kthread+0x10/0x10 [ 27.054148] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.054173] ? calculate_sigpending+0x7b/0xa0 [ 27.054197] ? __pfx_kthread+0x10/0x10 [ 27.054220] ret_from_fork+0x116/0x1d0 [ 27.054240] ? __pfx_kthread+0x10/0x10 [ 27.054262] ret_from_fork_asm+0x1a/0x30 [ 27.054294] </TASK> [ 27.054318] [ 27.063587] Allocated by task 333: [ 27.063848] kasan_save_stack+0x45/0x70 [ 27.064110] kasan_save_track+0x18/0x40 [ 27.064260] kasan_save_alloc_info+0x3b/0x50 [ 27.064488] __kasan_kmalloc+0xb7/0xc0 [ 27.064800] __kmalloc_noprof+0x1c9/0x500 [ 27.064988] kunit_kmalloc_array+0x25/0x60 [ 27.065170] copy_user_test_oob+0xab/0x10f0 [ 27.065374] kunit_try_run_case+0x1a5/0x480 [ 27.065818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.066038] kthread+0x337/0x6f0 [ 27.066204] ret_from_fork+0x116/0x1d0 [ 27.066558] ret_from_fork_asm+0x1a/0x30 [ 27.066786] [ 27.066878] The buggy address belongs to the object at ffff888105898a00 [ 27.066878] which belongs to the cache kmalloc-128 of size 128 [ 27.067464] The buggy address is located 0 bytes inside of [ 27.067464] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.068164] [ 27.068392] The buggy address belongs to the physical page: [ 27.068661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.068972] flags: 0x200000000000000(node=0|zone=2) [ 27.069191] page_type: f5(slab) [ 27.069349] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.069935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.070303] page dumped because: kasan: bad access detected [ 27.070553] [ 27.070659] Memory state around the buggy address: [ 27.071029] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.071294] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.071754] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.072121] ^ [ 27.072498] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.072757] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.073143] ================================================================== [ 27.030232] ================================================================== [ 27.030598] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.030919] Write of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 27.031224] [ 27.031327] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 27.031376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.031391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.031414] Call Trace: [ 27.031428] <TASK> [ 27.031446] dump_stack_lvl+0x73/0xb0 [ 27.031474] print_report+0xd1/0x650 [ 27.031713] ? __virt_addr_valid+0x1db/0x2d0 [ 27.031743] ? copy_user_test_oob+0x557/0x10f0 [ 27.031866] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.031899] ? copy_user_test_oob+0x557/0x10f0 [ 27.031924] kasan_report+0x141/0x180 [ 27.031948] ? copy_user_test_oob+0x557/0x10f0 [ 27.031977] kasan_check_range+0x10c/0x1c0 [ 27.032001] __kasan_check_write+0x18/0x20 [ 27.032025] copy_user_test_oob+0x557/0x10f0 [ 27.032051] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.032074] ? finish_task_switch.isra.0+0x153/0x700 [ 27.032099] ? __switch_to+0x47/0xf50 [ 27.032126] ? __schedule+0x10cc/0x2b60 [ 27.032148] ? __pfx_read_tsc+0x10/0x10 [ 27.032171] ? ktime_get_ts64+0x86/0x230 [ 27.032198] kunit_try_run_case+0x1a5/0x480 [ 27.032224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.032248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.032272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.032295] ? __kthread_parkme+0x82/0x180 [ 27.032330] ? preempt_count_sub+0x50/0x80 [ 27.032354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.032380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.032405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.032431] kthread+0x337/0x6f0 [ 27.032452] ? trace_preempt_on+0x20/0xc0 [ 27.032477] ? __pfx_kthread+0x10/0x10 [ 27.032513] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.032538] ? calculate_sigpending+0x7b/0xa0 [ 27.032564] ? __pfx_kthread+0x10/0x10 [ 27.032587] ret_from_fork+0x116/0x1d0 [ 27.032607] ? __pfx_kthread+0x10/0x10 [ 27.032629] ret_from_fork_asm+0x1a/0x30 [ 27.032661] </TASK> [ 27.032674] [ 27.041703] Allocated by task 333: [ 27.041872] kasan_save_stack+0x45/0x70 [ 27.042046] kasan_save_track+0x18/0x40 [ 27.042203] kasan_save_alloc_info+0x3b/0x50 [ 27.042410] __kasan_kmalloc+0xb7/0xc0 [ 27.042563] __kmalloc_noprof+0x1c9/0x500 [ 27.043067] kunit_kmalloc_array+0x25/0x60 [ 27.043212] copy_user_test_oob+0xab/0x10f0 [ 27.043549] kunit_try_run_case+0x1a5/0x480 [ 27.043745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.044076] kthread+0x337/0x6f0 [ 27.044230] ret_from_fork+0x116/0x1d0 [ 27.044562] ret_from_fork_asm+0x1a/0x30 [ 27.044745] [ 27.044950] The buggy address belongs to the object at ffff888105898a00 [ 27.044950] which belongs to the cache kmalloc-128 of size 128 [ 27.045539] The buggy address is located 0 bytes inside of [ 27.045539] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 27.046017] [ 27.046095] The buggy address belongs to the physical page: [ 27.046530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 27.046910] flags: 0x200000000000000(node=0|zone=2) [ 27.047135] page_type: f5(slab) [ 27.047418] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.047796] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.048109] page dumped because: kasan: bad access detected [ 27.048397] [ 27.048486] Memory state around the buggy address: [ 27.048863] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.049221] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.049622] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.049906] ^ [ 27.050266] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.050667] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.050908] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 26.967577] ================================================================== [ 26.967951] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 26.968233] Read of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 26.968529] [ 26.968657] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.968711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.968725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.968750] Call Trace: [ 26.968783] <TASK> [ 26.968802] dump_stack_lvl+0x73/0xb0 [ 26.968835] print_report+0xd1/0x650 [ 26.968858] ? __virt_addr_valid+0x1db/0x2d0 [ 26.968883] ? _copy_to_user+0x3c/0x70 [ 26.968905] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.968933] ? _copy_to_user+0x3c/0x70 [ 26.968954] kasan_report+0x141/0x180 [ 26.968976] ? _copy_to_user+0x3c/0x70 [ 26.969004] kasan_check_range+0x10c/0x1c0 [ 26.969028] __kasan_check_read+0x15/0x20 [ 26.969052] _copy_to_user+0x3c/0x70 [ 26.969073] copy_user_test_oob+0x364/0x10f0 [ 26.969099] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.969145] ? finish_task_switch.isra.0+0x153/0x700 [ 26.969171] ? __switch_to+0x47/0xf50 [ 26.969199] ? __schedule+0x10cc/0x2b60 [ 26.969222] ? __pfx_read_tsc+0x10/0x10 [ 26.969245] ? ktime_get_ts64+0x86/0x230 [ 26.969272] kunit_try_run_case+0x1a5/0x480 [ 26.969298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.969334] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.969356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.969379] ? __kthread_parkme+0x82/0x180 [ 26.969401] ? preempt_count_sub+0x50/0x80 [ 26.969424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.969450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.969476] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.969510] kthread+0x337/0x6f0 [ 26.969531] ? trace_preempt_on+0x20/0xc0 [ 26.969556] ? __pfx_kthread+0x10/0x10 [ 26.969577] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.969602] ? calculate_sigpending+0x7b/0xa0 [ 26.969628] ? __pfx_kthread+0x10/0x10 [ 26.969651] ret_from_fork+0x116/0x1d0 [ 26.969671] ? __pfx_kthread+0x10/0x10 [ 26.969692] ret_from_fork_asm+0x1a/0x30 [ 26.969726] </TASK> [ 26.969743] [ 26.976601] Allocated by task 333: [ 26.976724] kasan_save_stack+0x45/0x70 [ 26.977025] kasan_save_track+0x18/0x40 [ 26.977218] kasan_save_alloc_info+0x3b/0x50 [ 26.977461] __kasan_kmalloc+0xb7/0xc0 [ 26.977650] __kmalloc_noprof+0x1c9/0x500 [ 26.977978] kunit_kmalloc_array+0x25/0x60 [ 26.978138] copy_user_test_oob+0xab/0x10f0 [ 26.978278] kunit_try_run_case+0x1a5/0x480 [ 26.978428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.978852] kthread+0x337/0x6f0 [ 26.979018] ret_from_fork+0x116/0x1d0 [ 26.979204] ret_from_fork_asm+0x1a/0x30 [ 26.979405] [ 26.979513] The buggy address belongs to the object at ffff888105898a00 [ 26.979513] which belongs to the cache kmalloc-128 of size 128 [ 26.979899] The buggy address is located 0 bytes inside of [ 26.979899] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 26.980313] [ 26.980406] The buggy address belongs to the physical page: [ 26.980845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 26.981223] flags: 0x200000000000000(node=0|zone=2) [ 26.981462] page_type: f5(slab) [ 26.981641] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.981957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.982179] page dumped because: kasan: bad access detected [ 26.982359] [ 26.982426] Memory state around the buggy address: [ 26.982659] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.982972] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.983233] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.983450] ^ [ 26.983672] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.983988] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.984304] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 26.937393] ================================================================== [ 26.938333] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 26.938634] Write of size 121 at addr ffff888105898a00 by task kunit_try_catch/333 [ 26.939195] [ 26.939471] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.939839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.939856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.939885] Call Trace: [ 26.939901] <TASK> [ 26.939927] dump_stack_lvl+0x73/0xb0 [ 26.939967] print_report+0xd1/0x650 [ 26.939993] ? __virt_addr_valid+0x1db/0x2d0 [ 26.940021] ? _copy_from_user+0x32/0x90 [ 26.940044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.940071] ? _copy_from_user+0x32/0x90 [ 26.940093] kasan_report+0x141/0x180 [ 26.940115] ? _copy_from_user+0x32/0x90 [ 26.940142] kasan_check_range+0x10c/0x1c0 [ 26.940166] __kasan_check_write+0x18/0x20 [ 26.940190] _copy_from_user+0x32/0x90 [ 26.940213] copy_user_test_oob+0x2be/0x10f0 [ 26.940240] ? __pfx_copy_user_test_oob+0x10/0x10 [ 26.940263] ? finish_task_switch.isra.0+0x153/0x700 [ 26.940288] ? __switch_to+0x47/0xf50 [ 26.940330] ? __schedule+0x10cc/0x2b60 [ 26.940366] ? __pfx_read_tsc+0x10/0x10 [ 26.940389] ? ktime_get_ts64+0x86/0x230 [ 26.940418] kunit_try_run_case+0x1a5/0x480 [ 26.940456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.940480] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.940520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.940543] ? __kthread_parkme+0x82/0x180 [ 26.940565] ? preempt_count_sub+0x50/0x80 [ 26.940589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.940615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.940640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.940667] kthread+0x337/0x6f0 [ 26.940689] ? trace_preempt_on+0x20/0xc0 [ 26.940715] ? __pfx_kthread+0x10/0x10 [ 26.940737] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.940762] ? calculate_sigpending+0x7b/0xa0 [ 26.940788] ? __pfx_kthread+0x10/0x10 [ 26.940811] ret_from_fork+0x116/0x1d0 [ 26.940832] ? __pfx_kthread+0x10/0x10 [ 26.940854] ret_from_fork_asm+0x1a/0x30 [ 26.940888] </TASK> [ 26.940903] [ 26.952153] Allocated by task 333: [ 26.952609] kasan_save_stack+0x45/0x70 [ 26.952925] kasan_save_track+0x18/0x40 [ 26.953085] kasan_save_alloc_info+0x3b/0x50 [ 26.953434] __kasan_kmalloc+0xb7/0xc0 [ 26.953714] __kmalloc_noprof+0x1c9/0x500 [ 26.954006] kunit_kmalloc_array+0x25/0x60 [ 26.954192] copy_user_test_oob+0xab/0x10f0 [ 26.954407] kunit_try_run_case+0x1a5/0x480 [ 26.954765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.955102] kthread+0x337/0x6f0 [ 26.955232] ret_from_fork+0x116/0x1d0 [ 26.955420] ret_from_fork_asm+0x1a/0x30 [ 26.955850] [ 26.955959] The buggy address belongs to the object at ffff888105898a00 [ 26.955959] which belongs to the cache kmalloc-128 of size 128 [ 26.956760] The buggy address is located 0 bytes inside of [ 26.956760] allocated 120-byte region [ffff888105898a00, ffff888105898a78) [ 26.957225] [ 26.957314] The buggy address belongs to the physical page: [ 26.957502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 26.958426] flags: 0x200000000000000(node=0|zone=2) [ 26.958992] page_type: f5(slab) [ 26.959391] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.960233] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.961077] page dumped because: kasan: bad access detected [ 26.961717] [ 26.961804] Memory state around the buggy address: [ 26.961956] ffff888105898900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.962162] ffff888105898980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.962396] >ffff888105898a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.962699] ^ [ 26.963018] ffff888105898a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.963296] ffff888105898b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.963618] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 26.904098] ================================================================== [ 26.905004] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.905293] Write of size 8 at addr ffff888104915078 by task kunit_try_catch/329 [ 26.905615] [ 26.905727] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.905787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.905802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.905826] Call Trace: [ 26.905841] <TASK> [ 26.905872] dump_stack_lvl+0x73/0xb0 [ 26.905903] print_report+0xd1/0x650 [ 26.905927] ? __virt_addr_valid+0x1db/0x2d0 [ 26.905952] ? copy_to_kernel_nofault+0x99/0x260 [ 26.905976] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.906004] ? copy_to_kernel_nofault+0x99/0x260 [ 26.906028] kasan_report+0x141/0x180 [ 26.906050] ? copy_to_kernel_nofault+0x99/0x260 [ 26.906079] kasan_check_range+0x10c/0x1c0 [ 26.906104] __kasan_check_write+0x18/0x20 [ 26.906127] copy_to_kernel_nofault+0x99/0x260 [ 26.906153] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.906177] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.906200] ? finish_task_switch.isra.0+0x153/0x700 [ 26.906224] ? __schedule+0x10cc/0x2b60 [ 26.906247] ? trace_hardirqs_on+0x37/0xe0 [ 26.906279] ? __pfx_read_tsc+0x10/0x10 [ 26.906302] ? ktime_get_ts64+0x86/0x230 [ 26.906340] kunit_try_run_case+0x1a5/0x480 [ 26.906367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.906392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.906415] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.906438] ? __kthread_parkme+0x82/0x180 [ 26.906460] ? preempt_count_sub+0x50/0x80 [ 26.906483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.906782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.906811] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.906837] kthread+0x337/0x6f0 [ 26.906860] ? trace_preempt_on+0x20/0xc0 [ 26.906883] ? __pfx_kthread+0x10/0x10 [ 26.906905] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.906931] ? calculate_sigpending+0x7b/0xa0 [ 26.906957] ? __pfx_kthread+0x10/0x10 [ 26.906980] ret_from_fork+0x116/0x1d0 [ 26.907001] ? __pfx_kthread+0x10/0x10 [ 26.907024] ret_from_fork_asm+0x1a/0x30 [ 26.907056] </TASK> [ 26.907069] [ 26.915113] Allocated by task 329: [ 26.915296] kasan_save_stack+0x45/0x70 [ 26.915451] kasan_save_track+0x18/0x40 [ 26.915582] kasan_save_alloc_info+0x3b/0x50 [ 26.915784] __kasan_kmalloc+0xb7/0xc0 [ 26.915962] __kmalloc_cache_noprof+0x189/0x420 [ 26.916237] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.916446] kunit_try_run_case+0x1a5/0x480 [ 26.917009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.917244] kthread+0x337/0x6f0 [ 26.917399] ret_from_fork+0x116/0x1d0 [ 26.917538] ret_from_fork_asm+0x1a/0x30 [ 26.917803] [ 26.917886] The buggy address belongs to the object at ffff888104915000 [ 26.917886] which belongs to the cache kmalloc-128 of size 128 [ 26.918434] The buggy address is located 0 bytes to the right of [ 26.918434] allocated 120-byte region [ffff888104915000, ffff888104915078) [ 26.919157] [ 26.919242] The buggy address belongs to the physical page: [ 26.919499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104915 [ 26.919878] flags: 0x200000000000000(node=0|zone=2) [ 26.920046] page_type: f5(slab) [ 26.920168] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.920407] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.920931] page dumped because: kasan: bad access detected [ 26.921190] [ 26.921282] Memory state around the buggy address: [ 26.921522] ffff888104914f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.922122] ffff888104914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.922439] >ffff888104915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.922767] ^ [ 26.923059] ffff888104915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.923299] ffff888104915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.923544] ================================================================== [ 26.878407] ================================================================== [ 26.879957] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 26.880218] Read of size 8 at addr ffff888104915078 by task kunit_try_catch/329 [ 26.880453] [ 26.880589] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.880647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.880662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.880688] Call Trace: [ 26.880703] <TASK> [ 26.880726] dump_stack_lvl+0x73/0xb0 [ 26.880761] print_report+0xd1/0x650 [ 26.880788] ? __virt_addr_valid+0x1db/0x2d0 [ 26.880841] ? copy_to_kernel_nofault+0x225/0x260 [ 26.880867] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.880895] ? copy_to_kernel_nofault+0x225/0x260 [ 26.880920] kasan_report+0x141/0x180 [ 26.880942] ? copy_to_kernel_nofault+0x225/0x260 [ 26.880971] __asan_report_load8_noabort+0x18/0x20 [ 26.880997] copy_to_kernel_nofault+0x225/0x260 [ 26.881042] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 26.881066] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.881090] ? finish_task_switch.isra.0+0x153/0x700 [ 26.881116] ? __schedule+0x10cc/0x2b60 [ 26.881138] ? trace_hardirqs_on+0x37/0xe0 [ 26.881171] ? __pfx_read_tsc+0x10/0x10 [ 26.881196] ? ktime_get_ts64+0x86/0x230 [ 26.881240] kunit_try_run_case+0x1a5/0x480 [ 26.881269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.881294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.881329] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.881352] ? __kthread_parkme+0x82/0x180 [ 26.881374] ? preempt_count_sub+0x50/0x80 [ 26.881399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.881425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.881450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.881476] kthread+0x337/0x6f0 [ 26.881497] ? trace_preempt_on+0x20/0xc0 [ 26.881519] ? __pfx_kthread+0x10/0x10 [ 26.881541] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.881580] ? calculate_sigpending+0x7b/0xa0 [ 26.881607] ? __pfx_kthread+0x10/0x10 [ 26.881630] ret_from_fork+0x116/0x1d0 [ 26.881652] ? __pfx_kthread+0x10/0x10 [ 26.881688] ret_from_fork_asm+0x1a/0x30 [ 26.881722] </TASK> [ 26.881741] [ 26.891953] Allocated by task 329: [ 26.892125] kasan_save_stack+0x45/0x70 [ 26.892331] kasan_save_track+0x18/0x40 [ 26.892685] kasan_save_alloc_info+0x3b/0x50 [ 26.893156] __kasan_kmalloc+0xb7/0xc0 [ 26.893369] __kmalloc_cache_noprof+0x189/0x420 [ 26.893877] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.894161] kunit_try_run_case+0x1a5/0x480 [ 26.894508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.894929] kthread+0x337/0x6f0 [ 26.895109] ret_from_fork+0x116/0x1d0 [ 26.895284] ret_from_fork_asm+0x1a/0x30 [ 26.895473] [ 26.896001] The buggy address belongs to the object at ffff888104915000 [ 26.896001] which belongs to the cache kmalloc-128 of size 128 [ 26.896734] The buggy address is located 0 bytes to the right of [ 26.896734] allocated 120-byte region [ffff888104915000, ffff888104915078) [ 26.897323] [ 26.897398] The buggy address belongs to the physical page: [ 26.897666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104915 [ 26.898049] flags: 0x200000000000000(node=0|zone=2) [ 26.898314] page_type: f5(slab) [ 26.898455] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.899296] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.899817] page dumped because: kasan: bad access detected [ 26.900138] [ 26.900213] Memory state around the buggy address: [ 26.900527] ffff888104914f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.900992] ffff888104914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.901318] >ffff888104915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.901884] ^ [ 26.902217] ffff888104915080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.902668] ffff888104915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.903165] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 25.764585] ================================================================== [ 25.764814] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 25.765284] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.765630] [ 25.765737] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.765797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.765811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.765833] Call Trace: [ 25.765849] <TASK> [ 25.765864] dump_stack_lvl+0x73/0xb0 [ 25.765891] print_report+0xd1/0x650 [ 25.765915] ? __virt_addr_valid+0x1db/0x2d0 [ 25.765938] ? kasan_atomics_helper+0x860/0x5450 [ 25.765961] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.765988] ? kasan_atomics_helper+0x860/0x5450 [ 25.766011] kasan_report+0x141/0x180 [ 25.766033] ? kasan_atomics_helper+0x860/0x5450 [ 25.766061] kasan_check_range+0x10c/0x1c0 [ 25.766086] __kasan_check_write+0x18/0x20 [ 25.766110] kasan_atomics_helper+0x860/0x5450 [ 25.766134] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.766158] ? kasan_save_alloc_info+0x3b/0x50 [ 25.766187] kasan_atomics+0x1dc/0x310 [ 25.766211] ? __pfx_kasan_atomics+0x10/0x10 [ 25.766236] ? __pfx_read_tsc+0x10/0x10 [ 25.766259] ? ktime_get_ts64+0x86/0x230 [ 25.766284] kunit_try_run_case+0x1a5/0x480 [ 25.766319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.766344] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.766366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.766390] ? __kthread_parkme+0x82/0x180 [ 25.766411] ? preempt_count_sub+0x50/0x80 [ 25.766435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.766461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.766486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.766512] kthread+0x337/0x6f0 [ 25.766533] ? trace_preempt_on+0x20/0xc0 [ 25.766558] ? __pfx_kthread+0x10/0x10 [ 25.766581] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.766607] ? calculate_sigpending+0x7b/0xa0 [ 25.766632] ? __pfx_kthread+0x10/0x10 [ 25.766656] ret_from_fork+0x116/0x1d0 [ 25.766676] ? __pfx_kthread+0x10/0x10 [ 25.766698] ret_from_fork_asm+0x1a/0x30 [ 25.766730] </TASK> [ 25.766742] [ 25.774283] Allocated by task 313: [ 25.774473] kasan_save_stack+0x45/0x70 [ 25.774875] kasan_save_track+0x18/0x40 [ 25.775075] kasan_save_alloc_info+0x3b/0x50 [ 25.775288] __kasan_kmalloc+0xb7/0xc0 [ 25.775464] __kmalloc_cache_noprof+0x189/0x420 [ 25.775664] kasan_atomics+0x95/0x310 [ 25.775844] kunit_try_run_case+0x1a5/0x480 [ 25.776034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.776221] kthread+0x337/0x6f0 [ 25.776355] ret_from_fork+0x116/0x1d0 [ 25.776488] ret_from_fork_asm+0x1a/0x30 [ 25.776625] [ 25.776693] The buggy address belongs to the object at ffff88810490f900 [ 25.776693] which belongs to the cache kmalloc-64 of size 64 [ 25.777093] The buggy address is located 0 bytes to the right of [ 25.777093] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.777757] [ 25.777856] The buggy address belongs to the physical page: [ 25.778110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.778430] flags: 0x200000000000000(node=0|zone=2) [ 25.778627] page_type: f5(slab) [ 25.779119] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.779377] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.779941] page dumped because: kasan: bad access detected [ 25.780192] [ 25.780288] Memory state around the buggy address: [ 25.780513] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.780836] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.781099] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.781364] ^ [ 25.781567] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.782106] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.782387] ================================================================== [ 26.608015] ================================================================== [ 26.608775] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 26.609159] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.609466] [ 26.609878] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.609946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.609962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.609987] Call Trace: [ 26.610009] <TASK> [ 26.610031] dump_stack_lvl+0x73/0xb0 [ 26.610062] print_report+0xd1/0x650 [ 26.610086] ? __virt_addr_valid+0x1db/0x2d0 [ 26.610111] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.610133] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.610160] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.610183] kasan_report+0x141/0x180 [ 26.610205] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.610232] kasan_check_range+0x10c/0x1c0 [ 26.610256] __kasan_check_write+0x18/0x20 [ 26.610280] kasan_atomics_helper+0x1eaa/0x5450 [ 26.610303] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.610336] ? kasan_save_alloc_info+0x3b/0x50 [ 26.610365] kasan_atomics+0x1dc/0x310 [ 26.610388] ? __pfx_kasan_atomics+0x10/0x10 [ 26.610413] ? __pfx_read_tsc+0x10/0x10 [ 26.610472] ? ktime_get_ts64+0x86/0x230 [ 26.610511] kunit_try_run_case+0x1a5/0x480 [ 26.610538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.610562] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.610586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.610609] ? __kthread_parkme+0x82/0x180 [ 26.610631] ? preempt_count_sub+0x50/0x80 [ 26.610655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.610681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.610706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.610731] kthread+0x337/0x6f0 [ 26.610752] ? trace_preempt_on+0x20/0xc0 [ 26.610778] ? __pfx_kthread+0x10/0x10 [ 26.610801] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.610826] ? calculate_sigpending+0x7b/0xa0 [ 26.610850] ? __pfx_kthread+0x10/0x10 [ 26.610874] ret_from_fork+0x116/0x1d0 [ 26.610895] ? __pfx_kthread+0x10/0x10 [ 26.610917] ret_from_fork_asm+0x1a/0x30 [ 26.610950] </TASK> [ 26.610964] [ 26.622370] Allocated by task 313: [ 26.622517] kasan_save_stack+0x45/0x70 [ 26.622770] kasan_save_track+0x18/0x40 [ 26.622969] kasan_save_alloc_info+0x3b/0x50 [ 26.623183] __kasan_kmalloc+0xb7/0xc0 [ 26.623387] __kmalloc_cache_noprof+0x189/0x420 [ 26.623606] kasan_atomics+0x95/0x310 [ 26.623846] kunit_try_run_case+0x1a5/0x480 [ 26.623988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.624407] kthread+0x337/0x6f0 [ 26.624675] ret_from_fork+0x116/0x1d0 [ 26.624808] ret_from_fork_asm+0x1a/0x30 [ 26.624949] [ 26.625022] The buggy address belongs to the object at ffff88810490f900 [ 26.625022] which belongs to the cache kmalloc-64 of size 64 [ 26.625487] The buggy address is located 0 bytes to the right of [ 26.625487] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.626151] [ 26.626282] The buggy address belongs to the physical page: [ 26.626608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.626868] flags: 0x200000000000000(node=0|zone=2) [ 26.627127] page_type: f5(slab) [ 26.627300] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.627677] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.628018] page dumped because: kasan: bad access detected [ 26.628260] [ 26.628390] Memory state around the buggy address: [ 26.628665] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.628872] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.629109] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.629375] ^ [ 26.629712] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.630064] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.630327] ================================================================== [ 26.282888] ================================================================== [ 26.283136] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 26.283424] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.283847] [ 26.283943] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.284004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.284018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.284052] Call Trace: [ 26.284068] <TASK> [ 26.284086] dump_stack_lvl+0x73/0xb0 [ 26.284127] print_report+0xd1/0x650 [ 26.284151] ? __virt_addr_valid+0x1db/0x2d0 [ 26.284176] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.284198] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.284226] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.284248] kasan_report+0x141/0x180 [ 26.284271] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.284322] __asan_report_store8_noabort+0x1b/0x30 [ 26.284348] kasan_atomics_helper+0x50d4/0x5450 [ 26.284373] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.284397] ? kasan_save_alloc_info+0x3b/0x50 [ 26.284425] kasan_atomics+0x1dc/0x310 [ 26.284449] ? __pfx_kasan_atomics+0x10/0x10 [ 26.284495] ? __pfx_read_tsc+0x10/0x10 [ 26.284521] ? ktime_get_ts64+0x86/0x230 [ 26.284548] kunit_try_run_case+0x1a5/0x480 [ 26.284575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.284600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.284623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.284648] ? __kthread_parkme+0x82/0x180 [ 26.284670] ? preempt_count_sub+0x50/0x80 [ 26.284695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.284721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.284748] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.284774] kthread+0x337/0x6f0 [ 26.284796] ? trace_preempt_on+0x20/0xc0 [ 26.284820] ? __pfx_kthread+0x10/0x10 [ 26.284843] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.284868] ? calculate_sigpending+0x7b/0xa0 [ 26.284893] ? __pfx_kthread+0x10/0x10 [ 26.284916] ret_from_fork+0x116/0x1d0 [ 26.284937] ? __pfx_kthread+0x10/0x10 [ 26.284959] ret_from_fork_asm+0x1a/0x30 [ 26.285000] </TASK> [ 26.285014] [ 26.291983] Allocated by task 313: [ 26.292175] kasan_save_stack+0x45/0x70 [ 26.292377] kasan_save_track+0x18/0x40 [ 26.292553] kasan_save_alloc_info+0x3b/0x50 [ 26.292700] __kasan_kmalloc+0xb7/0xc0 [ 26.292828] __kmalloc_cache_noprof+0x189/0x420 [ 26.292978] kasan_atomics+0x95/0x310 [ 26.293104] kunit_try_run_case+0x1a5/0x480 [ 26.293303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.293615] kthread+0x337/0x6f0 [ 26.293789] ret_from_fork+0x116/0x1d0 [ 26.293974] ret_from_fork_asm+0x1a/0x30 [ 26.294190] [ 26.294286] The buggy address belongs to the object at ffff88810490f900 [ 26.294286] which belongs to the cache kmalloc-64 of size 64 [ 26.294870] The buggy address is located 0 bytes to the right of [ 26.294870] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.295448] [ 26.295571] The buggy address belongs to the physical page: [ 26.295826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.296158] flags: 0x200000000000000(node=0|zone=2) [ 26.296350] page_type: f5(slab) [ 26.296565] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.296888] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.297213] page dumped because: kasan: bad access detected [ 26.297434] [ 26.297524] Memory state around the buggy address: [ 26.297676] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.297894] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.298108] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.298450] ^ [ 26.298686] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.298996] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.299302] ================================================================== [ 26.769984] ================================================================== [ 26.771166] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 26.771659] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.771991] [ 26.772159] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.772263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.772279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.772304] Call Trace: [ 26.772347] <TASK> [ 26.772396] dump_stack_lvl+0x73/0xb0 [ 26.772452] print_report+0xd1/0x650 [ 26.772513] ? __virt_addr_valid+0x1db/0x2d0 [ 26.772538] ? kasan_atomics_helper+0x218a/0x5450 [ 26.772560] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.772588] ? kasan_atomics_helper+0x218a/0x5450 [ 26.772612] kasan_report+0x141/0x180 [ 26.772634] ? kasan_atomics_helper+0x218a/0x5450 [ 26.772660] kasan_check_range+0x10c/0x1c0 [ 26.772685] __kasan_check_write+0x18/0x20 [ 26.772709] kasan_atomics_helper+0x218a/0x5450 [ 26.772731] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.772784] ? kasan_save_alloc_info+0x3b/0x50 [ 26.772814] kasan_atomics+0x1dc/0x310 [ 26.772837] ? __pfx_kasan_atomics+0x10/0x10 [ 26.772863] ? __pfx_read_tsc+0x10/0x10 [ 26.772913] ? ktime_get_ts64+0x86/0x230 [ 26.772941] kunit_try_run_case+0x1a5/0x480 [ 26.772968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.772993] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.773017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.773040] ? __kthread_parkme+0x82/0x180 [ 26.773064] ? preempt_count_sub+0x50/0x80 [ 26.773089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.773115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.773140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.773166] kthread+0x337/0x6f0 [ 26.773187] ? trace_preempt_on+0x20/0xc0 [ 26.773212] ? __pfx_kthread+0x10/0x10 [ 26.773234] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.773260] ? calculate_sigpending+0x7b/0xa0 [ 26.773285] ? __pfx_kthread+0x10/0x10 [ 26.773320] ret_from_fork+0x116/0x1d0 [ 26.773341] ? __pfx_kthread+0x10/0x10 [ 26.773362] ret_from_fork_asm+0x1a/0x30 [ 26.773396] </TASK> [ 26.773411] [ 26.781075] Allocated by task 313: [ 26.781284] kasan_save_stack+0x45/0x70 [ 26.781549] kasan_save_track+0x18/0x40 [ 26.781747] kasan_save_alloc_info+0x3b/0x50 [ 26.781919] __kasan_kmalloc+0xb7/0xc0 [ 26.782125] __kmalloc_cache_noprof+0x189/0x420 [ 26.782353] kasan_atomics+0x95/0x310 [ 26.782481] kunit_try_run_case+0x1a5/0x480 [ 26.782716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.782993] kthread+0x337/0x6f0 [ 26.783175] ret_from_fork+0x116/0x1d0 [ 26.783365] ret_from_fork_asm+0x1a/0x30 [ 26.783499] [ 26.783566] The buggy address belongs to the object at ffff88810490f900 [ 26.783566] which belongs to the cache kmalloc-64 of size 64 [ 26.784135] The buggy address is located 0 bytes to the right of [ 26.784135] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.784667] [ 26.784739] The buggy address belongs to the physical page: [ 26.784951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.785380] flags: 0x200000000000000(node=0|zone=2) [ 26.785778] page_type: f5(slab) [ 26.785898] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.786263] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.786663] page dumped because: kasan: bad access detected [ 26.786905] [ 26.787024] Memory state around the buggy address: [ 26.787233] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.787613] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.787925] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.788223] ^ [ 26.788482] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.788797] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.789096] ================================================================== [ 26.223815] ================================================================== [ 26.224160] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 26.224518] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.224853] [ 26.224977] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.225038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.225053] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.225076] Call Trace: [ 26.225094] <TASK> [ 26.225121] dump_stack_lvl+0x73/0xb0 [ 26.225151] print_report+0xd1/0x650 [ 26.225175] ? __virt_addr_valid+0x1db/0x2d0 [ 26.225210] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.225232] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.225260] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.225290] kasan_report+0x141/0x180 [ 26.225328] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.225355] kasan_check_range+0x10c/0x1c0 [ 26.225379] __kasan_check_read+0x15/0x20 [ 26.225404] kasan_atomics_helper+0x13b5/0x5450 [ 26.225429] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.225454] ? kasan_save_alloc_info+0x3b/0x50 [ 26.225513] kasan_atomics+0x1dc/0x310 [ 26.225537] ? __pfx_kasan_atomics+0x10/0x10 [ 26.225572] ? __pfx_read_tsc+0x10/0x10 [ 26.225596] ? ktime_get_ts64+0x86/0x230 [ 26.225623] kunit_try_run_case+0x1a5/0x480 [ 26.225649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.225682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.225706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.225740] ? __kthread_parkme+0x82/0x180 [ 26.225763] ? preempt_count_sub+0x50/0x80 [ 26.225788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.225814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.225840] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.225866] kthread+0x337/0x6f0 [ 26.225887] ? trace_preempt_on+0x20/0xc0 [ 26.225911] ? __pfx_kthread+0x10/0x10 [ 26.225934] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.225959] ? calculate_sigpending+0x7b/0xa0 [ 26.225984] ? __pfx_kthread+0x10/0x10 [ 26.226007] ret_from_fork+0x116/0x1d0 [ 26.226027] ? __pfx_kthread+0x10/0x10 [ 26.226049] ret_from_fork_asm+0x1a/0x30 [ 26.226081] </TASK> [ 26.226094] [ 26.235893] Allocated by task 313: [ 26.236072] kasan_save_stack+0x45/0x70 [ 26.236250] kasan_save_track+0x18/0x40 [ 26.236431] kasan_save_alloc_info+0x3b/0x50 [ 26.236628] __kasan_kmalloc+0xb7/0xc0 [ 26.236799] __kmalloc_cache_noprof+0x189/0x420 [ 26.236997] kasan_atomics+0x95/0x310 [ 26.237591] kunit_try_run_case+0x1a5/0x480 [ 26.237925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.238355] kthread+0x337/0x6f0 [ 26.238594] ret_from_fork+0x116/0x1d0 [ 26.238769] ret_from_fork_asm+0x1a/0x30 [ 26.238950] [ 26.239034] The buggy address belongs to the object at ffff88810490f900 [ 26.239034] which belongs to the cache kmalloc-64 of size 64 [ 26.239793] The buggy address is located 0 bytes to the right of [ 26.239793] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.240454] [ 26.240758] The buggy address belongs to the physical page: [ 26.241206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.241829] flags: 0x200000000000000(node=0|zone=2) [ 26.242244] page_type: f5(slab) [ 26.242690] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.243144] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.243680] page dumped because: kasan: bad access detected [ 26.244118] [ 26.244364] Memory state around the buggy address: [ 26.244613] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.244900] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.245187] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.245744] ^ [ 26.245963] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.246249] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.246783] ================================================================== [ 25.782894] ================================================================== [ 25.783195] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 25.783478] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.783955] [ 25.784047] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.784095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.784110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.784132] Call Trace: [ 25.784147] <TASK> [ 25.784164] dump_stack_lvl+0x73/0xb0 [ 25.784193] print_report+0xd1/0x650 [ 25.784216] ? __virt_addr_valid+0x1db/0x2d0 [ 25.784241] ? kasan_atomics_helper+0x8f9/0x5450 [ 25.784265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.784295] ? kasan_atomics_helper+0x8f9/0x5450 [ 25.784330] kasan_report+0x141/0x180 [ 25.784353] ? kasan_atomics_helper+0x8f9/0x5450 [ 25.784380] kasan_check_range+0x10c/0x1c0 [ 25.784405] __kasan_check_write+0x18/0x20 [ 25.784429] kasan_atomics_helper+0x8f9/0x5450 [ 25.784453] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.784478] ? kasan_save_alloc_info+0x3b/0x50 [ 25.784518] kasan_atomics+0x1dc/0x310 [ 25.784543] ? __pfx_kasan_atomics+0x10/0x10 [ 25.784568] ? __pfx_read_tsc+0x10/0x10 [ 25.784590] ? ktime_get_ts64+0x86/0x230 [ 25.784616] kunit_try_run_case+0x1a5/0x480 [ 25.784643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.784667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.784701] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.784725] ? __kthread_parkme+0x82/0x180 [ 25.784746] ? preempt_count_sub+0x50/0x80 [ 25.784771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.784797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.784822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.784849] kthread+0x337/0x6f0 [ 25.784870] ? trace_preempt_on+0x20/0xc0 [ 25.784894] ? __pfx_kthread+0x10/0x10 [ 25.784917] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.784942] ? calculate_sigpending+0x7b/0xa0 [ 25.784966] ? __pfx_kthread+0x10/0x10 [ 25.784989] ret_from_fork+0x116/0x1d0 [ 25.785010] ? __pfx_kthread+0x10/0x10 [ 25.785032] ret_from_fork_asm+0x1a/0x30 [ 25.785063] </TASK> [ 25.785077] [ 25.792884] Allocated by task 313: [ 25.793064] kasan_save_stack+0x45/0x70 [ 25.793231] kasan_save_track+0x18/0x40 [ 25.793372] kasan_save_alloc_info+0x3b/0x50 [ 25.793534] __kasan_kmalloc+0xb7/0xc0 [ 25.793716] __kmalloc_cache_noprof+0x189/0x420 [ 25.793933] kasan_atomics+0x95/0x310 [ 25.794251] kunit_try_run_case+0x1a5/0x480 [ 25.794439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.794612] kthread+0x337/0x6f0 [ 25.794973] ret_from_fork+0x116/0x1d0 [ 25.795166] ret_from_fork_asm+0x1a/0x30 [ 25.795373] [ 25.795467] The buggy address belongs to the object at ffff88810490f900 [ 25.795467] which belongs to the cache kmalloc-64 of size 64 [ 25.795993] The buggy address is located 0 bytes to the right of [ 25.795993] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.796429] [ 25.796504] The buggy address belongs to the physical page: [ 25.796762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.797110] flags: 0x200000000000000(node=0|zone=2) [ 25.797298] page_type: f5(slab) [ 25.797424] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.797648] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.797966] page dumped because: kasan: bad access detected [ 25.798208] [ 25.798296] Memory state around the buggy address: [ 25.798988] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.799427] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.799827] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.800041] ^ [ 25.800191] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.800540] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.801130] ================================================================== [ 26.299776] ================================================================== [ 26.300010] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 26.300301] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.300740] [ 26.300862] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.300921] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.300936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.300967] Call Trace: [ 26.300983] <TASK> [ 26.301000] dump_stack_lvl+0x73/0xb0 [ 26.301042] print_report+0xd1/0x650 [ 26.301065] ? __virt_addr_valid+0x1db/0x2d0 [ 26.301089] ? kasan_atomics_helper+0x151d/0x5450 [ 26.301112] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.301139] ? kasan_atomics_helper+0x151d/0x5450 [ 26.301171] kasan_report+0x141/0x180 [ 26.301195] ? kasan_atomics_helper+0x151d/0x5450 [ 26.301222] kasan_check_range+0x10c/0x1c0 [ 26.301256] __kasan_check_write+0x18/0x20 [ 26.301281] kasan_atomics_helper+0x151d/0x5450 [ 26.301314] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.301337] ? kasan_save_alloc_info+0x3b/0x50 [ 26.301366] kasan_atomics+0x1dc/0x310 [ 26.301390] ? __pfx_kasan_atomics+0x10/0x10 [ 26.301415] ? __pfx_read_tsc+0x10/0x10 [ 26.301438] ? ktime_get_ts64+0x86/0x230 [ 26.301464] kunit_try_run_case+0x1a5/0x480 [ 26.301511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.301536] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.301561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.301592] ? __kthread_parkme+0x82/0x180 [ 26.301614] ? preempt_count_sub+0x50/0x80 [ 26.301638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.301675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.301700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.301726] kthread+0x337/0x6f0 [ 26.301751] ? trace_preempt_on+0x20/0xc0 [ 26.301775] ? __pfx_kthread+0x10/0x10 [ 26.301798] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.301823] ? calculate_sigpending+0x7b/0xa0 [ 26.301848] ? __pfx_kthread+0x10/0x10 [ 26.301871] ret_from_fork+0x116/0x1d0 [ 26.301891] ? __pfx_kthread+0x10/0x10 [ 26.301913] ret_from_fork_asm+0x1a/0x30 [ 26.301945] </TASK> [ 26.301959] [ 26.309114] Allocated by task 313: [ 26.309291] kasan_save_stack+0x45/0x70 [ 26.309535] kasan_save_track+0x18/0x40 [ 26.309730] kasan_save_alloc_info+0x3b/0x50 [ 26.309972] __kasan_kmalloc+0xb7/0xc0 [ 26.310157] __kmalloc_cache_noprof+0x189/0x420 [ 26.310336] kasan_atomics+0x95/0x310 [ 26.310465] kunit_try_run_case+0x1a5/0x480 [ 26.310627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.310798] kthread+0x337/0x6f0 [ 26.310914] ret_from_fork+0x116/0x1d0 [ 26.311040] ret_from_fork_asm+0x1a/0x30 [ 26.311237] [ 26.311352] The buggy address belongs to the object at ffff88810490f900 [ 26.311352] which belongs to the cache kmalloc-64 of size 64 [ 26.311905] The buggy address is located 0 bytes to the right of [ 26.311905] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.312455] [ 26.312577] The buggy address belongs to the physical page: [ 26.312838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.313216] flags: 0x200000000000000(node=0|zone=2) [ 26.313431] page_type: f5(slab) [ 26.313614] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.313933] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.314277] page dumped because: kasan: bad access detected [ 26.314585] [ 26.314684] Memory state around the buggy address: [ 26.314910] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.315128] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.315351] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.315589] ^ [ 26.315747] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.316107] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.316443] ================================================================== [ 25.661520] ================================================================== [ 25.662431] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 25.662719] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.663560] [ 25.663690] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.663739] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.663754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.663776] Call Trace: [ 25.663792] <TASK> [ 25.663808] dump_stack_lvl+0x73/0xb0 [ 25.663839] print_report+0xd1/0x650 [ 25.663863] ? __virt_addr_valid+0x1db/0x2d0 [ 25.663886] ? kasan_atomics_helper+0x565/0x5450 [ 25.663908] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.663936] ? kasan_atomics_helper+0x565/0x5450 [ 25.663958] kasan_report+0x141/0x180 [ 25.663981] ? kasan_atomics_helper+0x565/0x5450 [ 25.664026] kasan_check_range+0x10c/0x1c0 [ 25.664400] __kasan_check_write+0x18/0x20 [ 25.664431] kasan_atomics_helper+0x565/0x5450 [ 25.664455] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.664479] ? kasan_save_alloc_info+0x3b/0x50 [ 25.664509] kasan_atomics+0x1dc/0x310 [ 25.664533] ? __pfx_kasan_atomics+0x10/0x10 [ 25.664558] ? __pfx_read_tsc+0x10/0x10 [ 25.664580] ? ktime_get_ts64+0x86/0x230 [ 25.664605] kunit_try_run_case+0x1a5/0x480 [ 25.664632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.664658] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.664691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.664715] ? __kthread_parkme+0x82/0x180 [ 25.664737] ? preempt_count_sub+0x50/0x80 [ 25.664761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.664788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.664813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.664839] kthread+0x337/0x6f0 [ 25.664861] ? trace_preempt_on+0x20/0xc0 [ 25.664884] ? __pfx_kthread+0x10/0x10 [ 25.664906] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.664932] ? calculate_sigpending+0x7b/0xa0 [ 25.664956] ? __pfx_kthread+0x10/0x10 [ 25.664979] ret_from_fork+0x116/0x1d0 [ 25.664999] ? __pfx_kthread+0x10/0x10 [ 25.665021] ret_from_fork_asm+0x1a/0x30 [ 25.665053] </TASK> [ 25.665065] [ 25.675127] Allocated by task 313: [ 25.675326] kasan_save_stack+0x45/0x70 [ 25.675481] kasan_save_track+0x18/0x40 [ 25.675985] kasan_save_alloc_info+0x3b/0x50 [ 25.676166] __kasan_kmalloc+0xb7/0xc0 [ 25.676469] __kmalloc_cache_noprof+0x189/0x420 [ 25.676886] kasan_atomics+0x95/0x310 [ 25.677064] kunit_try_run_case+0x1a5/0x480 [ 25.677263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.677681] kthread+0x337/0x6f0 [ 25.677867] ret_from_fork+0x116/0x1d0 [ 25.678041] ret_from_fork_asm+0x1a/0x30 [ 25.678214] [ 25.678319] The buggy address belongs to the object at ffff88810490f900 [ 25.678319] which belongs to the cache kmalloc-64 of size 64 [ 25.679193] The buggy address is located 0 bytes to the right of [ 25.679193] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.680023] [ 25.680135] The buggy address belongs to the physical page: [ 25.680505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.680991] flags: 0x200000000000000(node=0|zone=2) [ 25.681348] page_type: f5(slab) [ 25.681496] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.682047] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.682389] page dumped because: kasan: bad access detected [ 25.682873] [ 25.682963] Memory state around the buggy address: [ 25.683339] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.683676] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.684266] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.684724] ^ [ 25.684900] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.685220] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.685536] ================================================================== [ 26.181800] ================================================================== [ 26.182166] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 26.182517] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.183091] [ 26.183227] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.183286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.183300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.183331] Call Trace: [ 26.183348] <TASK> [ 26.183364] dump_stack_lvl+0x73/0xb0 [ 26.183394] print_report+0xd1/0x650 [ 26.183417] ? __virt_addr_valid+0x1db/0x2d0 [ 26.183441] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.183464] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.183492] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.183515] kasan_report+0x141/0x180 [ 26.183540] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.183567] kasan_check_range+0x10c/0x1c0 [ 26.183591] __kasan_check_write+0x18/0x20 [ 26.183616] kasan_atomics_helper+0x12e6/0x5450 [ 26.183640] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.183664] ? kasan_save_alloc_info+0x3b/0x50 [ 26.183727] kasan_atomics+0x1dc/0x310 [ 26.183751] ? __pfx_kasan_atomics+0x10/0x10 [ 26.183787] ? __pfx_read_tsc+0x10/0x10 [ 26.183810] ? ktime_get_ts64+0x86/0x230 [ 26.183863] kunit_try_run_case+0x1a5/0x480 [ 26.183891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.183926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.183950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.183974] ? __kthread_parkme+0x82/0x180 [ 26.183996] ? preempt_count_sub+0x50/0x80 [ 26.184021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.184047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.184100] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.184126] kthread+0x337/0x6f0 [ 26.184148] ? trace_preempt_on+0x20/0xc0 [ 26.184182] ? __pfx_kthread+0x10/0x10 [ 26.184204] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.184229] ? calculate_sigpending+0x7b/0xa0 [ 26.184254] ? __pfx_kthread+0x10/0x10 [ 26.184277] ret_from_fork+0x116/0x1d0 [ 26.184333] ? __pfx_kthread+0x10/0x10 [ 26.184356] ret_from_fork_asm+0x1a/0x30 [ 26.184398] </TASK> [ 26.184412] [ 26.192223] Allocated by task 313: [ 26.192382] kasan_save_stack+0x45/0x70 [ 26.192670] kasan_save_track+0x18/0x40 [ 26.192810] kasan_save_alloc_info+0x3b/0x50 [ 26.192954] __kasan_kmalloc+0xb7/0xc0 [ 26.193138] __kmalloc_cache_noprof+0x189/0x420 [ 26.193412] kasan_atomics+0x95/0x310 [ 26.193675] kunit_try_run_case+0x1a5/0x480 [ 26.193908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.194165] kthread+0x337/0x6f0 [ 26.194287] ret_from_fork+0x116/0x1d0 [ 26.194454] ret_from_fork_asm+0x1a/0x30 [ 26.194684] [ 26.194776] The buggy address belongs to the object at ffff88810490f900 [ 26.194776] which belongs to the cache kmalloc-64 of size 64 [ 26.195284] The buggy address is located 0 bytes to the right of [ 26.195284] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.195774] [ 26.195853] The buggy address belongs to the physical page: [ 26.196146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.196466] flags: 0x200000000000000(node=0|zone=2) [ 26.196704] page_type: f5(slab) [ 26.196878] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.197108] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.197380] page dumped because: kasan: bad access detected [ 26.197671] [ 26.197772] Memory state around the buggy address: [ 26.197996] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.198388] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.198678] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.198962] ^ [ 26.199149] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.199441] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.199731] ================================================================== [ 25.884845] ================================================================== [ 25.885162] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 25.885484] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.886203] [ 25.886548] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.886699] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.886719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.886743] Call Trace: [ 25.886759] <TASK> [ 25.886776] dump_stack_lvl+0x73/0xb0 [ 25.886807] print_report+0xd1/0x650 [ 25.886868] ? __virt_addr_valid+0x1db/0x2d0 [ 25.886895] ? kasan_atomics_helper+0xb6a/0x5450 [ 25.886917] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.886945] ? kasan_atomics_helper+0xb6a/0x5450 [ 25.886968] kasan_report+0x141/0x180 [ 25.886992] ? kasan_atomics_helper+0xb6a/0x5450 [ 25.887018] kasan_check_range+0x10c/0x1c0 [ 25.887043] __kasan_check_write+0x18/0x20 [ 25.887068] kasan_atomics_helper+0xb6a/0x5450 [ 25.887093] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.887118] ? kasan_save_alloc_info+0x3b/0x50 [ 25.887148] kasan_atomics+0x1dc/0x310 [ 25.887172] ? __pfx_kasan_atomics+0x10/0x10 [ 25.887197] ? __pfx_read_tsc+0x10/0x10 [ 25.887221] ? ktime_get_ts64+0x86/0x230 [ 25.887248] kunit_try_run_case+0x1a5/0x480 [ 25.887274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.887299] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.887334] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.887358] ? __kthread_parkme+0x82/0x180 [ 25.887380] ? preempt_count_sub+0x50/0x80 [ 25.887406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.887431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.887456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.887481] kthread+0x337/0x6f0 [ 25.887511] ? trace_preempt_on+0x20/0xc0 [ 25.887536] ? __pfx_kthread+0x10/0x10 [ 25.887558] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.887583] ? calculate_sigpending+0x7b/0xa0 [ 25.887608] ? __pfx_kthread+0x10/0x10 [ 25.887631] ret_from_fork+0x116/0x1d0 [ 25.887652] ? __pfx_kthread+0x10/0x10 [ 25.887683] ret_from_fork_asm+0x1a/0x30 [ 25.887715] </TASK> [ 25.887729] [ 25.896223] Allocated by task 313: [ 25.896443] kasan_save_stack+0x45/0x70 [ 25.896664] kasan_save_track+0x18/0x40 [ 25.896930] kasan_save_alloc_info+0x3b/0x50 [ 25.897132] __kasan_kmalloc+0xb7/0xc0 [ 25.897259] __kmalloc_cache_noprof+0x189/0x420 [ 25.897421] kasan_atomics+0x95/0x310 [ 25.897551] kunit_try_run_case+0x1a5/0x480 [ 25.897756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.898001] kthread+0x337/0x6f0 [ 25.898351] ret_from_fork+0x116/0x1d0 [ 25.898544] ret_from_fork_asm+0x1a/0x30 [ 25.898764] [ 25.898833] The buggy address belongs to the object at ffff88810490f900 [ 25.898833] which belongs to the cache kmalloc-64 of size 64 [ 25.899172] The buggy address is located 0 bytes to the right of [ 25.899172] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.900203] [ 25.900301] The buggy address belongs to the physical page: [ 25.900529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.900765] flags: 0x200000000000000(node=0|zone=2) [ 25.900923] page_type: f5(slab) [ 25.901087] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.901426] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.901753] page dumped because: kasan: bad access detected [ 25.902201] [ 25.902273] Memory state around the buggy address: [ 25.902435] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.902648] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.902963] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.903279] ^ [ 25.903508] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.904033] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.904263] ================================================================== [ 26.265578] ================================================================== [ 26.265857] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 26.266181] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.266538] [ 26.266646] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.266694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.266709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.266733] Call Trace: [ 26.266751] <TASK> [ 26.266769] dump_stack_lvl+0x73/0xb0 [ 26.266799] print_report+0xd1/0x650 [ 26.266832] ? __virt_addr_valid+0x1db/0x2d0 [ 26.266857] ? kasan_atomics_helper+0x1467/0x5450 [ 26.266879] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.266906] ? kasan_atomics_helper+0x1467/0x5450 [ 26.266929] kasan_report+0x141/0x180 [ 26.266952] ? kasan_atomics_helper+0x1467/0x5450 [ 26.266979] kasan_check_range+0x10c/0x1c0 [ 26.267004] __kasan_check_write+0x18/0x20 [ 26.267029] kasan_atomics_helper+0x1467/0x5450 [ 26.267052] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.267076] ? kasan_save_alloc_info+0x3b/0x50 [ 26.267106] kasan_atomics+0x1dc/0x310 [ 26.267129] ? __pfx_kasan_atomics+0x10/0x10 [ 26.267154] ? __pfx_read_tsc+0x10/0x10 [ 26.267178] ? ktime_get_ts64+0x86/0x230 [ 26.267203] kunit_try_run_case+0x1a5/0x480 [ 26.267231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.267257] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.267281] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.267316] ? __kthread_parkme+0x82/0x180 [ 26.267350] ? preempt_count_sub+0x50/0x80 [ 26.267374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.267413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.267440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.267465] kthread+0x337/0x6f0 [ 26.267506] ? trace_preempt_on+0x20/0xc0 [ 26.267540] ? __pfx_kthread+0x10/0x10 [ 26.267562] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.267588] ? calculate_sigpending+0x7b/0xa0 [ 26.267623] ? __pfx_kthread+0x10/0x10 [ 26.267647] ret_from_fork+0x116/0x1d0 [ 26.267667] ? __pfx_kthread+0x10/0x10 [ 26.267698] ret_from_fork_asm+0x1a/0x30 [ 26.267731] </TASK> [ 26.267744] [ 26.275228] Allocated by task 313: [ 26.275394] kasan_save_stack+0x45/0x70 [ 26.275624] kasan_save_track+0x18/0x40 [ 26.275795] kasan_save_alloc_info+0x3b/0x50 [ 26.275940] __kasan_kmalloc+0xb7/0xc0 [ 26.276069] __kmalloc_cache_noprof+0x189/0x420 [ 26.276220] kasan_atomics+0x95/0x310 [ 26.276357] kunit_try_run_case+0x1a5/0x480 [ 26.276520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.276694] kthread+0x337/0x6f0 [ 26.276818] ret_from_fork+0x116/0x1d0 [ 26.277001] ret_from_fork_asm+0x1a/0x30 [ 26.277193] [ 26.277314] The buggy address belongs to the object at ffff88810490f900 [ 26.277314] which belongs to the cache kmalloc-64 of size 64 [ 26.277868] The buggy address is located 0 bytes to the right of [ 26.277868] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.278417] [ 26.278534] The buggy address belongs to the physical page: [ 26.278781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.279130] flags: 0x200000000000000(node=0|zone=2) [ 26.279367] page_type: f5(slab) [ 26.279506] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.279738] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.280019] page dumped because: kasan: bad access detected [ 26.280266] [ 26.280381] Memory state around the buggy address: [ 26.280630] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.280971] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.281280] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.281600] ^ [ 26.281792] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.282084] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.282399] ================================================================== [ 26.587891] ================================================================== [ 26.588184] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 26.588526] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.588848] [ 26.588938] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.588990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.589005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.589029] Call Trace: [ 26.589061] <TASK> [ 26.589082] dump_stack_lvl+0x73/0xb0 [ 26.589124] print_report+0xd1/0x650 [ 26.589147] ? __virt_addr_valid+0x1db/0x2d0 [ 26.589172] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.589193] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.589220] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.589243] kasan_report+0x141/0x180 [ 26.589266] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.589292] kasan_check_range+0x10c/0x1c0 [ 26.589325] __kasan_check_write+0x18/0x20 [ 26.589359] kasan_atomics_helper+0x1e12/0x5450 [ 26.589381] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.589405] ? kasan_save_alloc_info+0x3b/0x50 [ 26.589445] kasan_atomics+0x1dc/0x310 [ 26.589468] ? __pfx_kasan_atomics+0x10/0x10 [ 26.589503] ? __pfx_read_tsc+0x10/0x10 [ 26.589526] ? ktime_get_ts64+0x86/0x230 [ 26.589552] kunit_try_run_case+0x1a5/0x480 [ 26.589587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.589611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.589635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.589657] ? __kthread_parkme+0x82/0x180 [ 26.589679] ? preempt_count_sub+0x50/0x80 [ 26.589703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.589730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.589759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.589784] kthread+0x337/0x6f0 [ 26.589806] ? trace_preempt_on+0x20/0xc0 [ 26.589840] ? __pfx_kthread+0x10/0x10 [ 26.589861] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.589889] ? calculate_sigpending+0x7b/0xa0 [ 26.589925] ? __pfx_kthread+0x10/0x10 [ 26.589949] ret_from_fork+0x116/0x1d0 [ 26.589979] ? __pfx_kthread+0x10/0x10 [ 26.590001] ret_from_fork_asm+0x1a/0x30 [ 26.590044] </TASK> [ 26.590057] [ 26.598038] Allocated by task 313: [ 26.598225] kasan_save_stack+0x45/0x70 [ 26.598459] kasan_save_track+0x18/0x40 [ 26.598640] kasan_save_alloc_info+0x3b/0x50 [ 26.598829] __kasan_kmalloc+0xb7/0xc0 [ 26.598957] __kmalloc_cache_noprof+0x189/0x420 [ 26.599107] kasan_atomics+0x95/0x310 [ 26.599276] kunit_try_run_case+0x1a5/0x480 [ 26.599486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.599749] kthread+0x337/0x6f0 [ 26.599925] ret_from_fork+0x116/0x1d0 [ 26.600164] ret_from_fork_asm+0x1a/0x30 [ 26.600300] [ 26.600377] The buggy address belongs to the object at ffff88810490f900 [ 26.600377] which belongs to the cache kmalloc-64 of size 64 [ 26.600958] The buggy address is located 0 bytes to the right of [ 26.600958] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.601637] [ 26.601760] The buggy address belongs to the physical page: [ 26.602004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.602336] flags: 0x200000000000000(node=0|zone=2) [ 26.602497] page_type: f5(slab) [ 26.602652] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.602904] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.603231] page dumped because: kasan: bad access detected [ 26.603414] [ 26.603480] Memory state around the buggy address: [ 26.603640] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.604247] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.605352] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.605637] ^ [ 26.605804] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.606019] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.606228] ================================================================== [ 25.643171] ================================================================== [ 25.643470] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 25.643808] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.644321] [ 25.644429] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.644480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.644495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.644517] Call Trace: [ 25.644533] <TASK> [ 25.644551] dump_stack_lvl+0x73/0xb0 [ 25.644579] print_report+0xd1/0x650 [ 25.644604] ? __virt_addr_valid+0x1db/0x2d0 [ 25.644629] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.644652] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.644679] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.644703] kasan_report+0x141/0x180 [ 25.644727] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.644754] __asan_report_store4_noabort+0x1b/0x30 [ 25.644779] kasan_atomics_helper+0x4b3a/0x5450 [ 25.644803] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.644827] ? kasan_save_alloc_info+0x3b/0x50 [ 25.644856] kasan_atomics+0x1dc/0x310 [ 25.644881] ? __pfx_kasan_atomics+0x10/0x10 [ 25.644906] ? __pfx_read_tsc+0x10/0x10 [ 25.644928] ? ktime_get_ts64+0x86/0x230 [ 25.644953] kunit_try_run_case+0x1a5/0x480 [ 25.644980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.645004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.645027] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.645051] ? __kthread_parkme+0x82/0x180 [ 25.645072] ? preempt_count_sub+0x50/0x80 [ 25.645154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.645183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.645209] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.645234] kthread+0x337/0x6f0 [ 25.645255] ? trace_preempt_on+0x20/0xc0 [ 25.645278] ? __pfx_kthread+0x10/0x10 [ 25.645299] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.645337] ? calculate_sigpending+0x7b/0xa0 [ 25.645362] ? __pfx_kthread+0x10/0x10 [ 25.645385] ret_from_fork+0x116/0x1d0 [ 25.645404] ? __pfx_kthread+0x10/0x10 [ 25.645426] ret_from_fork_asm+0x1a/0x30 [ 25.645458] </TASK> [ 25.645471] [ 25.652965] Allocated by task 313: [ 25.653130] kasan_save_stack+0x45/0x70 [ 25.653270] kasan_save_track+0x18/0x40 [ 25.653464] kasan_save_alloc_info+0x3b/0x50 [ 25.653728] __kasan_kmalloc+0xb7/0xc0 [ 25.653927] __kmalloc_cache_noprof+0x189/0x420 [ 25.654112] kasan_atomics+0x95/0x310 [ 25.654298] kunit_try_run_case+0x1a5/0x480 [ 25.654455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.654879] kthread+0x337/0x6f0 [ 25.655001] ret_from_fork+0x116/0x1d0 [ 25.655128] ret_from_fork_asm+0x1a/0x30 [ 25.655294] [ 25.655393] The buggy address belongs to the object at ffff88810490f900 [ 25.655393] which belongs to the cache kmalloc-64 of size 64 [ 25.656008] The buggy address is located 0 bytes to the right of [ 25.656008] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.656445] [ 25.656594] The buggy address belongs to the physical page: [ 25.657054] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.657368] flags: 0x200000000000000(node=0|zone=2) [ 25.657525] page_type: f5(slab) [ 25.657640] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.657867] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.658137] page dumped because: kasan: bad access detected [ 25.658554] [ 25.658837] Memory state around the buggy address: [ 25.659064] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.659489] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.659703] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.659910] ^ [ 25.660059] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.660503] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.661044] ================================================================== [ 26.514429] ================================================================== [ 26.514967] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 26.515360] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.515688] [ 26.515768] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.515815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.515829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.515851] Call Trace: [ 26.515867] <TASK> [ 26.515884] dump_stack_lvl+0x73/0xb0 [ 26.515909] print_report+0xd1/0x650 [ 26.515932] ? __virt_addr_valid+0x1db/0x2d0 [ 26.515954] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.515977] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.516003] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.516027] kasan_report+0x141/0x180 [ 26.516049] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.516076] __asan_report_load8_noabort+0x18/0x20 [ 26.516100] kasan_atomics_helper+0x4f30/0x5450 [ 26.516123] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.516147] ? kasan_save_alloc_info+0x3b/0x50 [ 26.516175] kasan_atomics+0x1dc/0x310 [ 26.516199] ? __pfx_kasan_atomics+0x10/0x10 [ 26.516224] ? __pfx_read_tsc+0x10/0x10 [ 26.516246] ? ktime_get_ts64+0x86/0x230 [ 26.516270] kunit_try_run_case+0x1a5/0x480 [ 26.516296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.516332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.516355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.516378] ? __kthread_parkme+0x82/0x180 [ 26.516400] ? preempt_count_sub+0x50/0x80 [ 26.516424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.516450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.516475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.516501] kthread+0x337/0x6f0 [ 26.516521] ? trace_preempt_on+0x20/0xc0 [ 26.516545] ? __pfx_kthread+0x10/0x10 [ 26.516566] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.516591] ? calculate_sigpending+0x7b/0xa0 [ 26.516630] ? __pfx_kthread+0x10/0x10 [ 26.516653] ret_from_fork+0x116/0x1d0 [ 26.516673] ? __pfx_kthread+0x10/0x10 [ 26.516695] ret_from_fork_asm+0x1a/0x30 [ 26.516726] </TASK> [ 26.516738] [ 26.523483] Allocated by task 313: [ 26.523658] kasan_save_stack+0x45/0x70 [ 26.523858] kasan_save_track+0x18/0x40 [ 26.524050] kasan_save_alloc_info+0x3b/0x50 [ 26.524264] __kasan_kmalloc+0xb7/0xc0 [ 26.524468] __kmalloc_cache_noprof+0x189/0x420 [ 26.524662] kasan_atomics+0x95/0x310 [ 26.524789] kunit_try_run_case+0x1a5/0x480 [ 26.524943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.525195] kthread+0x337/0x6f0 [ 26.525367] ret_from_fork+0x116/0x1d0 [ 26.525551] ret_from_fork_asm+0x1a/0x30 [ 26.525734] [ 26.525804] The buggy address belongs to the object at ffff88810490f900 [ 26.525804] which belongs to the cache kmalloc-64 of size 64 [ 26.526146] The buggy address is located 0 bytes to the right of [ 26.526146] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.526940] [ 26.527041] The buggy address belongs to the physical page: [ 26.527290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.527647] flags: 0x200000000000000(node=0|zone=2) [ 26.527851] page_type: f5(slab) [ 26.527969] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.528195] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.528427] page dumped because: kasan: bad access detected [ 26.528594] [ 26.528659] Memory state around the buggy address: [ 26.528808] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.529019] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.529229] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.529568] ^ [ 26.529796] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.530114] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.530434] ================================================================== [ 26.789813] ================================================================== [ 26.790115] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 26.790365] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.790689] [ 26.791089] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.791155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.791169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.791196] Call Trace: [ 26.791217] <TASK> [ 26.791239] dump_stack_lvl+0x73/0xb0 [ 26.791270] print_report+0xd1/0x650 [ 26.791294] ? __virt_addr_valid+0x1db/0x2d0 [ 26.791332] ? kasan_atomics_helper+0x4fa5/0x5450 [ 26.791355] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.791382] ? kasan_atomics_helper+0x4fa5/0x5450 [ 26.791405] kasan_report+0x141/0x180 [ 26.791428] ? kasan_atomics_helper+0x4fa5/0x5450 [ 26.791455] __asan_report_load8_noabort+0x18/0x20 [ 26.791480] kasan_atomics_helper+0x4fa5/0x5450 [ 26.791503] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.791527] ? kasan_save_alloc_info+0x3b/0x50 [ 26.791555] kasan_atomics+0x1dc/0x310 [ 26.791578] ? __pfx_kasan_atomics+0x10/0x10 [ 26.791603] ? __pfx_read_tsc+0x10/0x10 [ 26.791627] ? ktime_get_ts64+0x86/0x230 [ 26.791652] kunit_try_run_case+0x1a5/0x480 [ 26.791679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.791704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.791736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.791758] ? __kthread_parkme+0x82/0x180 [ 26.791780] ? preempt_count_sub+0x50/0x80 [ 26.791804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.791830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.791856] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.791920] kthread+0x337/0x6f0 [ 26.791965] ? trace_preempt_on+0x20/0xc0 [ 26.792034] ? __pfx_kthread+0x10/0x10 [ 26.792101] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.792171] ? calculate_sigpending+0x7b/0xa0 [ 26.792219] ? __pfx_kthread+0x10/0x10 [ 26.792242] ret_from_fork+0x116/0x1d0 [ 26.792261] ? __pfx_kthread+0x10/0x10 [ 26.792283] ret_from_fork_asm+0x1a/0x30 [ 26.792326] </TASK> [ 26.792339] [ 26.799563] Allocated by task 313: [ 26.799688] kasan_save_stack+0x45/0x70 [ 26.799825] kasan_save_track+0x18/0x40 [ 26.799951] kasan_save_alloc_info+0x3b/0x50 [ 26.800222] __kasan_kmalloc+0xb7/0xc0 [ 26.800488] __kmalloc_cache_noprof+0x189/0x420 [ 26.800788] kasan_atomics+0x95/0x310 [ 26.801038] kunit_try_run_case+0x1a5/0x480 [ 26.801303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.801794] kthread+0x337/0x6f0 [ 26.801970] ret_from_fork+0x116/0x1d0 [ 26.802170] ret_from_fork_asm+0x1a/0x30 [ 26.802348] [ 26.802415] The buggy address belongs to the object at ffff88810490f900 [ 26.802415] which belongs to the cache kmalloc-64 of size 64 [ 26.803099] The buggy address is located 0 bytes to the right of [ 26.803099] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.803637] [ 26.803709] The buggy address belongs to the physical page: [ 26.803872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.804217] flags: 0x200000000000000(node=0|zone=2) [ 26.804540] page_type: f5(slab) [ 26.804740] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.805075] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.805367] page dumped because: kasan: bad access detected [ 26.805779] [ 26.805898] Memory state around the buggy address: [ 26.806115] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.806439] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.806794] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.807038] ^ [ 26.807182] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.807444] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.808155] ================================================================== [ 25.564453] ================================================================== [ 25.564749] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 25.565190] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.565642] [ 25.565882] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.565953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.565968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.565991] Call Trace: [ 25.566008] <TASK> [ 25.566026] dump_stack_lvl+0x73/0xb0 [ 25.566054] print_report+0xd1/0x650 [ 25.566078] ? __virt_addr_valid+0x1db/0x2d0 [ 25.566122] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.566143] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.566170] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.566193] kasan_report+0x141/0x180 [ 25.566215] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.566242] __asan_report_store4_noabort+0x1b/0x30 [ 25.566267] kasan_atomics_helper+0x4b6e/0x5450 [ 25.566291] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.566326] ? kasan_save_alloc_info+0x3b/0x50 [ 25.566355] kasan_atomics+0x1dc/0x310 [ 25.566377] ? __pfx_kasan_atomics+0x10/0x10 [ 25.566421] ? __pfx_read_tsc+0x10/0x10 [ 25.566444] ? ktime_get_ts64+0x86/0x230 [ 25.566468] kunit_try_run_case+0x1a5/0x480 [ 25.566494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.566520] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.566545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.566577] ? __kthread_parkme+0x82/0x180 [ 25.566617] ? preempt_count_sub+0x50/0x80 [ 25.566640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.566667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.566707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.566734] kthread+0x337/0x6f0 [ 25.566756] ? trace_preempt_on+0x20/0xc0 [ 25.566779] ? __pfx_kthread+0x10/0x10 [ 25.566801] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.566827] ? calculate_sigpending+0x7b/0xa0 [ 25.566851] ? __pfx_kthread+0x10/0x10 [ 25.566874] ret_from_fork+0x116/0x1d0 [ 25.566895] ? __pfx_kthread+0x10/0x10 [ 25.566917] ret_from_fork_asm+0x1a/0x30 [ 25.566948] </TASK> [ 25.566960] [ 25.574596] Allocated by task 313: [ 25.574884] kasan_save_stack+0x45/0x70 [ 25.575030] kasan_save_track+0x18/0x40 [ 25.575161] kasan_save_alloc_info+0x3b/0x50 [ 25.575382] __kasan_kmalloc+0xb7/0xc0 [ 25.575815] __kmalloc_cache_noprof+0x189/0x420 [ 25.576004] kasan_atomics+0x95/0x310 [ 25.576134] kunit_try_run_case+0x1a5/0x480 [ 25.576277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.576530] kthread+0x337/0x6f0 [ 25.576970] ret_from_fork+0x116/0x1d0 [ 25.577173] ret_from_fork_asm+0x1a/0x30 [ 25.577380] [ 25.577471] The buggy address belongs to the object at ffff88810490f900 [ 25.577471] which belongs to the cache kmalloc-64 of size 64 [ 25.577982] The buggy address is located 0 bytes to the right of [ 25.577982] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.578518] [ 25.578612] The buggy address belongs to the physical page: [ 25.578831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.579068] flags: 0x200000000000000(node=0|zone=2) [ 25.579490] page_type: f5(slab) [ 25.579665] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.580063] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.580301] page dumped because: kasan: bad access detected [ 25.580553] [ 25.580661] Memory state around the buggy address: [ 25.581018] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.581509] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.582030] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.582338] ^ [ 25.582533] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.582913] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.583178] ================================================================== [ 25.623800] ================================================================== [ 25.624091] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 25.624408] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.624828] [ 25.624910] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.624958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.624972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.624995] Call Trace: [ 25.625012] <TASK> [ 25.625028] dump_stack_lvl+0x73/0xb0 [ 25.625055] print_report+0xd1/0x650 [ 25.625077] ? __virt_addr_valid+0x1db/0x2d0 [ 25.625101] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.625123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.625149] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.625173] kasan_report+0x141/0x180 [ 25.625196] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.625222] kasan_check_range+0x10c/0x1c0 [ 25.625246] __kasan_check_write+0x18/0x20 [ 25.625271] kasan_atomics_helper+0x4a0/0x5450 [ 25.625295] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.625331] ? kasan_save_alloc_info+0x3b/0x50 [ 25.625360] kasan_atomics+0x1dc/0x310 [ 25.625383] ? __pfx_kasan_atomics+0x10/0x10 [ 25.625408] ? __pfx_read_tsc+0x10/0x10 [ 25.625430] ? ktime_get_ts64+0x86/0x230 [ 25.625454] kunit_try_run_case+0x1a5/0x480 [ 25.625481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.625507] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.625529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.625552] ? __kthread_parkme+0x82/0x180 [ 25.625573] ? preempt_count_sub+0x50/0x80 [ 25.625597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.625623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.625647] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.625673] kthread+0x337/0x6f0 [ 25.625694] ? trace_preempt_on+0x20/0xc0 [ 25.625716] ? __pfx_kthread+0x10/0x10 [ 25.625742] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.625767] ? calculate_sigpending+0x7b/0xa0 [ 25.625791] ? __pfx_kthread+0x10/0x10 [ 25.625814] ret_from_fork+0x116/0x1d0 [ 25.625833] ? __pfx_kthread+0x10/0x10 [ 25.625855] ret_from_fork_asm+0x1a/0x30 [ 25.625887] </TASK> [ 25.625899] [ 25.634458] Allocated by task 313: [ 25.634637] kasan_save_stack+0x45/0x70 [ 25.634819] kasan_save_track+0x18/0x40 [ 25.634997] kasan_save_alloc_info+0x3b/0x50 [ 25.635184] __kasan_kmalloc+0xb7/0xc0 [ 25.635352] __kmalloc_cache_noprof+0x189/0x420 [ 25.635519] kasan_atomics+0x95/0x310 [ 25.635647] kunit_try_run_case+0x1a5/0x480 [ 25.635790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.635959] kthread+0x337/0x6f0 [ 25.636074] ret_from_fork+0x116/0x1d0 [ 25.636200] ret_from_fork_asm+0x1a/0x30 [ 25.636715] [ 25.636820] The buggy address belongs to the object at ffff88810490f900 [ 25.636820] which belongs to the cache kmalloc-64 of size 64 [ 25.637346] The buggy address is located 0 bytes to the right of [ 25.637346] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.638062] [ 25.638135] The buggy address belongs to the physical page: [ 25.638319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.638564] flags: 0x200000000000000(node=0|zone=2) [ 25.639016] page_type: f5(slab) [ 25.639190] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.639544] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.640124] page dumped because: kasan: bad access detected [ 25.640366] [ 25.640464] Memory state around the buggy address: [ 25.640657] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.640965] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.641213] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.641431] ^ [ 25.641613] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.641924] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.642237] ================================================================== [ 26.631089] ================================================================== [ 26.631457] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 26.632072] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.632449] [ 26.632890] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.632948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.632963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.632988] Call Trace: [ 26.633010] <TASK> [ 26.633032] dump_stack_lvl+0x73/0xb0 [ 26.633064] print_report+0xd1/0x650 [ 26.633087] ? __virt_addr_valid+0x1db/0x2d0 [ 26.633113] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.633135] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.633162] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.633185] kasan_report+0x141/0x180 [ 26.633207] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.633459] kasan_check_range+0x10c/0x1c0 [ 26.633504] __kasan_check_write+0x18/0x20 [ 26.633531] kasan_atomics_helper+0x1f43/0x5450 [ 26.633557] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.633582] ? kasan_save_alloc_info+0x3b/0x50 [ 26.633611] kasan_atomics+0x1dc/0x310 [ 26.633635] ? __pfx_kasan_atomics+0x10/0x10 [ 26.633659] ? __pfx_read_tsc+0x10/0x10 [ 26.633683] ? ktime_get_ts64+0x86/0x230 [ 26.633710] kunit_try_run_case+0x1a5/0x480 [ 26.633736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.633766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.633790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.633813] ? __kthread_parkme+0x82/0x180 [ 26.633836] ? preempt_count_sub+0x50/0x80 [ 26.633860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.633886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.633913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.633938] kthread+0x337/0x6f0 [ 26.633960] ? trace_preempt_on+0x20/0xc0 [ 26.633984] ? __pfx_kthread+0x10/0x10 [ 26.634006] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.634031] ? calculate_sigpending+0x7b/0xa0 [ 26.634057] ? __pfx_kthread+0x10/0x10 [ 26.634079] ret_from_fork+0x116/0x1d0 [ 26.634099] ? __pfx_kthread+0x10/0x10 [ 26.634121] ret_from_fork_asm+0x1a/0x30 [ 26.634155] </TASK> [ 26.634170] [ 26.644375] Allocated by task 313: [ 26.644531] kasan_save_stack+0x45/0x70 [ 26.644744] kasan_save_track+0x18/0x40 [ 26.644914] kasan_save_alloc_info+0x3b/0x50 [ 26.645124] __kasan_kmalloc+0xb7/0xc0 [ 26.645287] __kmalloc_cache_noprof+0x189/0x420 [ 26.645801] kasan_atomics+0x95/0x310 [ 26.645996] kunit_try_run_case+0x1a5/0x480 [ 26.646148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.646556] kthread+0x337/0x6f0 [ 26.646798] ret_from_fork+0x116/0x1d0 [ 26.646946] ret_from_fork_asm+0x1a/0x30 [ 26.647230] [ 26.647457] The buggy address belongs to the object at ffff88810490f900 [ 26.647457] which belongs to the cache kmalloc-64 of size 64 [ 26.647953] The buggy address is located 0 bytes to the right of [ 26.647953] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.648514] [ 26.648817] The buggy address belongs to the physical page: [ 26.649045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.649431] flags: 0x200000000000000(node=0|zone=2) [ 26.649817] page_type: f5(slab) [ 26.649960] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.650463] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.650963] page dumped because: kasan: bad access detected [ 26.651172] [ 26.651407] Memory state around the buggy address: [ 26.651578] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.652004] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.652379] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.652745] ^ [ 26.652937] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.653230] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.653770] ================================================================== [ 26.751332] ================================================================== [ 26.751624] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 26.752164] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.752418] [ 26.752506] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.752585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.752600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.752664] Call Trace: [ 26.752688] <TASK> [ 26.752734] dump_stack_lvl+0x73/0xb0 [ 26.752768] print_report+0xd1/0x650 [ 26.752792] ? __virt_addr_valid+0x1db/0x2d0 [ 26.752819] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.752842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.752869] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.752892] kasan_report+0x141/0x180 [ 26.752915] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.752941] __asan_report_load8_noabort+0x18/0x20 [ 26.752997] kasan_atomics_helper+0x4fb2/0x5450 [ 26.753022] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.753046] ? kasan_save_alloc_info+0x3b/0x50 [ 26.753074] kasan_atomics+0x1dc/0x310 [ 26.753098] ? __pfx_kasan_atomics+0x10/0x10 [ 26.753153] ? __pfx_read_tsc+0x10/0x10 [ 26.753177] ? ktime_get_ts64+0x86/0x230 [ 26.753204] kunit_try_run_case+0x1a5/0x480 [ 26.753231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.753255] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.753280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.753315] ? __kthread_parkme+0x82/0x180 [ 26.753337] ? preempt_count_sub+0x50/0x80 [ 26.753362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.753417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.753466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.753506] kthread+0x337/0x6f0 [ 26.753527] ? trace_preempt_on+0x20/0xc0 [ 26.753552] ? __pfx_kthread+0x10/0x10 [ 26.753573] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.753599] ? calculate_sigpending+0x7b/0xa0 [ 26.753624] ? __pfx_kthread+0x10/0x10 [ 26.753647] ret_from_fork+0x116/0x1d0 [ 26.753667] ? __pfx_kthread+0x10/0x10 [ 26.753689] ret_from_fork_asm+0x1a/0x30 [ 26.753722] </TASK> [ 26.753736] [ 26.761260] Allocated by task 313: [ 26.761483] kasan_save_stack+0x45/0x70 [ 26.761716] kasan_save_track+0x18/0x40 [ 26.761979] kasan_save_alloc_info+0x3b/0x50 [ 26.762216] __kasan_kmalloc+0xb7/0xc0 [ 26.762405] __kmalloc_cache_noprof+0x189/0x420 [ 26.762718] kasan_atomics+0x95/0x310 [ 26.762951] kunit_try_run_case+0x1a5/0x480 [ 26.763095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.763344] kthread+0x337/0x6f0 [ 26.763604] ret_from_fork+0x116/0x1d0 [ 26.763839] ret_from_fork_asm+0x1a/0x30 [ 26.764040] [ 26.764135] The buggy address belongs to the object at ffff88810490f900 [ 26.764135] which belongs to the cache kmalloc-64 of size 64 [ 26.764727] The buggy address is located 0 bytes to the right of [ 26.764727] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.765274] [ 26.765354] The buggy address belongs to the physical page: [ 26.765634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.766028] flags: 0x200000000000000(node=0|zone=2) [ 26.766283] page_type: f5(slab) [ 26.766444] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.766790] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.767131] page dumped because: kasan: bad access detected [ 26.767384] [ 26.767471] Memory state around the buggy address: [ 26.767738] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.767945] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.768148] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.768397] ^ [ 26.768607] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.768910] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.769350] ================================================================== [ 26.144080] ================================================================== [ 26.144410] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 26.144951] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.145182] [ 26.145269] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.145334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.145350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.145374] Call Trace: [ 26.145390] <TASK> [ 26.145406] dump_stack_lvl+0x73/0xb0 [ 26.145436] print_report+0xd1/0x650 [ 26.145460] ? __virt_addr_valid+0x1db/0x2d0 [ 26.145484] ? kasan_atomics_helper+0x1217/0x5450 [ 26.145508] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.145544] ? kasan_atomics_helper+0x1217/0x5450 [ 26.145567] kasan_report+0x141/0x180 [ 26.145591] ? kasan_atomics_helper+0x1217/0x5450 [ 26.145654] kasan_check_range+0x10c/0x1c0 [ 26.145681] __kasan_check_write+0x18/0x20 [ 26.145706] kasan_atomics_helper+0x1217/0x5450 [ 26.145745] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.145769] ? kasan_save_alloc_info+0x3b/0x50 [ 26.145798] kasan_atomics+0x1dc/0x310 [ 26.145822] ? __pfx_kasan_atomics+0x10/0x10 [ 26.145847] ? __pfx_read_tsc+0x10/0x10 [ 26.145870] ? ktime_get_ts64+0x86/0x230 [ 26.145896] kunit_try_run_case+0x1a5/0x480 [ 26.145922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.145947] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.145971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.145994] ? __kthread_parkme+0x82/0x180 [ 26.146016] ? preempt_count_sub+0x50/0x80 [ 26.146041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.146068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.146094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.146120] kthread+0x337/0x6f0 [ 26.146141] ? trace_preempt_on+0x20/0xc0 [ 26.146165] ? __pfx_kthread+0x10/0x10 [ 26.146187] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.146213] ? calculate_sigpending+0x7b/0xa0 [ 26.146238] ? __pfx_kthread+0x10/0x10 [ 26.146261] ret_from_fork+0x116/0x1d0 [ 26.146281] ? __pfx_kthread+0x10/0x10 [ 26.146304] ret_from_fork_asm+0x1a/0x30 [ 26.146377] </TASK> [ 26.146391] [ 26.154242] Allocated by task 313: [ 26.154389] kasan_save_stack+0x45/0x70 [ 26.154529] kasan_save_track+0x18/0x40 [ 26.154659] kasan_save_alloc_info+0x3b/0x50 [ 26.154802] __kasan_kmalloc+0xb7/0xc0 [ 26.155147] __kmalloc_cache_noprof+0x189/0x420 [ 26.155389] kasan_atomics+0x95/0x310 [ 26.155592] kunit_try_run_case+0x1a5/0x480 [ 26.155804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.156056] kthread+0x337/0x6f0 [ 26.156246] ret_from_fork+0x116/0x1d0 [ 26.156507] ret_from_fork_asm+0x1a/0x30 [ 26.156719] [ 26.156813] The buggy address belongs to the object at ffff88810490f900 [ 26.156813] which belongs to the cache kmalloc-64 of size 64 [ 26.157498] The buggy address is located 0 bytes to the right of [ 26.157498] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.158066] [ 26.158140] The buggy address belongs to the physical page: [ 26.158320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.158922] flags: 0x200000000000000(node=0|zone=2) [ 26.159225] page_type: f5(slab) [ 26.159460] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.159837] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.160063] page dumped because: kasan: bad access detected [ 26.160230] [ 26.160300] Memory state around the buggy address: [ 26.160477] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.160838] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.161160] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.161483] ^ [ 26.161717] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.162042] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.162467] ================================================================== [ 25.605084] ================================================================== [ 25.605413] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 25.606767] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.607058] [ 25.607159] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.607208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.607223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.607245] Call Trace: [ 25.607262] <TASK> [ 25.607278] dump_stack_lvl+0x73/0xb0 [ 25.607320] print_report+0xd1/0x650 [ 25.607344] ? __virt_addr_valid+0x1db/0x2d0 [ 25.607368] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.607390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.607417] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.607439] kasan_report+0x141/0x180 [ 25.607462] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.607489] __asan_report_load4_noabort+0x18/0x20 [ 25.607515] kasan_atomics_helper+0x4b54/0x5450 [ 25.607538] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.607562] ? kasan_save_alloc_info+0x3b/0x50 [ 25.607591] kasan_atomics+0x1dc/0x310 [ 25.607614] ? __pfx_kasan_atomics+0x10/0x10 [ 25.607639] ? __pfx_read_tsc+0x10/0x10 [ 25.607661] ? ktime_get_ts64+0x86/0x230 [ 25.607686] kunit_try_run_case+0x1a5/0x480 [ 25.607712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.607738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.607760] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.607795] ? __kthread_parkme+0x82/0x180 [ 25.607817] ? preempt_count_sub+0x50/0x80 [ 25.607841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.607867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.607892] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.607918] kthread+0x337/0x6f0 [ 25.607939] ? trace_preempt_on+0x20/0xc0 [ 25.607962] ? __pfx_kthread+0x10/0x10 [ 25.607985] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.608009] ? calculate_sigpending+0x7b/0xa0 [ 25.608034] ? __pfx_kthread+0x10/0x10 [ 25.608057] ret_from_fork+0x116/0x1d0 [ 25.608077] ? __pfx_kthread+0x10/0x10 [ 25.608099] ret_from_fork_asm+0x1a/0x30 [ 25.608131] </TASK> [ 25.608144] [ 25.615213] Allocated by task 313: [ 25.615408] kasan_save_stack+0x45/0x70 [ 25.615771] kasan_save_track+0x18/0x40 [ 25.615972] kasan_save_alloc_info+0x3b/0x50 [ 25.616177] __kasan_kmalloc+0xb7/0xc0 [ 25.616376] __kmalloc_cache_noprof+0x189/0x420 [ 25.616611] kasan_atomics+0x95/0x310 [ 25.616847] kunit_try_run_case+0x1a5/0x480 [ 25.617047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.617278] kthread+0x337/0x6f0 [ 25.617433] ret_from_fork+0x116/0x1d0 [ 25.617606] ret_from_fork_asm+0x1a/0x30 [ 25.617964] [ 25.618043] The buggy address belongs to the object at ffff88810490f900 [ 25.618043] which belongs to the cache kmalloc-64 of size 64 [ 25.618513] The buggy address is located 0 bytes to the right of [ 25.618513] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.618947] [ 25.619017] The buggy address belongs to the physical page: [ 25.619183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.619484] flags: 0x200000000000000(node=0|zone=2) [ 25.619836] page_type: f5(slab) [ 25.620007] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.620354] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.620831] page dumped because: kasan: bad access detected [ 25.621002] [ 25.621068] Memory state around the buggy address: [ 25.621219] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.621541] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.622112] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.622404] ^ [ 25.622661] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.622947] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.623196] ================================================================== [ 25.985518] ================================================================== [ 25.986544] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 25.987970] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.989131] [ 25.989501] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.989557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.989573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.989596] Call Trace: [ 25.989614] <TASK> [ 25.989634] dump_stack_lvl+0x73/0xb0 [ 25.989664] print_report+0xd1/0x650 [ 25.989688] ? __virt_addr_valid+0x1db/0x2d0 [ 25.989713] ? kasan_atomics_helper+0xe78/0x5450 [ 25.989734] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.989766] ? kasan_atomics_helper+0xe78/0x5450 [ 25.989789] kasan_report+0x141/0x180 [ 25.989813] ? kasan_atomics_helper+0xe78/0x5450 [ 25.989839] kasan_check_range+0x10c/0x1c0 [ 25.989863] __kasan_check_write+0x18/0x20 [ 25.989888] kasan_atomics_helper+0xe78/0x5450 [ 25.989912] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.989935] ? kasan_save_alloc_info+0x3b/0x50 [ 25.989963] kasan_atomics+0x1dc/0x310 [ 25.989987] ? __pfx_kasan_atomics+0x10/0x10 [ 25.990011] ? __pfx_read_tsc+0x10/0x10 [ 25.990034] ? ktime_get_ts64+0x86/0x230 [ 25.990059] kunit_try_run_case+0x1a5/0x480 [ 25.990085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.990109] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.990132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.990155] ? __kthread_parkme+0x82/0x180 [ 25.990177] ? preempt_count_sub+0x50/0x80 [ 25.990201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.990227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.990252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.990278] kthread+0x337/0x6f0 [ 25.990299] ? trace_preempt_on+0x20/0xc0 [ 25.990333] ? __pfx_kthread+0x10/0x10 [ 25.990355] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.990380] ? calculate_sigpending+0x7b/0xa0 [ 25.990405] ? __pfx_kthread+0x10/0x10 [ 25.990427] ret_from_fork+0x116/0x1d0 [ 25.990446] ? __pfx_kthread+0x10/0x10 [ 25.990469] ret_from_fork_asm+0x1a/0x30 [ 25.990500] </TASK> [ 25.990513] [ 26.002155] Allocated by task 313: [ 26.002323] kasan_save_stack+0x45/0x70 [ 26.002562] kasan_save_track+0x18/0x40 [ 26.002999] kasan_save_alloc_info+0x3b/0x50 [ 26.003185] __kasan_kmalloc+0xb7/0xc0 [ 26.003329] __kmalloc_cache_noprof+0x189/0x420 [ 26.003502] kasan_atomics+0x95/0x310 [ 26.003776] kunit_try_run_case+0x1a5/0x480 [ 26.004056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.004327] kthread+0x337/0x6f0 [ 26.004501] ret_from_fork+0x116/0x1d0 [ 26.004648] ret_from_fork_asm+0x1a/0x30 [ 26.004916] [ 26.004998] The buggy address belongs to the object at ffff88810490f900 [ 26.004998] which belongs to the cache kmalloc-64 of size 64 [ 26.005560] The buggy address is located 0 bytes to the right of [ 26.005560] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.006113] [ 26.006224] The buggy address belongs to the physical page: [ 26.006470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.006845] flags: 0x200000000000000(node=0|zone=2) [ 26.007089] page_type: f5(slab) [ 26.007252] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.007639] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.007970] page dumped because: kasan: bad access detected [ 26.008387] [ 26.008473] Memory state around the buggy address: [ 26.008788] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.009122] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.009390] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.009844] ^ [ 26.010004] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.010245] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.010590] ================================================================== [ 26.072040] ================================================================== [ 26.072407] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 26.073065] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.073365] [ 26.073463] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.073512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.073527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.073550] Call Trace: [ 26.073567] <TASK> [ 26.073585] dump_stack_lvl+0x73/0xb0 [ 26.073614] print_report+0xd1/0x650 [ 26.073636] ? __virt_addr_valid+0x1db/0x2d0 [ 26.073675] ? kasan_atomics_helper+0x1079/0x5450 [ 26.073698] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.073736] ? kasan_atomics_helper+0x1079/0x5450 [ 26.073763] kasan_report+0x141/0x180 [ 26.073786] ? kasan_atomics_helper+0x1079/0x5450 [ 26.073813] kasan_check_range+0x10c/0x1c0 [ 26.073846] __kasan_check_write+0x18/0x20 [ 26.073871] kasan_atomics_helper+0x1079/0x5450 [ 26.073894] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.073928] ? kasan_save_alloc_info+0x3b/0x50 [ 26.073958] kasan_atomics+0x1dc/0x310 [ 26.073981] ? __pfx_kasan_atomics+0x10/0x10 [ 26.074014] ? __pfx_read_tsc+0x10/0x10 [ 26.074037] ? ktime_get_ts64+0x86/0x230 [ 26.074063] kunit_try_run_case+0x1a5/0x480 [ 26.074101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.074125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.074158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.074181] ? __kthread_parkme+0x82/0x180 [ 26.074203] ? preempt_count_sub+0x50/0x80 [ 26.074237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.074263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.074289] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.074323] kthread+0x337/0x6f0 [ 26.074344] ? trace_preempt_on+0x20/0xc0 [ 26.074368] ? __pfx_kthread+0x10/0x10 [ 26.074389] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.074415] ? calculate_sigpending+0x7b/0xa0 [ 26.074440] ? __pfx_kthread+0x10/0x10 [ 26.074462] ret_from_fork+0x116/0x1d0 [ 26.074483] ? __pfx_kthread+0x10/0x10 [ 26.074504] ret_from_fork_asm+0x1a/0x30 [ 26.074536] </TASK> [ 26.074548] [ 26.081442] Allocated by task 313: [ 26.081768] kasan_save_stack+0x45/0x70 [ 26.082180] kasan_save_track+0x18/0x40 [ 26.082344] kasan_save_alloc_info+0x3b/0x50 [ 26.082539] __kasan_kmalloc+0xb7/0xc0 [ 26.082668] __kmalloc_cache_noprof+0x189/0x420 [ 26.082816] kasan_atomics+0x95/0x310 [ 26.082966] kunit_try_run_case+0x1a5/0x480 [ 26.083172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.083433] kthread+0x337/0x6f0 [ 26.083598] ret_from_fork+0x116/0x1d0 [ 26.083789] ret_from_fork_asm+0x1a/0x30 [ 26.084085] [ 26.084164] The buggy address belongs to the object at ffff88810490f900 [ 26.084164] which belongs to the cache kmalloc-64 of size 64 [ 26.084767] The buggy address is located 0 bytes to the right of [ 26.084767] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.085314] [ 26.085421] The buggy address belongs to the physical page: [ 26.085687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.086013] flags: 0x200000000000000(node=0|zone=2) [ 26.086255] page_type: f5(slab) [ 26.086425] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.086755] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.087032] page dumped because: kasan: bad access detected [ 26.087198] [ 26.087263] Memory state around the buggy address: [ 26.087505] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.087820] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.088131] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.088402] ^ [ 26.088610] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.088937] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.089218] ================================================================== [ 26.480087] ================================================================== [ 26.480439] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 26.480843] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.481083] [ 26.481161] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.481207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.481221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.481244] Call Trace: [ 26.481258] <TASK> [ 26.481275] dump_stack_lvl+0x73/0xb0 [ 26.481301] print_report+0xd1/0x650 [ 26.481335] ? __virt_addr_valid+0x1db/0x2d0 [ 26.481358] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.481380] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.481407] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.481430] kasan_report+0x141/0x180 [ 26.481452] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.481478] kasan_check_range+0x10c/0x1c0 [ 26.481503] __kasan_check_write+0x18/0x20 [ 26.481527] kasan_atomics_helper+0x1b22/0x5450 [ 26.481550] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.481585] ? kasan_save_alloc_info+0x3b/0x50 [ 26.481614] kasan_atomics+0x1dc/0x310 [ 26.481637] ? __pfx_kasan_atomics+0x10/0x10 [ 26.481662] ? __pfx_read_tsc+0x10/0x10 [ 26.481684] ? ktime_get_ts64+0x86/0x230 [ 26.481709] kunit_try_run_case+0x1a5/0x480 [ 26.481734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.481765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.481788] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.481811] ? __kthread_parkme+0x82/0x180 [ 26.481832] ? preempt_count_sub+0x50/0x80 [ 26.481857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.481886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.481912] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.481939] kthread+0x337/0x6f0 [ 26.481960] ? trace_preempt_on+0x20/0xc0 [ 26.481983] ? __pfx_kthread+0x10/0x10 [ 26.482005] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.482031] ? calculate_sigpending+0x7b/0xa0 [ 26.482058] ? __pfx_kthread+0x10/0x10 [ 26.482083] ret_from_fork+0x116/0x1d0 [ 26.482104] ? __pfx_kthread+0x10/0x10 [ 26.482126] ret_from_fork_asm+0x1a/0x30 [ 26.482157] </TASK> [ 26.482170] [ 26.489362] Allocated by task 313: [ 26.489608] kasan_save_stack+0x45/0x70 [ 26.489792] kasan_save_track+0x18/0x40 [ 26.489965] kasan_save_alloc_info+0x3b/0x50 [ 26.490143] __kasan_kmalloc+0xb7/0xc0 [ 26.490321] __kmalloc_cache_noprof+0x189/0x420 [ 26.490520] kasan_atomics+0x95/0x310 [ 26.490687] kunit_try_run_case+0x1a5/0x480 [ 26.490848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.491017] kthread+0x337/0x6f0 [ 26.491133] ret_from_fork+0x116/0x1d0 [ 26.491259] ret_from_fork_asm+0x1a/0x30 [ 26.491452] [ 26.491600] The buggy address belongs to the object at ffff88810490f900 [ 26.491600] which belongs to the cache kmalloc-64 of size 64 [ 26.492127] The buggy address is located 0 bytes to the right of [ 26.492127] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.492653] [ 26.492722] The buggy address belongs to the physical page: [ 26.492891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.493122] flags: 0x200000000000000(node=0|zone=2) [ 26.493277] page_type: f5(slab) [ 26.493404] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.493630] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.493854] page dumped because: kasan: bad access detected [ 26.494053] [ 26.494140] Memory state around the buggy address: [ 26.494367] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.494674] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.494981] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.495284] ^ [ 26.495507] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.495816] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.496047] ================================================================== [ 26.654482] ================================================================== [ 26.655273] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 26.655773] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.656132] [ 26.656456] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.656518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.656533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.656557] Call Trace: [ 26.656580] <TASK> [ 26.656600] dump_stack_lvl+0x73/0xb0 [ 26.656631] print_report+0xd1/0x650 [ 26.656656] ? __virt_addr_valid+0x1db/0x2d0 [ 26.656682] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.656704] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.656730] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.656754] kasan_report+0x141/0x180 [ 26.656776] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.656804] __asan_report_load8_noabort+0x18/0x20 [ 26.656828] kasan_atomics_helper+0x4f71/0x5450 [ 26.656852] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.656876] ? kasan_save_alloc_info+0x3b/0x50 [ 26.656905] kasan_atomics+0x1dc/0x310 [ 26.656928] ? __pfx_kasan_atomics+0x10/0x10 [ 26.656953] ? __pfx_read_tsc+0x10/0x10 [ 26.656976] ? ktime_get_ts64+0x86/0x230 [ 26.657002] kunit_try_run_case+0x1a5/0x480 [ 26.657028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.657054] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.657079] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.657103] ? __kthread_parkme+0x82/0x180 [ 26.657124] ? preempt_count_sub+0x50/0x80 [ 26.657149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.657176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.657201] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.657227] kthread+0x337/0x6f0 [ 26.657248] ? trace_preempt_on+0x20/0xc0 [ 26.657273] ? __pfx_kthread+0x10/0x10 [ 26.657295] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.657332] ? calculate_sigpending+0x7b/0xa0 [ 26.657358] ? __pfx_kthread+0x10/0x10 [ 26.657381] ret_from_fork+0x116/0x1d0 [ 26.657402] ? __pfx_kthread+0x10/0x10 [ 26.657424] ret_from_fork_asm+0x1a/0x30 [ 26.657456] </TASK> [ 26.657470] [ 26.666797] Allocated by task 313: [ 26.666988] kasan_save_stack+0x45/0x70 [ 26.667181] kasan_save_track+0x18/0x40 [ 26.667917] kasan_save_alloc_info+0x3b/0x50 [ 26.668113] __kasan_kmalloc+0xb7/0xc0 [ 26.668302] __kmalloc_cache_noprof+0x189/0x420 [ 26.668744] kasan_atomics+0x95/0x310 [ 26.668942] kunit_try_run_case+0x1a5/0x480 [ 26.669278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.669658] kthread+0x337/0x6f0 [ 26.669816] ret_from_fork+0x116/0x1d0 [ 26.670120] ret_from_fork_asm+0x1a/0x30 [ 26.670323] [ 26.670591] The buggy address belongs to the object at ffff88810490f900 [ 26.670591] which belongs to the cache kmalloc-64 of size 64 [ 26.671171] The buggy address is located 0 bytes to the right of [ 26.671171] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.671774] [ 26.672082] The buggy address belongs to the physical page: [ 26.672329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.672761] flags: 0x200000000000000(node=0|zone=2) [ 26.673062] page_type: f5(slab) [ 26.673204] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.673525] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.673972] page dumped because: kasan: bad access detected [ 26.674283] [ 26.674366] Memory state around the buggy address: [ 26.674614] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.675156] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.675529] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.675952] ^ [ 26.676156] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.676586] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.676828] ================================================================== [ 26.463157] ================================================================== [ 26.463432] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 26.463783] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.464002] [ 26.464081] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.464127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.464141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.464164] Call Trace: [ 26.464180] <TASK> [ 26.464197] dump_stack_lvl+0x73/0xb0 [ 26.464224] print_report+0xd1/0x650 [ 26.464246] ? __virt_addr_valid+0x1db/0x2d0 [ 26.464270] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.464291] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.464330] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.464353] kasan_report+0x141/0x180 [ 26.464375] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.464402] kasan_check_range+0x10c/0x1c0 [ 26.464427] __kasan_check_write+0x18/0x20 [ 26.464451] kasan_atomics_helper+0x1a7f/0x5450 [ 26.464474] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.464498] ? kasan_save_alloc_info+0x3b/0x50 [ 26.464540] kasan_atomics+0x1dc/0x310 [ 26.464563] ? __pfx_kasan_atomics+0x10/0x10 [ 26.464587] ? __pfx_read_tsc+0x10/0x10 [ 26.464610] ? ktime_get_ts64+0x86/0x230 [ 26.464635] kunit_try_run_case+0x1a5/0x480 [ 26.464660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.464685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.464707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.464730] ? __kthread_parkme+0x82/0x180 [ 26.464751] ? preempt_count_sub+0x50/0x80 [ 26.464775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.464801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.464826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.464852] kthread+0x337/0x6f0 [ 26.464873] ? trace_preempt_on+0x20/0xc0 [ 26.464896] ? __pfx_kthread+0x10/0x10 [ 26.464918] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.464943] ? calculate_sigpending+0x7b/0xa0 [ 26.464968] ? __pfx_kthread+0x10/0x10 [ 26.464990] ret_from_fork+0x116/0x1d0 [ 26.465010] ? __pfx_kthread+0x10/0x10 [ 26.465031] ret_from_fork_asm+0x1a/0x30 [ 26.465063] </TASK> [ 26.465075] [ 26.471928] Allocated by task 313: [ 26.472050] kasan_save_stack+0x45/0x70 [ 26.472249] kasan_save_track+0x18/0x40 [ 26.472606] kasan_save_alloc_info+0x3b/0x50 [ 26.472811] __kasan_kmalloc+0xb7/0xc0 [ 26.472992] __kmalloc_cache_noprof+0x189/0x420 [ 26.473205] kasan_atomics+0x95/0x310 [ 26.473393] kunit_try_run_case+0x1a5/0x480 [ 26.473565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.473741] kthread+0x337/0x6f0 [ 26.473856] ret_from_fork+0x116/0x1d0 [ 26.473983] ret_from_fork_asm+0x1a/0x30 [ 26.474116] [ 26.474181] The buggy address belongs to the object at ffff88810490f900 [ 26.474181] which belongs to the cache kmalloc-64 of size 64 [ 26.475033] The buggy address is located 0 bytes to the right of [ 26.475033] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.475693] [ 26.475763] The buggy address belongs to the physical page: [ 26.475996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.476324] flags: 0x200000000000000(node=0|zone=2) [ 26.476558] page_type: f5(slab) [ 26.476684] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.476986] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.477281] page dumped because: kasan: bad access detected [ 26.477505] [ 26.477595] Memory state around the buggy address: [ 26.477788] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.478072] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.478281] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.478746] ^ [ 26.478966] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.479218] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.479436] ================================================================== [ 25.709898] ================================================================== [ 25.710179] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 25.710472] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.710778] [ 25.710860] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.710908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.710922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.710945] Call Trace: [ 25.710980] <TASK> [ 25.710997] dump_stack_lvl+0x73/0xb0 [ 25.711025] print_report+0xd1/0x650 [ 25.711048] ? __virt_addr_valid+0x1db/0x2d0 [ 25.711071] ? kasan_atomics_helper+0x697/0x5450 [ 25.711093] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.711120] ? kasan_atomics_helper+0x697/0x5450 [ 25.711143] kasan_report+0x141/0x180 [ 25.711166] ? kasan_atomics_helper+0x697/0x5450 [ 25.711193] kasan_check_range+0x10c/0x1c0 [ 25.711218] __kasan_check_write+0x18/0x20 [ 25.711242] kasan_atomics_helper+0x697/0x5450 [ 25.711265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.711289] ? kasan_save_alloc_info+0x3b/0x50 [ 25.711330] kasan_atomics+0x1dc/0x310 [ 25.711354] ? __pfx_kasan_atomics+0x10/0x10 [ 25.711378] ? __pfx_read_tsc+0x10/0x10 [ 25.711400] ? ktime_get_ts64+0x86/0x230 [ 25.711425] kunit_try_run_case+0x1a5/0x480 [ 25.711451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.711476] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.711511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.711535] ? __kthread_parkme+0x82/0x180 [ 25.711558] ? preempt_count_sub+0x50/0x80 [ 25.711583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.711609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.711636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.711662] kthread+0x337/0x6f0 [ 25.711692] ? trace_preempt_on+0x20/0xc0 [ 25.711716] ? __pfx_kthread+0x10/0x10 [ 25.711738] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.711764] ? calculate_sigpending+0x7b/0xa0 [ 25.711789] ? __pfx_kthread+0x10/0x10 [ 25.711812] ret_from_fork+0x116/0x1d0 [ 25.711832] ? __pfx_kthread+0x10/0x10 [ 25.711856] ret_from_fork_asm+0x1a/0x30 [ 25.711888] </TASK> [ 25.711901] [ 25.719587] Allocated by task 313: [ 25.719711] kasan_save_stack+0x45/0x70 [ 25.719872] kasan_save_track+0x18/0x40 [ 25.720063] kasan_save_alloc_info+0x3b/0x50 [ 25.720264] __kasan_kmalloc+0xb7/0xc0 [ 25.720450] __kmalloc_cache_noprof+0x189/0x420 [ 25.720658] kasan_atomics+0x95/0x310 [ 25.720836] kunit_try_run_case+0x1a5/0x480 [ 25.720979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.721145] kthread+0x337/0x6f0 [ 25.721403] ret_from_fork+0x116/0x1d0 [ 25.721922] ret_from_fork_asm+0x1a/0x30 [ 25.722097] [ 25.722178] The buggy address belongs to the object at ffff88810490f900 [ 25.722178] which belongs to the cache kmalloc-64 of size 64 [ 25.722530] The buggy address is located 0 bytes to the right of [ 25.722530] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.723408] [ 25.723476] The buggy address belongs to the physical page: [ 25.723640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.723864] flags: 0x200000000000000(node=0|zone=2) [ 25.724014] page_type: f5(slab) [ 25.724233] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.724587] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.724919] page dumped because: kasan: bad access detected [ 25.725170] [ 25.725261] Memory state around the buggy address: [ 25.725490] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.725935] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.726154] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.726458] ^ [ 25.726820] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.727034] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.727242] ================================================================== [ 25.526162] ================================================================== [ 25.526497] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 25.527188] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.527449] [ 25.527596] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.527643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.527655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.527719] Call Trace: [ 25.527736] <TASK> [ 25.527751] dump_stack_lvl+0x73/0xb0 [ 25.527779] print_report+0xd1/0x650 [ 25.527801] ? __virt_addr_valid+0x1db/0x2d0 [ 25.527824] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.527844] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.527870] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.527891] kasan_report+0x141/0x180 [ 25.527913] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.527938] __asan_report_store4_noabort+0x1b/0x30 [ 25.527963] kasan_atomics_helper+0x4ba2/0x5450 [ 25.527984] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.528007] ? kasan_save_alloc_info+0x3b/0x50 [ 25.528034] kasan_atomics+0x1dc/0x310 [ 25.528056] ? __pfx_kasan_atomics+0x10/0x10 [ 25.528080] ? __pfx_read_tsc+0x10/0x10 [ 25.528101] ? ktime_get_ts64+0x86/0x230 [ 25.528125] kunit_try_run_case+0x1a5/0x480 [ 25.528150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.528172] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.528194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.528215] ? __kthread_parkme+0x82/0x180 [ 25.528235] ? preempt_count_sub+0x50/0x80 [ 25.528258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.528282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.528319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.528343] kthread+0x337/0x6f0 [ 25.528362] ? trace_preempt_on+0x20/0xc0 [ 25.528386] ? __pfx_kthread+0x10/0x10 [ 25.528407] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.528432] ? calculate_sigpending+0x7b/0xa0 [ 25.528456] ? __pfx_kthread+0x10/0x10 [ 25.528477] ret_from_fork+0x116/0x1d0 [ 25.528497] ? __pfx_kthread+0x10/0x10 [ 25.528518] ret_from_fork_asm+0x1a/0x30 [ 25.528550] </TASK> [ 25.528561] [ 25.535678] Allocated by task 313: [ 25.535850] kasan_save_stack+0x45/0x70 [ 25.536059] kasan_save_track+0x18/0x40 [ 25.536241] kasan_save_alloc_info+0x3b/0x50 [ 25.536443] __kasan_kmalloc+0xb7/0xc0 [ 25.536566] __kmalloc_cache_noprof+0x189/0x420 [ 25.536710] kasan_atomics+0x95/0x310 [ 25.536832] kunit_try_run_case+0x1a5/0x480 [ 25.537279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.537614] kthread+0x337/0x6f0 [ 25.537807] ret_from_fork+0x116/0x1d0 [ 25.538149] ret_from_fork_asm+0x1a/0x30 [ 25.538420] [ 25.538680] The buggy address belongs to the object at ffff88810490f900 [ 25.538680] which belongs to the cache kmalloc-64 of size 64 [ 25.539161] The buggy address is located 0 bytes to the right of [ 25.539161] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.540002] [ 25.540111] The buggy address belongs to the physical page: [ 25.540329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.540823] flags: 0x200000000000000(node=0|zone=2) [ 25.540993] page_type: f5(slab) [ 25.541110] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.541349] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.541839] page dumped because: kasan: bad access detected [ 25.542128] [ 25.542192] Memory state around the buggy address: [ 25.542350] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.542560] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.542947] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.543289] ^ [ 25.543524] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.543843] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.544153] ================================================================== [ 25.745735] ================================================================== [ 25.746097] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 25.746945] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.747260] [ 25.747407] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.747456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.747471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.747502] Call Trace: [ 25.747515] <TASK> [ 25.747532] dump_stack_lvl+0x73/0xb0 [ 25.747561] print_report+0xd1/0x650 [ 25.747585] ? __virt_addr_valid+0x1db/0x2d0 [ 25.747609] ? kasan_atomics_helper+0x7c7/0x5450 [ 25.747632] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.747660] ? kasan_atomics_helper+0x7c7/0x5450 [ 25.747721] kasan_report+0x141/0x180 [ 25.747747] ? kasan_atomics_helper+0x7c7/0x5450 [ 25.747774] kasan_check_range+0x10c/0x1c0 [ 25.747799] __kasan_check_write+0x18/0x20 [ 25.747822] kasan_atomics_helper+0x7c7/0x5450 [ 25.747846] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.747870] ? kasan_save_alloc_info+0x3b/0x50 [ 25.747899] kasan_atomics+0x1dc/0x310 [ 25.747923] ? __pfx_kasan_atomics+0x10/0x10 [ 25.747948] ? __pfx_read_tsc+0x10/0x10 [ 25.747970] ? ktime_get_ts64+0x86/0x230 [ 25.747995] kunit_try_run_case+0x1a5/0x480 [ 25.748022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.748047] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.748070] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.748094] ? __kthread_parkme+0x82/0x180 [ 25.748116] ? preempt_count_sub+0x50/0x80 [ 25.748140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.748167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.748193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.748220] kthread+0x337/0x6f0 [ 25.748241] ? trace_preempt_on+0x20/0xc0 [ 25.748265] ? __pfx_kthread+0x10/0x10 [ 25.748287] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.748326] ? calculate_sigpending+0x7b/0xa0 [ 25.748351] ? __pfx_kthread+0x10/0x10 [ 25.748374] ret_from_fork+0x116/0x1d0 [ 25.748395] ? __pfx_kthread+0x10/0x10 [ 25.748417] ret_from_fork_asm+0x1a/0x30 [ 25.748448] </TASK> [ 25.748462] [ 25.756009] Allocated by task 313: [ 25.756174] kasan_save_stack+0x45/0x70 [ 25.756388] kasan_save_track+0x18/0x40 [ 25.756583] kasan_save_alloc_info+0x3b/0x50 [ 25.756842] __kasan_kmalloc+0xb7/0xc0 [ 25.756979] __kmalloc_cache_noprof+0x189/0x420 [ 25.757131] kasan_atomics+0x95/0x310 [ 25.757259] kunit_try_run_case+0x1a5/0x480 [ 25.757413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.758064] kthread+0x337/0x6f0 [ 25.758257] ret_from_fork+0x116/0x1d0 [ 25.758456] ret_from_fork_asm+0x1a/0x30 [ 25.758649] [ 25.758793] The buggy address belongs to the object at ffff88810490f900 [ 25.758793] which belongs to the cache kmalloc-64 of size 64 [ 25.759331] The buggy address is located 0 bytes to the right of [ 25.759331] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.759927] [ 25.760021] The buggy address belongs to the physical page: [ 25.760252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.760623] flags: 0x200000000000000(node=0|zone=2) [ 25.760902] page_type: f5(slab) [ 25.761070] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.761384] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.761772] page dumped because: kasan: bad access detected [ 25.761994] [ 25.762071] Memory state around the buggy address: [ 25.762260] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.762486] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.762700] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.763211] ^ [ 25.763468] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.763787] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.764073] ================================================================== [ 26.125023] ================================================================== [ 26.125789] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 26.126077] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.126294] [ 26.126387] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.126437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.126452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.126475] Call Trace: [ 26.126492] <TASK> [ 26.126509] dump_stack_lvl+0x73/0xb0 [ 26.126537] print_report+0xd1/0x650 [ 26.126559] ? __virt_addr_valid+0x1db/0x2d0 [ 26.126583] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.126630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.126657] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.126692] kasan_report+0x141/0x180 [ 26.126715] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.126742] __asan_report_load4_noabort+0x18/0x20 [ 26.126768] kasan_atomics_helper+0x4a02/0x5450 [ 26.126791] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.126815] ? kasan_save_alloc_info+0x3b/0x50 [ 26.126843] kasan_atomics+0x1dc/0x310 [ 26.126868] ? __pfx_kasan_atomics+0x10/0x10 [ 26.126893] ? __pfx_read_tsc+0x10/0x10 [ 26.126916] ? ktime_get_ts64+0x86/0x230 [ 26.126941] kunit_try_run_case+0x1a5/0x480 [ 26.126976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.127001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.127024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.127058] ? __kthread_parkme+0x82/0x180 [ 26.127080] ? preempt_count_sub+0x50/0x80 [ 26.127104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.127130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.127156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.127182] kthread+0x337/0x6f0 [ 26.127203] ? trace_preempt_on+0x20/0xc0 [ 26.127227] ? __pfx_kthread+0x10/0x10 [ 26.127248] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.127274] ? calculate_sigpending+0x7b/0xa0 [ 26.127299] ? __pfx_kthread+0x10/0x10 [ 26.127334] ret_from_fork+0x116/0x1d0 [ 26.127355] ? __pfx_kthread+0x10/0x10 [ 26.127377] ret_from_fork_asm+0x1a/0x30 [ 26.127408] </TASK> [ 26.127422] [ 26.135294] Allocated by task 313: [ 26.135457] kasan_save_stack+0x45/0x70 [ 26.135680] kasan_save_track+0x18/0x40 [ 26.135845] kasan_save_alloc_info+0x3b/0x50 [ 26.136054] __kasan_kmalloc+0xb7/0xc0 [ 26.136230] __kmalloc_cache_noprof+0x189/0x420 [ 26.136447] kasan_atomics+0x95/0x310 [ 26.136652] kunit_try_run_case+0x1a5/0x480 [ 26.136836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.137139] kthread+0x337/0x6f0 [ 26.137270] ret_from_fork+0x116/0x1d0 [ 26.137404] ret_from_fork_asm+0x1a/0x30 [ 26.137538] [ 26.137603] The buggy address belongs to the object at ffff88810490f900 [ 26.137603] which belongs to the cache kmalloc-64 of size 64 [ 26.137938] The buggy address is located 0 bytes to the right of [ 26.137938] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.138282] [ 26.138378] The buggy address belongs to the physical page: [ 26.138618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.139007] flags: 0x200000000000000(node=0|zone=2) [ 26.139233] page_type: f5(slab) [ 26.139400] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.140079] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.140419] page dumped because: kasan: bad access detected [ 26.140799] [ 26.140878] Memory state around the buggy address: [ 26.141025] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.141230] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.141445] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.141760] ^ [ 26.142030] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.142439] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.142815] ================================================================== [ 26.247758] ================================================================== [ 26.248400] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 26.248939] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.249449] [ 26.249558] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.249607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.249622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.249645] Call Trace: [ 26.249665] <TASK> [ 26.249683] dump_stack_lvl+0x73/0xb0 [ 26.249716] print_report+0xd1/0x650 [ 26.249744] ? __virt_addr_valid+0x1db/0x2d0 [ 26.249768] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.249791] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.249818] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.249840] kasan_report+0x141/0x180 [ 26.249864] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.249891] __asan_report_load8_noabort+0x18/0x20 [ 26.249917] kasan_atomics_helper+0x4eae/0x5450 [ 26.249940] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.249965] ? kasan_save_alloc_info+0x3b/0x50 [ 26.249994] kasan_atomics+0x1dc/0x310 [ 26.250018] ? __pfx_kasan_atomics+0x10/0x10 [ 26.250043] ? __pfx_read_tsc+0x10/0x10 [ 26.250065] ? ktime_get_ts64+0x86/0x230 [ 26.250092] kunit_try_run_case+0x1a5/0x480 [ 26.250118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.250143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.250166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.250190] ? __kthread_parkme+0x82/0x180 [ 26.250212] ? preempt_count_sub+0x50/0x80 [ 26.250236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.250263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.250288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.250346] kthread+0x337/0x6f0 [ 26.250368] ? trace_preempt_on+0x20/0xc0 [ 26.250393] ? __pfx_kthread+0x10/0x10 [ 26.250415] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.250441] ? calculate_sigpending+0x7b/0xa0 [ 26.250467] ? __pfx_kthread+0x10/0x10 [ 26.250508] ret_from_fork+0x116/0x1d0 [ 26.250528] ? __pfx_kthread+0x10/0x10 [ 26.250560] ret_from_fork_asm+0x1a/0x30 [ 26.250592] </TASK> [ 26.250605] [ 26.257599] Allocated by task 313: [ 26.257783] kasan_save_stack+0x45/0x70 [ 26.257983] kasan_save_track+0x18/0x40 [ 26.258167] kasan_save_alloc_info+0x3b/0x50 [ 26.258363] __kasan_kmalloc+0xb7/0xc0 [ 26.258582] __kmalloc_cache_noprof+0x189/0x420 [ 26.258781] kasan_atomics+0x95/0x310 [ 26.258965] kunit_try_run_case+0x1a5/0x480 [ 26.259159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.259386] kthread+0x337/0x6f0 [ 26.259594] ret_from_fork+0x116/0x1d0 [ 26.259755] ret_from_fork_asm+0x1a/0x30 [ 26.259928] [ 26.260019] The buggy address belongs to the object at ffff88810490f900 [ 26.260019] which belongs to the cache kmalloc-64 of size 64 [ 26.260452] The buggy address is located 0 bytes to the right of [ 26.260452] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.260845] [ 26.260939] The buggy address belongs to the physical page: [ 26.261204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.261599] flags: 0x200000000000000(node=0|zone=2) [ 26.261807] page_type: f5(slab) [ 26.261924] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.262150] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.262430] page dumped because: kasan: bad access detected [ 26.262707] [ 26.262824] Memory state around the buggy address: [ 26.263069] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.263416] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.263766] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.264010] ^ [ 26.264254] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.264587] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.264886] ================================================================== [ 25.727613] ================================================================== [ 25.727992] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 25.728473] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.728994] [ 25.729367] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.729421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.729436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.729459] Call Trace: [ 25.729477] <TASK> [ 25.729495] dump_stack_lvl+0x73/0xb0 [ 25.729523] print_report+0xd1/0x650 [ 25.729546] ? __virt_addr_valid+0x1db/0x2d0 [ 25.729570] ? kasan_atomics_helper+0x72f/0x5450 [ 25.729592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.729620] ? kasan_atomics_helper+0x72f/0x5450 [ 25.729643] kasan_report+0x141/0x180 [ 25.729666] ? kasan_atomics_helper+0x72f/0x5450 [ 25.729693] kasan_check_range+0x10c/0x1c0 [ 25.729718] __kasan_check_write+0x18/0x20 [ 25.729746] kasan_atomics_helper+0x72f/0x5450 [ 25.729820] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.729844] ? kasan_save_alloc_info+0x3b/0x50 [ 25.729873] kasan_atomics+0x1dc/0x310 [ 25.729896] ? __pfx_kasan_atomics+0x10/0x10 [ 25.729921] ? __pfx_read_tsc+0x10/0x10 [ 25.729944] ? ktime_get_ts64+0x86/0x230 [ 25.729968] kunit_try_run_case+0x1a5/0x480 [ 25.729994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.730019] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.730042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.730065] ? __kthread_parkme+0x82/0x180 [ 25.730086] ? preempt_count_sub+0x50/0x80 [ 25.730110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.730137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.730163] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.730189] kthread+0x337/0x6f0 [ 25.730210] ? trace_preempt_on+0x20/0xc0 [ 25.730233] ? __pfx_kthread+0x10/0x10 [ 25.730255] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.730281] ? calculate_sigpending+0x7b/0xa0 [ 25.730317] ? __pfx_kthread+0x10/0x10 [ 25.730342] ret_from_fork+0x116/0x1d0 [ 25.730362] ? __pfx_kthread+0x10/0x10 [ 25.730384] ret_from_fork_asm+0x1a/0x30 [ 25.730416] </TASK> [ 25.730428] [ 25.737992] Allocated by task 313: [ 25.738166] kasan_save_stack+0x45/0x70 [ 25.738337] kasan_save_track+0x18/0x40 [ 25.738465] kasan_save_alloc_info+0x3b/0x50 [ 25.738667] __kasan_kmalloc+0xb7/0xc0 [ 25.738862] __kmalloc_cache_noprof+0x189/0x420 [ 25.739072] kasan_atomics+0x95/0x310 [ 25.739240] kunit_try_run_case+0x1a5/0x480 [ 25.739418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.739766] kthread+0x337/0x6f0 [ 25.739900] ret_from_fork+0x116/0x1d0 [ 25.740074] ret_from_fork_asm+0x1a/0x30 [ 25.740234] [ 25.740322] The buggy address belongs to the object at ffff88810490f900 [ 25.740322] which belongs to the cache kmalloc-64 of size 64 [ 25.740819] The buggy address is located 0 bytes to the right of [ 25.740819] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.741276] [ 25.741592] The buggy address belongs to the physical page: [ 25.742045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.742330] flags: 0x200000000000000(node=0|zone=2) [ 25.742649] page_type: f5(slab) [ 25.742808] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.743085] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.743373] page dumped because: kasan: bad access detected [ 25.743601] [ 25.743671] Memory state around the buggy address: [ 25.743890] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.744153] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.744439] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.744740] ^ [ 25.744884] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.745084] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.745283] ================================================================== [ 26.677663] ================================================================== [ 26.678347] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 26.678786] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.679171] [ 26.679504] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.679578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.679593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.679620] Call Trace: [ 26.679642] <TASK> [ 26.679664] dump_stack_lvl+0x73/0xb0 [ 26.679696] print_report+0xd1/0x650 [ 26.679720] ? __virt_addr_valid+0x1db/0x2d0 [ 26.679745] ? kasan_atomics_helper+0x2006/0x5450 [ 26.679768] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.679795] ? kasan_atomics_helper+0x2006/0x5450 [ 26.679817] kasan_report+0x141/0x180 [ 26.679841] ? kasan_atomics_helper+0x2006/0x5450 [ 26.679867] kasan_check_range+0x10c/0x1c0 [ 26.679892] __kasan_check_write+0x18/0x20 [ 26.679915] kasan_atomics_helper+0x2006/0x5450 [ 26.679939] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.679962] ? kasan_save_alloc_info+0x3b/0x50 [ 26.679990] kasan_atomics+0x1dc/0x310 [ 26.680015] ? __pfx_kasan_atomics+0x10/0x10 [ 26.680040] ? __pfx_read_tsc+0x10/0x10 [ 26.680063] ? ktime_get_ts64+0x86/0x230 [ 26.680089] kunit_try_run_case+0x1a5/0x480 [ 26.680115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.680140] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.680164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.680186] ? __kthread_parkme+0x82/0x180 [ 26.680211] ? preempt_count_sub+0x50/0x80 [ 26.680236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.680261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.680287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.680322] kthread+0x337/0x6f0 [ 26.680343] ? trace_preempt_on+0x20/0xc0 [ 26.680369] ? __pfx_kthread+0x10/0x10 [ 26.680392] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.680418] ? calculate_sigpending+0x7b/0xa0 [ 26.680446] ? __pfx_kthread+0x10/0x10 [ 26.680470] ret_from_fork+0x116/0x1d0 [ 26.680491] ? __pfx_kthread+0x10/0x10 [ 26.680513] ret_from_fork_asm+0x1a/0x30 [ 26.680547] </TASK> [ 26.680561] [ 26.690746] Allocated by task 313: [ 26.691028] kasan_save_stack+0x45/0x70 [ 26.691281] kasan_save_track+0x18/0x40 [ 26.691576] kasan_save_alloc_info+0x3b/0x50 [ 26.691764] __kasan_kmalloc+0xb7/0xc0 [ 26.692060] __kmalloc_cache_noprof+0x189/0x420 [ 26.692278] kasan_atomics+0x95/0x310 [ 26.692620] kunit_try_run_case+0x1a5/0x480 [ 26.692910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.693108] kthread+0x337/0x6f0 [ 26.693403] ret_from_fork+0x116/0x1d0 [ 26.693553] ret_from_fork_asm+0x1a/0x30 [ 26.693861] [ 26.693958] The buggy address belongs to the object at ffff88810490f900 [ 26.693958] which belongs to the cache kmalloc-64 of size 64 [ 26.694549] The buggy address is located 0 bytes to the right of [ 26.694549] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.695197] [ 26.695343] The buggy address belongs to the physical page: [ 26.695610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.696122] flags: 0x200000000000000(node=0|zone=2) [ 26.696449] page_type: f5(slab) [ 26.696643] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.697114] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.697560] page dumped because: kasan: bad access detected [ 26.697878] [ 26.697979] Memory state around the buggy address: [ 26.698141] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.698460] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.698968] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.699330] ^ [ 26.699562] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.699975] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.700359] ================================================================== [ 25.905029] ================================================================== [ 25.905298] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 25.905715] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.905998] [ 25.906082] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.906131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.906146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.906169] Call Trace: [ 25.906188] <TASK> [ 25.906205] dump_stack_lvl+0x73/0xb0 [ 25.906233] print_report+0xd1/0x650 [ 25.906256] ? __virt_addr_valid+0x1db/0x2d0 [ 25.906281] ? kasan_atomics_helper+0xc70/0x5450 [ 25.906303] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.906341] ? kasan_atomics_helper+0xc70/0x5450 [ 25.906364] kasan_report+0x141/0x180 [ 25.906388] ? kasan_atomics_helper+0xc70/0x5450 [ 25.906416] kasan_check_range+0x10c/0x1c0 [ 25.906441] __kasan_check_write+0x18/0x20 [ 25.906465] kasan_atomics_helper+0xc70/0x5450 [ 25.906499] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.906523] ? kasan_save_alloc_info+0x3b/0x50 [ 25.906552] kasan_atomics+0x1dc/0x310 [ 25.906576] ? __pfx_kasan_atomics+0x10/0x10 [ 25.906601] ? __pfx_read_tsc+0x10/0x10 [ 25.906625] ? ktime_get_ts64+0x86/0x230 [ 25.906651] kunit_try_run_case+0x1a5/0x480 [ 25.906679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.906704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.906729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.906752] ? __kthread_parkme+0x82/0x180 [ 25.906774] ? preempt_count_sub+0x50/0x80 [ 25.906799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.906825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.906852] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.906882] kthread+0x337/0x6f0 [ 25.906905] ? trace_preempt_on+0x20/0xc0 [ 25.906931] ? __pfx_kthread+0x10/0x10 [ 25.906953] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.906979] ? calculate_sigpending+0x7b/0xa0 [ 25.907004] ? __pfx_kthread+0x10/0x10 [ 25.907027] ret_from_fork+0x116/0x1d0 [ 25.907048] ? __pfx_kthread+0x10/0x10 [ 25.907069] ret_from_fork_asm+0x1a/0x30 [ 25.907101] </TASK> [ 25.907115] [ 25.914895] Allocated by task 313: [ 25.915075] kasan_save_stack+0x45/0x70 [ 25.915277] kasan_save_track+0x18/0x40 [ 25.915443] kasan_save_alloc_info+0x3b/0x50 [ 25.915773] __kasan_kmalloc+0xb7/0xc0 [ 25.915932] __kmalloc_cache_noprof+0x189/0x420 [ 25.916120] kasan_atomics+0x95/0x310 [ 25.916274] kunit_try_run_case+0x1a5/0x480 [ 25.916466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.916954] kthread+0x337/0x6f0 [ 25.917118] ret_from_fork+0x116/0x1d0 [ 25.917281] ret_from_fork_asm+0x1a/0x30 [ 25.917462] [ 25.917590] The buggy address belongs to the object at ffff88810490f900 [ 25.917590] which belongs to the cache kmalloc-64 of size 64 [ 25.918110] The buggy address is located 0 bytes to the right of [ 25.918110] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.918626] [ 25.918770] The buggy address belongs to the physical page: [ 25.919011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.919247] flags: 0x200000000000000(node=0|zone=2) [ 25.919421] page_type: f5(slab) [ 25.919572] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.920156] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.920489] page dumped because: kasan: bad access detected [ 25.920878] [ 25.920953] Memory state around the buggy address: [ 25.921104] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.921325] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.922129] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.922482] ^ [ 25.922668] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.923143] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.923416] ================================================================== [ 26.402191] ================================================================== [ 26.402436] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 26.402701] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.402920] [ 26.402999] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.403045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.403059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.403083] Call Trace: [ 26.403101] <TASK> [ 26.403119] dump_stack_lvl+0x73/0xb0 [ 26.403147] print_report+0xd1/0x650 [ 26.403169] ? __virt_addr_valid+0x1db/0x2d0 [ 26.403204] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.403227] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.403255] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.403277] kasan_report+0x141/0x180 [ 26.403300] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.403341] kasan_check_range+0x10c/0x1c0 [ 26.403366] __kasan_check_write+0x18/0x20 [ 26.403391] kasan_atomics_helper+0x18b1/0x5450 [ 26.403414] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.403438] ? kasan_save_alloc_info+0x3b/0x50 [ 26.403468] kasan_atomics+0x1dc/0x310 [ 26.403511] ? __pfx_kasan_atomics+0x10/0x10 [ 26.403537] ? __pfx_read_tsc+0x10/0x10 [ 26.403559] ? ktime_get_ts64+0x86/0x230 [ 26.403585] kunit_try_run_case+0x1a5/0x480 [ 26.403611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.403636] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.403660] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.403683] ? __kthread_parkme+0x82/0x180 [ 26.403705] ? preempt_count_sub+0x50/0x80 [ 26.403730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.403756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.403782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.403807] kthread+0x337/0x6f0 [ 26.403827] ? trace_preempt_on+0x20/0xc0 [ 26.403853] ? __pfx_kthread+0x10/0x10 [ 26.403874] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.403900] ? calculate_sigpending+0x7b/0xa0 [ 26.403925] ? __pfx_kthread+0x10/0x10 [ 26.403947] ret_from_fork+0x116/0x1d0 [ 26.403968] ? __pfx_kthread+0x10/0x10 [ 26.403990] ret_from_fork_asm+0x1a/0x30 [ 26.404022] </TASK> [ 26.404035] [ 26.410850] Allocated by task 313: [ 26.411007] kasan_save_stack+0x45/0x70 [ 26.411217] kasan_save_track+0x18/0x40 [ 26.411424] kasan_save_alloc_info+0x3b/0x50 [ 26.411642] __kasan_kmalloc+0xb7/0xc0 [ 26.411813] __kmalloc_cache_noprof+0x189/0x420 [ 26.412021] kasan_atomics+0x95/0x310 [ 26.412226] kunit_try_run_case+0x1a5/0x480 [ 26.412462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.412703] kthread+0x337/0x6f0 [ 26.412819] ret_from_fork+0x116/0x1d0 [ 26.412946] ret_from_fork_asm+0x1a/0x30 [ 26.413082] [ 26.413150] The buggy address belongs to the object at ffff88810490f900 [ 26.413150] which belongs to the cache kmalloc-64 of size 64 [ 26.413521] The buggy address is located 0 bytes to the right of [ 26.413521] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.413900] [ 26.413981] The buggy address belongs to the physical page: [ 26.414162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.414406] flags: 0x200000000000000(node=0|zone=2) [ 26.414590] page_type: f5(slab) [ 26.414762] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.415150] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.415535] page dumped because: kasan: bad access detected [ 26.415731] [ 26.415797] Memory state around the buggy address: [ 26.415948] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.416188] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.416592] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.416955] ^ [ 26.417172] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.417548] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.417865] ================================================================== [ 25.923972] ================================================================== [ 25.924219] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 25.924543] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.924914] [ 25.925023] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.925069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.925083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.925107] Call Trace: [ 25.925123] <TASK> [ 25.925140] dump_stack_lvl+0x73/0xb0 [ 25.925168] print_report+0xd1/0x650 [ 25.925192] ? __virt_addr_valid+0x1db/0x2d0 [ 25.925216] ? kasan_atomics_helper+0x4a84/0x5450 [ 25.925238] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.925266] ? kasan_atomics_helper+0x4a84/0x5450 [ 25.925289] kasan_report+0x141/0x180 [ 25.925320] ? kasan_atomics_helper+0x4a84/0x5450 [ 25.925348] __asan_report_load4_noabort+0x18/0x20 [ 25.925373] kasan_atomics_helper+0x4a84/0x5450 [ 25.925398] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.925423] ? kasan_save_alloc_info+0x3b/0x50 [ 25.925452] kasan_atomics+0x1dc/0x310 [ 25.925477] ? __pfx_kasan_atomics+0x10/0x10 [ 25.925502] ? __pfx_read_tsc+0x10/0x10 [ 25.925543] ? ktime_get_ts64+0x86/0x230 [ 25.925569] kunit_try_run_case+0x1a5/0x480 [ 25.925596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.925621] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.925644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.925668] ? __kthread_parkme+0x82/0x180 [ 25.925690] ? preempt_count_sub+0x50/0x80 [ 25.925715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.925746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.925773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.925799] kthread+0x337/0x6f0 [ 25.925820] ? trace_preempt_on+0x20/0xc0 [ 25.925845] ? __pfx_kthread+0x10/0x10 [ 25.925867] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.925894] ? calculate_sigpending+0x7b/0xa0 [ 25.925919] ? __pfx_kthread+0x10/0x10 [ 25.925942] ret_from_fork+0x116/0x1d0 [ 25.925963] ? __pfx_kthread+0x10/0x10 [ 25.925986] ret_from_fork_asm+0x1a/0x30 [ 25.926018] </TASK> [ 25.926031] [ 25.933468] Allocated by task 313: [ 25.933654] kasan_save_stack+0x45/0x70 [ 25.933859] kasan_save_track+0x18/0x40 [ 25.934024] kasan_save_alloc_info+0x3b/0x50 [ 25.934220] __kasan_kmalloc+0xb7/0xc0 [ 25.934409] __kmalloc_cache_noprof+0x189/0x420 [ 25.934699] kasan_atomics+0x95/0x310 [ 25.934830] kunit_try_run_case+0x1a5/0x480 [ 25.935030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.935272] kthread+0x337/0x6f0 [ 25.935442] ret_from_fork+0x116/0x1d0 [ 25.935643] ret_from_fork_asm+0x1a/0x30 [ 25.935829] [ 25.935914] The buggy address belongs to the object at ffff88810490f900 [ 25.935914] which belongs to the cache kmalloc-64 of size 64 [ 25.936375] The buggy address is located 0 bytes to the right of [ 25.936375] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.936810] [ 25.936881] The buggy address belongs to the physical page: [ 25.937051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.937286] flags: 0x200000000000000(node=0|zone=2) [ 25.937516] page_type: f5(slab) [ 25.937826] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.938165] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.938499] page dumped because: kasan: bad access detected [ 25.938743] [ 25.938940] Memory state around the buggy address: [ 25.939151] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.939376] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.939891] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.940212] ^ [ 25.940425] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.940979] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.941286] ================================================================== [ 26.418277] ================================================================== [ 26.418577] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 26.418833] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.419337] [ 26.419440] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.419505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.419519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.419541] Call Trace: [ 26.419555] <TASK> [ 26.419571] dump_stack_lvl+0x73/0xb0 [ 26.419600] print_report+0xd1/0x650 [ 26.419624] ? __virt_addr_valid+0x1db/0x2d0 [ 26.419648] ? kasan_atomics_helper+0x194a/0x5450 [ 26.419670] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.419697] ? kasan_atomics_helper+0x194a/0x5450 [ 26.419720] kasan_report+0x141/0x180 [ 26.419743] ? kasan_atomics_helper+0x194a/0x5450 [ 26.419770] kasan_check_range+0x10c/0x1c0 [ 26.419795] __kasan_check_write+0x18/0x20 [ 26.419819] kasan_atomics_helper+0x194a/0x5450 [ 26.419843] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.419866] ? kasan_save_alloc_info+0x3b/0x50 [ 26.419895] kasan_atomics+0x1dc/0x310 [ 26.419919] ? __pfx_kasan_atomics+0x10/0x10 [ 26.419944] ? __pfx_read_tsc+0x10/0x10 [ 26.419967] ? ktime_get_ts64+0x86/0x230 [ 26.419993] kunit_try_run_case+0x1a5/0x480 [ 26.420019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.420044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.420067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.420090] ? __kthread_parkme+0x82/0x180 [ 26.420112] ? preempt_count_sub+0x50/0x80 [ 26.420136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.420162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.420188] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.420214] kthread+0x337/0x6f0 [ 26.420235] ? trace_preempt_on+0x20/0xc0 [ 26.420259] ? __pfx_kthread+0x10/0x10 [ 26.420281] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.420316] ? calculate_sigpending+0x7b/0xa0 [ 26.420340] ? __pfx_kthread+0x10/0x10 [ 26.420363] ret_from_fork+0x116/0x1d0 [ 26.420384] ? __pfx_kthread+0x10/0x10 [ 26.420407] ret_from_fork_asm+0x1a/0x30 [ 26.420439] </TASK> [ 26.420453] [ 26.430830] Allocated by task 313: [ 26.430965] kasan_save_stack+0x45/0x70 [ 26.431108] kasan_save_track+0x18/0x40 [ 26.431259] kasan_save_alloc_info+0x3b/0x50 [ 26.431695] __kasan_kmalloc+0xb7/0xc0 [ 26.432598] __kmalloc_cache_noprof+0x189/0x420 [ 26.433002] kasan_atomics+0x95/0x310 [ 26.433336] kunit_try_run_case+0x1a5/0x480 [ 26.434522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.435060] kthread+0x337/0x6f0 [ 26.435399] ret_from_fork+0x116/0x1d0 [ 26.436000] ret_from_fork_asm+0x1a/0x30 [ 26.436147] [ 26.436215] The buggy address belongs to the object at ffff88810490f900 [ 26.436215] which belongs to the cache kmalloc-64 of size 64 [ 26.437235] The buggy address is located 0 bytes to the right of [ 26.437235] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.438376] [ 26.438558] The buggy address belongs to the physical page: [ 26.438959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.439284] flags: 0x200000000000000(node=0|zone=2) [ 26.439529] page_type: f5(slab) [ 26.439856] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.440777] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.441006] page dumped because: kasan: bad access detected [ 26.441171] [ 26.441236] Memory state around the buggy address: [ 26.441567] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.442147] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.442778] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.443405] ^ [ 26.443855] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.444470] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.445091] ================================================================== [ 26.011096] ================================================================== [ 26.011602] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 26.012015] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.012339] [ 26.012449] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.012510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.012525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.012548] Call Trace: [ 26.012565] <TASK> [ 26.012582] dump_stack_lvl+0x73/0xb0 [ 26.012611] print_report+0xd1/0x650 [ 26.012634] ? __virt_addr_valid+0x1db/0x2d0 [ 26.012658] ? kasan_atomics_helper+0xf10/0x5450 [ 26.012689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.012716] ? kasan_atomics_helper+0xf10/0x5450 [ 26.012738] kasan_report+0x141/0x180 [ 26.012761] ? kasan_atomics_helper+0xf10/0x5450 [ 26.012791] kasan_check_range+0x10c/0x1c0 [ 26.012819] __kasan_check_write+0x18/0x20 [ 26.012844] kasan_atomics_helper+0xf10/0x5450 [ 26.012869] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.012940] ? kasan_save_alloc_info+0x3b/0x50 [ 26.012984] kasan_atomics+0x1dc/0x310 [ 26.013010] ? __pfx_kasan_atomics+0x10/0x10 [ 26.013035] ? __pfx_read_tsc+0x10/0x10 [ 26.013060] ? ktime_get_ts64+0x86/0x230 [ 26.013086] kunit_try_run_case+0x1a5/0x480 [ 26.013113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.013139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.013164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.013188] ? __kthread_parkme+0x82/0x180 [ 26.013212] ? preempt_count_sub+0x50/0x80 [ 26.013237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.013264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.013291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.013338] kthread+0x337/0x6f0 [ 26.013360] ? trace_preempt_on+0x20/0xc0 [ 26.013385] ? __pfx_kthread+0x10/0x10 [ 26.013418] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.013445] ? calculate_sigpending+0x7b/0xa0 [ 26.013472] ? __pfx_kthread+0x10/0x10 [ 26.013504] ret_from_fork+0x116/0x1d0 [ 26.013526] ? __pfx_kthread+0x10/0x10 [ 26.013558] ret_from_fork_asm+0x1a/0x30 [ 26.013591] </TASK> [ 26.013605] [ 26.026257] Allocated by task 313: [ 26.026416] kasan_save_stack+0x45/0x70 [ 26.026799] kasan_save_track+0x18/0x40 [ 26.026989] kasan_save_alloc_info+0x3b/0x50 [ 26.027207] __kasan_kmalloc+0xb7/0xc0 [ 26.027399] __kmalloc_cache_noprof+0x189/0x420 [ 26.027611] kasan_atomics+0x95/0x310 [ 26.027740] kunit_try_run_case+0x1a5/0x480 [ 26.027883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.028198] kthread+0x337/0x6f0 [ 26.028387] ret_from_fork+0x116/0x1d0 [ 26.028643] ret_from_fork_asm+0x1a/0x30 [ 26.029146] [ 26.029250] The buggy address belongs to the object at ffff88810490f900 [ 26.029250] which belongs to the cache kmalloc-64 of size 64 [ 26.029646] The buggy address is located 0 bytes to the right of [ 26.029646] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.030299] [ 26.030377] The buggy address belongs to the physical page: [ 26.030795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.031161] flags: 0x200000000000000(node=0|zone=2) [ 26.031384] page_type: f5(slab) [ 26.031635] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.032003] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.032509] page dumped because: kasan: bad access detected [ 26.032846] [ 26.032947] Memory state around the buggy address: [ 26.033153] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.033478] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.033864] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.034135] ^ [ 26.034374] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.034898] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.035188] ================================================================== [ 26.163100] ================================================================== [ 26.163352] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 26.163949] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.164341] [ 26.164503] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.164552] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.164566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.164588] Call Trace: [ 26.164606] <TASK> [ 26.164622] dump_stack_lvl+0x73/0xb0 [ 26.164652] print_report+0xd1/0x650 [ 26.164676] ? __virt_addr_valid+0x1db/0x2d0 [ 26.164702] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.164725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.164752] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.164775] kasan_report+0x141/0x180 [ 26.164799] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.164826] __asan_report_load4_noabort+0x18/0x20 [ 26.164852] kasan_atomics_helper+0x49e8/0x5450 [ 26.164875] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.164931] ? kasan_save_alloc_info+0x3b/0x50 [ 26.164962] kasan_atomics+0x1dc/0x310 [ 26.164986] ? __pfx_kasan_atomics+0x10/0x10 [ 26.165022] ? __pfx_read_tsc+0x10/0x10 [ 26.165045] ? ktime_get_ts64+0x86/0x230 [ 26.165071] kunit_try_run_case+0x1a5/0x480 [ 26.165098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.165123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.165147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.165170] ? __kthread_parkme+0x82/0x180 [ 26.165193] ? preempt_count_sub+0x50/0x80 [ 26.165218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.165244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.165270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.165296] kthread+0x337/0x6f0 [ 26.165328] ? trace_preempt_on+0x20/0xc0 [ 26.165352] ? __pfx_kthread+0x10/0x10 [ 26.165375] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.165400] ? calculate_sigpending+0x7b/0xa0 [ 26.165425] ? __pfx_kthread+0x10/0x10 [ 26.165449] ret_from_fork+0x116/0x1d0 [ 26.165469] ? __pfx_kthread+0x10/0x10 [ 26.165501] ret_from_fork_asm+0x1a/0x30 [ 26.165533] </TASK> [ 26.165547] [ 26.173097] Allocated by task 313: [ 26.173274] kasan_save_stack+0x45/0x70 [ 26.173484] kasan_save_track+0x18/0x40 [ 26.173698] kasan_save_alloc_info+0x3b/0x50 [ 26.173898] __kasan_kmalloc+0xb7/0xc0 [ 26.174028] __kmalloc_cache_noprof+0x189/0x420 [ 26.174199] kasan_atomics+0x95/0x310 [ 26.174390] kunit_try_run_case+0x1a5/0x480 [ 26.174746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.175149] kthread+0x337/0x6f0 [ 26.175302] ret_from_fork+0x116/0x1d0 [ 26.175442] ret_from_fork_asm+0x1a/0x30 [ 26.175763] [ 26.175876] The buggy address belongs to the object at ffff88810490f900 [ 26.175876] which belongs to the cache kmalloc-64 of size 64 [ 26.176470] The buggy address is located 0 bytes to the right of [ 26.176470] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.176924] [ 26.176993] The buggy address belongs to the physical page: [ 26.177247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.177670] flags: 0x200000000000000(node=0|zone=2) [ 26.177851] page_type: f5(slab) [ 26.177969] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.178357] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.178759] page dumped because: kasan: bad access detected [ 26.178928] [ 26.178994] Memory state around the buggy address: [ 26.179146] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.179470] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.179841] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.180157] ^ [ 26.180337] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.180807] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.181127] ================================================================== [ 25.501961] ================================================================== [ 25.503047] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 25.503784] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.504757] [ 25.504945] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.504998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.505011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.505032] Call Trace: [ 25.505047] <TASK> [ 25.505063] dump_stack_lvl+0x73/0xb0 [ 25.505094] print_report+0xd1/0x650 [ 25.505117] ? __virt_addr_valid+0x1db/0x2d0 [ 25.505140] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.505161] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.505187] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.505209] kasan_report+0x141/0x180 [ 25.505230] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.505256] __asan_report_load4_noabort+0x18/0x20 [ 25.505280] kasan_atomics_helper+0x4bbc/0x5450 [ 25.505302] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.505339] ? kasan_save_alloc_info+0x3b/0x50 [ 25.505367] kasan_atomics+0x1dc/0x310 [ 25.505389] ? __pfx_kasan_atomics+0x10/0x10 [ 25.505413] ? __pfx_read_tsc+0x10/0x10 [ 25.505435] ? ktime_get_ts64+0x86/0x230 [ 25.505459] kunit_try_run_case+0x1a5/0x480 [ 25.505496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.505521] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.505543] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.505566] ? __kthread_parkme+0x82/0x180 [ 25.505586] ? preempt_count_sub+0x50/0x80 [ 25.505608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.505633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.505658] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.505731] kthread+0x337/0x6f0 [ 25.505760] ? trace_preempt_on+0x20/0xc0 [ 25.505785] ? __pfx_kthread+0x10/0x10 [ 25.505806] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.505831] ? calculate_sigpending+0x7b/0xa0 [ 25.505855] ? __pfx_kthread+0x10/0x10 [ 25.505877] ret_from_fork+0x116/0x1d0 [ 25.505897] ? __pfx_kthread+0x10/0x10 [ 25.505918] ret_from_fork_asm+0x1a/0x30 [ 25.505950] </TASK> [ 25.505964] [ 25.518303] Allocated by task 313: [ 25.518511] kasan_save_stack+0x45/0x70 [ 25.518669] kasan_save_track+0x18/0x40 [ 25.518878] kasan_save_alloc_info+0x3b/0x50 [ 25.519052] __kasan_kmalloc+0xb7/0xc0 [ 25.519197] __kmalloc_cache_noprof+0x189/0x420 [ 25.519366] kasan_atomics+0x95/0x310 [ 25.519627] kunit_try_run_case+0x1a5/0x480 [ 25.519830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.520060] kthread+0x337/0x6f0 [ 25.520223] ret_from_fork+0x116/0x1d0 [ 25.520361] ret_from_fork_asm+0x1a/0x30 [ 25.520495] [ 25.520562] The buggy address belongs to the object at ffff88810490f900 [ 25.520562] which belongs to the cache kmalloc-64 of size 64 [ 25.521046] The buggy address is located 0 bytes to the right of [ 25.521046] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.521513] [ 25.521609] The buggy address belongs to the physical page: [ 25.522131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.522454] flags: 0x200000000000000(node=0|zone=2) [ 25.522677] page_type: f5(slab) [ 25.522880] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.523132] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.523481] page dumped because: kasan: bad access detected [ 25.523778] [ 25.523855] Memory state around the buggy address: [ 25.524036] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.524245] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.524512] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.524822] ^ [ 25.525038] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.525352] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.525574] ================================================================== [ 26.035795] ================================================================== [ 26.036094] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 26.036417] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.036703] [ 26.036851] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.037111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.037130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.037169] Call Trace: [ 26.037186] <TASK> [ 26.037203] dump_stack_lvl+0x73/0xb0 [ 26.037234] print_report+0xd1/0x650 [ 26.037258] ? __virt_addr_valid+0x1db/0x2d0 [ 26.037291] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.037330] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.037359] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.037383] kasan_report+0x141/0x180 [ 26.037406] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.037431] kasan_check_range+0x10c/0x1c0 [ 26.037456] __kasan_check_write+0x18/0x20 [ 26.037479] kasan_atomics_helper+0xfa9/0x5450 [ 26.037503] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.037527] ? kasan_save_alloc_info+0x3b/0x50 [ 26.037556] kasan_atomics+0x1dc/0x310 [ 26.037578] ? __pfx_kasan_atomics+0x10/0x10 [ 26.037603] ? __pfx_read_tsc+0x10/0x10 [ 26.037627] ? ktime_get_ts64+0x86/0x230 [ 26.037653] kunit_try_run_case+0x1a5/0x480 [ 26.037681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.037706] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.037729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.037756] ? __kthread_parkme+0x82/0x180 [ 26.037778] ? preempt_count_sub+0x50/0x80 [ 26.037803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.037829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.037854] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.037880] kthread+0x337/0x6f0 [ 26.037900] ? trace_preempt_on+0x20/0xc0 [ 26.037926] ? __pfx_kthread+0x10/0x10 [ 26.038025] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.038054] ? calculate_sigpending+0x7b/0xa0 [ 26.038080] ? __pfx_kthread+0x10/0x10 [ 26.038102] ret_from_fork+0x116/0x1d0 [ 26.038124] ? __pfx_kthread+0x10/0x10 [ 26.038145] ret_from_fork_asm+0x1a/0x30 [ 26.038177] </TASK> [ 26.038189] [ 26.045888] Allocated by task 313: [ 26.046081] kasan_save_stack+0x45/0x70 [ 26.046261] kasan_save_track+0x18/0x40 [ 26.046464] kasan_save_alloc_info+0x3b/0x50 [ 26.046668] __kasan_kmalloc+0xb7/0xc0 [ 26.046856] __kmalloc_cache_noprof+0x189/0x420 [ 26.047037] kasan_atomics+0x95/0x310 [ 26.047200] kunit_try_run_case+0x1a5/0x480 [ 26.047394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.047661] kthread+0x337/0x6f0 [ 26.047829] ret_from_fork+0x116/0x1d0 [ 26.048022] ret_from_fork_asm+0x1a/0x30 [ 26.048213] [ 26.048315] The buggy address belongs to the object at ffff88810490f900 [ 26.048315] which belongs to the cache kmalloc-64 of size 64 [ 26.048915] The buggy address is located 0 bytes to the right of [ 26.048915] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.049425] [ 26.049571] The buggy address belongs to the physical page: [ 26.049775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.050129] flags: 0x200000000000000(node=0|zone=2) [ 26.050366] page_type: f5(slab) [ 26.050520] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.050822] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.051120] page dumped because: kasan: bad access detected [ 26.051289] [ 26.051364] Memory state around the buggy address: [ 26.051513] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.051724] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.052034] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.052379] ^ [ 26.052596] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.052904] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.053343] ================================================================== [ 26.725545] ================================================================== [ 26.725810] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 26.726048] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.726271] [ 26.726391] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.726448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.726464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.726501] Call Trace: [ 26.726523] <TASK> [ 26.726545] dump_stack_lvl+0x73/0xb0 [ 26.726576] print_report+0xd1/0x650 [ 26.726601] ? __virt_addr_valid+0x1db/0x2d0 [ 26.726627] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.726649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.726676] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.726698] kasan_report+0x141/0x180 [ 26.726721] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.726748] kasan_check_range+0x10c/0x1c0 [ 26.726772] __kasan_check_write+0x18/0x20 [ 26.726798] kasan_atomics_helper+0x20c8/0x5450 [ 26.726823] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.726847] ? kasan_save_alloc_info+0x3b/0x50 [ 26.726876] kasan_atomics+0x1dc/0x310 [ 26.726899] ? __pfx_kasan_atomics+0x10/0x10 [ 26.726924] ? __pfx_read_tsc+0x10/0x10 [ 26.726947] ? ktime_get_ts64+0x86/0x230 [ 26.726974] kunit_try_run_case+0x1a5/0x480 [ 26.727000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.727026] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.727050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.727073] ? __kthread_parkme+0x82/0x180 [ 26.727095] ? preempt_count_sub+0x50/0x80 [ 26.727120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.727145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.727171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.727196] kthread+0x337/0x6f0 [ 26.727217] ? trace_preempt_on+0x20/0xc0 [ 26.727242] ? __pfx_kthread+0x10/0x10 [ 26.727264] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.727289] ? calculate_sigpending+0x7b/0xa0 [ 26.727326] ? __pfx_kthread+0x10/0x10 [ 26.727351] ret_from_fork+0x116/0x1d0 [ 26.727371] ? __pfx_kthread+0x10/0x10 [ 26.727393] ret_from_fork_asm+0x1a/0x30 [ 26.727426] </TASK> [ 26.727439] [ 26.741135] Allocated by task 313: [ 26.741522] kasan_save_stack+0x45/0x70 [ 26.741929] kasan_save_track+0x18/0x40 [ 26.742317] kasan_save_alloc_info+0x3b/0x50 [ 26.742678] __kasan_kmalloc+0xb7/0xc0 [ 26.742897] __kmalloc_cache_noprof+0x189/0x420 [ 26.743211] kasan_atomics+0x95/0x310 [ 26.743351] kunit_try_run_case+0x1a5/0x480 [ 26.743510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.744050] kthread+0x337/0x6f0 [ 26.744391] ret_from_fork+0x116/0x1d0 [ 26.744803] ret_from_fork_asm+0x1a/0x30 [ 26.745293] [ 26.745495] The buggy address belongs to the object at ffff88810490f900 [ 26.745495] which belongs to the cache kmalloc-64 of size 64 [ 26.745924] The buggy address is located 0 bytes to the right of [ 26.745924] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.746275] [ 26.746357] The buggy address belongs to the physical page: [ 26.746541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.746950] flags: 0x200000000000000(node=0|zone=2) [ 26.747223] page_type: f5(slab) [ 26.747401] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.747737] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.748053] page dumped because: kasan: bad access detected [ 26.748212] [ 26.748275] Memory state around the buggy address: [ 26.748493] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.748853] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.749253] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.749630] ^ [ 26.749874] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.750089] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.750459] ================================================================== [ 26.351817] ================================================================== [ 26.352086] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 26.352322] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.352714] [ 26.352820] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.352868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.352892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.352914] Call Trace: [ 26.352931] <TASK> [ 26.352948] dump_stack_lvl+0x73/0xb0 [ 26.352988] print_report+0xd1/0x650 [ 26.353012] ? __virt_addr_valid+0x1db/0x2d0 [ 26.353037] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.353060] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.353087] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.353110] kasan_report+0x141/0x180 [ 26.353133] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.353160] kasan_check_range+0x10c/0x1c0 [ 26.353186] __kasan_check_write+0x18/0x20 [ 26.353210] kasan_atomics_helper+0x16e7/0x5450 [ 26.353234] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.353258] ? kasan_save_alloc_info+0x3b/0x50 [ 26.353288] kasan_atomics+0x1dc/0x310 [ 26.353324] ? __pfx_kasan_atomics+0x10/0x10 [ 26.353360] ? __pfx_read_tsc+0x10/0x10 [ 26.353383] ? ktime_get_ts64+0x86/0x230 [ 26.353409] kunit_try_run_case+0x1a5/0x480 [ 26.353445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.353470] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.353513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.353538] ? __kthread_parkme+0x82/0x180 [ 26.353560] ? preempt_count_sub+0x50/0x80 [ 26.353585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.353612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.353638] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.353663] kthread+0x337/0x6f0 [ 26.353684] ? trace_preempt_on+0x20/0xc0 [ 26.353708] ? __pfx_kthread+0x10/0x10 [ 26.353742] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.353768] ? calculate_sigpending+0x7b/0xa0 [ 26.353803] ? __pfx_kthread+0x10/0x10 [ 26.353827] ret_from_fork+0x116/0x1d0 [ 26.353847] ? __pfx_kthread+0x10/0x10 [ 26.353869] ret_from_fork_asm+0x1a/0x30 [ 26.353902] </TASK> [ 26.353915] [ 26.360774] Allocated by task 313: [ 26.360947] kasan_save_stack+0x45/0x70 [ 26.361142] kasan_save_track+0x18/0x40 [ 26.361339] kasan_save_alloc_info+0x3b/0x50 [ 26.361552] __kasan_kmalloc+0xb7/0xc0 [ 26.361718] __kmalloc_cache_noprof+0x189/0x420 [ 26.361927] kasan_atomics+0x95/0x310 [ 26.362057] kunit_try_run_case+0x1a5/0x480 [ 26.362199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.362379] kthread+0x337/0x6f0 [ 26.362521] ret_from_fork+0x116/0x1d0 [ 26.362651] ret_from_fork_asm+0x1a/0x30 [ 26.362808] [ 26.362900] The buggy address belongs to the object at ffff88810490f900 [ 26.362900] which belongs to the cache kmalloc-64 of size 64 [ 26.363497] The buggy address is located 0 bytes to the right of [ 26.363497] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.364094] [ 26.364187] The buggy address belongs to the physical page: [ 26.364443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.364836] flags: 0x200000000000000(node=0|zone=2) [ 26.365068] page_type: f5(slab) [ 26.365233] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.365631] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.365927] page dumped because: kasan: bad access detected [ 26.366176] [ 26.366265] Memory state around the buggy address: [ 26.366502] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.366807] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.367100] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.367423] ^ [ 26.367597] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.367811] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.368019] ================================================================== [ 26.496537] ================================================================== [ 26.496767] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 26.496992] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.497208] [ 26.497415] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.497464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.497479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.497500] Call Trace: [ 26.497516] <TASK> [ 26.497546] dump_stack_lvl+0x73/0xb0 [ 26.497574] print_report+0xd1/0x650 [ 26.497596] ? __virt_addr_valid+0x1db/0x2d0 [ 26.497620] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.497641] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.497674] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.497697] kasan_report+0x141/0x180 [ 26.497720] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.497751] kasan_check_range+0x10c/0x1c0 [ 26.497775] __kasan_check_write+0x18/0x20 [ 26.497800] kasan_atomics_helper+0x1c18/0x5450 [ 26.497822] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.497845] ? kasan_save_alloc_info+0x3b/0x50 [ 26.497874] kasan_atomics+0x1dc/0x310 [ 26.497898] ? __pfx_kasan_atomics+0x10/0x10 [ 26.497923] ? __pfx_read_tsc+0x10/0x10 [ 26.497945] ? ktime_get_ts64+0x86/0x230 [ 26.497971] kunit_try_run_case+0x1a5/0x480 [ 26.497997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.498022] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.498046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.498070] ? __kthread_parkme+0x82/0x180 [ 26.498092] ? preempt_count_sub+0x50/0x80 [ 26.498116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.498143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.498168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.498193] kthread+0x337/0x6f0 [ 26.498215] ? trace_preempt_on+0x20/0xc0 [ 26.498239] ? __pfx_kthread+0x10/0x10 [ 26.498260] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.498285] ? calculate_sigpending+0x7b/0xa0 [ 26.498321] ? __pfx_kthread+0x10/0x10 [ 26.498344] ret_from_fork+0x116/0x1d0 [ 26.498365] ? __pfx_kthread+0x10/0x10 [ 26.498387] ret_from_fork_asm+0x1a/0x30 [ 26.498419] </TASK> [ 26.498432] [ 26.506074] Allocated by task 313: [ 26.506247] kasan_save_stack+0x45/0x70 [ 26.506449] kasan_save_track+0x18/0x40 [ 26.506853] kasan_save_alloc_info+0x3b/0x50 [ 26.507059] __kasan_kmalloc+0xb7/0xc0 [ 26.507225] __kmalloc_cache_noprof+0x189/0x420 [ 26.507385] kasan_atomics+0x95/0x310 [ 26.507594] kunit_try_run_case+0x1a5/0x480 [ 26.507808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.508062] kthread+0x337/0x6f0 [ 26.508214] ret_from_fork+0x116/0x1d0 [ 26.508384] ret_from_fork_asm+0x1a/0x30 [ 26.508574] [ 26.508670] The buggy address belongs to the object at ffff88810490f900 [ 26.508670] which belongs to the cache kmalloc-64 of size 64 [ 26.509118] The buggy address is located 0 bytes to the right of [ 26.509118] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.509721] [ 26.509793] The buggy address belongs to the physical page: [ 26.510013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.510324] flags: 0x200000000000000(node=0|zone=2) [ 26.510567] page_type: f5(slab) [ 26.510719] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.511006] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.511246] page dumped because: kasan: bad access detected [ 26.511429] [ 26.511496] Memory state around the buggy address: [ 26.511647] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.511857] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.512068] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.512387] ^ [ 26.512607] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.513148] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.513848] ================================================================== [ 26.833177] ================================================================== [ 26.834410] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 26.835316] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.836224] [ 26.836554] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.836611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.836627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.836653] Call Trace: [ 26.836675] <TASK> [ 26.836697] dump_stack_lvl+0x73/0xb0 [ 26.836731] print_report+0xd1/0x650 [ 26.836755] ? __virt_addr_valid+0x1db/0x2d0 [ 26.836794] ? kasan_atomics_helper+0x5115/0x5450 [ 26.836838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.836866] ? kasan_atomics_helper+0x5115/0x5450 [ 26.836889] kasan_report+0x141/0x180 [ 26.836912] ? kasan_atomics_helper+0x5115/0x5450 [ 26.836940] __asan_report_load8_noabort+0x18/0x20 [ 26.836965] kasan_atomics_helper+0x5115/0x5450 [ 26.836989] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.837012] ? kasan_save_alloc_info+0x3b/0x50 [ 26.837040] kasan_atomics+0x1dc/0x310 [ 26.837065] ? __pfx_kasan_atomics+0x10/0x10 [ 26.837090] ? __pfx_read_tsc+0x10/0x10 [ 26.837113] ? ktime_get_ts64+0x86/0x230 [ 26.837139] kunit_try_run_case+0x1a5/0x480 [ 26.837166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.837192] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.837215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.837238] ? __kthread_parkme+0x82/0x180 [ 26.837260] ? preempt_count_sub+0x50/0x80 [ 26.837285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.837324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.837350] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.837376] kthread+0x337/0x6f0 [ 26.837397] ? trace_preempt_on+0x20/0xc0 [ 26.837422] ? __pfx_kthread+0x10/0x10 [ 26.837444] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.837470] ? calculate_sigpending+0x7b/0xa0 [ 26.837504] ? __pfx_kthread+0x10/0x10 [ 26.837526] ret_from_fork+0x116/0x1d0 [ 26.837547] ? __pfx_kthread+0x10/0x10 [ 26.837569] ret_from_fork_asm+0x1a/0x30 [ 26.837602] </TASK> [ 26.837615] [ 26.847899] Allocated by task 313: [ 26.848213] kasan_save_stack+0x45/0x70 [ 26.848492] kasan_save_track+0x18/0x40 [ 26.848788] kasan_save_alloc_info+0x3b/0x50 [ 26.849050] __kasan_kmalloc+0xb7/0xc0 [ 26.849190] __kmalloc_cache_noprof+0x189/0x420 [ 26.849541] kasan_atomics+0x95/0x310 [ 26.849848] kunit_try_run_case+0x1a5/0x480 [ 26.850005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.850359] kthread+0x337/0x6f0 [ 26.850671] ret_from_fork+0x116/0x1d0 [ 26.850876] ret_from_fork_asm+0x1a/0x30 [ 26.851058] [ 26.851137] The buggy address belongs to the object at ffff88810490f900 [ 26.851137] which belongs to the cache kmalloc-64 of size 64 [ 26.852016] The buggy address is located 0 bytes to the right of [ 26.852016] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.852493] [ 26.852767] The buggy address belongs to the physical page: [ 26.853147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.853549] flags: 0x200000000000000(node=0|zone=2) [ 26.854074] page_type: f5(slab) [ 26.854458] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.854821] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.855044] page dumped because: kasan: bad access detected [ 26.855208] [ 26.855272] Memory state around the buggy address: [ 26.855437] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.855661] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.856398] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.856802] ^ [ 26.856988] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.857376] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.857818] ================================================================== [ 26.089960] ================================================================== [ 26.090289] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 26.090649] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.090936] [ 26.091043] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.091093] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.091107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.091130] Call Trace: [ 26.091146] <TASK> [ 26.091162] dump_stack_lvl+0x73/0xb0 [ 26.091190] print_report+0xd1/0x650 [ 26.091214] ? __virt_addr_valid+0x1db/0x2d0 [ 26.091237] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.091260] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.091286] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.091320] kasan_report+0x141/0x180 [ 26.091344] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.091370] __asan_report_load4_noabort+0x18/0x20 [ 26.091395] kasan_atomics_helper+0x4a1c/0x5450 [ 26.091418] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.091442] ? kasan_save_alloc_info+0x3b/0x50 [ 26.091471] kasan_atomics+0x1dc/0x310 [ 26.091507] ? __pfx_kasan_atomics+0x10/0x10 [ 26.091532] ? __pfx_read_tsc+0x10/0x10 [ 26.091554] ? ktime_get_ts64+0x86/0x230 [ 26.091593] kunit_try_run_case+0x1a5/0x480 [ 26.091622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.091650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.091675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.091698] ? __kthread_parkme+0x82/0x180 [ 26.091720] ? preempt_count_sub+0x50/0x80 [ 26.091745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.091771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.091797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.091823] kthread+0x337/0x6f0 [ 26.091844] ? trace_preempt_on+0x20/0xc0 [ 26.091867] ? __pfx_kthread+0x10/0x10 [ 26.091889] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.091914] ? calculate_sigpending+0x7b/0xa0 [ 26.091939] ? __pfx_kthread+0x10/0x10 [ 26.091961] ret_from_fork+0x116/0x1d0 [ 26.091982] ? __pfx_kthread+0x10/0x10 [ 26.092004] ret_from_fork_asm+0x1a/0x30 [ 26.092036] </TASK> [ 26.092049] [ 26.099230] Allocated by task 313: [ 26.099367] kasan_save_stack+0x45/0x70 [ 26.099503] kasan_save_track+0x18/0x40 [ 26.099635] kasan_save_alloc_info+0x3b/0x50 [ 26.099778] __kasan_kmalloc+0xb7/0xc0 [ 26.099906] __kmalloc_cache_noprof+0x189/0x420 [ 26.100056] kasan_atomics+0x95/0x310 [ 26.100183] kunit_try_run_case+0x1a5/0x480 [ 26.100341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.100590] kthread+0x337/0x6f0 [ 26.100790] ret_from_fork+0x116/0x1d0 [ 26.101011] ret_from_fork_asm+0x1a/0x30 [ 26.101243] [ 26.101357] The buggy address belongs to the object at ffff88810490f900 [ 26.101357] which belongs to the cache kmalloc-64 of size 64 [ 26.101969] The buggy address is located 0 bytes to the right of [ 26.101969] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.102469] [ 26.102572] The buggy address belongs to the physical page: [ 26.102801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.103037] flags: 0x200000000000000(node=0|zone=2) [ 26.103194] page_type: f5(slab) [ 26.103320] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.103674] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.104413] page dumped because: kasan: bad access detected [ 26.104716] [ 26.104822] Memory state around the buggy address: [ 26.105013] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.105318] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.105684] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.106018] ^ [ 26.106169] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.106426] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.107015] ================================================================== [ 26.445956] ================================================================== [ 26.446290] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 26.447212] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.447450] [ 26.447554] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.447603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.447617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.447640] Call Trace: [ 26.447656] <TASK> [ 26.447673] dump_stack_lvl+0x73/0xb0 [ 26.447701] print_report+0xd1/0x650 [ 26.447724] ? __virt_addr_valid+0x1db/0x2d0 [ 26.447748] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.447770] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.447797] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.447820] kasan_report+0x141/0x180 [ 26.447843] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.447869] kasan_check_range+0x10c/0x1c0 [ 26.447894] __kasan_check_write+0x18/0x20 [ 26.447917] kasan_atomics_helper+0x19e3/0x5450 [ 26.447940] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.447964] ? kasan_save_alloc_info+0x3b/0x50 [ 26.447992] kasan_atomics+0x1dc/0x310 [ 26.448016] ? __pfx_kasan_atomics+0x10/0x10 [ 26.448041] ? __pfx_read_tsc+0x10/0x10 [ 26.448063] ? ktime_get_ts64+0x86/0x230 [ 26.448089] kunit_try_run_case+0x1a5/0x480 [ 26.448114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.448139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.448162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.448185] ? __kthread_parkme+0x82/0x180 [ 26.448206] ? preempt_count_sub+0x50/0x80 [ 26.448231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.448257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.448282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.448318] kthread+0x337/0x6f0 [ 26.448340] ? trace_preempt_on+0x20/0xc0 [ 26.448365] ? __pfx_kthread+0x10/0x10 [ 26.448386] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.448412] ? calculate_sigpending+0x7b/0xa0 [ 26.448437] ? __pfx_kthread+0x10/0x10 [ 26.448460] ret_from_fork+0x116/0x1d0 [ 26.448480] ? __pfx_kthread+0x10/0x10 [ 26.448502] ret_from_fork_asm+0x1a/0x30 [ 26.448533] </TASK> [ 26.448546] [ 26.455848] Allocated by task 313: [ 26.455983] kasan_save_stack+0x45/0x70 [ 26.456124] kasan_save_track+0x18/0x40 [ 26.456255] kasan_save_alloc_info+0x3b/0x50 [ 26.456450] __kasan_kmalloc+0xb7/0xc0 [ 26.456636] __kmalloc_cache_noprof+0x189/0x420 [ 26.456857] kasan_atomics+0x95/0x310 [ 26.457044] kunit_try_run_case+0x1a5/0x480 [ 26.457223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.457463] kthread+0x337/0x6f0 [ 26.457611] ret_from_fork+0x116/0x1d0 [ 26.457742] ret_from_fork_asm+0x1a/0x30 [ 26.457878] [ 26.457945] The buggy address belongs to the object at ffff88810490f900 [ 26.457945] which belongs to the cache kmalloc-64 of size 64 [ 26.458286] The buggy address is located 0 bytes to the right of [ 26.458286] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.458744] [ 26.458814] The buggy address belongs to the physical page: [ 26.458994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.459333] flags: 0x200000000000000(node=0|zone=2) [ 26.459490] page_type: f5(slab) [ 26.459762] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.460010] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.460359] page dumped because: kasan: bad access detected [ 26.460620] [ 26.460684] Memory state around the buggy address: [ 26.460831] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.461040] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.461246] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.461619] ^ [ 26.462039] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.462358] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.462700] ================================================================== [ 25.801542] ================================================================== [ 25.801779] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 25.802007] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.802479] [ 25.802600] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.802648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.802663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.802687] Call Trace: [ 25.802705] <TASK> [ 25.802721] dump_stack_lvl+0x73/0xb0 [ 25.802750] print_report+0xd1/0x650 [ 25.802773] ? __virt_addr_valid+0x1db/0x2d0 [ 25.802798] ? kasan_atomics_helper+0x992/0x5450 [ 25.802820] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.802847] ? kasan_atomics_helper+0x992/0x5450 [ 25.802869] kasan_report+0x141/0x180 [ 25.802893] ? kasan_atomics_helper+0x992/0x5450 [ 25.802920] kasan_check_range+0x10c/0x1c0 [ 25.802944] __kasan_check_write+0x18/0x20 [ 25.802968] kasan_atomics_helper+0x992/0x5450 [ 25.802992] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.803016] ? kasan_save_alloc_info+0x3b/0x50 [ 25.803045] kasan_atomics+0x1dc/0x310 [ 25.803069] ? __pfx_kasan_atomics+0x10/0x10 [ 25.803094] ? __pfx_read_tsc+0x10/0x10 [ 25.803117] ? ktime_get_ts64+0x86/0x230 [ 25.803142] kunit_try_run_case+0x1a5/0x480 [ 25.803169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.803195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.803218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.803241] ? __kthread_parkme+0x82/0x180 [ 25.803263] ? preempt_count_sub+0x50/0x80 [ 25.803289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.803325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.803353] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.803378] kthread+0x337/0x6f0 [ 25.803400] ? trace_preempt_on+0x20/0xc0 [ 25.803425] ? __pfx_kthread+0x10/0x10 [ 25.803447] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.803473] ? calculate_sigpending+0x7b/0xa0 [ 25.803501] ? __pfx_kthread+0x10/0x10 [ 25.803523] ret_from_fork+0x116/0x1d0 [ 25.803543] ? __pfx_kthread+0x10/0x10 [ 25.803566] ret_from_fork_asm+0x1a/0x30 [ 25.803597] </TASK> [ 25.803609] [ 25.811466] Allocated by task 313: [ 25.811658] kasan_save_stack+0x45/0x70 [ 25.811868] kasan_save_track+0x18/0x40 [ 25.812056] kasan_save_alloc_info+0x3b/0x50 [ 25.812242] __kasan_kmalloc+0xb7/0xc0 [ 25.812419] __kmalloc_cache_noprof+0x189/0x420 [ 25.812633] kasan_atomics+0x95/0x310 [ 25.812927] kunit_try_run_case+0x1a5/0x480 [ 25.813076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.813247] kthread+0x337/0x6f0 [ 25.813376] ret_from_fork+0x116/0x1d0 [ 25.813506] ret_from_fork_asm+0x1a/0x30 [ 25.813642] [ 25.813735] The buggy address belongs to the object at ffff88810490f900 [ 25.813735] which belongs to the cache kmalloc-64 of size 64 [ 25.815147] The buggy address is located 0 bytes to the right of [ 25.815147] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.815598] [ 25.815717] The buggy address belongs to the physical page: [ 25.816064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.816432] flags: 0x200000000000000(node=0|zone=2) [ 25.816679] page_type: f5(slab) [ 25.816847] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.817075] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.817299] page dumped because: kasan: bad access detected [ 25.819024] [ 25.819181] Memory state around the buggy address: [ 25.819590] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.820246] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.821361] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.822070] ^ [ 25.822831] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.823375] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.823906] ================================================================== [ 26.701023] ================================================================== [ 26.701325] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 26.701581] Read of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.702395] [ 26.702769] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.702967] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.702985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.703011] Call Trace: [ 26.703034] <TASK> [ 26.703058] dump_stack_lvl+0x73/0xb0 [ 26.703090] print_report+0xd1/0x650 [ 26.703115] ? __virt_addr_valid+0x1db/0x2d0 [ 26.703141] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.703164] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.703192] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.703216] kasan_report+0x141/0x180 [ 26.703239] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.703266] __asan_report_load8_noabort+0x18/0x20 [ 26.703292] kasan_atomics_helper+0x4f98/0x5450 [ 26.703329] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.703353] ? kasan_save_alloc_info+0x3b/0x50 [ 26.703382] kasan_atomics+0x1dc/0x310 [ 26.703405] ? __pfx_kasan_atomics+0x10/0x10 [ 26.703430] ? __pfx_read_tsc+0x10/0x10 [ 26.703454] ? ktime_get_ts64+0x86/0x230 [ 26.703481] kunit_try_run_case+0x1a5/0x480 [ 26.703518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.703542] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.703566] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.703590] ? __kthread_parkme+0x82/0x180 [ 26.703612] ? preempt_count_sub+0x50/0x80 [ 26.703638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.703664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.703689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.703714] kthread+0x337/0x6f0 [ 26.703736] ? trace_preempt_on+0x20/0xc0 [ 26.703760] ? __pfx_kthread+0x10/0x10 [ 26.703782] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.703808] ? calculate_sigpending+0x7b/0xa0 [ 26.703833] ? __pfx_kthread+0x10/0x10 [ 26.703855] ret_from_fork+0x116/0x1d0 [ 26.703876] ? __pfx_kthread+0x10/0x10 [ 26.703897] ret_from_fork_asm+0x1a/0x30 [ 26.703933] </TASK> [ 26.703948] [ 26.713598] Allocated by task 313: [ 26.713948] kasan_save_stack+0x45/0x70 [ 26.714217] kasan_save_track+0x18/0x40 [ 26.714424] kasan_save_alloc_info+0x3b/0x50 [ 26.714757] __kasan_kmalloc+0xb7/0xc0 [ 26.714935] __kmalloc_cache_noprof+0x189/0x420 [ 26.715279] kasan_atomics+0x95/0x310 [ 26.715574] kunit_try_run_case+0x1a5/0x480 [ 26.715736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.716087] kthread+0x337/0x6f0 [ 26.716213] ret_from_fork+0x116/0x1d0 [ 26.716414] ret_from_fork_asm+0x1a/0x30 [ 26.716842] [ 26.716952] The buggy address belongs to the object at ffff88810490f900 [ 26.716952] which belongs to the cache kmalloc-64 of size 64 [ 26.717515] The buggy address is located 0 bytes to the right of [ 26.717515] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.718259] [ 26.718349] The buggy address belongs to the physical page: [ 26.718797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.719196] flags: 0x200000000000000(node=0|zone=2) [ 26.719390] page_type: f5(slab) [ 26.719776] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.720100] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.720506] page dumped because: kasan: bad access detected [ 26.720722] [ 26.720819] Memory state around the buggy address: [ 26.721209] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.721631] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.721918] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.722343] ^ [ 26.722585] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.723019] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.723322] ================================================================== [ 25.686361] ================================================================== [ 25.686651] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 25.687146] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.687462] [ 25.687915] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.688026] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.688042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.688064] Call Trace: [ 25.688083] <TASK> [ 25.688196] dump_stack_lvl+0x73/0xb0 [ 25.688231] print_report+0xd1/0x650 [ 25.688255] ? __virt_addr_valid+0x1db/0x2d0 [ 25.688279] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.688301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.688340] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.688363] kasan_report+0x141/0x180 [ 25.688386] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.688412] kasan_check_range+0x10c/0x1c0 [ 25.688437] __kasan_check_write+0x18/0x20 [ 25.688461] kasan_atomics_helper+0x5fe/0x5450 [ 25.688494] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.688518] ? kasan_save_alloc_info+0x3b/0x50 [ 25.688548] kasan_atomics+0x1dc/0x310 [ 25.688572] ? __pfx_kasan_atomics+0x10/0x10 [ 25.688597] ? __pfx_read_tsc+0x10/0x10 [ 25.688620] ? ktime_get_ts64+0x86/0x230 [ 25.688646] kunit_try_run_case+0x1a5/0x480 [ 25.688683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.688709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.688732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.688756] ? __kthread_parkme+0x82/0x180 [ 25.688778] ? preempt_count_sub+0x50/0x80 [ 25.688802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.688829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.688855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.688881] kthread+0x337/0x6f0 [ 25.688902] ? trace_preempt_on+0x20/0xc0 [ 25.688927] ? __pfx_kthread+0x10/0x10 [ 25.688949] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.688974] ? calculate_sigpending+0x7b/0xa0 [ 25.688999] ? __pfx_kthread+0x10/0x10 [ 25.689022] ret_from_fork+0x116/0x1d0 [ 25.689041] ? __pfx_kthread+0x10/0x10 [ 25.689063] ret_from_fork_asm+0x1a/0x30 [ 25.689095] </TASK> [ 25.689108] [ 25.699401] Allocated by task 313: [ 25.699652] kasan_save_stack+0x45/0x70 [ 25.700042] kasan_save_track+0x18/0x40 [ 25.700218] kasan_save_alloc_info+0x3b/0x50 [ 25.700417] __kasan_kmalloc+0xb7/0xc0 [ 25.700587] __kmalloc_cache_noprof+0x189/0x420 [ 25.700975] kasan_atomics+0x95/0x310 [ 25.701160] kunit_try_run_case+0x1a5/0x480 [ 25.701454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.701793] kthread+0x337/0x6f0 [ 25.701936] ret_from_fork+0x116/0x1d0 [ 25.702116] ret_from_fork_asm+0x1a/0x30 [ 25.702290] [ 25.702395] The buggy address belongs to the object at ffff88810490f900 [ 25.702395] which belongs to the cache kmalloc-64 of size 64 [ 25.703341] The buggy address is located 0 bytes to the right of [ 25.703341] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.704082] [ 25.704185] The buggy address belongs to the physical page: [ 25.704419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.705006] flags: 0x200000000000000(node=0|zone=2) [ 25.705204] page_type: f5(slab) [ 25.705378] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.705960] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.706286] page dumped because: kasan: bad access detected [ 25.706530] [ 25.706734] Memory state around the buggy address: [ 25.707005] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.707284] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.707630] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.708197] ^ [ 25.708380] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.709003] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.709392] ================================================================== [ 26.334185] ================================================================== [ 26.334694] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 26.335001] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.335220] [ 26.335299] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.335359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.335374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.335397] Call Trace: [ 26.335411] <TASK> [ 26.335427] dump_stack_lvl+0x73/0xb0 [ 26.335455] print_report+0xd1/0x650 [ 26.335500] ? __virt_addr_valid+0x1db/0x2d0 [ 26.335524] ? kasan_atomics_helper+0x164f/0x5450 [ 26.335546] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.335574] ? kasan_atomics_helper+0x164f/0x5450 [ 26.335598] kasan_report+0x141/0x180 [ 26.335621] ? kasan_atomics_helper+0x164f/0x5450 [ 26.335648] kasan_check_range+0x10c/0x1c0 [ 26.335673] __kasan_check_write+0x18/0x20 [ 26.335698] kasan_atomics_helper+0x164f/0x5450 [ 26.335721] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.335745] ? kasan_save_alloc_info+0x3b/0x50 [ 26.335785] kasan_atomics+0x1dc/0x310 [ 26.335808] ? __pfx_kasan_atomics+0x10/0x10 [ 26.335844] ? __pfx_read_tsc+0x10/0x10 [ 26.335868] ? ktime_get_ts64+0x86/0x230 [ 26.335893] kunit_try_run_case+0x1a5/0x480 [ 26.335919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.335943] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.335966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.335989] ? __kthread_parkme+0x82/0x180 [ 26.336011] ? preempt_count_sub+0x50/0x80 [ 26.336035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.336061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.336086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.336112] kthread+0x337/0x6f0 [ 26.336133] ? trace_preempt_on+0x20/0xc0 [ 26.336157] ? __pfx_kthread+0x10/0x10 [ 26.336178] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.336204] ? calculate_sigpending+0x7b/0xa0 [ 26.336230] ? __pfx_kthread+0x10/0x10 [ 26.336252] ret_from_fork+0x116/0x1d0 [ 26.336273] ? __pfx_kthread+0x10/0x10 [ 26.336294] ret_from_fork_asm+0x1a/0x30 [ 26.336335] </TASK> [ 26.336348] [ 26.343532] Allocated by task 313: [ 26.343711] kasan_save_stack+0x45/0x70 [ 26.343905] kasan_save_track+0x18/0x40 [ 26.344092] kasan_save_alloc_info+0x3b/0x50 [ 26.344301] __kasan_kmalloc+0xb7/0xc0 [ 26.344546] __kmalloc_cache_noprof+0x189/0x420 [ 26.344786] kasan_atomics+0x95/0x310 [ 26.344915] kunit_try_run_case+0x1a5/0x480 [ 26.345064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.345236] kthread+0x337/0x6f0 [ 26.345361] ret_from_fork+0x116/0x1d0 [ 26.345508] ret_from_fork_asm+0x1a/0x30 [ 26.345695] [ 26.345790] The buggy address belongs to the object at ffff88810490f900 [ 26.345790] which belongs to the cache kmalloc-64 of size 64 [ 26.346349] The buggy address is located 0 bytes to the right of [ 26.346349] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.346988] [ 26.347085] The buggy address belongs to the physical page: [ 26.347364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.347733] flags: 0x200000000000000(node=0|zone=2) [ 26.347895] page_type: f5(slab) [ 26.348064] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.348425] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.348768] page dumped because: kasan: bad access detected [ 26.348995] [ 26.349087] Memory state around the buggy address: [ 26.349297] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.349636] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.349963] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.350240] ^ [ 26.350458] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.350802] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.351125] ================================================================== [ 25.855583] ================================================================== [ 25.856435] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 25.857213] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.857640] [ 25.857931] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.857987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.858003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.858035] Call Trace: [ 25.858054] <TASK> [ 25.858073] dump_stack_lvl+0x73/0xb0 [ 25.858105] print_report+0xd1/0x650 [ 25.858130] ? __virt_addr_valid+0x1db/0x2d0 [ 25.858156] ? kasan_atomics_helper+0xac7/0x5450 [ 25.858179] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.858206] ? kasan_atomics_helper+0xac7/0x5450 [ 25.858229] kasan_report+0x141/0x180 [ 25.858252] ? kasan_atomics_helper+0xac7/0x5450 [ 25.858279] kasan_check_range+0x10c/0x1c0 [ 25.858313] __kasan_check_write+0x18/0x20 [ 25.858339] kasan_atomics_helper+0xac7/0x5450 [ 25.858362] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.858387] ? kasan_save_alloc_info+0x3b/0x50 [ 25.858416] kasan_atomics+0x1dc/0x310 [ 25.858440] ? __pfx_kasan_atomics+0x10/0x10 [ 25.858466] ? __pfx_read_tsc+0x10/0x10 [ 25.858587] ? ktime_get_ts64+0x86/0x230 [ 25.858622] kunit_try_run_case+0x1a5/0x480 [ 25.858650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.858675] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.858797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.858824] ? __kthread_parkme+0x82/0x180 [ 25.858848] ? preempt_count_sub+0x50/0x80 [ 25.858874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.858900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.858927] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.858952] kthread+0x337/0x6f0 [ 25.858973] ? trace_preempt_on+0x20/0xc0 [ 25.858999] ? __pfx_kthread+0x10/0x10 [ 25.859021] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.859046] ? calculate_sigpending+0x7b/0xa0 [ 25.859072] ? __pfx_kthread+0x10/0x10 [ 25.859095] ret_from_fork+0x116/0x1d0 [ 25.859116] ? __pfx_kthread+0x10/0x10 [ 25.859137] ret_from_fork_asm+0x1a/0x30 [ 25.859170] </TASK> [ 25.859183] [ 25.871248] Allocated by task 313: [ 25.871579] kasan_save_stack+0x45/0x70 [ 25.872066] kasan_save_track+0x18/0x40 [ 25.872259] kasan_save_alloc_info+0x3b/0x50 [ 25.872467] __kasan_kmalloc+0xb7/0xc0 [ 25.872641] __kmalloc_cache_noprof+0x189/0x420 [ 25.873216] kasan_atomics+0x95/0x310 [ 25.873524] kunit_try_run_case+0x1a5/0x480 [ 25.873935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.874170] kthread+0x337/0x6f0 [ 25.874337] ret_from_fork+0x116/0x1d0 [ 25.874794] ret_from_fork_asm+0x1a/0x30 [ 25.875051] [ 25.875273] The buggy address belongs to the object at ffff88810490f900 [ 25.875273] which belongs to the cache kmalloc-64 of size 64 [ 25.875959] The buggy address is located 0 bytes to the right of [ 25.875959] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.876470] [ 25.876560] The buggy address belongs to the physical page: [ 25.877251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.877959] flags: 0x200000000000000(node=0|zone=2) [ 25.878184] page_type: f5(slab) [ 25.878349] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.878983] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.879513] page dumped because: kasan: bad access detected [ 25.880141] [ 25.880236] Memory state around the buggy address: [ 25.880464] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.881041] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.881348] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.882003] ^ [ 25.882338] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.883407] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.883921] ================================================================== [ 26.385572] ================================================================== [ 26.386365] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 26.386752] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.387233] [ 26.387322] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.387372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.387386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.387409] Call Trace: [ 26.387425] <TASK> [ 26.387443] dump_stack_lvl+0x73/0xb0 [ 26.387472] print_report+0xd1/0x650 [ 26.387516] ? __virt_addr_valid+0x1db/0x2d0 [ 26.387542] ? kasan_atomics_helper+0x1818/0x5450 [ 26.387564] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.387592] ? kasan_atomics_helper+0x1818/0x5450 [ 26.387615] kasan_report+0x141/0x180 [ 26.387638] ? kasan_atomics_helper+0x1818/0x5450 [ 26.387665] kasan_check_range+0x10c/0x1c0 [ 26.387690] __kasan_check_write+0x18/0x20 [ 26.387713] kasan_atomics_helper+0x1818/0x5450 [ 26.387737] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.387761] ? kasan_save_alloc_info+0x3b/0x50 [ 26.387790] kasan_atomics+0x1dc/0x310 [ 26.387814] ? __pfx_kasan_atomics+0x10/0x10 [ 26.387839] ? __pfx_read_tsc+0x10/0x10 [ 26.387862] ? ktime_get_ts64+0x86/0x230 [ 26.387887] kunit_try_run_case+0x1a5/0x480 [ 26.387914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.387939] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.387963] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.387986] ? __kthread_parkme+0x82/0x180 [ 26.388009] ? preempt_count_sub+0x50/0x80 [ 26.388034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.388061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.388086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.388112] kthread+0x337/0x6f0 [ 26.388133] ? trace_preempt_on+0x20/0xc0 [ 26.388157] ? __pfx_kthread+0x10/0x10 [ 26.388181] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.388206] ? calculate_sigpending+0x7b/0xa0 [ 26.388233] ? __pfx_kthread+0x10/0x10 [ 26.388256] ret_from_fork+0x116/0x1d0 [ 26.388277] ? __pfx_kthread+0x10/0x10 [ 26.388299] ret_from_fork_asm+0x1a/0x30 [ 26.388339] </TASK> [ 26.388353] [ 26.394904] Allocated by task 313: [ 26.395066] kasan_save_stack+0x45/0x70 [ 26.395230] kasan_save_track+0x18/0x40 [ 26.395372] kasan_save_alloc_info+0x3b/0x50 [ 26.395542] __kasan_kmalloc+0xb7/0xc0 [ 26.395673] __kmalloc_cache_noprof+0x189/0x420 [ 26.395824] kasan_atomics+0x95/0x310 [ 26.395951] kunit_try_run_case+0x1a5/0x480 [ 26.396094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.396263] kthread+0x337/0x6f0 [ 26.396439] ret_from_fork+0x116/0x1d0 [ 26.396679] ret_from_fork_asm+0x1a/0x30 [ 26.396908] [ 26.397011] The buggy address belongs to the object at ffff88810490f900 [ 26.397011] which belongs to the cache kmalloc-64 of size 64 [ 26.397511] The buggy address is located 0 bytes to the right of [ 26.397511] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.398164] [ 26.398294] The buggy address belongs to the physical page: [ 26.398515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.398762] flags: 0x200000000000000(node=0|zone=2) [ 26.398923] page_type: f5(slab) [ 26.399042] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.399398] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.399770] page dumped because: kasan: bad access detected [ 26.399941] [ 26.400025] Memory state around the buggy address: [ 26.400262] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.400609] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.400819] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.401025] ^ [ 26.401173] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.401392] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.401708] ================================================================== [ 26.559850] ================================================================== [ 26.560585] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 26.561436] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.562170] [ 26.562390] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.562447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.562464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.562621] Call Trace: [ 26.562646] <TASK> [ 26.562669] dump_stack_lvl+0x73/0xb0 [ 26.562717] print_report+0xd1/0x650 [ 26.562781] ? __virt_addr_valid+0x1db/0x2d0 [ 26.562808] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.562832] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.562859] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.562882] kasan_report+0x141/0x180 [ 26.562905] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.562931] kasan_check_range+0x10c/0x1c0 [ 26.562956] __kasan_check_write+0x18/0x20 [ 26.562980] kasan_atomics_helper+0x1d7a/0x5450 [ 26.563003] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.563026] ? kasan_save_alloc_info+0x3b/0x50 [ 26.563055] kasan_atomics+0x1dc/0x310 [ 26.563078] ? __pfx_kasan_atomics+0x10/0x10 [ 26.563103] ? __pfx_read_tsc+0x10/0x10 [ 26.563126] ? ktime_get_ts64+0x86/0x230 [ 26.563152] kunit_try_run_case+0x1a5/0x480 [ 26.563178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.563202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.563225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.563248] ? __kthread_parkme+0x82/0x180 [ 26.563271] ? preempt_count_sub+0x50/0x80 [ 26.563295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.563330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.563356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.563381] kthread+0x337/0x6f0 [ 26.563402] ? trace_preempt_on+0x20/0xc0 [ 26.563427] ? __pfx_kthread+0x10/0x10 [ 26.563449] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.563495] ? calculate_sigpending+0x7b/0xa0 [ 26.563521] ? __pfx_kthread+0x10/0x10 [ 26.563544] ret_from_fork+0x116/0x1d0 [ 26.563565] ? __pfx_kthread+0x10/0x10 [ 26.563587] ret_from_fork_asm+0x1a/0x30 [ 26.563620] </TASK> [ 26.563633] [ 26.575356] Allocated by task 313: [ 26.576114] kasan_save_stack+0x45/0x70 [ 26.576419] kasan_save_track+0x18/0x40 [ 26.576818] kasan_save_alloc_info+0x3b/0x50 [ 26.577143] __kasan_kmalloc+0xb7/0xc0 [ 26.577476] __kmalloc_cache_noprof+0x189/0x420 [ 26.577680] kasan_atomics+0x95/0x310 [ 26.577848] kunit_try_run_case+0x1a5/0x480 [ 26.578029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.578243] kthread+0x337/0x6f0 [ 26.578755] ret_from_fork+0x116/0x1d0 [ 26.579120] ret_from_fork_asm+0x1a/0x30 [ 26.579454] [ 26.579758] The buggy address belongs to the object at ffff88810490f900 [ 26.579758] which belongs to the cache kmalloc-64 of size 64 [ 26.580395] The buggy address is located 0 bytes to the right of [ 26.580395] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.581213] [ 26.581329] The buggy address belongs to the physical page: [ 26.581847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.582291] flags: 0x200000000000000(node=0|zone=2) [ 26.582702] page_type: f5(slab) [ 26.582872] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.583187] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.583736] page dumped because: kasan: bad access detected [ 26.584035] [ 26.584252] Memory state around the buggy address: [ 26.584634] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.584937] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.585229] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.585752] ^ [ 26.586228] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.586707] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.586987] ================================================================== [ 25.825019] ================================================================== [ 25.826088] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 25.826743] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.827415] [ 25.827651] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.827718] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.827734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.827758] Call Trace: [ 25.827820] <TASK> [ 25.827840] dump_stack_lvl+0x73/0xb0 [ 25.827872] print_report+0xd1/0x650 [ 25.827897] ? __virt_addr_valid+0x1db/0x2d0 [ 25.827922] ? kasan_atomics_helper+0xa2b/0x5450 [ 25.827945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.827973] ? kasan_atomics_helper+0xa2b/0x5450 [ 25.827995] kasan_report+0x141/0x180 [ 25.828018] ? kasan_atomics_helper+0xa2b/0x5450 [ 25.828045] kasan_check_range+0x10c/0x1c0 [ 25.828069] __kasan_check_write+0x18/0x20 [ 25.828092] kasan_atomics_helper+0xa2b/0x5450 [ 25.828117] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.828141] ? kasan_save_alloc_info+0x3b/0x50 [ 25.828169] kasan_atomics+0x1dc/0x310 [ 25.828193] ? __pfx_kasan_atomics+0x10/0x10 [ 25.828218] ? __pfx_read_tsc+0x10/0x10 [ 25.828242] ? ktime_get_ts64+0x86/0x230 [ 25.828267] kunit_try_run_case+0x1a5/0x480 [ 25.828295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.828329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.828353] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.828376] ? __kthread_parkme+0x82/0x180 [ 25.828398] ? preempt_count_sub+0x50/0x80 [ 25.828425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.828451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.828476] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.828516] kthread+0x337/0x6f0 [ 25.828538] ? trace_preempt_on+0x20/0xc0 [ 25.828563] ? __pfx_kthread+0x10/0x10 [ 25.828585] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.828611] ? calculate_sigpending+0x7b/0xa0 [ 25.828636] ? __pfx_kthread+0x10/0x10 [ 25.828659] ret_from_fork+0x116/0x1d0 [ 25.828680] ? __pfx_kthread+0x10/0x10 [ 25.828703] ret_from_fork_asm+0x1a/0x30 [ 25.828736] </TASK> [ 25.828749] [ 25.842172] Allocated by task 313: [ 25.842518] kasan_save_stack+0x45/0x70 [ 25.842770] kasan_save_track+0x18/0x40 [ 25.842954] kasan_save_alloc_info+0x3b/0x50 [ 25.843151] __kasan_kmalloc+0xb7/0xc0 [ 25.843335] __kmalloc_cache_noprof+0x189/0x420 [ 25.843855] kasan_atomics+0x95/0x310 [ 25.844157] kunit_try_run_case+0x1a5/0x480 [ 25.844635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.845047] kthread+0x337/0x6f0 [ 25.845213] ret_from_fork+0x116/0x1d0 [ 25.845401] ret_from_fork_asm+0x1a/0x30 [ 25.846163] [ 25.846273] The buggy address belongs to the object at ffff88810490f900 [ 25.846273] which belongs to the cache kmalloc-64 of size 64 [ 25.847236] The buggy address is located 0 bytes to the right of [ 25.847236] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.848220] [ 25.848346] The buggy address belongs to the physical page: [ 25.848867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.849217] flags: 0x200000000000000(node=0|zone=2) [ 25.849448] page_type: f5(slab) [ 25.849925] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.850388] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.851276] page dumped because: kasan: bad access detected [ 25.851779] [ 25.851874] Memory state around the buggy address: [ 25.852079] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.852380] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.853174] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.853657] ^ [ 25.853939] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.854222] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.854798] ================================================================== [ 26.107488] ================================================================== [ 26.108323] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 26.108683] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.108917] [ 26.108997] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.109045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.109061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.109084] Call Trace: [ 26.109100] <TASK> [ 26.109116] dump_stack_lvl+0x73/0xb0 [ 26.109143] print_report+0xd1/0x650 [ 26.109167] ? __virt_addr_valid+0x1db/0x2d0 [ 26.109192] ? kasan_atomics_helper+0x1148/0x5450 [ 26.109215] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.109241] ? kasan_atomics_helper+0x1148/0x5450 [ 26.109264] kasan_report+0x141/0x180 [ 26.109287] ? kasan_atomics_helper+0x1148/0x5450 [ 26.109325] kasan_check_range+0x10c/0x1c0 [ 26.109350] __kasan_check_write+0x18/0x20 [ 26.109374] kasan_atomics_helper+0x1148/0x5450 [ 26.109397] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.109421] ? kasan_save_alloc_info+0x3b/0x50 [ 26.109450] kasan_atomics+0x1dc/0x310 [ 26.109474] ? __pfx_kasan_atomics+0x10/0x10 [ 26.109499] ? __pfx_read_tsc+0x10/0x10 [ 26.109522] ? ktime_get_ts64+0x86/0x230 [ 26.109548] kunit_try_run_case+0x1a5/0x480 [ 26.109574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.109599] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.109622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.109645] ? __kthread_parkme+0x82/0x180 [ 26.109666] ? preempt_count_sub+0x50/0x80 [ 26.109691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.109717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.109746] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.109771] kthread+0x337/0x6f0 [ 26.109792] ? trace_preempt_on+0x20/0xc0 [ 26.109817] ? __pfx_kthread+0x10/0x10 [ 26.109839] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.109864] ? calculate_sigpending+0x7b/0xa0 [ 26.109889] ? __pfx_kthread+0x10/0x10 [ 26.109912] ret_from_fork+0x116/0x1d0 [ 26.109941] ? __pfx_kthread+0x10/0x10 [ 26.109974] ret_from_fork_asm+0x1a/0x30 [ 26.110006] </TASK> [ 26.110019] [ 26.117252] Allocated by task 313: [ 26.117427] kasan_save_stack+0x45/0x70 [ 26.117650] kasan_save_track+0x18/0x40 [ 26.117853] kasan_save_alloc_info+0x3b/0x50 [ 26.118058] __kasan_kmalloc+0xb7/0xc0 [ 26.118237] __kmalloc_cache_noprof+0x189/0x420 [ 26.118450] kasan_atomics+0x95/0x310 [ 26.118654] kunit_try_run_case+0x1a5/0x480 [ 26.118835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.119077] kthread+0x337/0x6f0 [ 26.119236] ret_from_fork+0x116/0x1d0 [ 26.119397] ret_from_fork_asm+0x1a/0x30 [ 26.119686] [ 26.119768] The buggy address belongs to the object at ffff88810490f900 [ 26.119768] which belongs to the cache kmalloc-64 of size 64 [ 26.120142] The buggy address is located 0 bytes to the right of [ 26.120142] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.120711] [ 26.120803] The buggy address belongs to the physical page: [ 26.121026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.121261] flags: 0x200000000000000(node=0|zone=2) [ 26.121649] page_type: f5(slab) [ 26.121824] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.122176] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.122423] page dumped because: kasan: bad access detected [ 26.122590] [ 26.122655] Memory state around the buggy address: [ 26.122804] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.123015] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.123226] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.123670] ^ [ 26.123890] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.124225] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.124543] ================================================================== [ 25.941797] ================================================================== [ 25.942101] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 25.942401] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.942790] [ 25.942903] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.942951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.942966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.942989] Call Trace: [ 25.943004] <TASK> [ 25.943021] dump_stack_lvl+0x73/0xb0 [ 25.943051] print_report+0xd1/0x650 [ 25.943075] ? __virt_addr_valid+0x1db/0x2d0 [ 25.943100] ? kasan_atomics_helper+0xd47/0x5450 [ 25.943123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.943150] ? kasan_atomics_helper+0xd47/0x5450 [ 25.943173] kasan_report+0x141/0x180 [ 25.943196] ? kasan_atomics_helper+0xd47/0x5450 [ 25.943223] kasan_check_range+0x10c/0x1c0 [ 25.943248] __kasan_check_write+0x18/0x20 [ 25.943272] kasan_atomics_helper+0xd47/0x5450 [ 25.943297] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.943333] ? kasan_save_alloc_info+0x3b/0x50 [ 25.943363] kasan_atomics+0x1dc/0x310 [ 25.943387] ? __pfx_kasan_atomics+0x10/0x10 [ 25.943413] ? __pfx_read_tsc+0x10/0x10 [ 25.943436] ? ktime_get_ts64+0x86/0x230 [ 25.943462] kunit_try_run_case+0x1a5/0x480 [ 25.943502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.943528] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.943551] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.943575] ? __kthread_parkme+0x82/0x180 [ 25.943597] ? preempt_count_sub+0x50/0x80 [ 25.943622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.943649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.943716] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.943747] kthread+0x337/0x6f0 [ 25.943768] ? trace_preempt_on+0x20/0xc0 [ 25.943794] ? __pfx_kthread+0x10/0x10 [ 25.943817] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.943843] ? calculate_sigpending+0x7b/0xa0 [ 25.943868] ? __pfx_kthread+0x10/0x10 [ 25.943891] ret_from_fork+0x116/0x1d0 [ 25.943912] ? __pfx_kthread+0x10/0x10 [ 25.943935] ret_from_fork_asm+0x1a/0x30 [ 25.943967] </TASK> [ 25.943982] [ 25.951626] Allocated by task 313: [ 25.952011] kasan_save_stack+0x45/0x70 [ 25.952215] kasan_save_track+0x18/0x40 [ 25.952418] kasan_save_alloc_info+0x3b/0x50 [ 25.952642] __kasan_kmalloc+0xb7/0xc0 [ 25.952851] __kmalloc_cache_noprof+0x189/0x420 [ 25.953069] kasan_atomics+0x95/0x310 [ 25.953248] kunit_try_run_case+0x1a5/0x480 [ 25.953427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.953941] kthread+0x337/0x6f0 [ 25.954105] ret_from_fork+0x116/0x1d0 [ 25.954236] ret_from_fork_asm+0x1a/0x30 [ 25.954444] [ 25.954536] The buggy address belongs to the object at ffff88810490f900 [ 25.954536] which belongs to the cache kmalloc-64 of size 64 [ 25.955112] The buggy address is located 0 bytes to the right of [ 25.955112] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.955605] [ 25.955673] The buggy address belongs to the physical page: [ 25.955842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.956074] flags: 0x200000000000000(node=0|zone=2) [ 25.956229] page_type: f5(slab) [ 25.956468] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.957040] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.957383] page dumped because: kasan: bad access detected [ 25.957658] [ 25.957726] Memory state around the buggy address: [ 25.957881] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.958090] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.958301] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.959000] ^ [ 25.959229] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.959609] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.960278] ================================================================== [ 25.583593] ================================================================== [ 25.583876] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 25.584342] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.584636] [ 25.584831] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.584878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.584893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.584915] Call Trace: [ 25.584929] <TASK> [ 25.584944] dump_stack_lvl+0x73/0xb0 [ 25.584972] print_report+0xd1/0x650 [ 25.585050] ? __virt_addr_valid+0x1db/0x2d0 [ 25.585078] ? kasan_atomics_helper+0x3df/0x5450 [ 25.585102] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.585131] ? kasan_atomics_helper+0x3df/0x5450 [ 25.585154] kasan_report+0x141/0x180 [ 25.585177] ? kasan_atomics_helper+0x3df/0x5450 [ 25.585204] kasan_check_range+0x10c/0x1c0 [ 25.585229] __kasan_check_read+0x15/0x20 [ 25.585253] kasan_atomics_helper+0x3df/0x5450 [ 25.585277] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.585300] ? kasan_save_alloc_info+0x3b/0x50 [ 25.585341] kasan_atomics+0x1dc/0x310 [ 25.585367] ? __pfx_kasan_atomics+0x10/0x10 [ 25.585391] ? __pfx_read_tsc+0x10/0x10 [ 25.585414] ? ktime_get_ts64+0x86/0x230 [ 25.585439] kunit_try_run_case+0x1a5/0x480 [ 25.585464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.585489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.585536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.585560] ? __kthread_parkme+0x82/0x180 [ 25.585581] ? preempt_count_sub+0x50/0x80 [ 25.585606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.585632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.585657] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.585718] kthread+0x337/0x6f0 [ 25.585747] ? trace_preempt_on+0x20/0xc0 [ 25.585771] ? __pfx_kthread+0x10/0x10 [ 25.585793] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.585819] ? calculate_sigpending+0x7b/0xa0 [ 25.585844] ? __pfx_kthread+0x10/0x10 [ 25.585867] ret_from_fork+0x116/0x1d0 [ 25.585887] ? __pfx_kthread+0x10/0x10 [ 25.585909] ret_from_fork_asm+0x1a/0x30 [ 25.585941] </TASK> [ 25.585953] [ 25.593803] Allocated by task 313: [ 25.594015] kasan_save_stack+0x45/0x70 [ 25.594235] kasan_save_track+0x18/0x40 [ 25.594450] kasan_save_alloc_info+0x3b/0x50 [ 25.594675] __kasan_kmalloc+0xb7/0xc0 [ 25.594838] __kmalloc_cache_noprof+0x189/0x420 [ 25.595012] kasan_atomics+0x95/0x310 [ 25.595405] kunit_try_run_case+0x1a5/0x480 [ 25.595612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.595786] kthread+0x337/0x6f0 [ 25.595906] ret_from_fork+0x116/0x1d0 [ 25.596034] ret_from_fork_asm+0x1a/0x30 [ 25.596337] [ 25.596442] The buggy address belongs to the object at ffff88810490f900 [ 25.596442] which belongs to the cache kmalloc-64 of size 64 [ 25.597028] The buggy address is located 0 bytes to the right of [ 25.597028] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.597442] [ 25.597580] The buggy address belongs to the physical page: [ 25.597961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.598390] flags: 0x200000000000000(node=0|zone=2) [ 25.598555] page_type: f5(slab) [ 25.598739] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.599361] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.600027] page dumped because: kasan: bad access detected [ 25.600250] [ 25.600353] Memory state around the buggy address: [ 25.601001] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.601670] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.602133] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.602621] ^ [ 25.603199] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.603936] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.604570] ================================================================== [ 26.317066] ================================================================== [ 26.317423] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 26.317809] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.318180] [ 26.318289] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.318347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.318361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.318383] Call Trace: [ 26.318401] <TASK> [ 26.318419] dump_stack_lvl+0x73/0xb0 [ 26.318447] print_report+0xd1/0x650 [ 26.318470] ? __virt_addr_valid+0x1db/0x2d0 [ 26.318515] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.318538] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.318565] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.318588] kasan_report+0x141/0x180 [ 26.318611] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.318638] kasan_check_range+0x10c/0x1c0 [ 26.318663] __kasan_check_write+0x18/0x20 [ 26.318686] kasan_atomics_helper+0x15b6/0x5450 [ 26.318711] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.318735] ? kasan_save_alloc_info+0x3b/0x50 [ 26.318763] kasan_atomics+0x1dc/0x310 [ 26.318787] ? __pfx_kasan_atomics+0x10/0x10 [ 26.318812] ? __pfx_read_tsc+0x10/0x10 [ 26.318834] ? ktime_get_ts64+0x86/0x230 [ 26.318860] kunit_try_run_case+0x1a5/0x480 [ 26.318897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.318922] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.318945] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.318979] ? __kthread_parkme+0x82/0x180 [ 26.319001] ? preempt_count_sub+0x50/0x80 [ 26.319026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.319052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.319077] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.319103] kthread+0x337/0x6f0 [ 26.319124] ? trace_preempt_on+0x20/0xc0 [ 26.319148] ? __pfx_kthread+0x10/0x10 [ 26.319169] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.319194] ? calculate_sigpending+0x7b/0xa0 [ 26.319228] ? __pfx_kthread+0x10/0x10 [ 26.319251] ret_from_fork+0x116/0x1d0 [ 26.319271] ? __pfx_kthread+0x10/0x10 [ 26.319292] ret_from_fork_asm+0x1a/0x30 [ 26.319343] </TASK> [ 26.319356] [ 26.326648] Allocated by task 313: [ 26.326776] kasan_save_stack+0x45/0x70 [ 26.326911] kasan_save_track+0x18/0x40 [ 26.327041] kasan_save_alloc_info+0x3b/0x50 [ 26.327183] __kasan_kmalloc+0xb7/0xc0 [ 26.327321] __kmalloc_cache_noprof+0x189/0x420 [ 26.327490] kasan_atomics+0x95/0x310 [ 26.327675] kunit_try_run_case+0x1a5/0x480 [ 26.327891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.328154] kthread+0x337/0x6f0 [ 26.328327] ret_from_fork+0x116/0x1d0 [ 26.328527] ret_from_fork_asm+0x1a/0x30 [ 26.328720] [ 26.328809] The buggy address belongs to the object at ffff88810490f900 [ 26.328809] which belongs to the cache kmalloc-64 of size 64 [ 26.329331] The buggy address is located 0 bytes to the right of [ 26.329331] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.329859] [ 26.329930] The buggy address belongs to the physical page: [ 26.330099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.330420] flags: 0x200000000000000(node=0|zone=2) [ 26.330700] page_type: f5(slab) [ 26.330868] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.331226] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.331524] page dumped because: kasan: bad access detected [ 26.331741] [ 26.331835] Memory state around the buggy address: [ 26.332017] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.332314] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.332596] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.332864] ^ [ 26.333069] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.333362] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.333593] ================================================================== [ 26.531009] ================================================================== [ 26.531360] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 26.532000] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.532339] [ 26.532447] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.532496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.532510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.532533] Call Trace: [ 26.532551] <TASK> [ 26.532570] dump_stack_lvl+0x73/0xb0 [ 26.532599] print_report+0xd1/0x650 [ 26.532622] ? __virt_addr_valid+0x1db/0x2d0 [ 26.532645] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.532667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.532694] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.532717] kasan_report+0x141/0x180 [ 26.532739] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.532766] kasan_check_range+0x10c/0x1c0 [ 26.532791] __kasan_check_write+0x18/0x20 [ 26.532814] kasan_atomics_helper+0x1ce1/0x5450 [ 26.532838] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.532874] ? kasan_save_alloc_info+0x3b/0x50 [ 26.532903] kasan_atomics+0x1dc/0x310 [ 26.532927] ? __pfx_kasan_atomics+0x10/0x10 [ 26.532951] ? __pfx_read_tsc+0x10/0x10 [ 26.532974] ? ktime_get_ts64+0x86/0x230 [ 26.532999] kunit_try_run_case+0x1a5/0x480 [ 26.533026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.533050] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.533073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.533096] ? __kthread_parkme+0x82/0x180 [ 26.533118] ? preempt_count_sub+0x50/0x80 [ 26.533142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.533168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.533194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.533220] kthread+0x337/0x6f0 [ 26.533242] ? trace_preempt_on+0x20/0xc0 [ 26.533266] ? __pfx_kthread+0x10/0x10 [ 26.533288] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.533325] ? calculate_sigpending+0x7b/0xa0 [ 26.533350] ? __pfx_kthread+0x10/0x10 [ 26.533374] ret_from_fork+0x116/0x1d0 [ 26.533394] ? __pfx_kthread+0x10/0x10 [ 26.533416] ret_from_fork_asm+0x1a/0x30 [ 26.533449] </TASK> [ 26.533465] [ 26.540493] Allocated by task 313: [ 26.540623] kasan_save_stack+0x45/0x70 [ 26.540758] kasan_save_track+0x18/0x40 [ 26.540889] kasan_save_alloc_info+0x3b/0x50 [ 26.541035] __kasan_kmalloc+0xb7/0xc0 [ 26.541167] __kmalloc_cache_noprof+0x189/0x420 [ 26.542159] kasan_atomics+0x95/0x310 [ 26.542806] kunit_try_run_case+0x1a5/0x480 [ 26.543257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.543885] kthread+0x337/0x6f0 [ 26.544456] ret_from_fork+0x116/0x1d0 [ 26.544989] ret_from_fork_asm+0x1a/0x30 [ 26.545614] [ 26.545808] The buggy address belongs to the object at ffff88810490f900 [ 26.545808] which belongs to the cache kmalloc-64 of size 64 [ 26.547175] The buggy address is located 0 bytes to the right of [ 26.547175] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.548396] [ 26.548659] The buggy address belongs to the physical page: [ 26.549275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.550114] flags: 0x200000000000000(node=0|zone=2) [ 26.550623] page_type: f5(slab) [ 26.551131] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.551815] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.552683] page dumped because: kasan: bad access detected [ 26.553279] [ 26.553403] Memory state around the buggy address: [ 26.553973] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.554616] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.555282] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.555881] ^ [ 26.556459] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.557245] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.557692] ================================================================== [ 26.368420] ================================================================== [ 26.368834] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 26.369165] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.369519] [ 26.369624] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.369671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.369685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.369707] Call Trace: [ 26.369723] <TASK> [ 26.369746] dump_stack_lvl+0x73/0xb0 [ 26.369775] print_report+0xd1/0x650 [ 26.369798] ? __virt_addr_valid+0x1db/0x2d0 [ 26.369823] ? kasan_atomics_helper+0x177f/0x5450 [ 26.369844] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.369871] ? kasan_atomics_helper+0x177f/0x5450 [ 26.369894] kasan_report+0x141/0x180 [ 26.369917] ? kasan_atomics_helper+0x177f/0x5450 [ 26.369944] kasan_check_range+0x10c/0x1c0 [ 26.369969] __kasan_check_write+0x18/0x20 [ 26.369994] kasan_atomics_helper+0x177f/0x5450 [ 26.370017] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.370042] ? kasan_save_alloc_info+0x3b/0x50 [ 26.370071] kasan_atomics+0x1dc/0x310 [ 26.370095] ? __pfx_kasan_atomics+0x10/0x10 [ 26.370120] ? __pfx_read_tsc+0x10/0x10 [ 26.370143] ? ktime_get_ts64+0x86/0x230 [ 26.370169] kunit_try_run_case+0x1a5/0x480 [ 26.370196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.370221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.370245] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.370268] ? __kthread_parkme+0x82/0x180 [ 26.370290] ? preempt_count_sub+0x50/0x80 [ 26.370325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.370353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.370378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.370404] kthread+0x337/0x6f0 [ 26.370425] ? trace_preempt_on+0x20/0xc0 [ 26.370450] ? __pfx_kthread+0x10/0x10 [ 26.370492] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.370519] ? calculate_sigpending+0x7b/0xa0 [ 26.370544] ? __pfx_kthread+0x10/0x10 [ 26.370567] ret_from_fork+0x116/0x1d0 [ 26.370588] ? __pfx_kthread+0x10/0x10 [ 26.370611] ret_from_fork_asm+0x1a/0x30 [ 26.370642] </TASK> [ 26.370655] [ 26.377900] Allocated by task 313: [ 26.378098] kasan_save_stack+0x45/0x70 [ 26.378297] kasan_save_track+0x18/0x40 [ 26.378461] kasan_save_alloc_info+0x3b/0x50 [ 26.378692] __kasan_kmalloc+0xb7/0xc0 [ 26.378880] __kmalloc_cache_noprof+0x189/0x420 [ 26.379067] kasan_atomics+0x95/0x310 [ 26.379259] kunit_try_run_case+0x1a5/0x480 [ 26.379461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.379709] kthread+0x337/0x6f0 [ 26.379827] ret_from_fork+0x116/0x1d0 [ 26.379953] ret_from_fork_asm+0x1a/0x30 [ 26.380089] [ 26.380155] The buggy address belongs to the object at ffff88810490f900 [ 26.380155] which belongs to the cache kmalloc-64 of size 64 [ 26.380536] The buggy address is located 0 bytes to the right of [ 26.380536] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.381043] [ 26.381137] The buggy address belongs to the physical page: [ 26.381399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.381774] flags: 0x200000000000000(node=0|zone=2) [ 26.382004] page_type: f5(slab) [ 26.382170] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.382538] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.382896] page dumped because: kasan: bad access detected [ 26.383147] [ 26.383237] Memory state around the buggy address: [ 26.383506] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.383802] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.384062] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.384271] ^ [ 26.384430] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.384666] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.384898] ================================================================== [ 25.960734] ================================================================== [ 25.960964] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 25.961186] Write of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.961419] [ 25.961501] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.961549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.961563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.961585] Call Trace: [ 25.961603] <TASK> [ 25.961620] dump_stack_lvl+0x73/0xb0 [ 25.961647] print_report+0xd1/0x650 [ 25.961671] ? __virt_addr_valid+0x1db/0x2d0 [ 25.961695] ? kasan_atomics_helper+0xde0/0x5450 [ 25.961716] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.961748] ? kasan_atomics_helper+0xde0/0x5450 [ 25.961770] kasan_report+0x141/0x180 [ 25.961792] ? kasan_atomics_helper+0xde0/0x5450 [ 25.961820] kasan_check_range+0x10c/0x1c0 [ 25.961906] __kasan_check_write+0x18/0x20 [ 25.961931] kasan_atomics_helper+0xde0/0x5450 [ 25.961956] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.961981] ? kasan_save_alloc_info+0x3b/0x50 [ 25.962010] kasan_atomics+0x1dc/0x310 [ 25.962034] ? __pfx_kasan_atomics+0x10/0x10 [ 25.962060] ? __pfx_read_tsc+0x10/0x10 [ 25.962083] ? ktime_get_ts64+0x86/0x230 [ 25.962110] kunit_try_run_case+0x1a5/0x480 [ 25.962136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.962161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.962184] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.962207] ? __kthread_parkme+0x82/0x180 [ 25.962230] ? preempt_count_sub+0x50/0x80 [ 25.962254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.962280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.962316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.962343] kthread+0x337/0x6f0 [ 25.962365] ? trace_preempt_on+0x20/0xc0 [ 25.962389] ? __pfx_kthread+0x10/0x10 [ 25.962411] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.962438] ? calculate_sigpending+0x7b/0xa0 [ 25.962465] ? __pfx_kthread+0x10/0x10 [ 25.962488] ret_from_fork+0x116/0x1d0 [ 25.962516] ? __pfx_kthread+0x10/0x10 [ 25.962538] ret_from_fork_asm+0x1a/0x30 [ 25.962571] </TASK> [ 25.962583] [ 25.970181] Allocated by task 313: [ 25.970415] kasan_save_stack+0x45/0x70 [ 25.970666] kasan_save_track+0x18/0x40 [ 25.970843] kasan_save_alloc_info+0x3b/0x50 [ 25.970988] __kasan_kmalloc+0xb7/0xc0 [ 25.971115] __kmalloc_cache_noprof+0x189/0x420 [ 25.971265] kasan_atomics+0x95/0x310 [ 25.971404] kunit_try_run_case+0x1a5/0x480 [ 25.971548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.971717] kthread+0x337/0x6f0 [ 25.971883] ret_from_fork+0x116/0x1d0 [ 25.972105] ret_from_fork_asm+0x1a/0x30 [ 25.972316] [ 25.972409] The buggy address belongs to the object at ffff88810490f900 [ 25.972409] which belongs to the cache kmalloc-64 of size 64 [ 25.972933] The buggy address is located 0 bytes to the right of [ 25.972933] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.973504] [ 25.973588] The buggy address belongs to the physical page: [ 25.973822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.974125] flags: 0x200000000000000(node=0|zone=2) [ 25.974285] page_type: f5(slab) [ 25.975440] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.976412] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.977480] page dumped because: kasan: bad access detected [ 25.978506] [ 25.979034] Memory state around the buggy address: [ 25.980123] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.980957] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.982220] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.982469] ^ [ 25.983286] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.984359] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.985111] ================================================================== [ 26.809039] ================================================================== [ 26.809410] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 26.809943] Write of size 8 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.810293] [ 26.810392] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.810444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.810458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.810484] Call Trace: [ 26.810507] <TASK> [ 26.810537] dump_stack_lvl+0x73/0xb0 [ 26.810606] print_report+0xd1/0x650 [ 26.810632] ? __virt_addr_valid+0x1db/0x2d0 [ 26.810683] ? kasan_atomics_helper+0x224c/0x5450 [ 26.810706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.810733] ? kasan_atomics_helper+0x224c/0x5450 [ 26.810756] kasan_report+0x141/0x180 [ 26.810780] ? kasan_atomics_helper+0x224c/0x5450 [ 26.810836] kasan_check_range+0x10c/0x1c0 [ 26.810861] __kasan_check_write+0x18/0x20 [ 26.810885] kasan_atomics_helper+0x224c/0x5450 [ 26.810909] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.810931] ? kasan_save_alloc_info+0x3b/0x50 [ 26.810988] kasan_atomics+0x1dc/0x310 [ 26.811012] ? __pfx_kasan_atomics+0x10/0x10 [ 26.811037] ? __pfx_read_tsc+0x10/0x10 [ 26.811060] ? ktime_get_ts64+0x86/0x230 [ 26.811086] kunit_try_run_case+0x1a5/0x480 [ 26.811113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.811138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.811161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.811184] ? __kthread_parkme+0x82/0x180 [ 26.811207] ? preempt_count_sub+0x50/0x80 [ 26.811233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.811260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.811285] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.811322] kthread+0x337/0x6f0 [ 26.811373] ? trace_preempt_on+0x20/0xc0 [ 26.811399] ? __pfx_kthread+0x10/0x10 [ 26.811420] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.811446] ? calculate_sigpending+0x7b/0xa0 [ 26.811472] ? __pfx_kthread+0x10/0x10 [ 26.811494] ret_from_fork+0x116/0x1d0 [ 26.811514] ? __pfx_kthread+0x10/0x10 [ 26.811565] ret_from_fork_asm+0x1a/0x30 [ 26.811598] </TASK> [ 26.811612] [ 26.820256] Allocated by task 313: [ 26.820579] kasan_save_stack+0x45/0x70 [ 26.820714] kasan_save_track+0x18/0x40 [ 26.820840] kasan_save_alloc_info+0x3b/0x50 [ 26.820976] __kasan_kmalloc+0xb7/0xc0 [ 26.821139] __kmalloc_cache_noprof+0x189/0x420 [ 26.821287] kasan_atomics+0x95/0x310 [ 26.821421] kunit_try_run_case+0x1a5/0x480 [ 26.821896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.822383] kthread+0x337/0x6f0 [ 26.822774] ret_from_fork+0x116/0x1d0 [ 26.823138] ret_from_fork_asm+0x1a/0x30 [ 26.823533] [ 26.823707] The buggy address belongs to the object at ffff88810490f900 [ 26.823707] which belongs to the cache kmalloc-64 of size 64 [ 26.824173] The buggy address is located 0 bytes to the right of [ 26.824173] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.824631] [ 26.824813] The buggy address belongs to the physical page: [ 26.825327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.826114] flags: 0x200000000000000(node=0|zone=2) [ 26.826579] page_type: f5(slab) [ 26.826966] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.827657] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.828422] page dumped because: kasan: bad access detected [ 26.829008] [ 26.829080] Memory state around the buggy address: [ 26.829444] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.830019] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.830847] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.831048] ^ [ 26.831192] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.831407] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.831928] ================================================================== [ 26.053888] ================================================================== [ 26.054432] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 26.055104] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.055376] [ 26.055472] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.055533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.055559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.055581] Call Trace: [ 26.055595] <TASK> [ 26.055612] dump_stack_lvl+0x73/0xb0 [ 26.055642] print_report+0xd1/0x650 [ 26.055666] ? __virt_addr_valid+0x1db/0x2d0 [ 26.055691] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.055714] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.055750] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.055774] kasan_report+0x141/0x180 [ 26.055797] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.055835] __asan_report_load4_noabort+0x18/0x20 [ 26.055859] kasan_atomics_helper+0x4a36/0x5450 [ 26.055882] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.055905] ? kasan_save_alloc_info+0x3b/0x50 [ 26.055933] kasan_atomics+0x1dc/0x310 [ 26.055956] ? __pfx_kasan_atomics+0x10/0x10 [ 26.055982] ? __pfx_read_tsc+0x10/0x10 [ 26.056004] ? ktime_get_ts64+0x86/0x230 [ 26.056029] kunit_try_run_case+0x1a5/0x480 [ 26.056056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.056080] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.056103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.056126] ? __kthread_parkme+0x82/0x180 [ 26.056148] ? preempt_count_sub+0x50/0x80 [ 26.056182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.056209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.056235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.056271] kthread+0x337/0x6f0 [ 26.056292] ? trace_preempt_on+0x20/0xc0 [ 26.056326] ? __pfx_kthread+0x10/0x10 [ 26.056348] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.056381] ? calculate_sigpending+0x7b/0xa0 [ 26.056406] ? __pfx_kthread+0x10/0x10 [ 26.056439] ret_from_fork+0x116/0x1d0 [ 26.056459] ? __pfx_kthread+0x10/0x10 [ 26.056481] ret_from_fork_asm+0x1a/0x30 [ 26.056522] </TASK> [ 26.056535] [ 26.063845] Allocated by task 313: [ 26.064032] kasan_save_stack+0x45/0x70 [ 26.064256] kasan_save_track+0x18/0x40 [ 26.064460] kasan_save_alloc_info+0x3b/0x50 [ 26.064672] __kasan_kmalloc+0xb7/0xc0 [ 26.064834] __kmalloc_cache_noprof+0x189/0x420 [ 26.064985] kasan_atomics+0x95/0x310 [ 26.065112] kunit_try_run_case+0x1a5/0x480 [ 26.065254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.065524] kthread+0x337/0x6f0 [ 26.065688] ret_from_fork+0x116/0x1d0 [ 26.065870] ret_from_fork_asm+0x1a/0x30 [ 26.066060] [ 26.066150] The buggy address belongs to the object at ffff88810490f900 [ 26.066150] which belongs to the cache kmalloc-64 of size 64 [ 26.066823] The buggy address is located 0 bytes to the right of [ 26.066823] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.067176] [ 26.067313] The buggy address belongs to the physical page: [ 26.067641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.068316] flags: 0x200000000000000(node=0|zone=2) [ 26.068560] page_type: f5(slab) [ 26.068735] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.069005] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.069356] page dumped because: kasan: bad access detected [ 26.069592] [ 26.069702] Memory state around the buggy address: [ 26.069890] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.070102] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.070331] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.070655] ^ [ 26.070873] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.071185] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.071484] ================================================================== [ 26.200908] ================================================================== [ 26.201638] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 26.201976] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 26.202259] [ 26.202370] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 26.202418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.202433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.202455] Call Trace: [ 26.203044] <TASK> [ 26.203084] dump_stack_lvl+0x73/0xb0 [ 26.203120] print_report+0xd1/0x650 [ 26.203144] ? __virt_addr_valid+0x1db/0x2d0 [ 26.203170] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.203388] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.203436] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.203462] kasan_report+0x141/0x180 [ 26.203508] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.203535] __asan_report_load4_noabort+0x18/0x20 [ 26.203561] kasan_atomics_helper+0x49ce/0x5450 [ 26.203586] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.203609] ? kasan_save_alloc_info+0x3b/0x50 [ 26.203639] kasan_atomics+0x1dc/0x310 [ 26.203663] ? __pfx_kasan_atomics+0x10/0x10 [ 26.203692] ? __pfx_read_tsc+0x10/0x10 [ 26.203717] ? ktime_get_ts64+0x86/0x230 [ 26.203744] kunit_try_run_case+0x1a5/0x480 [ 26.203771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.203795] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.203819] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.203842] ? __kthread_parkme+0x82/0x180 [ 26.203864] ? preempt_count_sub+0x50/0x80 [ 26.203890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.203918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.203944] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.203973] kthread+0x337/0x6f0 [ 26.203994] ? trace_preempt_on+0x20/0xc0 [ 26.204019] ? __pfx_kthread+0x10/0x10 [ 26.204041] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.204067] ? calculate_sigpending+0x7b/0xa0 [ 26.204092] ? __pfx_kthread+0x10/0x10 [ 26.204116] ret_from_fork+0x116/0x1d0 [ 26.204137] ? __pfx_kthread+0x10/0x10 [ 26.204159] ret_from_fork_asm+0x1a/0x30 [ 26.204191] </TASK> [ 26.204205] [ 26.215223] Allocated by task 313: [ 26.215403] kasan_save_stack+0x45/0x70 [ 26.215595] kasan_save_track+0x18/0x40 [ 26.215771] kasan_save_alloc_info+0x3b/0x50 [ 26.215962] __kasan_kmalloc+0xb7/0xc0 [ 26.216126] __kmalloc_cache_noprof+0x189/0x420 [ 26.216724] kasan_atomics+0x95/0x310 [ 26.217036] kunit_try_run_case+0x1a5/0x480 [ 26.217429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.217709] kthread+0x337/0x6f0 [ 26.217872] ret_from_fork+0x116/0x1d0 [ 26.218044] ret_from_fork_asm+0x1a/0x30 [ 26.218221] [ 26.218317] The buggy address belongs to the object at ffff88810490f900 [ 26.218317] which belongs to the cache kmalloc-64 of size 64 [ 26.218721] The buggy address is located 0 bytes to the right of [ 26.218721] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 26.219214] [ 26.219285] The buggy address belongs to the physical page: [ 26.219557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 26.219933] flags: 0x200000000000000(node=0|zone=2) [ 26.220148] page_type: f5(slab) [ 26.220299] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.220670] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.220997] page dumped because: kasan: bad access detected [ 26.221232] [ 26.221332] Memory state around the buggy address: [ 26.221566] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.221874] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.222122] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.222394] ^ [ 26.222651] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.222968] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.223179] ================================================================== [ 25.544892] ================================================================== [ 25.545147] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 25.545524] Read of size 4 at addr ffff88810490f930 by task kunit_try_catch/313 [ 25.546089] [ 25.546181] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.546227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.546239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.546259] Call Trace: [ 25.546274] <TASK> [ 25.546287] dump_stack_lvl+0x73/0xb0 [ 25.546326] print_report+0xd1/0x650 [ 25.546348] ? __virt_addr_valid+0x1db/0x2d0 [ 25.546370] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.546390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.546415] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.546437] kasan_report+0x141/0x180 [ 25.546459] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.546507] __asan_report_load4_noabort+0x18/0x20 [ 25.546531] kasan_atomics_helper+0x4b88/0x5450 [ 25.546553] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.546576] ? kasan_save_alloc_info+0x3b/0x50 [ 25.546603] kasan_atomics+0x1dc/0x310 [ 25.546625] ? __pfx_kasan_atomics+0x10/0x10 [ 25.546648] ? __pfx_read_tsc+0x10/0x10 [ 25.546669] ? ktime_get_ts64+0x86/0x230 [ 25.546692] kunit_try_run_case+0x1a5/0x480 [ 25.546717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.546741] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.546762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.546784] ? __kthread_parkme+0x82/0x180 [ 25.546804] ? preempt_count_sub+0x50/0x80 [ 25.546827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.546853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.546880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.546906] kthread+0x337/0x6f0 [ 25.546928] ? trace_preempt_on+0x20/0xc0 [ 25.546951] ? __pfx_kthread+0x10/0x10 [ 25.546973] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.546999] ? calculate_sigpending+0x7b/0xa0 [ 25.547024] ? __pfx_kthread+0x10/0x10 [ 25.547047] ret_from_fork+0x116/0x1d0 [ 25.547067] ? __pfx_kthread+0x10/0x10 [ 25.547089] ret_from_fork_asm+0x1a/0x30 [ 25.547122] </TASK> [ 25.547134] [ 25.555065] Allocated by task 313: [ 25.555212] kasan_save_stack+0x45/0x70 [ 25.555377] kasan_save_track+0x18/0x40 [ 25.555748] kasan_save_alloc_info+0x3b/0x50 [ 25.555956] __kasan_kmalloc+0xb7/0xc0 [ 25.556085] __kmalloc_cache_noprof+0x189/0x420 [ 25.556235] kasan_atomics+0x95/0x310 [ 25.556451] kunit_try_run_case+0x1a5/0x480 [ 25.556842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.557114] kthread+0x337/0x6f0 [ 25.557272] ret_from_fork+0x116/0x1d0 [ 25.557465] ret_from_fork_asm+0x1a/0x30 [ 25.557657] [ 25.557752] The buggy address belongs to the object at ffff88810490f900 [ 25.557752] which belongs to the cache kmalloc-64 of size 64 [ 25.558276] The buggy address is located 0 bytes to the right of [ 25.558276] allocated 48-byte region [ffff88810490f900, ffff88810490f930) [ 25.558948] [ 25.559049] The buggy address belongs to the physical page: [ 25.559252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490f [ 25.559562] flags: 0x200000000000000(node=0|zone=2) [ 25.560028] page_type: f5(slab) [ 25.560201] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.560614] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.561025] page dumped because: kasan: bad access detected [ 25.561215] [ 25.561282] Memory state around the buggy address: [ 25.561447] ffff88810490f800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.562069] ffff88810490f880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.562744] >ffff88810490f900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.563025] ^ [ 25.563176] ffff88810490f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.563512] ffff88810490fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.563962] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 25.473808] ================================================================== [ 25.474832] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.475110] Read of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.475444] [ 25.475569] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.475620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.475634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.475657] Call Trace: [ 25.475673] <TASK> [ 25.475785] dump_stack_lvl+0x73/0xb0 [ 25.475818] print_report+0xd1/0x650 [ 25.475840] ? __virt_addr_valid+0x1db/0x2d0 [ 25.475863] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.475890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.475918] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.475944] kasan_report+0x141/0x180 [ 25.475966] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.475997] __asan_report_load8_noabort+0x18/0x20 [ 25.476021] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.476048] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.476082] kasan_bitops_generic+0x121/0x1c0 [ 25.476105] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.476129] ? __pfx_read_tsc+0x10/0x10 [ 25.476149] ? ktime_get_ts64+0x86/0x230 [ 25.476174] kunit_try_run_case+0x1a5/0x480 [ 25.476198] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.476222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.476242] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.476264] ? __kthread_parkme+0x82/0x180 [ 25.476284] ? preempt_count_sub+0x50/0x80 [ 25.476321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.476347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.476371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.476395] kthread+0x337/0x6f0 [ 25.476414] ? trace_preempt_on+0x20/0xc0 [ 25.476436] ? __pfx_kthread+0x10/0x10 [ 25.476456] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.476481] ? calculate_sigpending+0x7b/0xa0 [ 25.476734] ? __pfx_kthread+0x10/0x10 [ 25.476757] ret_from_fork+0x116/0x1d0 [ 25.476776] ? __pfx_kthread+0x10/0x10 [ 25.476798] ret_from_fork_asm+0x1a/0x30 [ 25.476828] </TASK> [ 25.476840] [ 25.486982] Allocated by task 309: [ 25.487126] kasan_save_stack+0x45/0x70 [ 25.487333] kasan_save_track+0x18/0x40 [ 25.487812] kasan_save_alloc_info+0x3b/0x50 [ 25.487972] __kasan_kmalloc+0xb7/0xc0 [ 25.488160] __kmalloc_cache_noprof+0x189/0x420 [ 25.488470] kasan_bitops_generic+0x92/0x1c0 [ 25.488892] kunit_try_run_case+0x1a5/0x480 [ 25.489113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.489354] kthread+0x337/0x6f0 [ 25.489507] ret_from_fork+0x116/0x1d0 [ 25.489931] ret_from_fork_asm+0x1a/0x30 [ 25.490121] [ 25.490213] The buggy address belongs to the object at ffff88810586d4c0 [ 25.490213] which belongs to the cache kmalloc-16 of size 16 [ 25.490851] The buggy address is located 8 bytes inside of [ 25.490851] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.491601] [ 25.491681] The buggy address belongs to the physical page: [ 25.492088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.492778] flags: 0x200000000000000(node=0|zone=2) [ 25.493212] page_type: f5(slab) [ 25.493404] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.493922] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.494323] page dumped because: kasan: bad access detected [ 25.494544] [ 25.494711] Memory state around the buggy address: [ 25.495110] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.495576] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.496132] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.496529] ^ [ 25.496774] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.497041] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.497326] ================================================================== [ 25.332431] ================================================================== [ 25.332802] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.333486] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.333992] [ 25.334099] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.334148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.334162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.334183] Call Trace: [ 25.334196] <TASK> [ 25.334209] dump_stack_lvl+0x73/0xb0 [ 25.334237] print_report+0xd1/0x650 [ 25.334258] ? __virt_addr_valid+0x1db/0x2d0 [ 25.334281] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.334320] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.334346] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.334373] kasan_report+0x141/0x180 [ 25.334395] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.334426] kasan_check_range+0x10c/0x1c0 [ 25.334449] __kasan_check_write+0x18/0x20 [ 25.334472] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.334499] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.334533] kasan_bitops_generic+0x121/0x1c0 [ 25.334556] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.334581] ? __pfx_read_tsc+0x10/0x10 [ 25.334602] ? ktime_get_ts64+0x86/0x230 [ 25.334626] kunit_try_run_case+0x1a5/0x480 [ 25.334650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.334673] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.334696] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.334717] ? __kthread_parkme+0x82/0x180 [ 25.334952] ? preempt_count_sub+0x50/0x80 [ 25.334986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.335013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.335038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.335064] kthread+0x337/0x6f0 [ 25.335084] ? trace_preempt_on+0x20/0xc0 [ 25.335107] ? __pfx_kthread+0x10/0x10 [ 25.335129] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.335154] ? calculate_sigpending+0x7b/0xa0 [ 25.335178] ? __pfx_kthread+0x10/0x10 [ 25.335200] ret_from_fork+0x116/0x1d0 [ 25.335219] ? __pfx_kthread+0x10/0x10 [ 25.335240] ret_from_fork_asm+0x1a/0x30 [ 25.335270] </TASK> [ 25.335282] [ 25.342732] Allocated by task 309: [ 25.342860] kasan_save_stack+0x45/0x70 [ 25.342995] kasan_save_track+0x18/0x40 [ 25.343122] kasan_save_alloc_info+0x3b/0x50 [ 25.343339] __kasan_kmalloc+0xb7/0xc0 [ 25.343693] __kmalloc_cache_noprof+0x189/0x420 [ 25.343966] kasan_bitops_generic+0x92/0x1c0 [ 25.344173] kunit_try_run_case+0x1a5/0x480 [ 25.344396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.344658] kthread+0x337/0x6f0 [ 25.344880] ret_from_fork+0x116/0x1d0 [ 25.345041] ret_from_fork_asm+0x1a/0x30 [ 25.345174] [ 25.345239] The buggy address belongs to the object at ffff88810586d4c0 [ 25.345239] which belongs to the cache kmalloc-16 of size 16 [ 25.345643] The buggy address is located 8 bytes inside of [ 25.345643] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.346157] [ 25.346223] The buggy address belongs to the physical page: [ 25.346640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.346902] flags: 0x200000000000000(node=0|zone=2) [ 25.347059] page_type: f5(slab) [ 25.347174] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.347684] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.348184] page dumped because: kasan: bad access detected [ 25.348512] [ 25.348607] Memory state around the buggy address: [ 25.348855] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.349128] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.349425] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.349748] ^ [ 25.350008] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.350345] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.350614] ================================================================== [ 25.351174] ================================================================== [ 25.351466] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.351971] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.352224] [ 25.352298] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.352355] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.352369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.352389] Call Trace: [ 25.352403] <TASK> [ 25.352416] dump_stack_lvl+0x73/0xb0 [ 25.352442] print_report+0xd1/0x650 [ 25.352465] ? __virt_addr_valid+0x1db/0x2d0 [ 25.352487] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.352524] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.352551] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.352577] kasan_report+0x141/0x180 [ 25.352599] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.352630] kasan_check_range+0x10c/0x1c0 [ 25.352653] __kasan_check_write+0x18/0x20 [ 25.352677] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.352704] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.352737] kasan_bitops_generic+0x121/0x1c0 [ 25.352761] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.352786] ? __pfx_read_tsc+0x10/0x10 [ 25.352808] ? ktime_get_ts64+0x86/0x230 [ 25.352831] kunit_try_run_case+0x1a5/0x480 [ 25.352856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.352879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.352900] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.352922] ? __kthread_parkme+0x82/0x180 [ 25.352943] ? preempt_count_sub+0x50/0x80 [ 25.352966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.352991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.353062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.353090] kthread+0x337/0x6f0 [ 25.353110] ? trace_preempt_on+0x20/0xc0 [ 25.353132] ? __pfx_kthread+0x10/0x10 [ 25.353153] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.353178] ? calculate_sigpending+0x7b/0xa0 [ 25.353201] ? __pfx_kthread+0x10/0x10 [ 25.353222] ret_from_fork+0x116/0x1d0 [ 25.353242] ? __pfx_kthread+0x10/0x10 [ 25.353263] ret_from_fork_asm+0x1a/0x30 [ 25.353293] </TASK> [ 25.353304] [ 25.362530] Allocated by task 309: [ 25.363056] kasan_save_stack+0x45/0x70 [ 25.363472] kasan_save_track+0x18/0x40 [ 25.363935] kasan_save_alloc_info+0x3b/0x50 [ 25.364345] __kasan_kmalloc+0xb7/0xc0 [ 25.364777] __kmalloc_cache_noprof+0x189/0x420 [ 25.365167] kasan_bitops_generic+0x92/0x1c0 [ 25.365331] kunit_try_run_case+0x1a5/0x480 [ 25.365793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.366271] kthread+0x337/0x6f0 [ 25.366555] ret_from_fork+0x116/0x1d0 [ 25.366966] ret_from_fork_asm+0x1a/0x30 [ 25.367116] [ 25.367182] The buggy address belongs to the object at ffff88810586d4c0 [ 25.367182] which belongs to the cache kmalloc-16 of size 16 [ 25.367536] The buggy address is located 8 bytes inside of [ 25.367536] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.367881] [ 25.367947] The buggy address belongs to the physical page: [ 25.368169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.368920] flags: 0x200000000000000(node=0|zone=2) [ 25.369446] page_type: f5(slab) [ 25.369852] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.370574] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.371433] page dumped because: kasan: bad access detected [ 25.372097] [ 25.372284] Memory state around the buggy address: [ 25.372806] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.373510] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.374431] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.375296] ^ [ 25.375973] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.376752] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.377378] ================================================================== [ 25.451044] ================================================================== [ 25.451356] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.451735] Read of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.452159] [ 25.452275] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.452333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.452346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.452367] Call Trace: [ 25.452383] <TASK> [ 25.452397] dump_stack_lvl+0x73/0xb0 [ 25.452424] print_report+0xd1/0x650 [ 25.452482] ? __virt_addr_valid+0x1db/0x2d0 [ 25.452518] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.452555] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.452581] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.452608] kasan_report+0x141/0x180 [ 25.452630] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.452662] kasan_check_range+0x10c/0x1c0 [ 25.452685] __kasan_check_read+0x15/0x20 [ 25.452708] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.452735] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.452842] kasan_bitops_generic+0x121/0x1c0 [ 25.452905] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.452930] ? __pfx_read_tsc+0x10/0x10 [ 25.452962] ? ktime_get_ts64+0x86/0x230 [ 25.452987] kunit_try_run_case+0x1a5/0x480 [ 25.453039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.453064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.453097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.453119] ? __kthread_parkme+0x82/0x180 [ 25.453139] ? preempt_count_sub+0x50/0x80 [ 25.453162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.453187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.453211] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.453236] kthread+0x337/0x6f0 [ 25.453255] ? trace_preempt_on+0x20/0xc0 [ 25.453276] ? __pfx_kthread+0x10/0x10 [ 25.453298] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.453333] ? calculate_sigpending+0x7b/0xa0 [ 25.453355] ? __pfx_kthread+0x10/0x10 [ 25.453377] ret_from_fork+0x116/0x1d0 [ 25.453397] ? __pfx_kthread+0x10/0x10 [ 25.453418] ret_from_fork_asm+0x1a/0x30 [ 25.453449] </TASK> [ 25.453461] [ 25.462691] Allocated by task 309: [ 25.462825] kasan_save_stack+0x45/0x70 [ 25.463211] kasan_save_track+0x18/0x40 [ 25.463641] kasan_save_alloc_info+0x3b/0x50 [ 25.463842] __kasan_kmalloc+0xb7/0xc0 [ 25.464282] __kmalloc_cache_noprof+0x189/0x420 [ 25.464449] kasan_bitops_generic+0x92/0x1c0 [ 25.464927] kunit_try_run_case+0x1a5/0x480 [ 25.465246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.465540] kthread+0x337/0x6f0 [ 25.465764] ret_from_fork+0x116/0x1d0 [ 25.466019] ret_from_fork_asm+0x1a/0x30 [ 25.466529] [ 25.466623] The buggy address belongs to the object at ffff88810586d4c0 [ 25.466623] which belongs to the cache kmalloc-16 of size 16 [ 25.467235] The buggy address is located 8 bytes inside of [ 25.467235] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.468011] [ 25.468110] The buggy address belongs to the physical page: [ 25.468320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.468834] flags: 0x200000000000000(node=0|zone=2) [ 25.469058] page_type: f5(slab) [ 25.469236] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.469636] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.470078] page dumped because: kasan: bad access detected [ 25.470405] [ 25.470492] Memory state around the buggy address: [ 25.470795] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.471337] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.471767] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.472277] ^ [ 25.472550] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.472975] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.473319] ================================================================== [ 25.378263] ================================================================== [ 25.378513] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.379233] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.380032] [ 25.380353] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.380406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.380419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.380440] Call Trace: [ 25.380456] <TASK> [ 25.380471] dump_stack_lvl+0x73/0xb0 [ 25.380530] print_report+0xd1/0x650 [ 25.380552] ? __virt_addr_valid+0x1db/0x2d0 [ 25.380587] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.380614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.380639] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.380666] kasan_report+0x141/0x180 [ 25.380746] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.380778] kasan_check_range+0x10c/0x1c0 [ 25.380801] __kasan_check_write+0x18/0x20 [ 25.380825] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.380851] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.380885] kasan_bitops_generic+0x121/0x1c0 [ 25.380908] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.380932] ? __pfx_read_tsc+0x10/0x10 [ 25.380953] ? ktime_get_ts64+0x86/0x230 [ 25.380977] kunit_try_run_case+0x1a5/0x480 [ 25.381002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.381025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.381046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.381069] ? __kthread_parkme+0x82/0x180 [ 25.381089] ? preempt_count_sub+0x50/0x80 [ 25.381112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.381136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.381160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.381185] kthread+0x337/0x6f0 [ 25.381204] ? trace_preempt_on+0x20/0xc0 [ 25.381226] ? __pfx_kthread+0x10/0x10 [ 25.381247] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.381270] ? calculate_sigpending+0x7b/0xa0 [ 25.381294] ? __pfx_kthread+0x10/0x10 [ 25.381329] ret_from_fork+0x116/0x1d0 [ 25.381349] ? __pfx_kthread+0x10/0x10 [ 25.381370] ret_from_fork_asm+0x1a/0x30 [ 25.381400] </TASK> [ 25.381413] [ 25.394372] Allocated by task 309: [ 25.394525] kasan_save_stack+0x45/0x70 [ 25.395149] kasan_save_track+0x18/0x40 [ 25.395659] kasan_save_alloc_info+0x3b/0x50 [ 25.396299] __kasan_kmalloc+0xb7/0xc0 [ 25.396830] __kmalloc_cache_noprof+0x189/0x420 [ 25.397260] kasan_bitops_generic+0x92/0x1c0 [ 25.397428] kunit_try_run_case+0x1a5/0x480 [ 25.397611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.398318] kthread+0x337/0x6f0 [ 25.398790] ret_from_fork+0x116/0x1d0 [ 25.399281] ret_from_fork_asm+0x1a/0x30 [ 25.399904] [ 25.400230] The buggy address belongs to the object at ffff88810586d4c0 [ 25.400230] which belongs to the cache kmalloc-16 of size 16 [ 25.401350] The buggy address is located 8 bytes inside of [ 25.401350] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.402064] [ 25.402406] The buggy address belongs to the physical page: [ 25.403018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.403647] flags: 0x200000000000000(node=0|zone=2) [ 25.404220] page_type: f5(slab) [ 25.404365] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.405034] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.406050] page dumped because: kasan: bad access detected [ 25.406552] [ 25.406711] Memory state around the buggy address: [ 25.407161] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.407519] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.408462] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.409026] ^ [ 25.409211] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.409444] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.409727] ================================================================== [ 25.410227] ================================================================== [ 25.410484] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.411042] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.411325] [ 25.411444] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.411514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.411528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.411561] Call Trace: [ 25.411577] <TASK> [ 25.411592] dump_stack_lvl+0x73/0xb0 [ 25.411619] print_report+0xd1/0x650 [ 25.411641] ? __virt_addr_valid+0x1db/0x2d0 [ 25.411664] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.411689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.411715] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.411742] kasan_report+0x141/0x180 [ 25.411764] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.411795] kasan_check_range+0x10c/0x1c0 [ 25.411818] __kasan_check_write+0x18/0x20 [ 25.411840] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.411867] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.411911] kasan_bitops_generic+0x121/0x1c0 [ 25.411935] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.411959] ? __pfx_read_tsc+0x10/0x10 [ 25.412047] ? ktime_get_ts64+0x86/0x230 [ 25.412077] kunit_try_run_case+0x1a5/0x480 [ 25.412102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.412139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.412161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.412183] ? __kthread_parkme+0x82/0x180 [ 25.412204] ? preempt_count_sub+0x50/0x80 [ 25.412227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.412252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.412277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.412302] kthread+0x337/0x6f0 [ 25.412342] ? trace_preempt_on+0x20/0xc0 [ 25.412365] ? __pfx_kthread+0x10/0x10 [ 25.412386] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.412420] ? calculate_sigpending+0x7b/0xa0 [ 25.412445] ? __pfx_kthread+0x10/0x10 [ 25.412467] ret_from_fork+0x116/0x1d0 [ 25.412486] ? __pfx_kthread+0x10/0x10 [ 25.412515] ret_from_fork_asm+0x1a/0x30 [ 25.412547] </TASK> [ 25.412558] [ 25.420968] Allocated by task 309: [ 25.421173] kasan_save_stack+0x45/0x70 [ 25.421408] kasan_save_track+0x18/0x40 [ 25.421797] kasan_save_alloc_info+0x3b/0x50 [ 25.422021] __kasan_kmalloc+0xb7/0xc0 [ 25.422260] __kmalloc_cache_noprof+0x189/0x420 [ 25.422476] kasan_bitops_generic+0x92/0x1c0 [ 25.422654] kunit_try_run_case+0x1a5/0x480 [ 25.422878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.423117] kthread+0x337/0x6f0 [ 25.423235] ret_from_fork+0x116/0x1d0 [ 25.423426] ret_from_fork_asm+0x1a/0x30 [ 25.423633] [ 25.423737] The buggy address belongs to the object at ffff88810586d4c0 [ 25.423737] which belongs to the cache kmalloc-16 of size 16 [ 25.424239] The buggy address is located 8 bytes inside of [ 25.424239] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.424944] [ 25.425154] The buggy address belongs to the physical page: [ 25.425430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.425907] flags: 0x200000000000000(node=0|zone=2) [ 25.426199] page_type: f5(slab) [ 25.426333] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.426643] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.427003] page dumped because: kasan: bad access detected [ 25.427349] [ 25.427414] Memory state around the buggy address: [ 25.427720] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.428040] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.428321] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.428881] ^ [ 25.429124] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.429352] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.429580] ================================================================== [ 25.430034] ================================================================== [ 25.430397] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.430798] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.431182] [ 25.431282] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.431338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.431350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.431371] Call Trace: [ 25.431385] <TASK> [ 25.431399] dump_stack_lvl+0x73/0xb0 [ 25.431426] print_report+0xd1/0x650 [ 25.431447] ? __virt_addr_valid+0x1db/0x2d0 [ 25.431470] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.431496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.431522] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.431548] kasan_report+0x141/0x180 [ 25.431570] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.431600] kasan_check_range+0x10c/0x1c0 [ 25.431634] __kasan_check_write+0x18/0x20 [ 25.431658] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.431685] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.431731] kasan_bitops_generic+0x121/0x1c0 [ 25.431808] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.431849] ? __pfx_read_tsc+0x10/0x10 [ 25.431871] ? ktime_get_ts64+0x86/0x230 [ 25.431894] kunit_try_run_case+0x1a5/0x480 [ 25.431919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.431942] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.431964] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.431985] ? __kthread_parkme+0x82/0x180 [ 25.432005] ? preempt_count_sub+0x50/0x80 [ 25.432029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.432063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.432087] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.432112] kthread+0x337/0x6f0 [ 25.432142] ? trace_preempt_on+0x20/0xc0 [ 25.432165] ? __pfx_kthread+0x10/0x10 [ 25.432186] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.432209] ? calculate_sigpending+0x7b/0xa0 [ 25.432232] ? __pfx_kthread+0x10/0x10 [ 25.432253] ret_from_fork+0x116/0x1d0 [ 25.432272] ? __pfx_kthread+0x10/0x10 [ 25.432292] ret_from_fork_asm+0x1a/0x30 [ 25.432333] </TASK> [ 25.432344] [ 25.441105] Allocated by task 309: [ 25.441303] kasan_save_stack+0x45/0x70 [ 25.441602] kasan_save_track+0x18/0x40 [ 25.441877] kasan_save_alloc_info+0x3b/0x50 [ 25.442043] __kasan_kmalloc+0xb7/0xc0 [ 25.442171] __kmalloc_cache_noprof+0x189/0x420 [ 25.442342] kasan_bitops_generic+0x92/0x1c0 [ 25.442550] kunit_try_run_case+0x1a5/0x480 [ 25.442758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.443011] kthread+0x337/0x6f0 [ 25.443335] ret_from_fork+0x116/0x1d0 [ 25.443722] ret_from_fork_asm+0x1a/0x30 [ 25.443930] [ 25.443998] The buggy address belongs to the object at ffff88810586d4c0 [ 25.443998] which belongs to the cache kmalloc-16 of size 16 [ 25.444405] The buggy address is located 8 bytes inside of [ 25.444405] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.445491] [ 25.445649] The buggy address belongs to the physical page: [ 25.445977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.446293] flags: 0x200000000000000(node=0|zone=2) [ 25.446465] page_type: f5(slab) [ 25.446581] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.447211] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.447525] page dumped because: kasan: bad access detected [ 25.447919] [ 25.448014] Memory state around the buggy address: [ 25.448178] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.448444] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.448942] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.449366] ^ [ 25.449788] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.450060] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.450370] ================================================================== [ 25.291097] ================================================================== [ 25.291476] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.292076] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.292358] [ 25.292484] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.292531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.292545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.292566] Call Trace: [ 25.292579] <TASK> [ 25.292593] dump_stack_lvl+0x73/0xb0 [ 25.292620] print_report+0xd1/0x650 [ 25.292641] ? __virt_addr_valid+0x1db/0x2d0 [ 25.292664] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.292771] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.292797] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.292824] kasan_report+0x141/0x180 [ 25.292847] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.292878] kasan_check_range+0x10c/0x1c0 [ 25.292918] __kasan_check_write+0x18/0x20 [ 25.292942] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.292968] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.293002] kasan_bitops_generic+0x121/0x1c0 [ 25.293025] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.293050] ? __pfx_read_tsc+0x10/0x10 [ 25.293087] ? ktime_get_ts64+0x86/0x230 [ 25.293110] kunit_try_run_case+0x1a5/0x480 [ 25.293135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.293179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.293201] ? __kthread_parkme+0x82/0x180 [ 25.293239] ? preempt_count_sub+0x50/0x80 [ 25.293263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.293323] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.293348] kthread+0x337/0x6f0 [ 25.293367] ? trace_preempt_on+0x20/0xc0 [ 25.293389] ? __pfx_kthread+0x10/0x10 [ 25.293410] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.293434] ? calculate_sigpending+0x7b/0xa0 [ 25.293457] ? __pfx_kthread+0x10/0x10 [ 25.293503] ret_from_fork+0x116/0x1d0 [ 25.293523] ? __pfx_kthread+0x10/0x10 [ 25.293543] ret_from_fork_asm+0x1a/0x30 [ 25.293574] </TASK> [ 25.293587] [ 25.302742] Allocated by task 309: [ 25.302935] kasan_save_stack+0x45/0x70 [ 25.303097] kasan_save_track+0x18/0x40 [ 25.303227] kasan_save_alloc_info+0x3b/0x50 [ 25.303425] __kasan_kmalloc+0xb7/0xc0 [ 25.303860] __kmalloc_cache_noprof+0x189/0x420 [ 25.304113] kasan_bitops_generic+0x92/0x1c0 [ 25.304318] kunit_try_run_case+0x1a5/0x480 [ 25.304560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.304834] kthread+0x337/0x6f0 [ 25.304955] ret_from_fork+0x116/0x1d0 [ 25.305133] ret_from_fork_asm+0x1a/0x30 [ 25.305360] [ 25.305448] The buggy address belongs to the object at ffff88810586d4c0 [ 25.305448] which belongs to the cache kmalloc-16 of size 16 [ 25.306206] The buggy address is located 8 bytes inside of [ 25.306206] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.306908] [ 25.307014] The buggy address belongs to the physical page: [ 25.307204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.307451] flags: 0x200000000000000(node=0|zone=2) [ 25.307870] page_type: f5(slab) [ 25.308043] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.308499] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.308885] page dumped because: kasan: bad access detected [ 25.309119] [ 25.309231] Memory state around the buggy address: [ 25.309482] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.309808] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.310262] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.310536] ^ [ 25.310998] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.311374] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.311652] ================================================================== [ 25.312267] ================================================================== [ 25.312593] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.313074] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.313413] [ 25.313519] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.313564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.313577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.313598] Call Trace: [ 25.313614] <TASK> [ 25.313649] dump_stack_lvl+0x73/0xb0 [ 25.313822] print_report+0xd1/0x650 [ 25.313856] ? __virt_addr_valid+0x1db/0x2d0 [ 25.313880] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.313906] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.313932] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.313958] kasan_report+0x141/0x180 [ 25.313980] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.314011] kasan_check_range+0x10c/0x1c0 [ 25.314034] __kasan_check_write+0x18/0x20 [ 25.314057] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.314083] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.314118] kasan_bitops_generic+0x121/0x1c0 [ 25.314142] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.314166] ? __pfx_read_tsc+0x10/0x10 [ 25.314188] ? ktime_get_ts64+0x86/0x230 [ 25.314212] kunit_try_run_case+0x1a5/0x480 [ 25.314237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.314260] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.314282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.314318] ? __kthread_parkme+0x82/0x180 [ 25.314338] ? preempt_count_sub+0x50/0x80 [ 25.314361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.314386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.314410] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.314435] kthread+0x337/0x6f0 [ 25.314455] ? trace_preempt_on+0x20/0xc0 [ 25.314477] ? __pfx_kthread+0x10/0x10 [ 25.314524] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.314548] ? calculate_sigpending+0x7b/0xa0 [ 25.314572] ? __pfx_kthread+0x10/0x10 [ 25.314594] ret_from_fork+0x116/0x1d0 [ 25.314613] ? __pfx_kthread+0x10/0x10 [ 25.314634] ret_from_fork_asm+0x1a/0x30 [ 25.314663] </TASK> [ 25.314686] [ 25.323285] Allocated by task 309: [ 25.323474] kasan_save_stack+0x45/0x70 [ 25.323740] kasan_save_track+0x18/0x40 [ 25.323966] kasan_save_alloc_info+0x3b/0x50 [ 25.324124] __kasan_kmalloc+0xb7/0xc0 [ 25.324317] __kmalloc_cache_noprof+0x189/0x420 [ 25.324590] kasan_bitops_generic+0x92/0x1c0 [ 25.324810] kunit_try_run_case+0x1a5/0x480 [ 25.325093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.325386] kthread+0x337/0x6f0 [ 25.325556] ret_from_fork+0x116/0x1d0 [ 25.325974] ret_from_fork_asm+0x1a/0x30 [ 25.326135] [ 25.326201] The buggy address belongs to the object at ffff88810586d4c0 [ 25.326201] which belongs to the cache kmalloc-16 of size 16 [ 25.326810] The buggy address is located 8 bytes inside of [ 25.326810] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.327287] [ 25.327404] The buggy address belongs to the physical page: [ 25.327665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.328129] flags: 0x200000000000000(node=0|zone=2) [ 25.328392] page_type: f5(slab) [ 25.328554] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.328868] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.329086] page dumped because: kasan: bad access detected [ 25.329251] [ 25.329322] Memory state around the buggy address: [ 25.329470] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.330074] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.330663] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.331020] ^ [ 25.331422] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.331848] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.332061] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 25.248820] ================================================================== [ 25.249137] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.249610] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.250053] [ 25.250182] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.250249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.250262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.250284] Call Trace: [ 25.250297] <TASK> [ 25.250324] dump_stack_lvl+0x73/0xb0 [ 25.250352] print_report+0xd1/0x650 [ 25.250392] ? __virt_addr_valid+0x1db/0x2d0 [ 25.250414] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.250464] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250489] kasan_report+0x141/0x180 [ 25.250510] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250539] kasan_check_range+0x10c/0x1c0 [ 25.250577] __kasan_check_write+0x18/0x20 [ 25.250610] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.250634] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.250726] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.250755] ? trace_hardirqs_on+0x37/0xe0 [ 25.250776] ? kasan_bitops_generic+0x92/0x1c0 [ 25.250805] kasan_bitops_generic+0x116/0x1c0 [ 25.250828] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.250852] ? __pfx_read_tsc+0x10/0x10 [ 25.250873] ? ktime_get_ts64+0x86/0x230 [ 25.250919] kunit_try_run_case+0x1a5/0x480 [ 25.250945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.250983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.251005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.251027] ? __kthread_parkme+0x82/0x180 [ 25.251046] ? preempt_count_sub+0x50/0x80 [ 25.251069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.251094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.251118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.251142] kthread+0x337/0x6f0 [ 25.251163] ? trace_preempt_on+0x20/0xc0 [ 25.251202] ? __pfx_kthread+0x10/0x10 [ 25.251222] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.251262] ? calculate_sigpending+0x7b/0xa0 [ 25.251285] ? __pfx_kthread+0x10/0x10 [ 25.251317] ret_from_fork+0x116/0x1d0 [ 25.251335] ? __pfx_kthread+0x10/0x10 [ 25.251356] ret_from_fork_asm+0x1a/0x30 [ 25.251401] </TASK> [ 25.251413] [ 25.259931] Allocated by task 309: [ 25.260109] kasan_save_stack+0x45/0x70 [ 25.260461] kasan_save_track+0x18/0x40 [ 25.260604] kasan_save_alloc_info+0x3b/0x50 [ 25.261017] __kasan_kmalloc+0xb7/0xc0 [ 25.261155] __kmalloc_cache_noprof+0x189/0x420 [ 25.261299] kasan_bitops_generic+0x92/0x1c0 [ 25.261594] kunit_try_run_case+0x1a5/0x480 [ 25.261940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.262236] kthread+0x337/0x6f0 [ 25.262413] ret_from_fork+0x116/0x1d0 [ 25.262588] ret_from_fork_asm+0x1a/0x30 [ 25.262935] [ 25.263096] The buggy address belongs to the object at ffff88810586d4c0 [ 25.263096] which belongs to the cache kmalloc-16 of size 16 [ 25.263596] The buggy address is located 8 bytes inside of [ 25.263596] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.264193] [ 25.264319] The buggy address belongs to the physical page: [ 25.264566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.264959] flags: 0x200000000000000(node=0|zone=2) [ 25.265180] page_type: f5(slab) [ 25.265344] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.265684] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.265967] page dumped because: kasan: bad access detected [ 25.266125] [ 25.266186] Memory state around the buggy address: [ 25.266425] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.267223] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.267549] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.267931] ^ [ 25.268221] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.268560] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.269058] ================================================================== [ 25.165142] ================================================================== [ 25.165927] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.166334] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.166958] [ 25.167068] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.167114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.167127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.167147] Call Trace: [ 25.167180] <TASK> [ 25.167194] dump_stack_lvl+0x73/0xb0 [ 25.167222] print_report+0xd1/0x650 [ 25.167258] ? __virt_addr_valid+0x1db/0x2d0 [ 25.167294] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167344] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.167383] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167408] kasan_report+0x141/0x180 [ 25.167430] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167460] kasan_check_range+0x10c/0x1c0 [ 25.167483] __kasan_check_write+0x18/0x20 [ 25.167520] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.167545] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.167571] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.167595] ? trace_hardirqs_on+0x37/0xe0 [ 25.167617] ? kasan_bitops_generic+0x92/0x1c0 [ 25.167643] kasan_bitops_generic+0x116/0x1c0 [ 25.167666] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.167706] ? __pfx_read_tsc+0x10/0x10 [ 25.167727] ? ktime_get_ts64+0x86/0x230 [ 25.167751] kunit_try_run_case+0x1a5/0x480 [ 25.167776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.167800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.167822] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.167844] ? __kthread_parkme+0x82/0x180 [ 25.167864] ? preempt_count_sub+0x50/0x80 [ 25.167888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.167913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.167937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.167961] kthread+0x337/0x6f0 [ 25.167981] ? trace_preempt_on+0x20/0xc0 [ 25.168003] ? __pfx_kthread+0x10/0x10 [ 25.168023] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.168047] ? calculate_sigpending+0x7b/0xa0 [ 25.168071] ? __pfx_kthread+0x10/0x10 [ 25.168092] ret_from_fork+0x116/0x1d0 [ 25.168111] ? __pfx_kthread+0x10/0x10 [ 25.168131] ret_from_fork_asm+0x1a/0x30 [ 25.168162] </TASK> [ 25.168173] [ 25.177104] Allocated by task 309: [ 25.177229] kasan_save_stack+0x45/0x70 [ 25.177406] kasan_save_track+0x18/0x40 [ 25.177727] kasan_save_alloc_info+0x3b/0x50 [ 25.178004] __kasan_kmalloc+0xb7/0xc0 [ 25.178208] __kmalloc_cache_noprof+0x189/0x420 [ 25.178404] kasan_bitops_generic+0x92/0x1c0 [ 25.178567] kunit_try_run_case+0x1a5/0x480 [ 25.178794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.179106] kthread+0x337/0x6f0 [ 25.179317] ret_from_fork+0x116/0x1d0 [ 25.179527] ret_from_fork_asm+0x1a/0x30 [ 25.179731] [ 25.179834] The buggy address belongs to the object at ffff88810586d4c0 [ 25.179834] which belongs to the cache kmalloc-16 of size 16 [ 25.180317] The buggy address is located 8 bytes inside of [ 25.180317] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.180871] [ 25.180969] The buggy address belongs to the physical page: [ 25.181194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.181430] flags: 0x200000000000000(node=0|zone=2) [ 25.181581] page_type: f5(slab) [ 25.181692] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.181952] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.182560] page dumped because: kasan: bad access detected [ 25.183034] [ 25.183127] Memory state around the buggy address: [ 25.183352] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.183629] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.184141] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.184480] ^ [ 25.184926] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.185198] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.185413] ================================================================== [ 25.269476] ================================================================== [ 25.269945] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.270239] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.270462] [ 25.270622] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.270687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.270700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.270721] Call Trace: [ 25.270734] <TASK> [ 25.270765] dump_stack_lvl+0x73/0xb0 [ 25.270791] print_report+0xd1/0x650 [ 25.270828] ? __virt_addr_valid+0x1db/0x2d0 [ 25.270863] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.270900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.270925] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.270963] kasan_report+0x141/0x180 [ 25.270984] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.271013] kasan_check_range+0x10c/0x1c0 [ 25.271037] __kasan_check_write+0x18/0x20 [ 25.271224] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.271250] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.271276] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.271300] ? trace_hardirqs_on+0x37/0xe0 [ 25.271335] ? kasan_bitops_generic+0x92/0x1c0 [ 25.271362] kasan_bitops_generic+0x116/0x1c0 [ 25.271385] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.271408] ? __pfx_read_tsc+0x10/0x10 [ 25.271430] ? ktime_get_ts64+0x86/0x230 [ 25.271453] kunit_try_run_case+0x1a5/0x480 [ 25.271478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.271501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.271522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.271544] ? __kthread_parkme+0x82/0x180 [ 25.271564] ? preempt_count_sub+0x50/0x80 [ 25.271587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.271612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.271635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.271682] kthread+0x337/0x6f0 [ 25.271702] ? trace_preempt_on+0x20/0xc0 [ 25.271737] ? __pfx_kthread+0x10/0x10 [ 25.271770] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.271807] ? calculate_sigpending+0x7b/0xa0 [ 25.271831] ? __pfx_kthread+0x10/0x10 [ 25.271853] ret_from_fork+0x116/0x1d0 [ 25.271886] ? __pfx_kthread+0x10/0x10 [ 25.271920] ret_from_fork_asm+0x1a/0x30 [ 25.271950] </TASK> [ 25.271961] [ 25.280743] Allocated by task 309: [ 25.280927] kasan_save_stack+0x45/0x70 [ 25.281126] kasan_save_track+0x18/0x40 [ 25.281339] kasan_save_alloc_info+0x3b/0x50 [ 25.281550] __kasan_kmalloc+0xb7/0xc0 [ 25.281785] __kmalloc_cache_noprof+0x189/0x420 [ 25.281997] kasan_bitops_generic+0x92/0x1c0 [ 25.282192] kunit_try_run_case+0x1a5/0x480 [ 25.282474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.282685] kthread+0x337/0x6f0 [ 25.282801] ret_from_fork+0x116/0x1d0 [ 25.283032] ret_from_fork_asm+0x1a/0x30 [ 25.283232] [ 25.283363] The buggy address belongs to the object at ffff88810586d4c0 [ 25.283363] which belongs to the cache kmalloc-16 of size 16 [ 25.284235] The buggy address is located 8 bytes inside of [ 25.284235] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.284871] [ 25.284961] The buggy address belongs to the physical page: [ 25.285221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.285463] flags: 0x200000000000000(node=0|zone=2) [ 25.285682] page_type: f5(slab) [ 25.286105] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.286510] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.286951] page dumped because: kasan: bad access detected [ 25.287146] [ 25.287209] Memory state around the buggy address: [ 25.287393] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.287960] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.288207] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.288479] ^ [ 25.288806] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.289026] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.289224] ================================================================== [ 25.228030] ================================================================== [ 25.228480] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.228917] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.229134] [ 25.229209] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.229254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.229267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.229288] Call Trace: [ 25.229303] <TASK> [ 25.229332] dump_stack_lvl+0x73/0xb0 [ 25.229359] print_report+0xd1/0x650 [ 25.229380] ? __virt_addr_valid+0x1db/0x2d0 [ 25.229403] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229427] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.229453] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229478] kasan_report+0x141/0x180 [ 25.229500] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229529] kasan_check_range+0x10c/0x1c0 [ 25.229552] __kasan_check_write+0x18/0x20 [ 25.229575] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.229600] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.229627] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.229649] ? trace_hardirqs_on+0x37/0xe0 [ 25.229670] ? kasan_bitops_generic+0x92/0x1c0 [ 25.229697] kasan_bitops_generic+0x116/0x1c0 [ 25.229720] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.229750] ? __pfx_read_tsc+0x10/0x10 [ 25.229770] ? ktime_get_ts64+0x86/0x230 [ 25.229794] kunit_try_run_case+0x1a5/0x480 [ 25.229818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.229842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.229980] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.230010] ? __kthread_parkme+0x82/0x180 [ 25.230030] ? preempt_count_sub+0x50/0x80 [ 25.230053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.230078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.230102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.230127] kthread+0x337/0x6f0 [ 25.230146] ? trace_preempt_on+0x20/0xc0 [ 25.230167] ? __pfx_kthread+0x10/0x10 [ 25.230189] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.230213] ? calculate_sigpending+0x7b/0xa0 [ 25.230235] ? __pfx_kthread+0x10/0x10 [ 25.230257] ret_from_fork+0x116/0x1d0 [ 25.230275] ? __pfx_kthread+0x10/0x10 [ 25.230296] ret_from_fork_asm+0x1a/0x30 [ 25.230337] </TASK> [ 25.230348] [ 25.239478] Allocated by task 309: [ 25.239743] kasan_save_stack+0x45/0x70 [ 25.239936] kasan_save_track+0x18/0x40 [ 25.240174] kasan_save_alloc_info+0x3b/0x50 [ 25.240375] __kasan_kmalloc+0xb7/0xc0 [ 25.240514] __kmalloc_cache_noprof+0x189/0x420 [ 25.240844] kasan_bitops_generic+0x92/0x1c0 [ 25.241075] kunit_try_run_case+0x1a5/0x480 [ 25.241224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.241479] kthread+0x337/0x6f0 [ 25.241628] ret_from_fork+0x116/0x1d0 [ 25.242003] ret_from_fork_asm+0x1a/0x30 [ 25.242148] [ 25.242211] The buggy address belongs to the object at ffff88810586d4c0 [ 25.242211] which belongs to the cache kmalloc-16 of size 16 [ 25.242595] The buggy address is located 8 bytes inside of [ 25.242595] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.243389] [ 25.243459] The buggy address belongs to the physical page: [ 25.243619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.243844] flags: 0x200000000000000(node=0|zone=2) [ 25.244199] page_type: f5(slab) [ 25.244407] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.244890] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.245441] page dumped because: kasan: bad access detected [ 25.245867] [ 25.245938] Memory state around the buggy address: [ 25.246083] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.246602] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.247111] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.247334] ^ [ 25.247680] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.248053] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.248355] ================================================================== [ 25.185810] ================================================================== [ 25.186048] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.186825] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.187296] [ 25.187441] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.187504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.187517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.187538] Call Trace: [ 25.187554] <TASK> [ 25.187568] dump_stack_lvl+0x73/0xb0 [ 25.187616] print_report+0xd1/0x650 [ 25.187638] ? __virt_addr_valid+0x1db/0x2d0 [ 25.187661] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187726] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.187755] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187780] kasan_report+0x141/0x180 [ 25.187802] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187831] kasan_check_range+0x10c/0x1c0 [ 25.187855] __kasan_check_write+0x18/0x20 [ 25.187900] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.187926] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.187951] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.187975] ? trace_hardirqs_on+0x37/0xe0 [ 25.187998] ? kasan_bitops_generic+0x92/0x1c0 [ 25.188024] kasan_bitops_generic+0x116/0x1c0 [ 25.188064] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.188089] ? __pfx_read_tsc+0x10/0x10 [ 25.188110] ? ktime_get_ts64+0x86/0x230 [ 25.188134] kunit_try_run_case+0x1a5/0x480 [ 25.188159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.188183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.188204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.188243] ? __kthread_parkme+0x82/0x180 [ 25.188264] ? preempt_count_sub+0x50/0x80 [ 25.188287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.188322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.188347] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.188371] kthread+0x337/0x6f0 [ 25.188404] ? trace_preempt_on+0x20/0xc0 [ 25.188426] ? __pfx_kthread+0x10/0x10 [ 25.188447] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.188472] ? calculate_sigpending+0x7b/0xa0 [ 25.188496] ? __pfx_kthread+0x10/0x10 [ 25.188518] ret_from_fork+0x116/0x1d0 [ 25.188536] ? __pfx_kthread+0x10/0x10 [ 25.188558] ret_from_fork_asm+0x1a/0x30 [ 25.188604] </TASK> [ 25.188615] [ 25.197851] Allocated by task 309: [ 25.198049] kasan_save_stack+0x45/0x70 [ 25.198230] kasan_save_track+0x18/0x40 [ 25.198439] kasan_save_alloc_info+0x3b/0x50 [ 25.198645] __kasan_kmalloc+0xb7/0xc0 [ 25.198784] __kmalloc_cache_noprof+0x189/0x420 [ 25.198930] kasan_bitops_generic+0x92/0x1c0 [ 25.199440] kunit_try_run_case+0x1a5/0x480 [ 25.199705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.199868] kthread+0x337/0x6f0 [ 25.199977] ret_from_fork+0x116/0x1d0 [ 25.200097] ret_from_fork_asm+0x1a/0x30 [ 25.200222] [ 25.200300] The buggy address belongs to the object at ffff88810586d4c0 [ 25.200300] which belongs to the cache kmalloc-16 of size 16 [ 25.201397] The buggy address is located 8 bytes inside of [ 25.201397] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.202029] [ 25.202100] The buggy address belongs to the physical page: [ 25.202260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.202849] flags: 0x200000000000000(node=0|zone=2) [ 25.203122] page_type: f5(slab) [ 25.203271] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.203655] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.203961] page dumped because: kasan: bad access detected [ 25.204120] [ 25.204199] Memory state around the buggy address: [ 25.204501] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.204983] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.205386] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.205742] ^ [ 25.206001] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.206299] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.206673] ================================================================== [ 25.207023] ================================================================== [ 25.207299] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208014] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.208373] [ 25.208500] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.208548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.208560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.208599] Call Trace: [ 25.208614] <TASK> [ 25.208629] dump_stack_lvl+0x73/0xb0 [ 25.208656] print_report+0xd1/0x650 [ 25.208783] ? __virt_addr_valid+0x1db/0x2d0 [ 25.208830] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.208896] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208921] kasan_report+0x141/0x180 [ 25.208944] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.208973] kasan_check_range+0x10c/0x1c0 [ 25.208997] __kasan_check_write+0x18/0x20 [ 25.209020] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.209045] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.209070] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.209094] ? trace_hardirqs_on+0x37/0xe0 [ 25.209115] ? kasan_bitops_generic+0x92/0x1c0 [ 25.209142] kasan_bitops_generic+0x116/0x1c0 [ 25.209165] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.209190] ? __pfx_read_tsc+0x10/0x10 [ 25.209212] ? ktime_get_ts64+0x86/0x230 [ 25.209236] kunit_try_run_case+0x1a5/0x480 [ 25.209261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.209319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.209341] ? __kthread_parkme+0x82/0x180 [ 25.209361] ? preempt_count_sub+0x50/0x80 [ 25.209384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.209434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.209459] kthread+0x337/0x6f0 [ 25.209478] ? trace_preempt_on+0x20/0xc0 [ 25.209577] ? __pfx_kthread+0x10/0x10 [ 25.209600] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.209642] ? calculate_sigpending+0x7b/0xa0 [ 25.209666] ? __pfx_kthread+0x10/0x10 [ 25.209748] ret_from_fork+0x116/0x1d0 [ 25.209769] ? __pfx_kthread+0x10/0x10 [ 25.209789] ret_from_fork_asm+0x1a/0x30 [ 25.209820] </TASK> [ 25.209831] [ 25.218738] Allocated by task 309: [ 25.218922] kasan_save_stack+0x45/0x70 [ 25.219174] kasan_save_track+0x18/0x40 [ 25.219340] kasan_save_alloc_info+0x3b/0x50 [ 25.219488] __kasan_kmalloc+0xb7/0xc0 [ 25.219768] __kmalloc_cache_noprof+0x189/0x420 [ 25.220086] kasan_bitops_generic+0x92/0x1c0 [ 25.220270] kunit_try_run_case+0x1a5/0x480 [ 25.220496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.220783] kthread+0x337/0x6f0 [ 25.220976] ret_from_fork+0x116/0x1d0 [ 25.221150] ret_from_fork_asm+0x1a/0x30 [ 25.221355] [ 25.221646] The buggy address belongs to the object at ffff88810586d4c0 [ 25.221646] which belongs to the cache kmalloc-16 of size 16 [ 25.222175] The buggy address is located 8 bytes inside of [ 25.222175] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.222853] [ 25.222923] The buggy address belongs to the physical page: [ 25.223084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.223445] flags: 0x200000000000000(node=0|zone=2) [ 25.223740] page_type: f5(slab) [ 25.223899] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.224130] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.224387] page dumped because: kasan: bad access detected [ 25.224968] [ 25.225073] Memory state around the buggy address: [ 25.225260] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.225478] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.226080] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.226578] ^ [ 25.226910] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.227215] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.227539] ================================================================== [ 25.144654] ================================================================== [ 25.144978] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.145340] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.146069] [ 25.146162] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.146212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.146225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.146247] Call Trace: [ 25.146258] <TASK> [ 25.146274] dump_stack_lvl+0x73/0xb0 [ 25.146302] print_report+0xd1/0x650 [ 25.146337] ? __virt_addr_valid+0x1db/0x2d0 [ 25.146381] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.146445] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146470] kasan_report+0x141/0x180 [ 25.146492] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146535] kasan_check_range+0x10c/0x1c0 [ 25.146558] __kasan_check_write+0x18/0x20 [ 25.146581] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.146606] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.146632] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.146656] ? trace_hardirqs_on+0x37/0xe0 [ 25.146739] ? kasan_bitops_generic+0x92/0x1c0 [ 25.146769] kasan_bitops_generic+0x116/0x1c0 [ 25.146793] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.146817] ? __pfx_read_tsc+0x10/0x10 [ 25.146839] ? ktime_get_ts64+0x86/0x230 [ 25.146864] kunit_try_run_case+0x1a5/0x480 [ 25.146889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.146912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.146935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.146957] ? __kthread_parkme+0x82/0x180 [ 25.146978] ? preempt_count_sub+0x50/0x80 [ 25.147001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.147026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.147049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.147074] kthread+0x337/0x6f0 [ 25.147094] ? trace_preempt_on+0x20/0xc0 [ 25.147116] ? __pfx_kthread+0x10/0x10 [ 25.147135] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.147159] ? calculate_sigpending+0x7b/0xa0 [ 25.147182] ? __pfx_kthread+0x10/0x10 [ 25.147203] ret_from_fork+0x116/0x1d0 [ 25.147221] ? __pfx_kthread+0x10/0x10 [ 25.147241] ret_from_fork_asm+0x1a/0x30 [ 25.147319] </TASK> [ 25.147331] [ 25.156296] Allocated by task 309: [ 25.156506] kasan_save_stack+0x45/0x70 [ 25.156825] kasan_save_track+0x18/0x40 [ 25.157061] kasan_save_alloc_info+0x3b/0x50 [ 25.157284] __kasan_kmalloc+0xb7/0xc0 [ 25.157469] __kmalloc_cache_noprof+0x189/0x420 [ 25.157729] kasan_bitops_generic+0x92/0x1c0 [ 25.158014] kunit_try_run_case+0x1a5/0x480 [ 25.158195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.158398] kthread+0x337/0x6f0 [ 25.158659] ret_from_fork+0x116/0x1d0 [ 25.158919] ret_from_fork_asm+0x1a/0x30 [ 25.159122] [ 25.159232] The buggy address belongs to the object at ffff88810586d4c0 [ 25.159232] which belongs to the cache kmalloc-16 of size 16 [ 25.159717] The buggy address is located 8 bytes inside of [ 25.159717] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.160275] [ 25.160406] The buggy address belongs to the physical page: [ 25.160566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.160814] flags: 0x200000000000000(node=0|zone=2) [ 25.161261] page_type: f5(slab) [ 25.161446] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.162259] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.162613] page dumped because: kasan: bad access detected [ 25.162930] [ 25.163024] Memory state around the buggy address: [ 25.163236] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.163526] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.163859] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.164157] ^ [ 25.164398] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.164601] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.164802] ================================================================== [ 25.110702] ================================================================== [ 25.112015] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.112330] Write of size 8 at addr ffff88810586d4c8 by task kunit_try_catch/309 [ 25.113502] [ 25.114184] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.114245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.114267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.114290] Call Trace: [ 25.114316] <TASK> [ 25.114337] dump_stack_lvl+0x73/0xb0 [ 25.114372] print_report+0xd1/0x650 [ 25.114396] ? __virt_addr_valid+0x1db/0x2d0 [ 25.114420] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.114470] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114503] kasan_report+0x141/0x180 [ 25.114525] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114554] kasan_check_range+0x10c/0x1c0 [ 25.114577] __kasan_check_write+0x18/0x20 [ 25.114600] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.114625] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.114650] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.114676] ? trace_hardirqs_on+0x37/0xe0 [ 25.114699] ? kasan_bitops_generic+0x92/0x1c0 [ 25.114726] kasan_bitops_generic+0x116/0x1c0 [ 25.114749] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.114774] ? __pfx_read_tsc+0x10/0x10 [ 25.114795] ? ktime_get_ts64+0x86/0x230 [ 25.114819] kunit_try_run_case+0x1a5/0x480 [ 25.114847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.114871] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.114894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.114916] ? __kthread_parkme+0x82/0x180 [ 25.114937] ? preempt_count_sub+0x50/0x80 [ 25.114962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.114986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.115010] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.115033] kthread+0x337/0x6f0 [ 25.115052] ? trace_preempt_on+0x20/0xc0 [ 25.115074] ? __pfx_kthread+0x10/0x10 [ 25.115094] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.115118] ? calculate_sigpending+0x7b/0xa0 [ 25.115142] ? __pfx_kthread+0x10/0x10 [ 25.115164] ret_from_fork+0x116/0x1d0 [ 25.115182] ? __pfx_kthread+0x10/0x10 [ 25.115203] ret_from_fork_asm+0x1a/0x30 [ 25.115234] </TASK> [ 25.115248] [ 25.131402] Allocated by task 309: [ 25.131710] kasan_save_stack+0x45/0x70 [ 25.132227] kasan_save_track+0x18/0x40 [ 25.132434] kasan_save_alloc_info+0x3b/0x50 [ 25.132811] __kasan_kmalloc+0xb7/0xc0 [ 25.133110] __kmalloc_cache_noprof+0x189/0x420 [ 25.133452] kasan_bitops_generic+0x92/0x1c0 [ 25.133876] kunit_try_run_case+0x1a5/0x480 [ 25.134177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.134548] kthread+0x337/0x6f0 [ 25.134905] ret_from_fork+0x116/0x1d0 [ 25.135196] ret_from_fork_asm+0x1a/0x30 [ 25.135498] [ 25.135592] The buggy address belongs to the object at ffff88810586d4c0 [ 25.135592] which belongs to the cache kmalloc-16 of size 16 [ 25.136425] The buggy address is located 8 bytes inside of [ 25.136425] allocated 9-byte region [ffff88810586d4c0, ffff88810586d4c9) [ 25.137126] [ 25.137228] The buggy address belongs to the physical page: [ 25.137670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 25.137984] flags: 0x200000000000000(node=0|zone=2) [ 25.138218] page_type: f5(slab) [ 25.138383] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.139025] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.139481] page dumped because: kasan: bad access detected [ 25.140153] [ 25.140259] Memory state around the buggy address: [ 25.140457] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.141057] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.141497] >ffff88810586d480: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 25.141973] ^ [ 25.142360] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.142859] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.143342] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 25.083246] ================================================================== [ 25.083630] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 25.083939] Read of size 1 at addr ffff8881057feed0 by task kunit_try_catch/307 [ 25.084260] [ 25.084374] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.084420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.084434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.084455] Call Trace: [ 25.084469] <TASK> [ 25.084828] dump_stack_lvl+0x73/0xb0 [ 25.084871] print_report+0xd1/0x650 [ 25.084893] ? __virt_addr_valid+0x1db/0x2d0 [ 25.084915] ? strnlen+0x73/0x80 [ 25.084947] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.084974] ? strnlen+0x73/0x80 [ 25.085006] kasan_report+0x141/0x180 [ 25.085027] ? strnlen+0x73/0x80 [ 25.085053] __asan_report_load1_noabort+0x18/0x20 [ 25.085088] strnlen+0x73/0x80 [ 25.085110] kasan_strings+0x615/0xe80 [ 25.085129] ? trace_hardirqs_on+0x37/0xe0 [ 25.085152] ? __pfx_kasan_strings+0x10/0x10 [ 25.085172] ? finish_task_switch.isra.0+0x153/0x700 [ 25.085194] ? __switch_to+0x47/0xf50 [ 25.085220] ? __schedule+0x10cc/0x2b60 [ 25.085241] ? __pfx_read_tsc+0x10/0x10 [ 25.085263] ? ktime_get_ts64+0x86/0x230 [ 25.085287] kunit_try_run_case+0x1a5/0x480 [ 25.085321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.085345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.085367] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.085388] ? __kthread_parkme+0x82/0x180 [ 25.085409] ? preempt_count_sub+0x50/0x80 [ 25.085432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.085457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.085499] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.085532] kthread+0x337/0x6f0 [ 25.085552] ? trace_preempt_on+0x20/0xc0 [ 25.085640] ? __pfx_kthread+0x10/0x10 [ 25.085678] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.085702] ? calculate_sigpending+0x7b/0xa0 [ 25.085725] ? __pfx_kthread+0x10/0x10 [ 25.085760] ret_from_fork+0x116/0x1d0 [ 25.085780] ? __pfx_kthread+0x10/0x10 [ 25.085801] ret_from_fork_asm+0x1a/0x30 [ 25.085842] </TASK> [ 25.085853] [ 25.093066] Allocated by task 307: [ 25.093191] kasan_save_stack+0x45/0x70 [ 25.093408] kasan_save_track+0x18/0x40 [ 25.093617] kasan_save_alloc_info+0x3b/0x50 [ 25.093823] __kasan_kmalloc+0xb7/0xc0 [ 25.094002] __kmalloc_cache_noprof+0x189/0x420 [ 25.094212] kasan_strings+0xc0/0xe80 [ 25.094396] kunit_try_run_case+0x1a5/0x480 [ 25.094563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.094736] kthread+0x337/0x6f0 [ 25.094851] ret_from_fork+0x116/0x1d0 [ 25.094975] ret_from_fork_asm+0x1a/0x30 [ 25.095151] [ 25.095239] Freed by task 307: [ 25.095400] kasan_save_stack+0x45/0x70 [ 25.095652] kasan_save_track+0x18/0x40 [ 25.095863] kasan_save_free_info+0x3f/0x60 [ 25.096067] __kasan_slab_free+0x56/0x70 [ 25.096275] kfree+0x222/0x3f0 [ 25.096443] kasan_strings+0x2aa/0xe80 [ 25.096659] kunit_try_run_case+0x1a5/0x480 [ 25.096864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.097065] kthread+0x337/0x6f0 [ 25.097247] ret_from_fork+0x116/0x1d0 [ 25.097435] ret_from_fork_asm+0x1a/0x30 [ 25.097634] [ 25.097734] The buggy address belongs to the object at ffff8881057feec0 [ 25.097734] which belongs to the cache kmalloc-32 of size 32 [ 25.098229] The buggy address is located 16 bytes inside of [ 25.098229] freed 32-byte region [ffff8881057feec0, ffff8881057feee0) [ 25.098632] [ 25.098699] The buggy address belongs to the physical page: [ 25.098866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057fe [ 25.099099] flags: 0x200000000000000(node=0|zone=2) [ 25.099333] page_type: f5(slab) [ 25.099537] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.099929] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.100329] page dumped because: kasan: bad access detected [ 25.100603] [ 25.100691] Memory state around the buggy address: [ 25.100907] ffff8881057fed80: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.101215] ffff8881057fee00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.101529] >ffff8881057fee80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.101736] ^ [ 25.101913] ffff8881057fef00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.102242] ffff8881057fef80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.102603] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 25.063989] ================================================================== [ 25.064299] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 25.064609] Read of size 1 at addr ffff8881057feed0 by task kunit_try_catch/307 [ 25.064947] [ 25.065227] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.065280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.065314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.065335] Call Trace: [ 25.065347] <TASK> [ 25.065361] dump_stack_lvl+0x73/0xb0 [ 25.065387] print_report+0xd1/0x650 [ 25.065409] ? __virt_addr_valid+0x1db/0x2d0 [ 25.065432] ? strlen+0x8f/0xb0 [ 25.065453] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.065500] ? strlen+0x8f/0xb0 [ 25.065520] kasan_report+0x141/0x180 [ 25.065551] ? strlen+0x8f/0xb0 [ 25.065576] __asan_report_load1_noabort+0x18/0x20 [ 25.065600] strlen+0x8f/0xb0 [ 25.065631] kasan_strings+0x57b/0xe80 [ 25.065650] ? trace_hardirqs_on+0x37/0xe0 [ 25.065672] ? __pfx_kasan_strings+0x10/0x10 [ 25.065693] ? finish_task_switch.isra.0+0x153/0x700 [ 25.065714] ? __switch_to+0x47/0xf50 [ 25.065743] ? __schedule+0x10cc/0x2b60 [ 25.065764] ? __pfx_read_tsc+0x10/0x10 [ 25.065785] ? ktime_get_ts64+0x86/0x230 [ 25.065809] kunit_try_run_case+0x1a5/0x480 [ 25.065833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.065857] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.065878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.065900] ? __kthread_parkme+0x82/0x180 [ 25.065920] ? preempt_count_sub+0x50/0x80 [ 25.065943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.065977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.066001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.066026] kthread+0x337/0x6f0 [ 25.066056] ? trace_preempt_on+0x20/0xc0 [ 25.066077] ? __pfx_kthread+0x10/0x10 [ 25.066097] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.066121] ? calculate_sigpending+0x7b/0xa0 [ 25.066151] ? __pfx_kthread+0x10/0x10 [ 25.066172] ret_from_fork+0x116/0x1d0 [ 25.066192] ? __pfx_kthread+0x10/0x10 [ 25.066221] ret_from_fork_asm+0x1a/0x30 [ 25.066252] </TASK> [ 25.066263] [ 25.073242] Allocated by task 307: [ 25.073376] kasan_save_stack+0x45/0x70 [ 25.073521] kasan_save_track+0x18/0x40 [ 25.073652] kasan_save_alloc_info+0x3b/0x50 [ 25.073861] __kasan_kmalloc+0xb7/0xc0 [ 25.074045] __kmalloc_cache_noprof+0x189/0x420 [ 25.074262] kasan_strings+0xc0/0xe80 [ 25.074459] kunit_try_run_case+0x1a5/0x480 [ 25.074664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.074916] kthread+0x337/0x6f0 [ 25.075077] ret_from_fork+0x116/0x1d0 [ 25.075256] ret_from_fork_asm+0x1a/0x30 [ 25.075503] [ 25.075582] Freed by task 307: [ 25.075743] kasan_save_stack+0x45/0x70 [ 25.075884] kasan_save_track+0x18/0x40 [ 25.076069] kasan_save_free_info+0x3f/0x60 [ 25.076292] __kasan_slab_free+0x56/0x70 [ 25.076451] kfree+0x222/0x3f0 [ 25.076640] kasan_strings+0x2aa/0xe80 [ 25.076830] kunit_try_run_case+0x1a5/0x480 [ 25.077002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.077248] kthread+0x337/0x6f0 [ 25.077426] ret_from_fork+0x116/0x1d0 [ 25.077609] ret_from_fork_asm+0x1a/0x30 [ 25.077815] [ 25.077897] The buggy address belongs to the object at ffff8881057feec0 [ 25.077897] which belongs to the cache kmalloc-32 of size 32 [ 25.078400] The buggy address is located 16 bytes inside of [ 25.078400] freed 32-byte region [ffff8881057feec0, ffff8881057feee0) [ 25.078927] [ 25.078993] The buggy address belongs to the physical page: [ 25.079159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057fe [ 25.079400] flags: 0x200000000000000(node=0|zone=2) [ 25.079581] page_type: f5(slab) [ 25.079696] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.080050] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.080384] page dumped because: kasan: bad access detected [ 25.080656] [ 25.080744] Memory state around the buggy address: [ 25.080963] ffff8881057fed80: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.081302] ffff8881057fee00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.081648] >ffff8881057fee80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.081989] ^ [ 25.082166] ffff8881057fef00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.082385] ffff8881057fef80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.082615] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 25.042267] ================================================================== [ 25.042636] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 25.043002] Read of size 1 at addr ffff8881057feed0 by task kunit_try_catch/307 [ 25.043329] [ 25.043428] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.043493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.043507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.043528] Call Trace: [ 25.043541] <TASK> [ 25.043555] dump_stack_lvl+0x73/0xb0 [ 25.043592] print_report+0xd1/0x650 [ 25.043615] ? __virt_addr_valid+0x1db/0x2d0 [ 25.043637] ? kasan_strings+0xcbc/0xe80 [ 25.043720] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.043752] ? kasan_strings+0xcbc/0xe80 [ 25.043784] kasan_report+0x141/0x180 [ 25.043806] ? kasan_strings+0xcbc/0xe80 [ 25.043831] __asan_report_load1_noabort+0x18/0x20 [ 25.043867] kasan_strings+0xcbc/0xe80 [ 25.043886] ? trace_hardirqs_on+0x37/0xe0 [ 25.043909] ? __pfx_kasan_strings+0x10/0x10 [ 25.043929] ? finish_task_switch.isra.0+0x153/0x700 [ 25.043951] ? __switch_to+0x47/0xf50 [ 25.043977] ? __schedule+0x10cc/0x2b60 [ 25.043999] ? __pfx_read_tsc+0x10/0x10 [ 25.044020] ? ktime_get_ts64+0x86/0x230 [ 25.044045] kunit_try_run_case+0x1a5/0x480 [ 25.044080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.044103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.044124] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.044158] ? __kthread_parkme+0x82/0x180 [ 25.044178] ? preempt_count_sub+0x50/0x80 [ 25.044201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.044226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.044251] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.044276] kthread+0x337/0x6f0 [ 25.044295] ? trace_preempt_on+0x20/0xc0 [ 25.044326] ? __pfx_kthread+0x10/0x10 [ 25.044346] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.044369] ? calculate_sigpending+0x7b/0xa0 [ 25.044393] ? __pfx_kthread+0x10/0x10 [ 25.044413] ret_from_fork+0x116/0x1d0 [ 25.044432] ? __pfx_kthread+0x10/0x10 [ 25.044453] ret_from_fork_asm+0x1a/0x30 [ 25.044504] </TASK> [ 25.044515] [ 25.052293] Allocated by task 307: [ 25.052431] kasan_save_stack+0x45/0x70 [ 25.052716] kasan_save_track+0x18/0x40 [ 25.052913] kasan_save_alloc_info+0x3b/0x50 [ 25.053114] __kasan_kmalloc+0xb7/0xc0 [ 25.053292] __kmalloc_cache_noprof+0x189/0x420 [ 25.053514] kasan_strings+0xc0/0xe80 [ 25.053779] kunit_try_run_case+0x1a5/0x480 [ 25.053953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.054182] kthread+0x337/0x6f0 [ 25.054314] ret_from_fork+0x116/0x1d0 [ 25.054533] ret_from_fork_asm+0x1a/0x30 [ 25.054743] [ 25.054840] Freed by task 307: [ 25.054974] kasan_save_stack+0x45/0x70 [ 25.055160] kasan_save_track+0x18/0x40 [ 25.055399] kasan_save_free_info+0x3f/0x60 [ 25.055565] __kasan_slab_free+0x56/0x70 [ 25.055754] kfree+0x222/0x3f0 [ 25.055873] kasan_strings+0x2aa/0xe80 [ 25.056062] kunit_try_run_case+0x1a5/0x480 [ 25.056292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.056577] kthread+0x337/0x6f0 [ 25.056928] ret_from_fork+0x116/0x1d0 [ 25.057125] ret_from_fork_asm+0x1a/0x30 [ 25.057331] [ 25.057443] The buggy address belongs to the object at ffff8881057feec0 [ 25.057443] which belongs to the cache kmalloc-32 of size 32 [ 25.058057] The buggy address is located 16 bytes inside of [ 25.058057] freed 32-byte region [ffff8881057feec0, ffff8881057feee0) [ 25.058467] [ 25.058585] The buggy address belongs to the physical page: [ 25.058915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057fe [ 25.059290] flags: 0x200000000000000(node=0|zone=2) [ 25.059532] page_type: f5(slab) [ 25.059736] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.060107] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.060422] page dumped because: kasan: bad access detected [ 25.060657] [ 25.060824] Memory state around the buggy address: [ 25.061018] ffff8881057fed80: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.061341] ffff8881057fee00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.061620] >ffff8881057fee80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.062111] ^ [ 25.062382] ffff8881057fef00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.062675] ffff8881057fef80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.063043] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 25.015906] ================================================================== [ 25.017674] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 25.018000] Read of size 1 at addr ffff8881057feed0 by task kunit_try_catch/307 [ 25.018727] [ 25.018913] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 25.018964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.018977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.018999] Call Trace: [ 25.019011] <TASK> [ 25.019026] dump_stack_lvl+0x73/0xb0 [ 25.019055] print_report+0xd1/0x650 [ 25.019077] ? __virt_addr_valid+0x1db/0x2d0 [ 25.019100] ? strcmp+0xb0/0xc0 [ 25.019120] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.019147] ? strcmp+0xb0/0xc0 [ 25.019167] kasan_report+0x141/0x180 [ 25.019189] ? strcmp+0xb0/0xc0 [ 25.019213] __asan_report_load1_noabort+0x18/0x20 [ 25.019237] strcmp+0xb0/0xc0 [ 25.019270] kasan_strings+0x431/0xe80 [ 25.019290] ? trace_hardirqs_on+0x37/0xe0 [ 25.019331] ? __pfx_kasan_strings+0x10/0x10 [ 25.019352] ? finish_task_switch.isra.0+0x153/0x700 [ 25.019375] ? __switch_to+0x47/0xf50 [ 25.019401] ? __schedule+0x10cc/0x2b60 [ 25.019423] ? __pfx_read_tsc+0x10/0x10 [ 25.019445] ? ktime_get_ts64+0x86/0x230 [ 25.019470] kunit_try_run_case+0x1a5/0x480 [ 25.019515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.019538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.019560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.019582] ? __kthread_parkme+0x82/0x180 [ 25.019602] ? preempt_count_sub+0x50/0x80 [ 25.019625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.019651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.019674] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.019699] kthread+0x337/0x6f0 [ 25.019718] ? trace_preempt_on+0x20/0xc0 [ 25.019739] ? __pfx_kthread+0x10/0x10 [ 25.019760] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.019784] ? calculate_sigpending+0x7b/0xa0 [ 25.019807] ? __pfx_kthread+0x10/0x10 [ 25.019828] ret_from_fork+0x116/0x1d0 [ 25.019847] ? __pfx_kthread+0x10/0x10 [ 25.019867] ret_from_fork_asm+0x1a/0x30 [ 25.019897] </TASK> [ 25.019909] [ 25.030524] Allocated by task 307: [ 25.030760] kasan_save_stack+0x45/0x70 [ 25.030965] kasan_save_track+0x18/0x40 [ 25.031156] kasan_save_alloc_info+0x3b/0x50 [ 25.031385] __kasan_kmalloc+0xb7/0xc0 [ 25.031589] __kmalloc_cache_noprof+0x189/0x420 [ 25.032011] kasan_strings+0xc0/0xe80 [ 25.032154] kunit_try_run_case+0x1a5/0x480 [ 25.032331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.032654] kthread+0x337/0x6f0 [ 25.032917] ret_from_fork+0x116/0x1d0 [ 25.033098] ret_from_fork_asm+0x1a/0x30 [ 25.033291] [ 25.033398] Freed by task 307: [ 25.033587] kasan_save_stack+0x45/0x70 [ 25.033757] kasan_save_track+0x18/0x40 [ 25.033886] kasan_save_free_info+0x3f/0x60 [ 25.034025] __kasan_slab_free+0x56/0x70 [ 25.034214] kfree+0x222/0x3f0 [ 25.034493] kasan_strings+0x2aa/0xe80 [ 25.034754] kunit_try_run_case+0x1a5/0x480 [ 25.034974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.035223] kthread+0x337/0x6f0 [ 25.035406] ret_from_fork+0x116/0x1d0 [ 25.035570] ret_from_fork_asm+0x1a/0x30 [ 25.035827] [ 25.035922] The buggy address belongs to the object at ffff8881057feec0 [ 25.035922] which belongs to the cache kmalloc-32 of size 32 [ 25.036427] The buggy address is located 16 bytes inside of [ 25.036427] freed 32-byte region [ffff8881057feec0, ffff8881057feee0) [ 25.037135] [ 25.037254] The buggy address belongs to the physical page: [ 25.037509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057fe [ 25.037951] flags: 0x200000000000000(node=0|zone=2) [ 25.038188] page_type: f5(slab) [ 25.038362] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.038639] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 25.038919] page dumped because: kasan: bad access detected [ 25.039153] [ 25.039254] Memory state around the buggy address: [ 25.039506] ffff8881057fed80: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.039816] ffff8881057fee00: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.040121] >ffff8881057fee80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.040443] ^ [ 25.040649] ffff8881057fef00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.041046] ffff8881057fef80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.041388] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 24.981748] ================================================================== [ 24.982116] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 24.982340] Read of size 1 at addr ffff8881058a9398 by task kunit_try_catch/305 [ 24.982752] [ 24.982921] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.983035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.983049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.983073] Call Trace: [ 24.983085] <TASK> [ 24.983101] dump_stack_lvl+0x73/0xb0 [ 24.983128] print_report+0xd1/0x650 [ 24.983150] ? __virt_addr_valid+0x1db/0x2d0 [ 24.983173] ? memcmp+0x1b4/0x1d0 [ 24.983194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.983219] ? memcmp+0x1b4/0x1d0 [ 24.983241] kasan_report+0x141/0x180 [ 24.983262] ? memcmp+0x1b4/0x1d0 [ 24.983287] __asan_report_load1_noabort+0x18/0x20 [ 24.983324] memcmp+0x1b4/0x1d0 [ 24.983347] kasan_memcmp+0x18f/0x390 [ 24.983367] ? trace_hardirqs_on+0x37/0xe0 [ 24.983389] ? __pfx_kasan_memcmp+0x10/0x10 [ 24.983409] ? finish_task_switch.isra.0+0x153/0x700 [ 24.983430] ? __switch_to+0x47/0xf50 [ 24.983459] ? __pfx_read_tsc+0x10/0x10 [ 24.983481] ? ktime_get_ts64+0x86/0x230 [ 24.983504] kunit_try_run_case+0x1a5/0x480 [ 24.983529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.983552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.983573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.983595] ? __kthread_parkme+0x82/0x180 [ 24.983627] ? preempt_count_sub+0x50/0x80 [ 24.983650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.983718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.983746] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.983770] kthread+0x337/0x6f0 [ 24.983790] ? trace_preempt_on+0x20/0xc0 [ 24.983812] ? __pfx_kthread+0x10/0x10 [ 24.983833] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.983858] ? calculate_sigpending+0x7b/0xa0 [ 24.983881] ? __pfx_kthread+0x10/0x10 [ 24.983903] ret_from_fork+0x116/0x1d0 [ 24.983921] ? __pfx_kthread+0x10/0x10 [ 24.983942] ret_from_fork_asm+0x1a/0x30 [ 24.983973] </TASK> [ 24.983985] [ 24.997083] Allocated by task 305: [ 24.997287] kasan_save_stack+0x45/0x70 [ 24.997438] kasan_save_track+0x18/0x40 [ 24.997596] kasan_save_alloc_info+0x3b/0x50 [ 24.998038] __kasan_kmalloc+0xb7/0xc0 [ 24.998399] __kmalloc_cache_noprof+0x189/0x420 [ 24.998899] kasan_memcmp+0xb7/0x390 [ 24.999235] kunit_try_run_case+0x1a5/0x480 [ 24.999650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.999937] kthread+0x337/0x6f0 [ 25.000053] ret_from_fork+0x116/0x1d0 [ 25.000175] ret_from_fork_asm+0x1a/0x30 [ 25.000304] [ 25.000378] The buggy address belongs to the object at ffff8881058a9380 [ 25.000378] which belongs to the cache kmalloc-32 of size 32 [ 25.001031] The buggy address is located 0 bytes to the right of [ 25.001031] allocated 24-byte region [ffff8881058a9380, ffff8881058a9398) [ 25.001407] [ 25.001480] The buggy address belongs to the physical page: [ 25.002025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.002727] flags: 0x200000000000000(node=0|zone=2) [ 25.003251] page_type: f5(slab) [ 25.003559] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.004154] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.004380] page dumped because: kasan: bad access detected [ 25.004567] [ 25.004716] Memory state around the buggy address: [ 25.005181] ffff8881058a9280: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.005998] ffff8881058a9300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.006639] >ffff8881058a9380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.007373] ^ [ 25.007640] ffff8881058a9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.008220] ffff8881058a9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.008433] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 23.409733] ================================================================== [ 23.410087] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 23.410382] Free of addr ffff88810586d4a0 by task kunit_try_catch/240 [ 23.411120] [ 23.411256] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.411303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.411325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.411375] Call Trace: [ 23.411392] <TASK> [ 23.411407] dump_stack_lvl+0x73/0xb0 [ 23.411448] print_report+0xd1/0x650 [ 23.411469] ? __virt_addr_valid+0x1db/0x2d0 [ 23.411492] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.411517] ? kfree_sensitive+0x2e/0x90 [ 23.411567] kasan_report_invalid_free+0x10a/0x130 [ 23.411592] ? kfree_sensitive+0x2e/0x90 [ 23.411616] ? kfree_sensitive+0x2e/0x90 [ 23.411649] check_slab_allocation+0x101/0x130 [ 23.411749] __kasan_slab_pre_free+0x28/0x40 [ 23.411787] kfree+0xf0/0x3f0 [ 23.411808] ? kfree_sensitive+0x2e/0x90 [ 23.411915] kfree_sensitive+0x2e/0x90 [ 23.411940] kmalloc_double_kzfree+0x19c/0x350 [ 23.411962] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.412144] ? __schedule+0x10cc/0x2b60 [ 23.412167] ? __pfx_read_tsc+0x10/0x10 [ 23.412188] ? ktime_get_ts64+0x86/0x230 [ 23.412212] kunit_try_run_case+0x1a5/0x480 [ 23.412236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.412259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.412469] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.412509] ? __kthread_parkme+0x82/0x180 [ 23.412530] ? preempt_count_sub+0x50/0x80 [ 23.412563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.412588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.412611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.412635] kthread+0x337/0x6f0 [ 23.412654] ? trace_preempt_on+0x20/0xc0 [ 23.412723] ? __pfx_kthread+0x10/0x10 [ 23.412747] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.412770] ? calculate_sigpending+0x7b/0xa0 [ 23.412792] ? __pfx_kthread+0x10/0x10 [ 23.412813] ret_from_fork+0x116/0x1d0 [ 23.412832] ? __pfx_kthread+0x10/0x10 [ 23.412851] ret_from_fork_asm+0x1a/0x30 [ 23.412882] </TASK> [ 23.412893] [ 23.421689] Allocated by task 240: [ 23.421940] kasan_save_stack+0x45/0x70 [ 23.422169] kasan_save_track+0x18/0x40 [ 23.422389] kasan_save_alloc_info+0x3b/0x50 [ 23.422665] __kasan_kmalloc+0xb7/0xc0 [ 23.422975] __kmalloc_cache_noprof+0x189/0x420 [ 23.423198] kmalloc_double_kzfree+0xa9/0x350 [ 23.423396] kunit_try_run_case+0x1a5/0x480 [ 23.423670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.423871] kthread+0x337/0x6f0 [ 23.424106] ret_from_fork+0x116/0x1d0 [ 23.424324] ret_from_fork_asm+0x1a/0x30 [ 23.424517] [ 23.424615] Freed by task 240: [ 23.424915] kasan_save_stack+0x45/0x70 [ 23.425048] kasan_save_track+0x18/0x40 [ 23.425171] kasan_save_free_info+0x3f/0x60 [ 23.425318] __kasan_slab_free+0x56/0x70 [ 23.425444] kfree+0x222/0x3f0 [ 23.425913] kfree_sensitive+0x67/0x90 [ 23.426134] kmalloc_double_kzfree+0x12b/0x350 [ 23.426394] kunit_try_run_case+0x1a5/0x480 [ 23.426673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.426933] kthread+0x337/0x6f0 [ 23.427042] ret_from_fork+0x116/0x1d0 [ 23.427161] ret_from_fork_asm+0x1a/0x30 [ 23.427287] [ 23.427359] The buggy address belongs to the object at ffff88810586d4a0 [ 23.427359] which belongs to the cache kmalloc-16 of size 16 [ 23.427865] The buggy address is located 0 bytes inside of [ 23.427865] 16-byte region [ffff88810586d4a0, ffff88810586d4b0) [ 23.428666] [ 23.428843] The buggy address belongs to the physical page: [ 23.429179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 23.429632] flags: 0x200000000000000(node=0|zone=2) [ 23.429919] page_type: f5(slab) [ 23.430037] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.430252] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.430716] page dumped because: kasan: bad access detected [ 23.431058] [ 23.431190] Memory state around the buggy address: [ 23.431493] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.432013] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.432389] >ffff88810586d480: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.432821] ^ [ 23.432958] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.433213] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.433627] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 23.385050] ================================================================== [ 23.385658] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 23.386088] Read of size 1 at addr ffff88810586d4a0 by task kunit_try_catch/240 [ 23.386415] [ 23.386541] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.386623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.386636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.386669] Call Trace: [ 23.386730] <TASK> [ 23.386750] dump_stack_lvl+0x73/0xb0 [ 23.386813] print_report+0xd1/0x650 [ 23.386835] ? __virt_addr_valid+0x1db/0x2d0 [ 23.386869] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.386891] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.386916] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.386938] kasan_report+0x141/0x180 [ 23.386959] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.386984] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.387006] __kasan_check_byte+0x3d/0x50 [ 23.387044] kfree_sensitive+0x22/0x90 [ 23.387084] kmalloc_double_kzfree+0x19c/0x350 [ 23.387115] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.387137] ? __schedule+0x10cc/0x2b60 [ 23.387158] ? __pfx_read_tsc+0x10/0x10 [ 23.387192] ? ktime_get_ts64+0x86/0x230 [ 23.387216] kunit_try_run_case+0x1a5/0x480 [ 23.387240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.387263] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.387284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.387314] ? __kthread_parkme+0x82/0x180 [ 23.387334] ? preempt_count_sub+0x50/0x80 [ 23.387357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.387381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.387404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.387427] kthread+0x337/0x6f0 [ 23.387446] ? trace_preempt_on+0x20/0xc0 [ 23.387469] ? __pfx_kthread+0x10/0x10 [ 23.387497] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.387521] ? calculate_sigpending+0x7b/0xa0 [ 23.387543] ? __pfx_kthread+0x10/0x10 [ 23.387564] ret_from_fork+0x116/0x1d0 [ 23.387583] ? __pfx_kthread+0x10/0x10 [ 23.387603] ret_from_fork_asm+0x1a/0x30 [ 23.387633] </TASK> [ 23.387645] [ 23.396586] Allocated by task 240: [ 23.396746] kasan_save_stack+0x45/0x70 [ 23.396882] kasan_save_track+0x18/0x40 [ 23.397304] kasan_save_alloc_info+0x3b/0x50 [ 23.397789] __kasan_kmalloc+0xb7/0xc0 [ 23.397981] __kmalloc_cache_noprof+0x189/0x420 [ 23.398191] kmalloc_double_kzfree+0xa9/0x350 [ 23.398343] kunit_try_run_case+0x1a5/0x480 [ 23.398482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.398756] kthread+0x337/0x6f0 [ 23.398985] ret_from_fork+0x116/0x1d0 [ 23.399292] ret_from_fork_asm+0x1a/0x30 [ 23.399620] [ 23.399785] Freed by task 240: [ 23.399971] kasan_save_stack+0x45/0x70 [ 23.400181] kasan_save_track+0x18/0x40 [ 23.400394] kasan_save_free_info+0x3f/0x60 [ 23.400628] __kasan_slab_free+0x56/0x70 [ 23.400987] kfree+0x222/0x3f0 [ 23.401285] kfree_sensitive+0x67/0x90 [ 23.401528] kmalloc_double_kzfree+0x12b/0x350 [ 23.401672] kunit_try_run_case+0x1a5/0x480 [ 23.401976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.402296] kthread+0x337/0x6f0 [ 23.402535] ret_from_fork+0x116/0x1d0 [ 23.402855] ret_from_fork_asm+0x1a/0x30 [ 23.403004] [ 23.403068] The buggy address belongs to the object at ffff88810586d4a0 [ 23.403068] which belongs to the cache kmalloc-16 of size 16 [ 23.403583] The buggy address is located 0 bytes inside of [ 23.403583] freed 16-byte region [ffff88810586d4a0, ffff88810586d4b0) [ 23.404277] [ 23.404430] The buggy address belongs to the physical page: [ 23.404726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10586d [ 23.405138] flags: 0x200000000000000(node=0|zone=2) [ 23.405408] page_type: f5(slab) [ 23.405611] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.405877] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.406417] page dumped because: kasan: bad access detected [ 23.407028] [ 23.407124] Memory state around the buggy address: [ 23.407283] ffff88810586d380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.407732] ffff88810586d400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.407948] >ffff88810586d480: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.408258] ^ [ 23.408461] ffff88810586d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.408872] ffff88810586d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.409081] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 23.356556] ================================================================== [ 23.357341] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 23.357725] Read of size 1 at addr ffff88810609b0a8 by task kunit_try_catch/236 [ 23.358241] [ 23.358370] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.358420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.358433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.358453] Call Trace: [ 23.358466] <TASK> [ 23.358483] dump_stack_lvl+0x73/0xb0 [ 23.358511] print_report+0xd1/0x650 [ 23.358552] ? __virt_addr_valid+0x1db/0x2d0 [ 23.358575] ? kmalloc_uaf2+0x4a8/0x520 [ 23.358594] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.358618] ? kmalloc_uaf2+0x4a8/0x520 [ 23.358647] kasan_report+0x141/0x180 [ 23.358668] ? kmalloc_uaf2+0x4a8/0x520 [ 23.358692] __asan_report_load1_noabort+0x18/0x20 [ 23.358715] kmalloc_uaf2+0x4a8/0x520 [ 23.358735] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 23.358754] ? finish_task_switch.isra.0+0x153/0x700 [ 23.358775] ? __switch_to+0x47/0xf50 [ 23.358856] ? __schedule+0x10cc/0x2b60 [ 23.358879] ? __pfx_read_tsc+0x10/0x10 [ 23.358901] ? ktime_get_ts64+0x86/0x230 [ 23.358924] kunit_try_run_case+0x1a5/0x480 [ 23.358950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.358973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.358993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.359036] ? __kthread_parkme+0x82/0x180 [ 23.359057] ? preempt_count_sub+0x50/0x80 [ 23.359079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.359103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.359126] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.359150] kthread+0x337/0x6f0 [ 23.359168] ? trace_preempt_on+0x20/0xc0 [ 23.359191] ? __pfx_kthread+0x10/0x10 [ 23.359211] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.359235] ? calculate_sigpending+0x7b/0xa0 [ 23.359257] ? __pfx_kthread+0x10/0x10 [ 23.359278] ret_from_fork+0x116/0x1d0 [ 23.359297] ? __pfx_kthread+0x10/0x10 [ 23.359328] ret_from_fork_asm+0x1a/0x30 [ 23.359358] </TASK> [ 23.359371] [ 23.367102] Allocated by task 236: [ 23.367247] kasan_save_stack+0x45/0x70 [ 23.367391] kasan_save_track+0x18/0x40 [ 23.367518] kasan_save_alloc_info+0x3b/0x50 [ 23.367734] __kasan_kmalloc+0xb7/0xc0 [ 23.367909] __kmalloc_cache_noprof+0x189/0x420 [ 23.368176] kmalloc_uaf2+0xc6/0x520 [ 23.368359] kunit_try_run_case+0x1a5/0x480 [ 23.368624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.368875] kthread+0x337/0x6f0 [ 23.368991] ret_from_fork+0x116/0x1d0 [ 23.369146] ret_from_fork_asm+0x1a/0x30 [ 23.369350] [ 23.369459] Freed by task 236: [ 23.369632] kasan_save_stack+0x45/0x70 [ 23.369923] kasan_save_track+0x18/0x40 [ 23.370116] kasan_save_free_info+0x3f/0x60 [ 23.370360] __kasan_slab_free+0x56/0x70 [ 23.370572] kfree+0x222/0x3f0 [ 23.370726] kmalloc_uaf2+0x14c/0x520 [ 23.370898] kunit_try_run_case+0x1a5/0x480 [ 23.371094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.371340] kthread+0x337/0x6f0 [ 23.371593] ret_from_fork+0x116/0x1d0 [ 23.371873] ret_from_fork_asm+0x1a/0x30 [ 23.372009] [ 23.372072] The buggy address belongs to the object at ffff88810609b080 [ 23.372072] which belongs to the cache kmalloc-64 of size 64 [ 23.372530] The buggy address is located 40 bytes inside of [ 23.372530] freed 64-byte region [ffff88810609b080, ffff88810609b0c0) [ 23.373491] [ 23.373611] The buggy address belongs to the physical page: [ 23.373909] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10609b [ 23.374215] flags: 0x200000000000000(node=0|zone=2) [ 23.374420] page_type: f5(slab) [ 23.374643] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.375053] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.375304] page dumped because: kasan: bad access detected [ 23.375616] [ 23.375755] Memory state around the buggy address: [ 23.375937] ffff88810609af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.376291] ffff88810609b000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.376628] >ffff88810609b080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.377021] ^ [ 23.377298] ffff88810609b100: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 23.377619] ffff88810609b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.378053] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 23.324119] ================================================================== [ 23.324575] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 23.324876] Write of size 33 at addr ffff888105895900 by task kunit_try_catch/234 [ 23.325189] [ 23.325287] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.325344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.325356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.325377] Call Trace: [ 23.325392] <TASK> [ 23.325410] dump_stack_lvl+0x73/0xb0 [ 23.325437] print_report+0xd1/0x650 [ 23.325458] ? __virt_addr_valid+0x1db/0x2d0 [ 23.325481] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.325500] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.325524] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.325545] kasan_report+0x141/0x180 [ 23.325565] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.325589] kasan_check_range+0x10c/0x1c0 [ 23.325611] __asan_memset+0x27/0x50 [ 23.325634] kmalloc_uaf_memset+0x1a3/0x360 [ 23.325654] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 23.325675] ? __schedule+0x10cc/0x2b60 [ 23.325695] ? __pfx_read_tsc+0x10/0x10 [ 23.325716] ? ktime_get_ts64+0x86/0x230 [ 23.325746] kunit_try_run_case+0x1a5/0x480 [ 23.325771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.325793] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.325813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.325834] ? __kthread_parkme+0x82/0x180 [ 23.325853] ? preempt_count_sub+0x50/0x80 [ 23.325876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.325899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.325922] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.325945] kthread+0x337/0x6f0 [ 23.325963] ? trace_preempt_on+0x20/0xc0 [ 23.325985] ? __pfx_kthread+0x10/0x10 [ 23.326005] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.326027] ? calculate_sigpending+0x7b/0xa0 [ 23.326050] ? __pfx_kthread+0x10/0x10 [ 23.326070] ret_from_fork+0x116/0x1d0 [ 23.326088] ? __pfx_kthread+0x10/0x10 [ 23.326108] ret_from_fork_asm+0x1a/0x30 [ 23.326137] </TASK> [ 23.326148] [ 23.337548] Allocated by task 234: [ 23.338032] kasan_save_stack+0x45/0x70 [ 23.338248] kasan_save_track+0x18/0x40 [ 23.338598] kasan_save_alloc_info+0x3b/0x50 [ 23.339025] __kasan_kmalloc+0xb7/0xc0 [ 23.339212] __kmalloc_cache_noprof+0x189/0x420 [ 23.339391] kmalloc_uaf_memset+0xa9/0x360 [ 23.339855] kunit_try_run_case+0x1a5/0x480 [ 23.340188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.340470] kthread+0x337/0x6f0 [ 23.340875] ret_from_fork+0x116/0x1d0 [ 23.341157] ret_from_fork_asm+0x1a/0x30 [ 23.341433] [ 23.341530] Freed by task 234: [ 23.341792] kasan_save_stack+0x45/0x70 [ 23.342180] kasan_save_track+0x18/0x40 [ 23.342392] kasan_save_free_info+0x3f/0x60 [ 23.342781] __kasan_slab_free+0x56/0x70 [ 23.343111] kfree+0x222/0x3f0 [ 23.343235] kmalloc_uaf_memset+0x12b/0x360 [ 23.343642] kunit_try_run_case+0x1a5/0x480 [ 23.344065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.344316] kthread+0x337/0x6f0 [ 23.344483] ret_from_fork+0x116/0x1d0 [ 23.344920] ret_from_fork_asm+0x1a/0x30 [ 23.345120] [ 23.345191] The buggy address belongs to the object at ffff888105895900 [ 23.345191] which belongs to the cache kmalloc-64 of size 64 [ 23.345943] The buggy address is located 0 bytes inside of [ 23.345943] freed 64-byte region [ffff888105895900, ffff888105895940) [ 23.346665] [ 23.346895] The buggy address belongs to the physical page: [ 23.347158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105895 [ 23.347513] flags: 0x200000000000000(node=0|zone=2) [ 23.348083] page_type: f5(slab) [ 23.348230] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.348947] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.349388] page dumped because: kasan: bad access detected [ 23.349764] [ 23.349967] Memory state around the buggy address: [ 23.350139] ffff888105895800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.350941] ffff888105895880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.351252] >ffff888105895900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.351567] ^ [ 23.351993] ffff888105895980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.352353] ffff888105895a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.352906] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 23.287529] ================================================================== [ 23.288282] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 23.288920] Read of size 1 at addr ffff8881048b63a8 by task kunit_try_catch/232 [ 23.289618] [ 23.289876] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.289926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.289939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.289959] Call Trace: [ 23.289972] <TASK> [ 23.289987] dump_stack_lvl+0x73/0xb0 [ 23.290014] print_report+0xd1/0x650 [ 23.290036] ? __virt_addr_valid+0x1db/0x2d0 [ 23.290073] ? kmalloc_uaf+0x320/0x380 [ 23.290092] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.290117] ? kmalloc_uaf+0x320/0x380 [ 23.290136] kasan_report+0x141/0x180 [ 23.290157] ? kmalloc_uaf+0x320/0x380 [ 23.290180] __asan_report_load1_noabort+0x18/0x20 [ 23.290203] kmalloc_uaf+0x320/0x380 [ 23.290223] ? __pfx_kmalloc_uaf+0x10/0x10 [ 23.290242] ? __schedule+0x10cc/0x2b60 [ 23.290262] ? __pfx_read_tsc+0x10/0x10 [ 23.290283] ? ktime_get_ts64+0x86/0x230 [ 23.290316] kunit_try_run_case+0x1a5/0x480 [ 23.290341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.290364] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.290384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.290405] ? __kthread_parkme+0x82/0x180 [ 23.290424] ? preempt_count_sub+0x50/0x80 [ 23.290449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.290472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.290501] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.290525] kthread+0x337/0x6f0 [ 23.290544] ? trace_preempt_on+0x20/0xc0 [ 23.290566] ? __pfx_kthread+0x10/0x10 [ 23.290586] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.290609] ? calculate_sigpending+0x7b/0xa0 [ 23.290631] ? __pfx_kthread+0x10/0x10 [ 23.290652] ret_from_fork+0x116/0x1d0 [ 23.290670] ? __pfx_kthread+0x10/0x10 [ 23.290690] ret_from_fork_asm+0x1a/0x30 [ 23.290719] </TASK> [ 23.290730] [ 23.302448] Allocated by task 232: [ 23.302585] kasan_save_stack+0x45/0x70 [ 23.302719] kasan_save_track+0x18/0x40 [ 23.302846] kasan_save_alloc_info+0x3b/0x50 [ 23.302986] __kasan_kmalloc+0xb7/0xc0 [ 23.303109] __kmalloc_cache_noprof+0x189/0x420 [ 23.303257] kmalloc_uaf+0xaa/0x380 [ 23.303386] kunit_try_run_case+0x1a5/0x480 [ 23.303528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.303697] kthread+0x337/0x6f0 [ 23.303809] ret_from_fork+0x116/0x1d0 [ 23.303933] ret_from_fork_asm+0x1a/0x30 [ 23.304063] [ 23.304126] Freed by task 232: [ 23.304228] kasan_save_stack+0x45/0x70 [ 23.304479] kasan_save_track+0x18/0x40 [ 23.304803] kasan_save_free_info+0x3f/0x60 [ 23.305281] __kasan_slab_free+0x56/0x70 [ 23.305721] kfree+0x222/0x3f0 [ 23.306092] kmalloc_uaf+0x12c/0x380 [ 23.306408] kunit_try_run_case+0x1a5/0x480 [ 23.306763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.307365] kthread+0x337/0x6f0 [ 23.307780] ret_from_fork+0x116/0x1d0 [ 23.308179] ret_from_fork_asm+0x1a/0x30 [ 23.308659] [ 23.308851] The buggy address belongs to the object at ffff8881048b63a0 [ 23.308851] which belongs to the cache kmalloc-16 of size 16 [ 23.310240] The buggy address is located 8 bytes inside of [ 23.310240] freed 16-byte region [ffff8881048b63a0, ffff8881048b63b0) [ 23.311450] [ 23.311639] The buggy address belongs to the physical page: [ 23.312257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048b6 [ 23.313067] flags: 0x200000000000000(node=0|zone=2) [ 23.313599] page_type: f5(slab) [ 23.313934] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.314696] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.315481] page dumped because: kasan: bad access detected [ 23.316089] [ 23.316239] Memory state around the buggy address: [ 23.316741] ffff8881048b6280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.317479] ffff8881048b6300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.318105] >ffff8881048b6380: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.318821] ^ [ 23.319347] ffff8881048b6400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.320063] ffff8881048b6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.320803] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 23.261469] ================================================================== [ 23.262237] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.262632] Read of size 64 at addr ffff888105fdff04 by task kunit_try_catch/230 [ 23.263004] [ 23.263126] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.263173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.263186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.263206] Call Trace: [ 23.263218] <TASK> [ 23.263233] dump_stack_lvl+0x73/0xb0 [ 23.263261] print_report+0xd1/0x650 [ 23.263283] ? __virt_addr_valid+0x1db/0x2d0 [ 23.263317] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.263366] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263389] kasan_report+0x141/0x180 [ 23.263411] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263438] kasan_check_range+0x10c/0x1c0 [ 23.263482] __asan_memmove+0x27/0x70 [ 23.263517] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.263540] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.263564] ? __schedule+0x10cc/0x2b60 [ 23.263585] ? __pfx_read_tsc+0x10/0x10 [ 23.263623] ? ktime_get_ts64+0x86/0x230 [ 23.263648] kunit_try_run_case+0x1a5/0x480 [ 23.263672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.263756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.263778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.263800] ? __kthread_parkme+0x82/0x180 [ 23.263821] ? preempt_count_sub+0x50/0x80 [ 23.263844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.263869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.263892] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.263916] kthread+0x337/0x6f0 [ 23.263935] ? trace_preempt_on+0x20/0xc0 [ 23.263959] ? __pfx_kthread+0x10/0x10 [ 23.263979] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.264002] ? calculate_sigpending+0x7b/0xa0 [ 23.264025] ? __pfx_kthread+0x10/0x10 [ 23.264046] ret_from_fork+0x116/0x1d0 [ 23.264064] ? __pfx_kthread+0x10/0x10 [ 23.264085] ret_from_fork_asm+0x1a/0x30 [ 23.264115] </TASK> [ 23.264126] [ 23.272946] Allocated by task 230: [ 23.273361] kasan_save_stack+0x45/0x70 [ 23.273610] kasan_save_track+0x18/0x40 [ 23.273893] kasan_save_alloc_info+0x3b/0x50 [ 23.274076] __kasan_kmalloc+0xb7/0xc0 [ 23.274254] __kmalloc_cache_noprof+0x189/0x420 [ 23.274469] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.275061] kunit_try_run_case+0x1a5/0x480 [ 23.275354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.275674] kthread+0x337/0x6f0 [ 23.275911] ret_from_fork+0x116/0x1d0 [ 23.276237] ret_from_fork_asm+0x1a/0x30 [ 23.276479] [ 23.276588] The buggy address belongs to the object at ffff888105fdff00 [ 23.276588] which belongs to the cache kmalloc-64 of size 64 [ 23.277361] The buggy address is located 4 bytes inside of [ 23.277361] allocated 64-byte region [ffff888105fdff00, ffff888105fdff40) [ 23.278390] [ 23.278470] The buggy address belongs to the physical page: [ 23.279066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fdf [ 23.279394] flags: 0x200000000000000(node=0|zone=2) [ 23.279854] page_type: f5(slab) [ 23.280037] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.280460] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.280933] page dumped because: kasan: bad access detected [ 23.281194] [ 23.281288] Memory state around the buggy address: [ 23.281669] ffff888105fdfe00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.282058] ffff888105fdfe80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.282381] >ffff888105fdff00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.282972] ^ [ 23.283162] ffff888105fdff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.283667] ffff888105fe0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.284059] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 24.956405] ================================================================== [ 24.957165] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 24.957424] Read of size 1 at addr ffff8881061e7c4a by task kunit_try_catch/301 [ 24.958044] [ 24.958217] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.958267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.958281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.958303] Call Trace: [ 24.958328] <TASK> [ 24.958345] dump_stack_lvl+0x73/0xb0 [ 24.958375] print_report+0xd1/0x650 [ 24.958396] ? __virt_addr_valid+0x1db/0x2d0 [ 24.958419] ? kasan_alloca_oob_right+0x329/0x390 [ 24.958441] ? kasan_addr_to_slab+0x11/0xa0 [ 24.958462] ? kasan_alloca_oob_right+0x329/0x390 [ 24.958485] kasan_report+0x141/0x180 [ 24.958521] ? kasan_alloca_oob_right+0x329/0x390 [ 24.958548] __asan_report_load1_noabort+0x18/0x20 [ 24.958572] kasan_alloca_oob_right+0x329/0x390 [ 24.958596] ? finish_task_switch.isra.0+0x153/0x700 [ 24.958619] ? __ww_mutex_lock.constprop.0+0x1c7e/0x1e90 [ 24.958643] ? trace_hardirqs_on+0x37/0xe0 [ 24.958669] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 24.958694] ? __schedule+0x10cc/0x2b60 [ 24.958730] ? __pfx_read_tsc+0x10/0x10 [ 24.958752] ? ktime_get_ts64+0x86/0x230 [ 24.958777] kunit_try_run_case+0x1a5/0x480 [ 24.958804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.958827] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.958849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.958871] ? __kthread_parkme+0x82/0x180 [ 24.958891] ? preempt_count_sub+0x50/0x80 [ 24.958914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.958938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.958962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.958987] kthread+0x337/0x6f0 [ 24.959005] ? trace_preempt_on+0x20/0xc0 [ 24.959027] ? __pfx_kthread+0x10/0x10 [ 24.959047] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.959071] ? calculate_sigpending+0x7b/0xa0 [ 24.959095] ? __pfx_kthread+0x10/0x10 [ 24.959116] ret_from_fork+0x116/0x1d0 [ 24.959135] ? __pfx_kthread+0x10/0x10 [ 24.959156] ret_from_fork_asm+0x1a/0x30 [ 24.959187] </TASK> [ 24.959199] [ 24.969680] The buggy address belongs to stack of task kunit_try_catch/301 [ 24.970054] [ 24.970122] The buggy address belongs to the physical page: [ 24.970376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061e7 [ 24.970802] flags: 0x200000000000000(node=0|zone=2) [ 24.971027] raw: 0200000000000000 ffffea00041879c8 ffffea00041879c8 0000000000000000 [ 24.971269] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.971500] page dumped because: kasan: bad access detected [ 24.971666] [ 24.971752] Memory state around the buggy address: [ 24.971968] ffff8881061e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.972678] ffff8881061e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.972990] >ffff8881061e7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 24.973195] ^ [ 24.973374] ffff8881061e7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 24.974126] ffff8881061e7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.974429] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 24.927280] ================================================================== [ 24.927729] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 24.928316] Read of size 1 at addr ffff888106227c3f by task kunit_try_catch/299 [ 24.928598] [ 24.928842] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.928893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.928905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.928926] Call Trace: [ 24.928938] <TASK> [ 24.928954] dump_stack_lvl+0x73/0xb0 [ 24.928981] print_report+0xd1/0x650 [ 24.929003] ? __virt_addr_valid+0x1db/0x2d0 [ 24.929025] ? kasan_alloca_oob_left+0x320/0x380 [ 24.929046] ? kasan_addr_to_slab+0x11/0xa0 [ 24.929066] ? kasan_alloca_oob_left+0x320/0x380 [ 24.929129] kasan_report+0x141/0x180 [ 24.929163] ? kasan_alloca_oob_left+0x320/0x380 [ 24.929200] __asan_report_load1_noabort+0x18/0x20 [ 24.929224] kasan_alloca_oob_left+0x320/0x380 [ 24.929247] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.929270] ? finish_task_switch.isra.0+0x153/0x700 [ 24.929293] ? __ww_mutex_lock.constprop.0+0x1c7e/0x1e90 [ 24.929325] ? trace_hardirqs_on+0x37/0xe0 [ 24.929349] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 24.929374] ? __schedule+0x10cc/0x2b60 [ 24.929394] ? __pfx_read_tsc+0x10/0x10 [ 24.929416] ? ktime_get_ts64+0x86/0x230 [ 24.929440] kunit_try_run_case+0x1a5/0x480 [ 24.929465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.929497] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.929518] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.929540] ? __kthread_parkme+0x82/0x180 [ 24.929560] ? preempt_count_sub+0x50/0x80 [ 24.929583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.929608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.929631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.929656] kthread+0x337/0x6f0 [ 24.929688] ? trace_preempt_on+0x20/0xc0 [ 24.929711] ? __pfx_kthread+0x10/0x10 [ 24.929731] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.929760] ? calculate_sigpending+0x7b/0xa0 [ 24.929783] ? __pfx_kthread+0x10/0x10 [ 24.929803] ret_from_fork+0x116/0x1d0 [ 24.929822] ? __pfx_kthread+0x10/0x10 [ 24.929842] ret_from_fork_asm+0x1a/0x30 [ 24.929872] </TASK> [ 24.929885] [ 24.943587] The buggy address belongs to stack of task kunit_try_catch/299 [ 24.944381] [ 24.944556] The buggy address belongs to the physical page: [ 24.944974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106227 [ 24.945394] flags: 0x200000000000000(node=0|zone=2) [ 24.945688] raw: 0200000000000000 ffffea00041889c8 ffffea00041889c8 0000000000000000 [ 24.946513] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.947187] page dumped because: kasan: bad access detected [ 24.947382] [ 24.947451] Memory state around the buggy address: [ 24.947700] ffff888106227b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.948572] ffff888106227b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.949380] >ffff888106227c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 24.950125] ^ [ 24.950412] ffff888106227c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 24.950714] ffff888106227d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.951416] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 24.899888] ================================================================== [ 24.901253] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 24.902060] Read of size 1 at addr ffff8881061e7d02 by task kunit_try_catch/297 [ 24.903101] [ 24.903299] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.903364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.903378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.903401] Call Trace: [ 24.903415] <TASK> [ 24.903433] dump_stack_lvl+0x73/0xb0 [ 24.903463] print_report+0xd1/0x650 [ 24.903615] ? __virt_addr_valid+0x1db/0x2d0 [ 24.903646] ? kasan_stack_oob+0x2b5/0x300 [ 24.903669] ? kasan_addr_to_slab+0x11/0xa0 [ 24.903745] ? kasan_stack_oob+0x2b5/0x300 [ 24.903770] kasan_report+0x141/0x180 [ 24.903793] ? kasan_stack_oob+0x2b5/0x300 [ 24.903821] __asan_report_load1_noabort+0x18/0x20 [ 24.903846] kasan_stack_oob+0x2b5/0x300 [ 24.903870] ? __pfx_kasan_stack_oob+0x10/0x10 [ 24.903893] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.903923] ? __pfx_kasan_stack_oob+0x10/0x10 [ 24.903950] kunit_try_run_case+0x1a5/0x480 [ 24.903976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.903999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.904022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.904044] ? __kthread_parkme+0x82/0x180 [ 24.904064] ? preempt_count_sub+0x50/0x80 [ 24.904088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.904113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.904137] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.904162] kthread+0x337/0x6f0 [ 24.904182] ? trace_preempt_on+0x20/0xc0 [ 24.904205] ? __pfx_kthread+0x10/0x10 [ 24.904226] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.904250] ? calculate_sigpending+0x7b/0xa0 [ 24.904273] ? __pfx_kthread+0x10/0x10 [ 24.904295] ret_from_fork+0x116/0x1d0 [ 24.904327] ? __pfx_kthread+0x10/0x10 [ 24.904347] ret_from_fork_asm+0x1a/0x30 [ 24.904378] </TASK> [ 24.904391] [ 24.915573] The buggy address belongs to stack of task kunit_try_catch/297 [ 24.916220] and is located at offset 138 in frame: [ 24.916464] kasan_stack_oob+0x0/0x300 [ 24.917256] [ 24.917386] This frame has 4 objects: [ 24.917867] [48, 49) '__assertion' [ 24.917901] [64, 72) 'array' [ 24.918077] [96, 112) '__assertion' [ 24.918241] [128, 138) 'stack_array' [ 24.918795] [ 24.919031] The buggy address belongs to the physical page: [ 24.919465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061e7 [ 24.920011] flags: 0x200000000000000(node=0|zone=2) [ 24.920241] raw: 0200000000000000 ffffea00041879c8 ffffea00041879c8 0000000000000000 [ 24.920604] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.921189] page dumped because: kasan: bad access detected [ 24.921445] [ 24.921727] Memory state around the buggy address: [ 24.921961] ffff8881061e7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.922248] ffff8881061e7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 24.922795] >ffff8881061e7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.923059] ^ [ 24.923415] ffff8881061e7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 24.923887] ffff8881061e7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.924261] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 24.874082] ================================================================== [ 24.874631] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 24.874917] Read of size 1 at addr ffffffff944aaecd by task kunit_try_catch/293 [ 24.875197] [ 24.875354] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.875407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.875421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.875442] Call Trace: [ 24.875456] <TASK> [ 24.875494] dump_stack_lvl+0x73/0xb0 [ 24.875526] print_report+0xd1/0x650 [ 24.875559] ? __virt_addr_valid+0x1db/0x2d0 [ 24.875585] ? kasan_global_oob_right+0x286/0x2d0 [ 24.875630] ? kasan_addr_to_slab+0x11/0xa0 [ 24.875650] ? kasan_global_oob_right+0x286/0x2d0 [ 24.875677] kasan_report+0x141/0x180 [ 24.875699] ? kasan_global_oob_right+0x286/0x2d0 [ 24.875724] __asan_report_load1_noabort+0x18/0x20 [ 24.875748] kasan_global_oob_right+0x286/0x2d0 [ 24.875769] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 24.875797] ? __schedule+0x10cc/0x2b60 [ 24.875819] ? __pfx_read_tsc+0x10/0x10 [ 24.875841] ? ktime_get_ts64+0x86/0x230 [ 24.875867] kunit_try_run_case+0x1a5/0x480 [ 24.875894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.875917] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.875938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.875961] ? __kthread_parkme+0x82/0x180 [ 24.875982] ? preempt_count_sub+0x50/0x80 [ 24.876006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.876030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.876054] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.876079] kthread+0x337/0x6f0 [ 24.876098] ? trace_preempt_on+0x20/0xc0 [ 24.876122] ? __pfx_kthread+0x10/0x10 [ 24.876143] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.876166] ? calculate_sigpending+0x7b/0xa0 [ 24.876190] ? __pfx_kthread+0x10/0x10 [ 24.876212] ret_from_fork+0x116/0x1d0 [ 24.876231] ? __pfx_kthread+0x10/0x10 [ 24.876252] ret_from_fork_asm+0x1a/0x30 [ 24.876284] </TASK> [ 24.876295] [ 24.887375] The buggy address belongs to the variable: [ 24.887616] global_array+0xd/0x40 [ 24.888022] [ 24.888204] The buggy address belongs to the physical page: [ 24.888797] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110caa [ 24.889477] flags: 0x200000000002000(reserved|node=0|zone=2) [ 24.890061] raw: 0200000000002000 ffffea0004432a88 ffffea0004432a88 0000000000000000 [ 24.890292] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.890565] page dumped because: kasan: bad access detected [ 24.891116] [ 24.891271] Memory state around the buggy address: [ 24.891830] ffffffff944aad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.892431] ffffffff944aae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.893118] >ffffffff944aae80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 24.893421] ^ [ 24.893852] ffffffff944aaf00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 24.894472] ffffffff944aaf80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 24.894936] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 24.847044] ================================================================== [ 24.847868] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.848572] Free of addr ffff888106154001 by task kunit_try_catch/291 [ 24.849009] [ 24.849103] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.849155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.849168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.849190] Call Trace: [ 24.849203] <TASK> [ 24.849219] dump_stack_lvl+0x73/0xb0 [ 24.849248] print_report+0xd1/0x650 [ 24.849269] ? __virt_addr_valid+0x1db/0x2d0 [ 24.849293] ? kasan_addr_to_slab+0x11/0xa0 [ 24.849325] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.849352] kasan_report_invalid_free+0x10a/0x130 [ 24.849376] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.849402] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.849426] __kasan_mempool_poison_object+0x102/0x1d0 [ 24.849450] mempool_free+0x2ec/0x380 [ 24.849500] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.849525] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 24.849554] ? finish_task_switch.isra.0+0x153/0x700 [ 24.849580] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 24.849605] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 24.849631] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.849655] ? __pfx_mempool_kfree+0x10/0x10 [ 24.849700] ? __pfx_read_tsc+0x10/0x10 [ 24.849721] ? ktime_get_ts64+0x86/0x230 [ 24.849750] kunit_try_run_case+0x1a5/0x480 [ 24.849775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.849798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.849820] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.849842] ? __kthread_parkme+0x82/0x180 [ 24.849862] ? preempt_count_sub+0x50/0x80 [ 24.849885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.849909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.849934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.849958] kthread+0x337/0x6f0 [ 24.849977] ? trace_preempt_on+0x20/0xc0 [ 24.850000] ? __pfx_kthread+0x10/0x10 [ 24.850020] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.850043] ? calculate_sigpending+0x7b/0xa0 [ 24.850067] ? __pfx_kthread+0x10/0x10 [ 24.850088] ret_from_fork+0x116/0x1d0 [ 24.850107] ? __pfx_kthread+0x10/0x10 [ 24.850127] ret_from_fork_asm+0x1a/0x30 [ 24.850157] </TASK> [ 24.850169] [ 24.864178] The buggy address belongs to the physical page: [ 24.864729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106154 [ 24.864998] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.865221] flags: 0x200000000000040(head|node=0|zone=2) [ 24.865412] page_type: f8(unknown) [ 24.865615] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.865958] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.866237] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.866601] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.866976] head: 0200000000000002 ffffea0004185501 00000000ffffffff 00000000ffffffff [ 24.867300] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.867625] page dumped because: kasan: bad access detected [ 24.868090] [ 24.868189] Memory state around the buggy address: [ 24.868373] ffff888106153f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.868777] ffff888106153f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.869068] >ffff888106154000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.869363] ^ [ 24.869494] ffff888106154080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.869847] ffff888106154100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.870127] ================================================================== [ 24.817654] ================================================================== [ 24.818346] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.818753] Free of addr ffff888104950d01 by task kunit_try_catch/289 [ 24.819038] [ 24.819151] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.819330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.819345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.819417] Call Trace: [ 24.819430] <TASK> [ 24.819449] dump_stack_lvl+0x73/0xb0 [ 24.819494] print_report+0xd1/0x650 [ 24.819519] ? __virt_addr_valid+0x1db/0x2d0 [ 24.819545] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.819572] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.819598] kasan_report_invalid_free+0x10a/0x130 [ 24.819623] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.819650] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.819674] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.819710] check_slab_allocation+0x11f/0x130 [ 24.819732] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.819756] mempool_free+0x2ec/0x380 [ 24.819785] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.819810] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 24.819834] ? update_load_avg+0x1be/0x21b0 [ 24.819905] ? finish_task_switch.isra.0+0x153/0x700 [ 24.819933] mempool_kmalloc_invalid_free+0xed/0x140 [ 24.820005] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 24.820032] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.820065] ? __pfx_mempool_kfree+0x10/0x10 [ 24.820091] ? __pfx_read_tsc+0x10/0x10 [ 24.820114] ? ktime_get_ts64+0x86/0x230 [ 24.820141] kunit_try_run_case+0x1a5/0x480 [ 24.820169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.820193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.820216] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.820239] ? __kthread_parkme+0x82/0x180 [ 24.820261] ? preempt_count_sub+0x50/0x80 [ 24.820286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.820320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.820345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.820370] kthread+0x337/0x6f0 [ 24.820389] ? trace_preempt_on+0x20/0xc0 [ 24.820414] ? __pfx_kthread+0x10/0x10 [ 24.820435] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.820460] ? calculate_sigpending+0x7b/0xa0 [ 24.820485] ? __pfx_kthread+0x10/0x10 [ 24.820516] ret_from_fork+0x116/0x1d0 [ 24.820536] ? __pfx_kthread+0x10/0x10 [ 24.820557] ret_from_fork_asm+0x1a/0x30 [ 24.820591] </TASK> [ 24.820603] [ 24.833888] Allocated by task 289: [ 24.834024] kasan_save_stack+0x45/0x70 [ 24.834236] kasan_save_track+0x18/0x40 [ 24.834445] kasan_save_alloc_info+0x3b/0x50 [ 24.834765] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.835014] remove_element+0x11e/0x190 [ 24.835156] mempool_alloc_preallocated+0x4d/0x90 [ 24.835351] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 24.835601] mempool_kmalloc_invalid_free+0xed/0x140 [ 24.835963] kunit_try_run_case+0x1a5/0x480 [ 24.836259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.836444] kthread+0x337/0x6f0 [ 24.836606] ret_from_fork+0x116/0x1d0 [ 24.836860] ret_from_fork_asm+0x1a/0x30 [ 24.837085] [ 24.837193] The buggy address belongs to the object at ffff888104950d00 [ 24.837193] which belongs to the cache kmalloc-128 of size 128 [ 24.837599] The buggy address is located 1 bytes inside of [ 24.837599] 128-byte region [ffff888104950d00, ffff888104950d80) [ 24.838064] [ 24.838167] The buggy address belongs to the physical page: [ 24.838356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 24.838830] flags: 0x200000000000000(node=0|zone=2) [ 24.839086] page_type: f5(slab) [ 24.839259] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.839853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.840181] page dumped because: kasan: bad access detected [ 24.840416] [ 24.840519] Memory state around the buggy address: [ 24.840770] ffff888104950c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.841104] ffff888104950c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.841416] >ffff888104950d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.841784] ^ [ 24.841977] ffff888104950d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.842289] ffff888104950e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.842621] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 24.764836] ================================================================== [ 24.765841] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.766610] Free of addr ffff8881060dc000 by task kunit_try_catch/285 [ 24.767097] [ 24.767450] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.767511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.767525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.767548] Call Trace: [ 24.767561] <TASK> [ 24.767582] dump_stack_lvl+0x73/0xb0 [ 24.767616] print_report+0xd1/0x650 [ 24.767640] ? __virt_addr_valid+0x1db/0x2d0 [ 24.767666] ? kasan_addr_to_slab+0x11/0xa0 [ 24.767686] ? mempool_double_free_helper+0x184/0x370 [ 24.767711] kasan_report_invalid_free+0x10a/0x130 [ 24.767808] ? mempool_double_free_helper+0x184/0x370 [ 24.767836] ? mempool_double_free_helper+0x184/0x370 [ 24.767858] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 24.767883] mempool_free+0x2ec/0x380 [ 24.767909] mempool_double_free_helper+0x184/0x370 [ 24.767932] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.767957] ? __kasan_check_write+0x18/0x20 [ 24.767981] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.768003] ? finish_task_switch.isra.0+0x153/0x700 [ 24.768030] mempool_kmalloc_large_double_free+0xed/0x140 [ 24.768054] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 24.768081] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.768104] ? __pfx_mempool_kfree+0x10/0x10 [ 24.768128] ? __pfx_read_tsc+0x10/0x10 [ 24.768150] ? ktime_get_ts64+0x86/0x230 [ 24.768174] kunit_try_run_case+0x1a5/0x480 [ 24.768201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.768223] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.768247] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.768269] ? __kthread_parkme+0x82/0x180 [ 24.768290] ? preempt_count_sub+0x50/0x80 [ 24.768324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.768349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.768374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.768398] kthread+0x337/0x6f0 [ 24.768419] ? trace_preempt_on+0x20/0xc0 [ 24.768442] ? __pfx_kthread+0x10/0x10 [ 24.768463] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.768497] ? calculate_sigpending+0x7b/0xa0 [ 24.768521] ? __pfx_kthread+0x10/0x10 [ 24.768543] ret_from_fork+0x116/0x1d0 [ 24.768561] ? __pfx_kthread+0x10/0x10 [ 24.768582] ret_from_fork_asm+0x1a/0x30 [ 24.768613] </TASK> [ 24.768626] [ 24.781944] The buggy address belongs to the physical page: [ 24.782161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.782493] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.783100] flags: 0x200000000000040(head|node=0|zone=2) [ 24.783452] page_type: f8(unknown) [ 24.783884] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.784333] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.784931] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.785392] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.785904] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.786210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.786687] page dumped because: kasan: bad access detected [ 24.787052] [ 24.787171] Memory state around the buggy address: [ 24.787412] ffff8881060dbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788027] ffff8881060dbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788452] >ffff8881060dc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788897] ^ [ 24.789040] ffff8881060dc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.789725] ffff8881060dc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.790043] ================================================================== [ 24.795296] ================================================================== [ 24.795734] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.795976] Free of addr ffff8881060dc000 by task kunit_try_catch/287 [ 24.796171] [ 24.796256] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.796321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.796334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.796356] Call Trace: [ 24.796370] <TASK> [ 24.796389] dump_stack_lvl+0x73/0xb0 [ 24.796418] print_report+0xd1/0x650 [ 24.796441] ? __virt_addr_valid+0x1db/0x2d0 [ 24.796467] ? kasan_addr_to_slab+0x11/0xa0 [ 24.796486] ? mempool_double_free_helper+0x184/0x370 [ 24.796510] kasan_report_invalid_free+0x10a/0x130 [ 24.796533] ? mempool_double_free_helper+0x184/0x370 [ 24.796558] ? mempool_double_free_helper+0x184/0x370 [ 24.796580] __kasan_mempool_poison_pages+0x115/0x130 [ 24.796605] mempool_free+0x290/0x380 [ 24.796631] mempool_double_free_helper+0x184/0x370 [ 24.796655] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.796681] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.796704] ? finish_task_switch.isra.0+0x153/0x700 [ 24.796730] mempool_page_alloc_double_free+0xe8/0x140 [ 24.797228] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 24.797258] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 24.797283] ? __pfx_mempool_free_pages+0x10/0x10 [ 24.797321] ? __pfx_read_tsc+0x10/0x10 [ 24.797345] ? ktime_get_ts64+0x86/0x230 [ 24.797370] kunit_try_run_case+0x1a5/0x480 [ 24.797396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.797421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.797443] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.797464] ? __kthread_parkme+0x82/0x180 [ 24.797486] ? preempt_count_sub+0x50/0x80 [ 24.797521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.797546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.797571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.797595] kthread+0x337/0x6f0 [ 24.797614] ? trace_preempt_on+0x20/0xc0 [ 24.797638] ? __pfx_kthread+0x10/0x10 [ 24.797659] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.797690] ? calculate_sigpending+0x7b/0xa0 [ 24.797714] ? __pfx_kthread+0x10/0x10 [ 24.797735] ret_from_fork+0x116/0x1d0 [ 24.797759] ? __pfx_kthread+0x10/0x10 [ 24.797779] ret_from_fork_asm+0x1a/0x30 [ 24.797811] </TASK> [ 24.797824] [ 24.808147] The buggy address belongs to the physical page: [ 24.808400] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.809205] flags: 0x200000000000000(node=0|zone=2) [ 24.809503] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 24.809972] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.810205] page dumped because: kasan: bad access detected [ 24.810385] [ 24.810488] Memory state around the buggy address: [ 24.810796] ffff8881060dbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.811234] ffff8881060dbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.811545] >ffff8881060dc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.811918] ^ [ 24.812063] ffff8881060dc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.812419] ffff8881060dc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.812739] ================================================================== [ 24.725973] ================================================================== [ 24.727098] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.727830] Free of addr ffff888105898700 by task kunit_try_catch/283 [ 24.728515] [ 24.728705] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.728774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.728788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.728820] Call Trace: [ 24.728833] <TASK> [ 24.728853] dump_stack_lvl+0x73/0xb0 [ 24.729037] print_report+0xd1/0x650 [ 24.729065] ? __virt_addr_valid+0x1db/0x2d0 [ 24.729091] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.729116] ? mempool_double_free_helper+0x184/0x370 [ 24.729141] kasan_report_invalid_free+0x10a/0x130 [ 24.729165] ? mempool_double_free_helper+0x184/0x370 [ 24.729190] ? mempool_double_free_helper+0x184/0x370 [ 24.729212] ? mempool_double_free_helper+0x184/0x370 [ 24.729235] check_slab_allocation+0x101/0x130 [ 24.729257] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.729280] mempool_free+0x2ec/0x380 [ 24.729322] mempool_double_free_helper+0x184/0x370 [ 24.729348] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.729375] ? finish_task_switch.isra.0+0x153/0x700 [ 24.729401] mempool_kmalloc_double_free+0xed/0x140 [ 24.729424] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 24.729450] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.729472] ? __pfx_mempool_kfree+0x10/0x10 [ 24.729536] ? __pfx_read_tsc+0x10/0x10 [ 24.729560] ? ktime_get_ts64+0x86/0x230 [ 24.729586] kunit_try_run_case+0x1a5/0x480 [ 24.729613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729636] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.729657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.729746] ? __kthread_parkme+0x82/0x180 [ 24.729769] ? preempt_count_sub+0x50/0x80 [ 24.729792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.729842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.729866] kthread+0x337/0x6f0 [ 24.729886] ? trace_preempt_on+0x20/0xc0 [ 24.729910] ? __pfx_kthread+0x10/0x10 [ 24.729930] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.729954] ? calculate_sigpending+0x7b/0xa0 [ 24.729977] ? __pfx_kthread+0x10/0x10 [ 24.729999] ret_from_fork+0x116/0x1d0 [ 24.730017] ? __pfx_kthread+0x10/0x10 [ 24.730039] ret_from_fork_asm+0x1a/0x30 [ 24.730070] </TASK> [ 24.730083] [ 24.742277] Allocated by task 283: [ 24.742481] kasan_save_stack+0x45/0x70 [ 24.742670] kasan_save_track+0x18/0x40 [ 24.742961] kasan_save_alloc_info+0x3b/0x50 [ 24.743108] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.743276] remove_element+0x11e/0x190 [ 24.743420] mempool_alloc_preallocated+0x4d/0x90 [ 24.743859] mempool_double_free_helper+0x8a/0x370 [ 24.744148] mempool_kmalloc_double_free+0xed/0x140 [ 24.744391] kunit_try_run_case+0x1a5/0x480 [ 24.744600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.744849] kthread+0x337/0x6f0 [ 24.745051] ret_from_fork+0x116/0x1d0 [ 24.745822] ret_from_fork_asm+0x1a/0x30 [ 24.746022] [ 24.746090] Freed by task 283: [ 24.746299] kasan_save_stack+0x45/0x70 [ 24.746538] kasan_save_track+0x18/0x40 [ 24.747138] kasan_save_free_info+0x3f/0x60 [ 24.747368] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.747865] mempool_free+0x2ec/0x380 [ 24.748175] mempool_double_free_helper+0x109/0x370 [ 24.748520] mempool_kmalloc_double_free+0xed/0x140 [ 24.748908] kunit_try_run_case+0x1a5/0x480 [ 24.749135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.749791] kthread+0x337/0x6f0 [ 24.750142] ret_from_fork+0x116/0x1d0 [ 24.750355] ret_from_fork_asm+0x1a/0x30 [ 24.750778] [ 24.750876] The buggy address belongs to the object at ffff888105898700 [ 24.750876] which belongs to the cache kmalloc-128 of size 128 [ 24.751530] The buggy address is located 0 bytes inside of [ 24.751530] 128-byte region [ffff888105898700, ffff888105898780) [ 24.752299] [ 24.752644] The buggy address belongs to the physical page: [ 24.753685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 24.754294] flags: 0x200000000000000(node=0|zone=2) [ 24.754483] page_type: f5(slab) [ 24.754913] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.755804] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.756254] page dumped because: kasan: bad access detected [ 24.756436] [ 24.756525] Memory state around the buggy address: [ 24.757195] ffff888105898600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.758085] ffff888105898680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.758616] >ffff888105898700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.759174] ^ [ 24.759499] ffff888105898780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.760119] ffff888105898800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.761011] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 24.690483] ================================================================== [ 24.690877] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.691107] Read of size 1 at addr ffff8881060dc000 by task kunit_try_catch/281 [ 24.691334] [ 24.691423] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.691479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.691493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.691517] Call Trace: [ 24.691531] <TASK> [ 24.691553] dump_stack_lvl+0x73/0xb0 [ 24.691583] print_report+0xd1/0x650 [ 24.691607] ? __virt_addr_valid+0x1db/0x2d0 [ 24.691634] ? mempool_uaf_helper+0x392/0x400 [ 24.691656] ? kasan_addr_to_slab+0x11/0xa0 [ 24.691676] ? mempool_uaf_helper+0x392/0x400 [ 24.691698] kasan_report+0x141/0x180 [ 24.691719] ? mempool_uaf_helper+0x392/0x400 [ 24.691745] __asan_report_load1_noabort+0x18/0x20 [ 24.691769] mempool_uaf_helper+0x392/0x400 [ 24.691791] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.691814] ? __kasan_check_write+0x18/0x20 [ 24.691837] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.691859] ? finish_task_switch.isra.0+0x153/0x700 [ 24.691885] mempool_page_alloc_uaf+0xed/0x140 [ 24.691908] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 24.691933] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 24.691957] ? __pfx_mempool_free_pages+0x10/0x10 [ 24.691981] ? __pfx_read_tsc+0x10/0x10 [ 24.692002] ? ktime_get_ts64+0x86/0x230 [ 24.692028] kunit_try_run_case+0x1a5/0x480 [ 24.692054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.692076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.692099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.692120] ? __kthread_parkme+0x82/0x180 [ 24.692141] ? preempt_count_sub+0x50/0x80 [ 24.692162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.692187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.692210] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.692235] kthread+0x337/0x6f0 [ 24.692253] ? trace_preempt_on+0x20/0xc0 [ 24.692277] ? __pfx_kthread+0x10/0x10 [ 24.692297] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.692852] ? calculate_sigpending+0x7b/0xa0 [ 24.692896] ? __pfx_kthread+0x10/0x10 [ 24.692920] ret_from_fork+0x116/0x1d0 [ 24.692942] ? __pfx_kthread+0x10/0x10 [ 24.693201] ret_from_fork_asm+0x1a/0x30 [ 24.693236] </TASK> [ 24.693251] [ 24.712883] The buggy address belongs to the physical page: [ 24.713084] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.713339] flags: 0x200000000000000(node=0|zone=2) [ 24.713852] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 24.714766] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.715836] page dumped because: kasan: bad access detected [ 24.716545] [ 24.716850] Memory state around the buggy address: [ 24.717428] ffff8881060dbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.718252] ffff8881060dbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.719073] >ffff8881060dc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.719302] ^ [ 24.719438] ffff8881060dc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.720439] ffff8881060dc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.721399] ================================================================== [ 24.615993] ================================================================== [ 24.616401] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.617153] Read of size 1 at addr ffff888106154000 by task kunit_try_catch/277 [ 24.617946] [ 24.618175] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.618233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.618247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.618271] Call Trace: [ 24.618286] <TASK> [ 24.618318] dump_stack_lvl+0x73/0xb0 [ 24.618355] print_report+0xd1/0x650 [ 24.618380] ? __virt_addr_valid+0x1db/0x2d0 [ 24.618405] ? mempool_uaf_helper+0x392/0x400 [ 24.618427] ? kasan_addr_to_slab+0x11/0xa0 [ 24.618447] ? mempool_uaf_helper+0x392/0x400 [ 24.618469] kasan_report+0x141/0x180 [ 24.618497] ? mempool_uaf_helper+0x392/0x400 [ 24.618524] __asan_report_load1_noabort+0x18/0x20 [ 24.618577] mempool_uaf_helper+0x392/0x400 [ 24.618600] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.618635] ? __kasan_check_write+0x18/0x20 [ 24.618658] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.618683] ? finish_task_switch.isra.0+0x153/0x700 [ 24.618725] mempool_kmalloc_large_uaf+0xef/0x140 [ 24.618748] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 24.618773] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.618798] ? __pfx_mempool_kfree+0x10/0x10 [ 24.618823] ? __pfx_read_tsc+0x10/0x10 [ 24.618847] ? ktime_get_ts64+0x86/0x230 [ 24.618873] kunit_try_run_case+0x1a5/0x480 [ 24.618903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.618926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.618949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.618971] ? __kthread_parkme+0x82/0x180 [ 24.618992] ? preempt_count_sub+0x50/0x80 [ 24.619014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.619039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.619064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.619088] kthread+0x337/0x6f0 [ 24.619107] ? trace_preempt_on+0x20/0xc0 [ 24.619132] ? __pfx_kthread+0x10/0x10 [ 24.619153] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.619178] ? calculate_sigpending+0x7b/0xa0 [ 24.619203] ? __pfx_kthread+0x10/0x10 [ 24.619224] ret_from_fork+0x116/0x1d0 [ 24.619243] ? __pfx_kthread+0x10/0x10 [ 24.619263] ret_from_fork_asm+0x1a/0x30 [ 24.619296] </TASK> [ 24.619318] [ 24.632197] The buggy address belongs to the physical page: [ 24.632453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106154 [ 24.633215] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.633772] flags: 0x200000000000040(head|node=0|zone=2) [ 24.634027] page_type: f8(unknown) [ 24.634197] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.634798] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.635258] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.636468] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.637257] head: 0200000000000002 ffffea0004185501 00000000ffffffff 00000000ffffffff [ 24.637894] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.638420] page dumped because: kasan: bad access detected [ 24.639104] [ 24.639199] Memory state around the buggy address: [ 24.639563] ffff888106153f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.640159] ffff888106153f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.640494] >ffff888106154000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.641000] ^ [ 24.641410] ffff888106154080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.641962] ffff888106154100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.642522] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 24.646987] ================================================================== [ 24.647621] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.648044] Read of size 1 at addr ffff88810490b240 by task kunit_try_catch/279 [ 24.648472] [ 24.648588] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.648649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.648811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.648873] Call Trace: [ 24.648889] <TASK> [ 24.648911] dump_stack_lvl+0x73/0xb0 [ 24.648957] print_report+0xd1/0x650 [ 24.648982] ? __virt_addr_valid+0x1db/0x2d0 [ 24.649007] ? mempool_uaf_helper+0x392/0x400 [ 24.649030] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.649057] ? mempool_uaf_helper+0x392/0x400 [ 24.649078] kasan_report+0x141/0x180 [ 24.649100] ? mempool_uaf_helper+0x392/0x400 [ 24.649127] __asan_report_load1_noabort+0x18/0x20 [ 24.649151] mempool_uaf_helper+0x392/0x400 [ 24.649173] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.649198] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.649220] ? finish_task_switch.isra.0+0x153/0x700 [ 24.649246] mempool_slab_uaf+0xea/0x140 [ 24.649268] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.649294] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.649328] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.649375] ? __pfx_read_tsc+0x10/0x10 [ 24.649398] ? ktime_get_ts64+0x86/0x230 [ 24.649423] kunit_try_run_case+0x1a5/0x480 [ 24.649457] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.649481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.649522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.649545] ? __kthread_parkme+0x82/0x180 [ 24.649567] ? preempt_count_sub+0x50/0x80 [ 24.649590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.649615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.649640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.649665] kthread+0x337/0x6f0 [ 24.649744] ? trace_preempt_on+0x20/0xc0 [ 24.649772] ? __pfx_kthread+0x10/0x10 [ 24.649793] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.649818] ? calculate_sigpending+0x7b/0xa0 [ 24.649842] ? __pfx_kthread+0x10/0x10 [ 24.649864] ret_from_fork+0x116/0x1d0 [ 24.649883] ? __pfx_kthread+0x10/0x10 [ 24.649903] ret_from_fork_asm+0x1a/0x30 [ 24.649935] </TASK> [ 24.649948] [ 24.660924] Allocated by task 279: [ 24.661101] kasan_save_stack+0x45/0x70 [ 24.661291] kasan_save_track+0x18/0x40 [ 24.661477] kasan_save_alloc_info+0x3b/0x50 [ 24.662219] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.662483] remove_element+0x11e/0x190 [ 24.662946] mempool_alloc_preallocated+0x4d/0x90 [ 24.663132] mempool_uaf_helper+0x96/0x400 [ 24.663440] mempool_slab_uaf+0xea/0x140 [ 24.663988] kunit_try_run_case+0x1a5/0x480 [ 24.664196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.664587] kthread+0x337/0x6f0 [ 24.664739] ret_from_fork+0x116/0x1d0 [ 24.665197] ret_from_fork_asm+0x1a/0x30 [ 24.665523] [ 24.665620] Freed by task 279: [ 24.665990] kasan_save_stack+0x45/0x70 [ 24.666215] kasan_save_track+0x18/0x40 [ 24.666481] kasan_save_free_info+0x3f/0x60 [ 24.666936] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.667201] mempool_free+0x2ec/0x380 [ 24.667434] mempool_uaf_helper+0x11a/0x400 [ 24.667942] mempool_slab_uaf+0xea/0x140 [ 24.668256] kunit_try_run_case+0x1a5/0x480 [ 24.668460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.668701] kthread+0x337/0x6f0 [ 24.669051] ret_from_fork+0x116/0x1d0 [ 24.669483] ret_from_fork_asm+0x1a/0x30 [ 24.669802] [ 24.670031] The buggy address belongs to the object at ffff88810490b240 [ 24.670031] which belongs to the cache test_cache of size 123 [ 24.670837] The buggy address is located 0 bytes inside of [ 24.670837] freed 123-byte region [ffff88810490b240, ffff88810490b2bb) [ 24.671346] [ 24.671443] The buggy address belongs to the physical page: [ 24.672041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10490b [ 24.672459] flags: 0x200000000000000(node=0|zone=2) [ 24.672901] page_type: f5(slab) [ 24.673184] raw: 0200000000000000 ffff8881057ff140 dead000000000122 0000000000000000 [ 24.673716] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.674196] page dumped because: kasan: bad access detected [ 24.674473] [ 24.674768] Memory state around the buggy address: [ 24.674954] ffff88810490b100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.675408] ffff88810490b180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.675900] >ffff88810490b200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.676289] ^ [ 24.676577] ffff88810490b280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.677006] ffff88810490b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.677455] ================================================================== [ 24.575335] ================================================================== [ 24.576171] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.576934] Read of size 1 at addr ffff888105898300 by task kunit_try_catch/275 [ 24.577925] [ 24.578143] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.578218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.578232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.578258] Call Trace: [ 24.578272] <TASK> [ 24.578296] dump_stack_lvl+0x73/0xb0 [ 24.578345] print_report+0xd1/0x650 [ 24.578371] ? __virt_addr_valid+0x1db/0x2d0 [ 24.578397] ? mempool_uaf_helper+0x392/0x400 [ 24.578420] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.578448] ? mempool_uaf_helper+0x392/0x400 [ 24.578471] kasan_report+0x141/0x180 [ 24.578630] ? mempool_uaf_helper+0x392/0x400 [ 24.578662] __asan_report_load1_noabort+0x18/0x20 [ 24.578701] mempool_uaf_helper+0x392/0x400 [ 24.578725] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.578748] ? __kasan_check_write+0x18/0x20 [ 24.578772] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.578796] ? finish_task_switch.isra.0+0x153/0x700 [ 24.578824] mempool_kmalloc_uaf+0xef/0x140 [ 24.578845] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 24.578870] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.578894] ? __pfx_mempool_kfree+0x10/0x10 [ 24.578919] ? __pfx_read_tsc+0x10/0x10 [ 24.578942] ? ktime_get_ts64+0x86/0x230 [ 24.578967] kunit_try_run_case+0x1a5/0x480 [ 24.578995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.579019] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.579042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.579064] ? __kthread_parkme+0x82/0x180 [ 24.579085] ? preempt_count_sub+0x50/0x80 [ 24.579108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.579132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.579157] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.579182] kthread+0x337/0x6f0 [ 24.579202] ? trace_preempt_on+0x20/0xc0 [ 24.579227] ? __pfx_kthread+0x10/0x10 [ 24.579247] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.579271] ? calculate_sigpending+0x7b/0xa0 [ 24.579296] ? __pfx_kthread+0x10/0x10 [ 24.579330] ret_from_fork+0x116/0x1d0 [ 24.579349] ? __pfx_kthread+0x10/0x10 [ 24.579370] ret_from_fork_asm+0x1a/0x30 [ 24.579402] </TASK> [ 24.579417] [ 24.596077] Allocated by task 275: [ 24.596345] kasan_save_stack+0x45/0x70 [ 24.596521] kasan_save_track+0x18/0x40 [ 24.596889] kasan_save_alloc_info+0x3b/0x50 [ 24.597378] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.597951] remove_element+0x11e/0x190 [ 24.598484] mempool_alloc_preallocated+0x4d/0x90 [ 24.598682] mempool_uaf_helper+0x96/0x400 [ 24.599108] mempool_kmalloc_uaf+0xef/0x140 [ 24.599590] kunit_try_run_case+0x1a5/0x480 [ 24.600030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.600461] kthread+0x337/0x6f0 [ 24.600815] ret_from_fork+0x116/0x1d0 [ 24.601082] ret_from_fork_asm+0x1a/0x30 [ 24.601217] [ 24.601283] Freed by task 275: [ 24.601399] kasan_save_stack+0x45/0x70 [ 24.601590] kasan_save_track+0x18/0x40 [ 24.601951] kasan_save_free_info+0x3f/0x60 [ 24.602394] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.602803] mempool_free+0x2ec/0x380 [ 24.603186] mempool_uaf_helper+0x11a/0x400 [ 24.603633] mempool_kmalloc_uaf+0xef/0x140 [ 24.603981] kunit_try_run_case+0x1a5/0x480 [ 24.604128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.604297] kthread+0x337/0x6f0 [ 24.604426] ret_from_fork+0x116/0x1d0 [ 24.604578] ret_from_fork_asm+0x1a/0x30 [ 24.604708] [ 24.604838] The buggy address belongs to the object at ffff888105898300 [ 24.604838] which belongs to the cache kmalloc-128 of size 128 [ 24.605378] The buggy address is located 0 bytes inside of [ 24.605378] freed 128-byte region [ffff888105898300, ffff888105898380) [ 24.605938] [ 24.606072] The buggy address belongs to the physical page: [ 24.606339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105898 [ 24.606701] flags: 0x200000000000000(node=0|zone=2) [ 24.607094] page_type: f5(slab) [ 24.607273] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.607598] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.608050] page dumped because: kasan: bad access detected [ 24.608220] [ 24.608284] Memory state around the buggy address: [ 24.608513] ffff888105898200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.608914] ffff888105898280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.609884] >ffff888105898300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.610172] ^ [ 24.610371] ffff888105898380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.610974] ffff888105898400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.611291] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 24.483883] ================================================================== [ 24.484358] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.484700] Read of size 1 at addr ffff888104950973 by task kunit_try_catch/269 [ 24.485008] [ 24.485138] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.485195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.485209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.485233] Call Trace: [ 24.485248] <TASK> [ 24.485270] dump_stack_lvl+0x73/0xb0 [ 24.485316] print_report+0xd1/0x650 [ 24.485341] ? __virt_addr_valid+0x1db/0x2d0 [ 24.485367] ? mempool_oob_right_helper+0x318/0x380 [ 24.485391] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.485417] ? mempool_oob_right_helper+0x318/0x380 [ 24.485441] kasan_report+0x141/0x180 [ 24.485463] ? mempool_oob_right_helper+0x318/0x380 [ 24.485491] __asan_report_load1_noabort+0x18/0x20 [ 24.485515] mempool_oob_right_helper+0x318/0x380 [ 24.485539] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.485563] ? ret_from_fork+0x116/0x1d0 [ 24.485584] ? kthread+0x337/0x6f0 [ 24.485607] ? ret_from_fork_asm+0x1a/0x30 [ 24.485631] ? mempool_alloc_preallocated+0x5b/0x90 [ 24.485702] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.485727] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.485759] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.485783] ? __pfx_mempool_kfree+0x10/0x10 [ 24.485808] ? __pfx_read_tsc+0x10/0x10 [ 24.485830] ? ktime_get_ts64+0x86/0x230 [ 24.485857] kunit_try_run_case+0x1a5/0x480 [ 24.485887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.485912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.485936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.485958] ? __kthread_parkme+0x82/0x180 [ 24.485979] ? preempt_count_sub+0x50/0x80 [ 24.486004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.486029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.486053] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.486078] kthread+0x337/0x6f0 [ 24.486098] ? trace_preempt_on+0x20/0xc0 [ 24.486123] ? __pfx_kthread+0x10/0x10 [ 24.486143] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.486168] ? calculate_sigpending+0x7b/0xa0 [ 24.486193] ? __pfx_kthread+0x10/0x10 [ 24.486215] ret_from_fork+0x116/0x1d0 [ 24.486234] ? __pfx_kthread+0x10/0x10 [ 24.486255] ret_from_fork_asm+0x1a/0x30 [ 24.486287] </TASK> [ 24.486300] [ 24.497060] Allocated by task 269: [ 24.497407] kasan_save_stack+0x45/0x70 [ 24.497736] kasan_save_track+0x18/0x40 [ 24.498136] kasan_save_alloc_info+0x3b/0x50 [ 24.498350] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.498818] remove_element+0x11e/0x190 [ 24.499135] mempool_alloc_preallocated+0x4d/0x90 [ 24.499561] mempool_oob_right_helper+0x8a/0x380 [ 24.499951] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.500182] kunit_try_run_case+0x1a5/0x480 [ 24.500380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.500817] kthread+0x337/0x6f0 [ 24.501130] ret_from_fork+0x116/0x1d0 [ 24.501480] ret_from_fork_asm+0x1a/0x30 [ 24.501797] [ 24.501942] The buggy address belongs to the object at ffff888104950900 [ 24.501942] which belongs to the cache kmalloc-128 of size 128 [ 24.502432] The buggy address is located 0 bytes to the right of [ 24.502432] allocated 115-byte region [ffff888104950900, ffff888104950973) [ 24.503690] [ 24.503780] The buggy address belongs to the physical page: [ 24.503978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 24.504375] flags: 0x200000000000000(node=0|zone=2) [ 24.504544] page_type: f5(slab) [ 24.504817] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.505084] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.505419] page dumped because: kasan: bad access detected [ 24.505651] [ 24.505719] Memory state around the buggy address: [ 24.505971] ffff888104950800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.506266] ffff888104950880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.506680] >ffff888104950900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.506897] ^ [ 24.507183] ffff888104950980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.507413] ffff888104950a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.507922] ================================================================== [ 24.511987] ================================================================== [ 24.512466] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.512996] Read of size 1 at addr ffff888106156001 by task kunit_try_catch/271 [ 24.513225] [ 24.513350] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.513408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.513423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.513448] Call Trace: [ 24.513462] <TASK> [ 24.513483] dump_stack_lvl+0x73/0xb0 [ 24.513797] print_report+0xd1/0x650 [ 24.513824] ? __virt_addr_valid+0x1db/0x2d0 [ 24.513848] ? mempool_oob_right_helper+0x318/0x380 [ 24.513873] ? kasan_addr_to_slab+0x11/0xa0 [ 24.513894] ? mempool_oob_right_helper+0x318/0x380 [ 24.513918] kasan_report+0x141/0x180 [ 24.513941] ? mempool_oob_right_helper+0x318/0x380 [ 24.513970] __asan_report_load1_noabort+0x18/0x20 [ 24.513994] mempool_oob_right_helper+0x318/0x380 [ 24.514019] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.514043] ? __kasan_check_write+0x18/0x20 [ 24.514067] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.514090] ? irqentry_exit+0x2a/0x60 [ 24.514112] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.514137] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.514161] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.514188] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.514213] ? __pfx_mempool_kfree+0x10/0x10 [ 24.514236] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.514263] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.514289] kunit_try_run_case+0x1a5/0x480 [ 24.514329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.514353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.514375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.514398] ? __kthread_parkme+0x82/0x180 [ 24.514419] ? preempt_count_sub+0x50/0x80 [ 24.514443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.514469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.514507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.514531] kthread+0x337/0x6f0 [ 24.514552] ? trace_preempt_on+0x20/0xc0 [ 24.514577] ? __pfx_kthread+0x10/0x10 [ 24.514598] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.514622] ? calculate_sigpending+0x7b/0xa0 [ 24.514647] ? __pfx_kthread+0x10/0x10 [ 24.514668] ret_from_fork+0x116/0x1d0 [ 24.514700] ? __pfx_kthread+0x10/0x10 [ 24.514720] ret_from_fork_asm+0x1a/0x30 [ 24.514752] </TASK> [ 24.514766] [ 24.526606] The buggy address belongs to the physical page: [ 24.527136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106154 [ 24.527497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.527805] flags: 0x200000000000040(head|node=0|zone=2) [ 24.528042] page_type: f8(unknown) [ 24.528197] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.528519] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.528838] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.529147] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.529959] head: 0200000000000002 ffffea0004185501 00000000ffffffff 00000000ffffffff [ 24.530607] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.531098] page dumped because: kasan: bad access detected [ 24.531443] [ 24.531577] Memory state around the buggy address: [ 24.531943] ffff888106155f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.532230] ffff888106155f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.532647] >ffff888106156000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.533021] ^ [ 24.533164] ffff888106156080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.533591] ffff888106156100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.534061] ================================================================== [ 24.538651] ================================================================== [ 24.539154] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.539719] Read of size 1 at addr ffff8881049092bb by task kunit_try_catch/273 [ 24.540067] [ 24.540337] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 24.540455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.540470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.540495] Call Trace: [ 24.540510] <TASK> [ 24.540531] dump_stack_lvl+0x73/0xb0 [ 24.540566] print_report+0xd1/0x650 [ 24.540589] ? __virt_addr_valid+0x1db/0x2d0 [ 24.540614] ? mempool_oob_right_helper+0x318/0x380 [ 24.540637] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.540664] ? mempool_oob_right_helper+0x318/0x380 [ 24.540689] kasan_report+0x141/0x180 [ 24.540773] ? mempool_oob_right_helper+0x318/0x380 [ 24.540802] __asan_report_load1_noabort+0x18/0x20 [ 24.540827] mempool_oob_right_helper+0x318/0x380 [ 24.540851] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.540877] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.540900] ? finish_task_switch.isra.0+0x153/0x700 [ 24.540927] mempool_slab_oob_right+0xed/0x140 [ 24.540952] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.540980] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.541005] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.541031] ? __pfx_read_tsc+0x10/0x10 [ 24.541053] ? ktime_get_ts64+0x86/0x230 [ 24.541079] kunit_try_run_case+0x1a5/0x480 [ 24.541106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.541152] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.541175] ? __kthread_parkme+0x82/0x180 [ 24.541196] ? preempt_count_sub+0x50/0x80 [ 24.541218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.541267] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.541292] kthread+0x337/0x6f0 [ 24.541322] ? trace_preempt_on+0x20/0xc0 [ 24.541348] ? __pfx_kthread+0x10/0x10 [ 24.541369] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.541393] ? calculate_sigpending+0x7b/0xa0 [ 24.541417] ? __pfx_kthread+0x10/0x10 [ 24.541439] ret_from_fork+0x116/0x1d0 [ 24.541459] ? __pfx_kthread+0x10/0x10 [ 24.541479] ret_from_fork_asm+0x1a/0x30 [ 24.541521] </TASK> [ 24.541533] [ 24.552998] Allocated by task 273: [ 24.553169] kasan_save_stack+0x45/0x70 [ 24.553826] kasan_save_track+0x18/0x40 [ 24.554051] kasan_save_alloc_info+0x3b/0x50 [ 24.554276] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.554560] remove_element+0x11e/0x190 [ 24.554877] mempool_alloc_preallocated+0x4d/0x90 [ 24.555113] mempool_oob_right_helper+0x8a/0x380 [ 24.555299] mempool_slab_oob_right+0xed/0x140 [ 24.555512] kunit_try_run_case+0x1a5/0x480 [ 24.555836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.556009] kthread+0x337/0x6f0 [ 24.556155] ret_from_fork+0x116/0x1d0 [ 24.556349] ret_from_fork_asm+0x1a/0x30 [ 24.556579] [ 24.556702] The buggy address belongs to the object at ffff888104909240 [ 24.556702] which belongs to the cache test_cache of size 123 [ 24.557242] The buggy address is located 0 bytes to the right of [ 24.557242] allocated 123-byte region [ffff888104909240, ffff8881049092bb) [ 24.557842] [ 24.558029] The buggy address belongs to the physical page: [ 24.558284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104909 [ 24.558819] flags: 0x200000000000000(node=0|zone=2) [ 24.559162] page_type: f5(slab) [ 24.559304] raw: 0200000000000000 ffff8881057ff000 dead000000000122 0000000000000000 [ 24.559636] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.560159] page dumped because: kasan: bad access detected [ 24.560384] [ 24.560475] Memory state around the buggy address: [ 24.560882] ffff888104909180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.561295] ffff888104909200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.561585] >ffff888104909280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.562024] ^ [ 24.562382] ffff888104909300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.562671] ffff888104909380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.563128] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 23.904902] ================================================================== [ 23.905304] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 23.906265] Read of size 1 at addr ffff888101e2dc80 by task kunit_try_catch/263 [ 23.907173] [ 23.907449] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.907519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.907533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.907558] Call Trace: [ 23.907573] <TASK> [ 23.907594] dump_stack_lvl+0x73/0xb0 [ 23.907632] print_report+0xd1/0x650 [ 23.907657] ? __virt_addr_valid+0x1db/0x2d0 [ 23.907684] ? kmem_cache_double_destroy+0x1bf/0x380 [ 23.907710] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.907735] ? kmem_cache_double_destroy+0x1bf/0x380 [ 23.907760] kasan_report+0x141/0x180 [ 23.907783] ? kmem_cache_double_destroy+0x1bf/0x380 [ 23.907810] ? kmem_cache_double_destroy+0x1bf/0x380 [ 23.907835] __kasan_check_byte+0x3d/0x50 [ 23.907857] kmem_cache_destroy+0x25/0x1d0 [ 23.907885] kmem_cache_double_destroy+0x1bf/0x380 [ 23.907910] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 23.907933] ? finish_task_switch.isra.0+0x153/0x700 [ 23.907997] ? __switch_to+0x47/0xf50 [ 23.908028] ? __pfx_read_tsc+0x10/0x10 [ 23.908063] ? ktime_get_ts64+0x86/0x230 [ 23.908090] kunit_try_run_case+0x1a5/0x480 [ 23.908119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.908143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.908165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.908188] ? __kthread_parkme+0x82/0x180 [ 23.908208] ? preempt_count_sub+0x50/0x80 [ 23.908231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.908256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.908280] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.908314] kthread+0x337/0x6f0 [ 23.908334] ? trace_preempt_on+0x20/0xc0 [ 23.908359] ? __pfx_kthread+0x10/0x10 [ 23.908380] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.908406] ? calculate_sigpending+0x7b/0xa0 [ 23.908430] ? __pfx_kthread+0x10/0x10 [ 23.908452] ret_from_fork+0x116/0x1d0 [ 23.908472] ? __pfx_kthread+0x10/0x10 [ 23.908500] ret_from_fork_asm+0x1a/0x30 [ 23.908532] </TASK> [ 23.908546] [ 23.918228] Allocated by task 263: [ 23.918454] kasan_save_stack+0x45/0x70 [ 23.918728] kasan_save_track+0x18/0x40 [ 23.918888] kasan_save_alloc_info+0x3b/0x50 [ 23.919072] __kasan_slab_alloc+0x91/0xa0 [ 23.919207] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.919441] __kmem_cache_create_args+0x169/0x240 [ 23.919975] kmem_cache_double_destroy+0xd5/0x380 [ 23.920208] kunit_try_run_case+0x1a5/0x480 [ 23.920369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.920752] kthread+0x337/0x6f0 [ 23.920930] ret_from_fork+0x116/0x1d0 [ 23.921121] ret_from_fork_asm+0x1a/0x30 [ 23.921329] [ 23.921412] Freed by task 263: [ 23.921581] kasan_save_stack+0x45/0x70 [ 23.921808] kasan_save_track+0x18/0x40 [ 23.922064] kasan_save_free_info+0x3f/0x60 [ 23.922230] __kasan_slab_free+0x56/0x70 [ 23.922371] kmem_cache_free+0x249/0x420 [ 23.922508] slab_kmem_cache_release+0x2e/0x40 [ 23.922666] kmem_cache_release+0x16/0x20 [ 23.922860] kobject_put+0x181/0x450 [ 23.923191] sysfs_slab_release+0x16/0x20 [ 23.923407] kmem_cache_destroy+0xf0/0x1d0 [ 23.923660] kmem_cache_double_destroy+0x14e/0x380 [ 23.923901] kunit_try_run_case+0x1a5/0x480 [ 23.924049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.924365] kthread+0x337/0x6f0 [ 23.924556] ret_from_fork+0x116/0x1d0 [ 23.924734] ret_from_fork_asm+0x1a/0x30 [ 23.924921] [ 23.924991] The buggy address belongs to the object at ffff888101e2dc80 [ 23.924991] which belongs to the cache kmem_cache of size 208 [ 23.925433] The buggy address is located 0 bytes inside of [ 23.925433] freed 208-byte region [ffff888101e2dc80, ffff888101e2dd50) [ 23.925783] [ 23.926020] The buggy address belongs to the physical page: [ 23.926288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101e2d [ 23.927117] flags: 0x200000000000000(node=0|zone=2) [ 23.927359] page_type: f5(slab) [ 23.927480] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 23.928297] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 23.928726] page dumped because: kasan: bad access detected [ 23.928976] [ 23.929068] Memory state around the buggy address: [ 23.929281] ffff888101e2db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.929772] ffff888101e2dc00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.930046] >ffff888101e2dc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.930344] ^ [ 23.930454] ffff888101e2dd00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 23.930820] ffff888101e2dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.931243] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 23.848942] ================================================================== [ 23.849490] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.850597] Read of size 1 at addr ffff8881058a3000 by task kunit_try_catch/261 [ 23.850997] [ 23.851398] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.851462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.851475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.851499] Call Trace: [ 23.851514] <TASK> [ 23.851536] dump_stack_lvl+0x73/0xb0 [ 23.851573] print_report+0xd1/0x650 [ 23.851597] ? __virt_addr_valid+0x1db/0x2d0 [ 23.851624] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.851646] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.851823] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.851858] kasan_report+0x141/0x180 [ 23.851882] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.851909] __asan_report_load1_noabort+0x18/0x20 [ 23.851933] kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.851955] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 23.851977] ? finish_task_switch.isra.0+0x153/0x700 [ 23.852002] ? __switch_to+0x47/0xf50 [ 23.852032] ? __pfx_read_tsc+0x10/0x10 [ 23.852056] ? ktime_get_ts64+0x86/0x230 [ 23.852082] kunit_try_run_case+0x1a5/0x480 [ 23.852111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.852134] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.852156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.852179] ? __kthread_parkme+0x82/0x180 [ 23.852201] ? preempt_count_sub+0x50/0x80 [ 23.852223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.852248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.852272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.852296] kthread+0x337/0x6f0 [ 23.852333] ? trace_preempt_on+0x20/0xc0 [ 23.852358] ? __pfx_kthread+0x10/0x10 [ 23.852379] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.852403] ? calculate_sigpending+0x7b/0xa0 [ 23.852427] ? __pfx_kthread+0x10/0x10 [ 23.852448] ret_from_fork+0x116/0x1d0 [ 23.852467] ? __pfx_kthread+0x10/0x10 [ 23.852488] ret_from_fork_asm+0x1a/0x30 [ 23.852520] </TASK> [ 23.852533] [ 23.863241] Allocated by task 261: [ 23.863424] kasan_save_stack+0x45/0x70 [ 23.863647] kasan_save_track+0x18/0x40 [ 23.863877] kasan_save_alloc_info+0x3b/0x50 [ 23.864073] __kasan_slab_alloc+0x91/0xa0 [ 23.864290] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.864529] kmem_cache_rcu_uaf+0x155/0x510 [ 23.864678] kunit_try_run_case+0x1a5/0x480 [ 23.864930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.865342] kthread+0x337/0x6f0 [ 23.865515] ret_from_fork+0x116/0x1d0 [ 23.865939] ret_from_fork_asm+0x1a/0x30 [ 23.866163] [ 23.866234] Freed by task 0: [ 23.866351] kasan_save_stack+0x45/0x70 [ 23.866539] kasan_save_track+0x18/0x40 [ 23.866810] kasan_save_free_info+0x3f/0x60 [ 23.867074] __kasan_slab_free+0x56/0x70 [ 23.867292] slab_free_after_rcu_debug+0xe4/0x310 [ 23.867532] rcu_core+0x66f/0x1c40 [ 23.867761] rcu_core_si+0x12/0x20 [ 23.867927] handle_softirqs+0x209/0x730 [ 23.868108] __irq_exit_rcu+0xc9/0x110 [ 23.868231] irq_exit_rcu+0x12/0x20 [ 23.868406] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.868625] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.868906] [ 23.868972] Last potentially related work creation: [ 23.869444] kasan_save_stack+0x45/0x70 [ 23.869654] kasan_record_aux_stack+0xb2/0xc0 [ 23.870167] kmem_cache_free+0x131/0x420 [ 23.870317] kmem_cache_rcu_uaf+0x194/0x510 [ 23.870481] kunit_try_run_case+0x1a5/0x480 [ 23.870887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.871106] kthread+0x337/0x6f0 [ 23.871254] ret_from_fork+0x116/0x1d0 [ 23.871425] ret_from_fork_asm+0x1a/0x30 [ 23.872101] [ 23.872209] The buggy address belongs to the object at ffff8881058a3000 [ 23.872209] which belongs to the cache test_cache of size 200 [ 23.873162] The buggy address is located 0 bytes inside of [ 23.873162] freed 200-byte region [ffff8881058a3000, ffff8881058a30c8) [ 23.874104] [ 23.874190] The buggy address belongs to the physical page: [ 23.874436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a3 [ 23.875069] flags: 0x200000000000000(node=0|zone=2) [ 23.875433] page_type: f5(slab) [ 23.875859] raw: 0200000000000000 ffff8881058a2000 dead000000000122 0000000000000000 [ 23.876293] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.876987] page dumped because: kasan: bad access detected [ 23.877300] [ 23.877521] Memory state around the buggy address: [ 23.877980] ffff8881058a2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.878277] ffff8881058a2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.878898] >ffff8881058a3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.879242] ^ [ 23.879633] ffff8881058a3080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 23.880154] ffff8881058a3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.880461] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 23.772130] ================================================================== [ 23.772536] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 23.772776] Free of addr ffff8881057f9001 by task kunit_try_catch/259 [ 23.772974] [ 23.773063] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.773113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.773126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.773148] Call Trace: [ 23.773162] <TASK> [ 23.773184] dump_stack_lvl+0x73/0xb0 [ 23.773216] print_report+0xd1/0x650 [ 23.773238] ? __virt_addr_valid+0x1db/0x2d0 [ 23.773263] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.773287] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.773756] kasan_report_invalid_free+0x10a/0x130 [ 23.773792] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.773832] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.773855] check_slab_allocation+0x11f/0x130 [ 23.774097] __kasan_slab_pre_free+0x28/0x40 [ 23.774127] kmem_cache_free+0xed/0x420 [ 23.774164] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.774188] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.774225] kmem_cache_invalid_free+0x1d8/0x460 [ 23.774249] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 23.774271] ? finish_task_switch.isra.0+0x153/0x700 [ 23.774295] ? __switch_to+0x47/0xf50 [ 23.774334] ? __pfx_read_tsc+0x10/0x10 [ 23.774357] ? ktime_get_ts64+0x86/0x230 [ 23.774383] kunit_try_run_case+0x1a5/0x480 [ 23.774409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.774431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.774453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.774494] ? __kthread_parkme+0x82/0x180 [ 23.774515] ? preempt_count_sub+0x50/0x80 [ 23.774537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.774561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.774584] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.774607] kthread+0x337/0x6f0 [ 23.774627] ? trace_preempt_on+0x20/0xc0 [ 23.774651] ? __pfx_kthread+0x10/0x10 [ 23.774690] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.774713] ? calculate_sigpending+0x7b/0xa0 [ 23.774739] ? __pfx_kthread+0x10/0x10 [ 23.774759] ret_from_fork+0x116/0x1d0 [ 23.774778] ? __pfx_kthread+0x10/0x10 [ 23.774798] ret_from_fork_asm+0x1a/0x30 [ 23.774828] </TASK> [ 23.774842] [ 23.791058] Allocated by task 259: [ 23.791281] kasan_save_stack+0x45/0x70 [ 23.791526] kasan_save_track+0x18/0x40 [ 23.791657] kasan_save_alloc_info+0x3b/0x50 [ 23.791977] __kasan_slab_alloc+0x91/0xa0 [ 23.792288] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.792495] kmem_cache_invalid_free+0x157/0x460 [ 23.792698] kunit_try_run_case+0x1a5/0x480 [ 23.792955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.793275] kthread+0x337/0x6f0 [ 23.793430] ret_from_fork+0x116/0x1d0 [ 23.793922] ret_from_fork_asm+0x1a/0x30 [ 23.794187] [ 23.794294] The buggy address belongs to the object at ffff8881057f9000 [ 23.794294] which belongs to the cache test_cache of size 200 [ 23.794817] The buggy address is located 1 bytes inside of [ 23.794817] 200-byte region [ffff8881057f9000, ffff8881057f90c8) [ 23.795220] [ 23.795290] The buggy address belongs to the physical page: [ 23.795876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057f9 [ 23.796214] flags: 0x200000000000000(node=0|zone=2) [ 23.796445] page_type: f5(slab) [ 23.797138] raw: 0200000000000000 ffff888101e2db40 dead000000000122 0000000000000000 [ 23.797419] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.798189] page dumped because: kasan: bad access detected [ 23.798469] [ 23.798567] Memory state around the buggy address: [ 23.798923] ffff8881057f8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.799216] ffff8881057f8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.799896] >ffff8881057f9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.800184] ^ [ 23.800344] ffff8881057f9080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 23.801091] ffff8881057f9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.801549] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 23.727212] ================================================================== [ 23.727687] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 23.728391] Free of addr ffff8881058a2000 by task kunit_try_catch/257 [ 23.728884] [ 23.729029] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.729362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.729376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.729398] Call Trace: [ 23.729412] <TASK> [ 23.729433] dump_stack_lvl+0x73/0xb0 [ 23.729467] print_report+0xd1/0x650 [ 23.729499] ? __virt_addr_valid+0x1db/0x2d0 [ 23.729525] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.729550] ? kmem_cache_double_free+0x1e5/0x480 [ 23.729574] kasan_report_invalid_free+0x10a/0x130 [ 23.729596] ? kmem_cache_double_free+0x1e5/0x480 [ 23.729621] ? kmem_cache_double_free+0x1e5/0x480 [ 23.729644] check_slab_allocation+0x101/0x130 [ 23.729664] __kasan_slab_pre_free+0x28/0x40 [ 23.729697] kmem_cache_free+0xed/0x420 [ 23.729721] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.729751] ? kmem_cache_double_free+0x1e5/0x480 [ 23.729777] kmem_cache_double_free+0x1e5/0x480 [ 23.729800] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 23.729822] ? finish_task_switch.isra.0+0x153/0x700 [ 23.729844] ? __switch_to+0x47/0xf50 [ 23.729874] ? __pfx_read_tsc+0x10/0x10 [ 23.729896] ? ktime_get_ts64+0x86/0x230 [ 23.729922] kunit_try_run_case+0x1a5/0x480 [ 23.729949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.729971] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.729993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.730014] ? __kthread_parkme+0x82/0x180 [ 23.730034] ? preempt_count_sub+0x50/0x80 [ 23.730056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.730079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.730102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.730125] kthread+0x337/0x6f0 [ 23.730144] ? trace_preempt_on+0x20/0xc0 [ 23.730168] ? __pfx_kthread+0x10/0x10 [ 23.730188] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.730211] ? calculate_sigpending+0x7b/0xa0 [ 23.730235] ? __pfx_kthread+0x10/0x10 [ 23.730256] ret_from_fork+0x116/0x1d0 [ 23.730274] ? __pfx_kthread+0x10/0x10 [ 23.730294] ret_from_fork_asm+0x1a/0x30 [ 23.730335] </TASK> [ 23.730348] [ 23.742633] Allocated by task 257: [ 23.743133] kasan_save_stack+0x45/0x70 [ 23.743383] kasan_save_track+0x18/0x40 [ 23.743811] kasan_save_alloc_info+0x3b/0x50 [ 23.744015] __kasan_slab_alloc+0x91/0xa0 [ 23.744196] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.744555] kmem_cache_double_free+0x14f/0x480 [ 23.745075] kunit_try_run_case+0x1a5/0x480 [ 23.745279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.745613] kthread+0x337/0x6f0 [ 23.745957] ret_from_fork+0x116/0x1d0 [ 23.746459] ret_from_fork_asm+0x1a/0x30 [ 23.746961] [ 23.747049] Freed by task 257: [ 23.747395] kasan_save_stack+0x45/0x70 [ 23.747690] kasan_save_track+0x18/0x40 [ 23.747855] kasan_save_free_info+0x3f/0x60 [ 23.748063] __kasan_slab_free+0x56/0x70 [ 23.748242] kmem_cache_free+0x249/0x420 [ 23.748435] kmem_cache_double_free+0x16a/0x480 [ 23.749276] kunit_try_run_case+0x1a5/0x480 [ 23.749633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.750379] kthread+0x337/0x6f0 [ 23.750985] ret_from_fork+0x116/0x1d0 [ 23.751169] ret_from_fork_asm+0x1a/0x30 [ 23.751329] [ 23.751643] The buggy address belongs to the object at ffff8881058a2000 [ 23.751643] which belongs to the cache test_cache of size 200 [ 23.752492] The buggy address is located 0 bytes inside of [ 23.752492] 200-byte region [ffff8881058a2000, ffff8881058a20c8) [ 23.753343] [ 23.753447] The buggy address belongs to the physical page: [ 23.753959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a2 [ 23.754421] flags: 0x200000000000000(node=0|zone=2) [ 23.754986] page_type: f5(slab) [ 23.755284] raw: 0200000000000000 ffff8881012dcdc0 dead000000000122 0000000000000000 [ 23.755877] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.756239] page dumped because: kasan: bad access detected [ 23.756628] [ 23.756779] Memory state around the buggy address: [ 23.757165] ffff8881058a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.757565] ffff8881058a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.758054] >ffff8881058a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.758473] ^ [ 23.758678] ffff8881058a2080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 23.759319] ffff8881058a2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.759906] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 23.672180] ================================================================== [ 23.673190] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 23.674107] Read of size 1 at addr ffff88810609f0c8 by task kunit_try_catch/255 [ 23.674428] [ 23.674823] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.674882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.674896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.675034] Call Trace: [ 23.675052] <TASK> [ 23.675072] dump_stack_lvl+0x73/0xb0 [ 23.675107] print_report+0xd1/0x650 [ 23.675129] ? __virt_addr_valid+0x1db/0x2d0 [ 23.675161] ? kmem_cache_oob+0x402/0x530 [ 23.675183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.675208] ? kmem_cache_oob+0x402/0x530 [ 23.675230] kasan_report+0x141/0x180 [ 23.675251] ? kmem_cache_oob+0x402/0x530 [ 23.675277] __asan_report_load1_noabort+0x18/0x20 [ 23.675301] kmem_cache_oob+0x402/0x530 [ 23.675364] ? trace_hardirqs_on+0x37/0xe0 [ 23.675390] ? __pfx_kmem_cache_oob+0x10/0x10 [ 23.675424] ? finish_task_switch.isra.0+0x153/0x700 [ 23.675447] ? __switch_to+0x47/0xf50 [ 23.675495] ? __pfx_read_tsc+0x10/0x10 [ 23.675518] ? ktime_get_ts64+0x86/0x230 [ 23.675543] kunit_try_run_case+0x1a5/0x480 [ 23.675569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.675591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.675613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.675634] ? __kthread_parkme+0x82/0x180 [ 23.675653] ? preempt_count_sub+0x50/0x80 [ 23.675692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.675715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.675739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.675762] kthread+0x337/0x6f0 [ 23.675781] ? trace_preempt_on+0x20/0xc0 [ 23.675802] ? __pfx_kthread+0x10/0x10 [ 23.675822] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.675845] ? calculate_sigpending+0x7b/0xa0 [ 23.675869] ? __pfx_kthread+0x10/0x10 [ 23.675890] ret_from_fork+0x116/0x1d0 [ 23.675910] ? __pfx_kthread+0x10/0x10 [ 23.675930] ret_from_fork_asm+0x1a/0x30 [ 23.675960] </TASK> [ 23.675973] [ 23.689664] Allocated by task 255: [ 23.690077] kasan_save_stack+0x45/0x70 [ 23.690345] kasan_save_track+0x18/0x40 [ 23.690473] kasan_save_alloc_info+0x3b/0x50 [ 23.690612] __kasan_slab_alloc+0x91/0xa0 [ 23.690950] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.691397] kmem_cache_oob+0x157/0x530 [ 23.691803] kunit_try_run_case+0x1a5/0x480 [ 23.692230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.692721] kthread+0x337/0x6f0 [ 23.692905] ret_from_fork+0x116/0x1d0 [ 23.693082] ret_from_fork_asm+0x1a/0x30 [ 23.693253] [ 23.693348] The buggy address belongs to the object at ffff88810609f000 [ 23.693348] which belongs to the cache test_cache of size 200 [ 23.693819] The buggy address is located 0 bytes to the right of [ 23.693819] allocated 200-byte region [ffff88810609f000, ffff88810609f0c8) [ 23.694301] [ 23.694428] The buggy address belongs to the physical page: [ 23.694725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10609f [ 23.695042] flags: 0x200000000000000(node=0|zone=2) [ 23.695265] page_type: f5(slab) [ 23.695433] raw: 0200000000000000 ffff888101e2da00 dead000000000122 0000000000000000 [ 23.696617] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.697575] page dumped because: kasan: bad access detected [ 23.698129] [ 23.698226] Memory state around the buggy address: [ 23.698397] ffff88810609ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.698736] ffff88810609f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.699048] >ffff88810609f080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 23.699346] ^ [ 23.699584] ffff88810609f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.699881] ffff88810609f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.700177] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 23.629724] ================================================================== [ 23.630582] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 23.631556] Read of size 8 at addr ffff888106098980 by task kunit_try_catch/248 [ 23.632006] [ 23.632303] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.632374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.632387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.632409] Call Trace: [ 23.632425] <TASK> [ 23.632444] dump_stack_lvl+0x73/0xb0 [ 23.632475] print_report+0xd1/0x650 [ 23.632506] ? __virt_addr_valid+0x1db/0x2d0 [ 23.632530] ? workqueue_uaf+0x4d6/0x560 [ 23.632551] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.632576] ? workqueue_uaf+0x4d6/0x560 [ 23.632597] kasan_report+0x141/0x180 [ 23.632618] ? workqueue_uaf+0x4d6/0x560 [ 23.632643] __asan_report_load8_noabort+0x18/0x20 [ 23.632667] workqueue_uaf+0x4d6/0x560 [ 23.632746] ? __pfx_workqueue_uaf+0x10/0x10 [ 23.632768] ? __schedule+0x10cc/0x2b60 [ 23.632789] ? __pfx_read_tsc+0x10/0x10 [ 23.632811] ? ktime_get_ts64+0x86/0x230 [ 23.632836] kunit_try_run_case+0x1a5/0x480 [ 23.632861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.632884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.632905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.632927] ? __kthread_parkme+0x82/0x180 [ 23.632947] ? preempt_count_sub+0x50/0x80 [ 23.632970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.632994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.633017] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.633041] kthread+0x337/0x6f0 [ 23.633060] ? trace_preempt_on+0x20/0xc0 [ 23.633085] ? __pfx_kthread+0x10/0x10 [ 23.633105] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.633128] ? calculate_sigpending+0x7b/0xa0 [ 23.633152] ? __pfx_kthread+0x10/0x10 [ 23.633173] ret_from_fork+0x116/0x1d0 [ 23.633191] ? __pfx_kthread+0x10/0x10 [ 23.633211] ret_from_fork_asm+0x1a/0x30 [ 23.633242] </TASK> [ 23.633255] [ 23.644195] Allocated by task 248: [ 23.644368] kasan_save_stack+0x45/0x70 [ 23.644939] kasan_save_track+0x18/0x40 [ 23.645111] kasan_save_alloc_info+0x3b/0x50 [ 23.645324] __kasan_kmalloc+0xb7/0xc0 [ 23.646058] __kmalloc_cache_noprof+0x189/0x420 [ 23.646277] workqueue_uaf+0x152/0x560 [ 23.646601] kunit_try_run_case+0x1a5/0x480 [ 23.647067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.647334] kthread+0x337/0x6f0 [ 23.647773] ret_from_fork+0x116/0x1d0 [ 23.647948] ret_from_fork_asm+0x1a/0x30 [ 23.648099] [ 23.648394] Freed by task 24: [ 23.648607] kasan_save_stack+0x45/0x70 [ 23.649028] kasan_save_track+0x18/0x40 [ 23.649274] kasan_save_free_info+0x3f/0x60 [ 23.649453] __kasan_slab_free+0x56/0x70 [ 23.650110] kfree+0x222/0x3f0 [ 23.650270] workqueue_uaf_work+0x12/0x20 [ 23.650466] process_one_work+0x5ee/0xf60 [ 23.650941] worker_thread+0x758/0x1220 [ 23.651149] kthread+0x337/0x6f0 [ 23.651326] ret_from_fork+0x116/0x1d0 [ 23.651479] ret_from_fork_asm+0x1a/0x30 [ 23.651771] [ 23.652220] Last potentially related work creation: [ 23.652411] kasan_save_stack+0x45/0x70 [ 23.652840] kasan_record_aux_stack+0xb2/0xc0 [ 23.653152] __queue_work+0x61a/0xe70 [ 23.653436] queue_work_on+0xb6/0xc0 [ 23.653681] workqueue_uaf+0x26d/0x560 [ 23.654128] kunit_try_run_case+0x1a5/0x480 [ 23.654427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.654839] kthread+0x337/0x6f0 [ 23.655178] ret_from_fork+0x116/0x1d0 [ 23.655386] ret_from_fork_asm+0x1a/0x30 [ 23.655827] [ 23.655908] The buggy address belongs to the object at ffff888106098980 [ 23.655908] which belongs to the cache kmalloc-32 of size 32 [ 23.656632] The buggy address is located 0 bytes inside of [ 23.656632] freed 32-byte region [ffff888106098980, ffff8881060989a0) [ 23.657276] [ 23.657368] The buggy address belongs to the physical page: [ 23.657631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098 [ 23.658167] flags: 0x200000000000000(node=0|zone=2) [ 23.658422] page_type: f5(slab) [ 23.658825] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.659150] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.659547] page dumped because: kasan: bad access detected [ 23.659967] [ 23.660067] Memory state around the buggy address: [ 23.660266] ffff888106098880: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.660587] ffff888106098900: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.661238] >ffff888106098980: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 23.661564] ^ [ 23.661934] ffff888106098a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.662301] ffff888106098a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.662598] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 23.587819] ================================================================== [ 23.588402] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 23.588765] Read of size 4 at addr ffff888106098840 by task swapper/1/0 [ 23.589029] [ 23.589220] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 23.589274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.589286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.589319] Call Trace: [ 23.589349] <IRQ> [ 23.589379] dump_stack_lvl+0x73/0xb0 [ 23.589412] print_report+0xd1/0x650 [ 23.589434] ? __virt_addr_valid+0x1db/0x2d0 [ 23.589471] ? rcu_uaf_reclaim+0x50/0x60 [ 23.589500] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.589525] ? rcu_uaf_reclaim+0x50/0x60 [ 23.589545] kasan_report+0x141/0x180 [ 23.589566] ? rcu_uaf_reclaim+0x50/0x60 [ 23.589600] __asan_report_load4_noabort+0x18/0x20 [ 23.589623] rcu_uaf_reclaim+0x50/0x60 [ 23.589643] rcu_core+0x66f/0x1c40 [ 23.589757] ? __pfx_rcu_core+0x10/0x10 [ 23.589785] ? ktime_get+0x6b/0x150 [ 23.589808] ? handle_softirqs+0x18e/0x730 [ 23.589833] rcu_core_si+0x12/0x20 [ 23.589853] handle_softirqs+0x209/0x730 [ 23.589873] ? hrtimer_interrupt+0x2fe/0x780 [ 23.589900] ? __pfx_handle_softirqs+0x10/0x10 [ 23.589925] __irq_exit_rcu+0xc9/0x110 [ 23.589945] irq_exit_rcu+0x12/0x20 [ 23.589965] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.589989] </IRQ> [ 23.590019] <TASK> [ 23.590030] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.590167] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 23.590396] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 af 19 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 23.590478] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010216 [ 23.590566] RAX: ffff8881c6d2d000 RBX: ffff88810085b000 RCX: ffffffff91ef0225 [ 23.590612] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001dc0c [ 23.590661] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 23.590871] R10: ffff88815b130c93 R11: 0000000000015000 R12: 0000000000000001 [ 23.590922] R13: ffffed102010b600 R14: ffffffff93be77d0 R15: 0000000000000000 [ 23.590983] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 23.591018] ? default_idle+0xd/0x20 [ 23.591039] arch_cpu_idle+0xd/0x20 [ 23.591060] default_idle_call+0x48/0x80 [ 23.591081] do_idle+0x379/0x4f0 [ 23.591107] ? __pfx_do_idle+0x10/0x10 [ 23.591127] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 23.591150] ? complete+0x15b/0x1d0 [ 23.591175] cpu_startup_entry+0x5c/0x70 [ 23.591198] start_secondary+0x211/0x290 [ 23.591221] ? __pfx_start_secondary+0x10/0x10 [ 23.591247] common_startup_64+0x13e/0x148 [ 23.591278] </TASK> [ 23.591291] [ 23.606114] Allocated by task 246: [ 23.606476] kasan_save_stack+0x45/0x70 [ 23.606673] kasan_save_track+0x18/0x40 [ 23.607181] kasan_save_alloc_info+0x3b/0x50 [ 23.607369] __kasan_kmalloc+0xb7/0xc0 [ 23.607867] __kmalloc_cache_noprof+0x189/0x420 [ 23.608060] rcu_uaf+0xb0/0x330 [ 23.608476] kunit_try_run_case+0x1a5/0x480 [ 23.608790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.608986] kthread+0x337/0x6f0 [ 23.609330] ret_from_fork+0x116/0x1d0 [ 23.609523] ret_from_fork_asm+0x1a/0x30 [ 23.609869] [ 23.609963] Freed by task 0: [ 23.610285] kasan_save_stack+0x45/0x70 [ 23.610502] kasan_save_track+0x18/0x40 [ 23.610655] kasan_save_free_info+0x3f/0x60 [ 23.611144] __kasan_slab_free+0x56/0x70 [ 23.611614] kfree+0x222/0x3f0 [ 23.611880] rcu_uaf_reclaim+0x1f/0x60 [ 23.612077] rcu_core+0x66f/0x1c40 [ 23.612220] rcu_core_si+0x12/0x20 [ 23.612393] handle_softirqs+0x209/0x730 [ 23.612555] __irq_exit_rcu+0xc9/0x110 [ 23.612723] irq_exit_rcu+0x12/0x20 [ 23.612888] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.613081] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.613303] [ 23.613612] Last potentially related work creation: [ 23.613958] kasan_save_stack+0x45/0x70 [ 23.614125] kasan_record_aux_stack+0xb2/0xc0 [ 23.614341] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 23.614503] call_rcu+0x12/0x20 [ 23.614659] rcu_uaf+0x168/0x330 [ 23.614881] kunit_try_run_case+0x1a5/0x480 [ 23.615035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.615258] kthread+0x337/0x6f0 [ 23.615407] ret_from_fork+0x116/0x1d0 [ 23.615529] ret_from_fork_asm+0x1a/0x30 [ 23.615668] [ 23.615742] The buggy address belongs to the object at ffff888106098840 [ 23.615742] which belongs to the cache kmalloc-32 of size 32 [ 23.616869] The buggy address is located 0 bytes inside of [ 23.616869] freed 32-byte region [ffff888106098840, ffff888106098860) [ 23.617890] [ 23.618000] The buggy address belongs to the physical page: [ 23.618261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106098 [ 23.618918] flags: 0x200000000000000(node=0|zone=2) [ 23.619124] page_type: f5(slab) [ 23.619455] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.620079] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.620523] page dumped because: kasan: bad access detected [ 23.620915] [ 23.621017] Memory state around the buggy address: [ 23.621605] ffff888106098700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.622184] ffff888106098780: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 23.622754] >ffff888106098800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.623150] ^ [ 23.623477] ffff888106098880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.624025] ffff888106098900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.624433] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 22.672277] ================================================================== [ 22.673003] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 22.673223] Read of size 1 at addr ffff8881061e0000 by task kunit_try_catch/202 [ 22.673560] [ 22.673671] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.673722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.673735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.673764] Call Trace: [ 22.673778] <TASK> [ 22.673796] dump_stack_lvl+0x73/0xb0 [ 22.673881] print_report+0xd1/0x650 [ 22.673907] ? __virt_addr_valid+0x1db/0x2d0 [ 22.673931] ? page_alloc_uaf+0x356/0x3d0 [ 22.673965] ? kasan_addr_to_slab+0x11/0xa0 [ 22.673984] ? page_alloc_uaf+0x356/0x3d0 [ 22.674006] kasan_report+0x141/0x180 [ 22.674027] ? page_alloc_uaf+0x356/0x3d0 [ 22.674052] __asan_report_load1_noabort+0x18/0x20 [ 22.674075] page_alloc_uaf+0x356/0x3d0 [ 22.674096] ? __pfx_page_alloc_uaf+0x10/0x10 [ 22.674118] ? __schedule+0x10cc/0x2b60 [ 22.674139] ? __pfx_read_tsc+0x10/0x10 [ 22.674160] ? ktime_get_ts64+0x86/0x230 [ 22.674185] kunit_try_run_case+0x1a5/0x480 [ 22.674211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.674234] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.674255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.674319] ? __kthread_parkme+0x82/0x180 [ 22.674375] ? preempt_count_sub+0x50/0x80 [ 22.674399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.674424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.674447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.674471] kthread+0x337/0x6f0 [ 22.674501] ? trace_preempt_on+0x20/0xc0 [ 22.674526] ? __pfx_kthread+0x10/0x10 [ 22.674546] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.674570] ? calculate_sigpending+0x7b/0xa0 [ 22.674594] ? __pfx_kthread+0x10/0x10 [ 22.674615] ret_from_fork+0x116/0x1d0 [ 22.674633] ? __pfx_kthread+0x10/0x10 [ 22.674654] ret_from_fork_asm+0x1a/0x30 [ 22.674700] </TASK> [ 22.674713] [ 22.682895] The buggy address belongs to the physical page: [ 22.683238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061e0 [ 22.684276] flags: 0x200000000000000(node=0|zone=2) [ 22.684595] page_type: f0(buddy) [ 22.684866] raw: 0200000000000000 ffff88817fffc4a8 ffff88817fffc4a8 0000000000000000 [ 22.685451] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 22.685911] page dumped because: kasan: bad access detected [ 22.686179] [ 22.686376] Memory state around the buggy address: [ 22.686564] ffff8881061dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.687080] ffff8881061dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.687495] >ffff8881061e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.688165] ^ [ 22.688335] ffff8881061e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.688868] ffff8881061e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.689353] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 22.648016] ================================================================== [ 22.648518] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 22.648823] Free of addr ffff8881060c4001 by task kunit_try_catch/198 [ 22.649086] [ 22.649195] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.649243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.649256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.649276] Call Trace: [ 22.649290] <TASK> [ 22.649321] dump_stack_lvl+0x73/0xb0 [ 22.649352] print_report+0xd1/0x650 [ 22.649374] ? __virt_addr_valid+0x1db/0x2d0 [ 22.649400] ? kasan_addr_to_slab+0x11/0xa0 [ 22.649419] ? kfree+0x274/0x3f0 [ 22.649442] kasan_report_invalid_free+0x10a/0x130 [ 22.649465] ? kfree+0x274/0x3f0 [ 22.649488] ? kfree+0x274/0x3f0 [ 22.649508] __kasan_kfree_large+0x86/0xd0 [ 22.649529] free_large_kmalloc+0x52/0x110 [ 22.649552] kfree+0x274/0x3f0 [ 22.649577] kmalloc_large_invalid_free+0x120/0x2b0 [ 22.649599] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.649621] ? __schedule+0x10cc/0x2b60 [ 22.649653] ? __pfx_read_tsc+0x10/0x10 [ 22.649688] ? ktime_get_ts64+0x86/0x230 [ 22.649714] kunit_try_run_case+0x1a5/0x480 [ 22.649745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.649768] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.649790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.649811] ? __kthread_parkme+0x82/0x180 [ 22.649831] ? preempt_count_sub+0x50/0x80 [ 22.649861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.649885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.649908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.649932] kthread+0x337/0x6f0 [ 22.649952] ? trace_preempt_on+0x20/0xc0 [ 22.649976] ? __pfx_kthread+0x10/0x10 [ 22.649996] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.650019] ? calculate_sigpending+0x7b/0xa0 [ 22.650043] ? __pfx_kthread+0x10/0x10 [ 22.650064] ret_from_fork+0x116/0x1d0 [ 22.650082] ? __pfx_kthread+0x10/0x10 [ 22.650102] ret_from_fork_asm+0x1a/0x30 [ 22.650134] </TASK> [ 22.650145] [ 22.659377] The buggy address belongs to the physical page: [ 22.659640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 22.660137] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.660429] flags: 0x200000000000040(head|node=0|zone=2) [ 22.661085] page_type: f8(unknown) [ 22.661414] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.662158] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.662513] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.662899] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.663246] head: 0200000000000002 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 22.663608] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.664262] page dumped because: kasan: bad access detected [ 22.664536] [ 22.664626] Memory state around the buggy address: [ 22.664939] ffff8881060c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.665282] ffff8881060c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.665605] >ffff8881060c4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.665858] ^ [ 22.666030] ffff8881060c4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.666354] ffff8881060c4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.666990] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 22.631484] ================================================================== [ 22.632124] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 22.632426] Read of size 1 at addr ffff8881060c4000 by task kunit_try_catch/196 [ 22.632888] [ 22.632982] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.633031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.633043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.633065] Call Trace: [ 22.633077] <TASK> [ 22.633094] dump_stack_lvl+0x73/0xb0 [ 22.633122] print_report+0xd1/0x650 [ 22.633144] ? __virt_addr_valid+0x1db/0x2d0 [ 22.633167] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.633186] ? kasan_addr_to_slab+0x11/0xa0 [ 22.633206] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.633226] kasan_report+0x141/0x180 [ 22.633248] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.633272] __asan_report_load1_noabort+0x18/0x20 [ 22.633296] kmalloc_large_uaf+0x2f1/0x340 [ 22.633328] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 22.633349] ? __schedule+0x10cc/0x2b60 [ 22.633371] ? __pfx_read_tsc+0x10/0x10 [ 22.633393] ? ktime_get_ts64+0x86/0x230 [ 22.633418] kunit_try_run_case+0x1a5/0x480 [ 22.633444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.633467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.633488] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.633520] ? __kthread_parkme+0x82/0x180 [ 22.633540] ? preempt_count_sub+0x50/0x80 [ 22.633563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.633587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.633610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.633634] kthread+0x337/0x6f0 [ 22.633654] ? trace_preempt_on+0x20/0xc0 [ 22.633677] ? __pfx_kthread+0x10/0x10 [ 22.633697] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.633720] ? calculate_sigpending+0x7b/0xa0 [ 22.633748] ? __pfx_kthread+0x10/0x10 [ 22.633768] ret_from_fork+0x116/0x1d0 [ 22.633787] ? __pfx_kthread+0x10/0x10 [ 22.633807] ret_from_fork_asm+0x1a/0x30 [ 22.633879] </TASK> [ 22.633893] [ 22.640914] The buggy address belongs to the physical page: [ 22.641404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 22.641685] flags: 0x200000000000000(node=0|zone=2) [ 22.641857] raw: 0200000000000000 ffffea0004183208 ffff88815b039fc0 0000000000000000 [ 22.642159] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 22.642494] page dumped because: kasan: bad access detected [ 22.642841] [ 22.642919] Memory state around the buggy address: [ 22.643068] ffff8881060c3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.643278] ffff8881060c3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.643773] >ffff8881060c4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.644090] ^ [ 22.644235] ffff8881060c4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.644455] ffff8881060c4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.645004] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 22.611953] ================================================================== [ 22.612401] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 22.612761] Write of size 1 at addr ffff8881060c200a by task kunit_try_catch/194 [ 22.613044] [ 22.613134] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.613183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.613196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.613217] Call Trace: [ 22.613229] <TASK> [ 22.613247] dump_stack_lvl+0x73/0xb0 [ 22.613276] print_report+0xd1/0x650 [ 22.613298] ? __virt_addr_valid+0x1db/0x2d0 [ 22.613334] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.613355] ? kasan_addr_to_slab+0x11/0xa0 [ 22.613374] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.613395] kasan_report+0x141/0x180 [ 22.613417] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.613443] __asan_report_store1_noabort+0x1b/0x30 [ 22.613467] kmalloc_large_oob_right+0x2e9/0x330 [ 22.613488] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 22.613521] ? __schedule+0x10cc/0x2b60 [ 22.613542] ? __pfx_read_tsc+0x10/0x10 [ 22.613563] ? ktime_get_ts64+0x86/0x230 [ 22.613588] kunit_try_run_case+0x1a5/0x480 [ 22.613613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.613636] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.613657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.613689] ? __kthread_parkme+0x82/0x180 [ 22.613709] ? preempt_count_sub+0x50/0x80 [ 22.613732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.613764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.613787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.613811] kthread+0x337/0x6f0 [ 22.613830] ? trace_preempt_on+0x20/0xc0 [ 22.613854] ? __pfx_kthread+0x10/0x10 [ 22.613874] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.613897] ? calculate_sigpending+0x7b/0xa0 [ 22.613921] ? __pfx_kthread+0x10/0x10 [ 22.613942] ret_from_fork+0x116/0x1d0 [ 22.613960] ? __pfx_kthread+0x10/0x10 [ 22.613980] ret_from_fork_asm+0x1a/0x30 [ 22.614011] </TASK> [ 22.614023] [ 22.621069] The buggy address belongs to the physical page: [ 22.621396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c0 [ 22.621766] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.622027] flags: 0x200000000000040(head|node=0|zone=2) [ 22.622291] page_type: f8(unknown) [ 22.622464] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.623023] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.623300] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.623548] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.623898] head: 0200000000000002 ffffea0004183001 00000000ffffffff 00000000ffffffff [ 22.624259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.625030] page dumped because: kasan: bad access detected [ 22.625276] [ 22.625383] Memory state around the buggy address: [ 22.625903] ffff8881060c1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.626207] ffff8881060c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.626789] >ffff8881060c2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.627107] ^ [ 22.627257] ffff8881060c2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.627901] ffff8881060c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.628168] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 22.587908] ================================================================== [ 22.588384] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 22.588667] Write of size 1 at addr ffff888102b9df00 by task kunit_try_catch/192 [ 22.589147] [ 22.589248] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.589299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.589324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.589346] Call Trace: [ 22.589361] <TASK> [ 22.589380] dump_stack_lvl+0x73/0xb0 [ 22.589413] print_report+0xd1/0x650 [ 22.589435] ? __virt_addr_valid+0x1db/0x2d0 [ 22.589460] ? kmalloc_big_oob_right+0x316/0x370 [ 22.589480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.589515] ? kmalloc_big_oob_right+0x316/0x370 [ 22.589536] kasan_report+0x141/0x180 [ 22.589557] ? kmalloc_big_oob_right+0x316/0x370 [ 22.589583] __asan_report_store1_noabort+0x1b/0x30 [ 22.589606] kmalloc_big_oob_right+0x316/0x370 [ 22.589627] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 22.589649] ? __schedule+0x10cc/0x2b60 [ 22.589670] ? __pfx_read_tsc+0x10/0x10 [ 22.589692] ? ktime_get_ts64+0x86/0x230 [ 22.589717] kunit_try_run_case+0x1a5/0x480 [ 22.589751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.589775] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.589797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.589818] ? __kthread_parkme+0x82/0x180 [ 22.589839] ? preempt_count_sub+0x50/0x80 [ 22.589862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.589886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.590116] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.590141] kthread+0x337/0x6f0 [ 22.590160] ? trace_preempt_on+0x20/0xc0 [ 22.590185] ? __pfx_kthread+0x10/0x10 [ 22.590205] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.590228] ? calculate_sigpending+0x7b/0xa0 [ 22.590252] ? __pfx_kthread+0x10/0x10 [ 22.590273] ret_from_fork+0x116/0x1d0 [ 22.590291] ? __pfx_kthread+0x10/0x10 [ 22.590325] ret_from_fork_asm+0x1a/0x30 [ 22.590358] </TASK> [ 22.590370] [ 22.597468] Allocated by task 192: [ 22.597644] kasan_save_stack+0x45/0x70 [ 22.597836] kasan_save_track+0x18/0x40 [ 22.597968] kasan_save_alloc_info+0x3b/0x50 [ 22.598108] __kasan_kmalloc+0xb7/0xc0 [ 22.598246] __kmalloc_cache_noprof+0x189/0x420 [ 22.598474] kmalloc_big_oob_right+0xa9/0x370 [ 22.598782] kunit_try_run_case+0x1a5/0x480 [ 22.598989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.599205] kthread+0x337/0x6f0 [ 22.599334] ret_from_fork+0x116/0x1d0 [ 22.599543] ret_from_fork_asm+0x1a/0x30 [ 22.599814] [ 22.599883] The buggy address belongs to the object at ffff888102b9c000 [ 22.599883] which belongs to the cache kmalloc-8k of size 8192 [ 22.600348] The buggy address is located 0 bytes to the right of [ 22.600348] allocated 7936-byte region [ffff888102b9c000, ffff888102b9df00) [ 22.601091] [ 22.601191] The buggy address belongs to the physical page: [ 22.601430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b98 [ 22.601864] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.602087] flags: 0x200000000000040(head|node=0|zone=2) [ 22.602261] page_type: f5(slab) [ 22.602422] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.602936] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.603277] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.603592] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.603818] head: 0200000000000003 ffffea00040ae601 00000000ffffffff 00000000ffffffff [ 22.604406] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.604791] page dumped because: kasan: bad access detected [ 22.605016] [ 22.605081] Memory state around the buggy address: [ 22.605280] ffff888102b9de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.605642] ffff888102b9de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.605971] >ffff888102b9df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.606174] ^ [ 22.606282] ffff888102b9df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.606767] ffff888102b9e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.607257] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 22.530716] ================================================================== [ 22.531193] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.531465] Write of size 1 at addr ffff888104950178 by task kunit_try_catch/190 [ 22.532814] [ 22.533081] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.533137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.533151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.533173] Call Trace: [ 22.533186] <TASK> [ 22.533205] dump_stack_lvl+0x73/0xb0 [ 22.533238] print_report+0xd1/0x650 [ 22.533261] ? __virt_addr_valid+0x1db/0x2d0 [ 22.533284] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.533346] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533376] kasan_report+0x141/0x180 [ 22.533397] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533469] __asan_report_store1_noabort+0x1b/0x30 [ 22.533492] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.533527] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.533551] ? __schedule+0x207f/0x2b60 [ 22.533572] ? __pfx_read_tsc+0x10/0x10 [ 22.533593] ? ktime_get_ts64+0x86/0x230 [ 22.533618] kunit_try_run_case+0x1a5/0x480 [ 22.533643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.533666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.533697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.533718] ? __kthread_parkme+0x82/0x180 [ 22.533742] ? preempt_count_sub+0x50/0x80 [ 22.533765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.533789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.533812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.533836] kthread+0x337/0x6f0 [ 22.533855] ? trace_preempt_on+0x20/0xc0 [ 22.533878] ? __pfx_kthread+0x10/0x10 [ 22.533898] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.533921] ? calculate_sigpending+0x7b/0xa0 [ 22.533944] ? __pfx_kthread+0x10/0x10 [ 22.533964] ret_from_fork+0x116/0x1d0 [ 22.533982] ? __pfx_kthread+0x10/0x10 [ 22.534002] ret_from_fork_asm+0x1a/0x30 [ 22.534033] </TASK> [ 22.534045] [ 22.547890] Allocated by task 190: [ 22.548299] kasan_save_stack+0x45/0x70 [ 22.548455] kasan_save_track+0x18/0x40 [ 22.548787] kasan_save_alloc_info+0x3b/0x50 [ 22.549384] __kasan_kmalloc+0xb7/0xc0 [ 22.549802] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.550225] kmalloc_track_caller_oob_right+0x99/0x520 [ 22.550402] kunit_try_run_case+0x1a5/0x480 [ 22.550560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.551074] kthread+0x337/0x6f0 [ 22.551196] ret_from_fork+0x116/0x1d0 [ 22.551331] ret_from_fork_asm+0x1a/0x30 [ 22.551463] [ 22.551630] The buggy address belongs to the object at ffff888104950100 [ 22.551630] which belongs to the cache kmalloc-128 of size 128 [ 22.552884] The buggy address is located 0 bytes to the right of [ 22.552884] allocated 120-byte region [ffff888104950100, ffff888104950178) [ 22.554336] [ 22.554414] The buggy address belongs to the physical page: [ 22.554805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 22.555505] flags: 0x200000000000000(node=0|zone=2) [ 22.555673] page_type: f5(slab) [ 22.555902] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.556781] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.557350] page dumped because: kasan: bad access detected [ 22.557911] [ 22.558065] Memory state around the buggy address: [ 22.558620] ffff888104950000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.558993] ffff888104950080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.559512] >ffff888104950100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.560008] ^ [ 22.560209] ffff888104950180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.560422] ffff888104950200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.560636] ================================================================== [ 22.561824] ================================================================== [ 22.563010] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.563616] Write of size 1 at addr ffff888104950278 by task kunit_try_catch/190 [ 22.564262] [ 22.564455] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 22.564504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.564517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.564538] Call Trace: [ 22.564551] <TASK> [ 22.564569] dump_stack_lvl+0x73/0xb0 [ 22.564598] print_report+0xd1/0x650 [ 22.564620] ? __virt_addr_valid+0x1db/0x2d0 [ 22.564644] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.564692] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564716] kasan_report+0x141/0x180 [ 22.564736] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564764] __asan_report_store1_noabort+0x1b/0x30 [ 22.564787] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.564810] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.564835] ? __schedule+0x207f/0x2b60 [ 22.564856] ? __pfx_read_tsc+0x10/0x10 [ 22.564885] ? ktime_get_ts64+0x86/0x230 [ 22.564909] kunit_try_run_case+0x1a5/0x480 [ 22.564934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.564957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.564978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.564999] ? __kthread_parkme+0x82/0x180 [ 22.565019] ? preempt_count_sub+0x50/0x80 [ 22.565042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.565067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.565090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.565113] kthread+0x337/0x6f0 [ 22.565133] ? trace_preempt_on+0x20/0xc0 [ 22.565157] ? __pfx_kthread+0x10/0x10 [ 22.565177] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.565200] ? calculate_sigpending+0x7b/0xa0 [ 22.565224] ? __pfx_kthread+0x10/0x10 [ 22.565244] ret_from_fork+0x116/0x1d0 [ 22.565262] ? __pfx_kthread+0x10/0x10 [ 22.565282] ret_from_fork_asm+0x1a/0x30 [ 22.565324] </TASK> [ 22.565335] [ 22.574571] Allocated by task 190: [ 22.574764] kasan_save_stack+0x45/0x70 [ 22.575026] kasan_save_track+0x18/0x40 [ 22.575166] kasan_save_alloc_info+0x3b/0x50 [ 22.575320] __kasan_kmalloc+0xb7/0xc0 [ 22.575445] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.575633] kmalloc_track_caller_oob_right+0x19a/0x520 [ 22.576018] kunit_try_run_case+0x1a5/0x480 [ 22.576213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.576468] kthread+0x337/0x6f0 [ 22.576603] ret_from_fork+0x116/0x1d0 [ 22.576728] ret_from_fork_asm+0x1a/0x30 [ 22.576860] [ 22.576927] The buggy address belongs to the object at ffff888104950200 [ 22.576927] which belongs to the cache kmalloc-128 of size 128 [ 22.578167] The buggy address is located 0 bytes to the right of [ 22.578167] allocated 120-byte region [ffff888104950200, ffff888104950278) [ 22.578736] [ 22.578881] The buggy address belongs to the physical page: [ 22.579098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104950 [ 22.579419] flags: 0x200000000000000(node=0|zone=2) [ 22.579577] page_type: f5(slab) [ 22.579745] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.580076] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.580413] page dumped because: kasan: bad access detected [ 22.580613] [ 22.580676] Memory state around the buggy address: [ 22.580821] ffff888104950100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.581225] ffff888104950180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.581688] >ffff888104950200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.581897] ^ [ 22.582295] ffff888104950280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.582891] ffff888104950300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.583205] ==================================================================
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 179.111267] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 179.111382] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2601 [ 179.112441] Modules linked in: [ 179.112654] CPU: 1 UID: 0 PID: 2601 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 179.113409] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 179.113998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.114619] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 179.115204] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 fd e3 81 00 48 c7 c1 20 8a 40 92 4c 89 f2 48 c7 c7 40 86 40 92 48 89 c6 e8 d4 6a 73 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 179.116410] RSP: 0000:ffff88810305fd18 EFLAGS: 00010286 [ 179.117084] RAX: 0000000000000000 RBX: ffff888108436000 RCX: 1ffffffff2624ae8 [ 179.117311] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 179.118259] RBP: ffff88810305fd48 R08: 0000000000000000 R09: fffffbfff2624ae8 [ 179.119257] R10: 0000000000000003 R11: 00000000000395a8 R12: ffff888102310800 [ 179.119953] R13: ffff8881084360f8 R14: ffff88810752f000 R15: ffff8881003c7b48 [ 179.120722] FS: 0000000000000000(0000) GS:ffff8881c6d2d000(0000) knlGS:0000000000000000 [ 179.121236] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 179.121488] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 179.122400] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499483 [ 179.123282] DR3: ffffffff94499485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 179.123778] Call Trace: [ 179.124210] <TASK> [ 179.124595] ? trace_preempt_on+0x20/0xc0 [ 179.125107] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 179.125318] drm_gem_shmem_free_wrapper+0x12/0x20 [ 179.125482] __kunit_action_free+0x57/0x70 [ 179.125634] kunit_remove_resource+0x133/0x200 [ 179.125837] ? preempt_count_sub+0x50/0x80 [ 179.126180] kunit_cleanup+0x7a/0x120 [ 179.126904] kunit_try_run_case_cleanup+0xbd/0xf0 [ 179.127259] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 179.127623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 179.128095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 179.128609] kthread+0x337/0x6f0 [ 179.128857] ? trace_preempt_on+0x20/0xc0 [ 179.129192] ? __pfx_kthread+0x10/0x10 [ 179.129532] ? _raw_spin_unlock_irq+0x47/0x80 [ 179.129910] ? calculate_sigpending+0x7b/0xa0 [ 179.130122] ? __pfx_kthread+0x10/0x10 [ 179.130304] ret_from_fork+0x116/0x1d0 [ 179.130781] ? __pfx_kthread+0x10/0x10 [ 179.131096] ret_from_fork_asm+0x1a/0x30 [ 179.131447] </TASK> [ 179.131793] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 178.963361] WARNING: drivers/gpu/drm/drm_framebuffer.c:867 at drm_framebuffer_init+0x44/0x300, CPU#0: kunit_try_catch/2582 [ 178.964319] Modules linked in: [ 178.964936] CPU: 0 UID: 0 PID: 2582 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 178.966267] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.966635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.967430] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 178.967616] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 178.968103] RSP: 0000:ffff8881067bfb30 EFLAGS: 00010246 [ 178.968298] RAX: dffffc0000000000 RBX: ffff8881067bfc28 RCX: 0000000000000000 [ 178.968506] RDX: 1ffff11020cf7f8e RSI: ffff8881067bfc28 RDI: ffff8881067bfc70 [ 178.968712] RBP: ffff8881067bfb70 R08: ffff888109a2e000 R09: ffffffff923f8b80 [ 178.968921] R10: 0000000000000003 R11: 000000007a5e94e2 R12: ffff888109a2e000 [ 178.969128] R13: ffff8881003c7ae8 R14: ffff8881067bfba8 R15: 0000000000000000 [ 178.969936] FS: 0000000000000000(0000) GS:ffff8881c6c2d000(0000) knlGS:0000000000000000 [ 178.970715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.971371] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 178.972160] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499482 [ 178.972875] DR3: ffffffff94499483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.973514] Call Trace: [ 178.973840] <TASK> [ 178.974129] ? add_dr+0xc1/0x1d0 [ 178.974527] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 178.975206] ? add_dr+0x148/0x1d0 [ 178.975681] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 178.976453] ? __drmm_add_action+0x1a4/0x280 [ 178.976930] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.977467] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.978051] ? __drmm_add_action_or_reset+0x22/0x50 [ 178.978566] ? __schedule+0x10cc/0x2b60 [ 178.979083] ? __pfx_read_tsc+0x10/0x10 [ 178.979514] ? ktime_get_ts64+0x86/0x230 [ 178.979939] kunit_try_run_case+0x1a5/0x480 [ 178.980454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.980839] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.981003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.981175] ? __kthread_parkme+0x82/0x180 [ 178.981317] ? preempt_count_sub+0x50/0x80 [ 178.981459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.981622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.981795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.981980] kthread+0x337/0x6f0 [ 178.982098] ? trace_preempt_on+0x20/0xc0 [ 178.982493] ? __pfx_kthread+0x10/0x10 [ 178.982889] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.983403] ? calculate_sigpending+0x7b/0xa0 [ 178.983900] ? __pfx_kthread+0x10/0x10 [ 178.984249] ret_from_fork+0x116/0x1d0 [ 178.984617] ? __pfx_kthread+0x10/0x10 [ 178.985093] ret_from_fork_asm+0x1a/0x30 [ 178.985492] </TASK> [ 178.985755] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 178.924922] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 178.925062] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#1: kunit_try_catch/2578 [ 178.926655] Modules linked in: [ 178.927220] CPU: 1 UID: 0 PID: 2578 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 178.928784] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.929152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.929627] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 178.930175] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 eb 07 89 00 48 c7 c1 40 3b 3f 92 4c 89 fa 48 c7 c7 a0 3b 3f 92 48 89 c6 e8 c2 8e 7a fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 178.931264] RSP: 0000:ffff8881067bfb68 EFLAGS: 00010282 [ 178.931490] RAX: 0000000000000000 RBX: ffff8881067bfc40 RCX: 1ffffffff2624ae8 [ 178.931773] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 178.932463] RBP: ffff8881067bfb90 R08: 0000000000000000 R09: fffffbfff2624ae8 [ 178.933131] R10: 0000000000000003 R11: 0000000000037c70 R12: ffff8881067bfc18 [ 178.933714] R13: ffff888102cf3800 R14: ffff888103053000 R15: ffff888103b97480 [ 178.934335] FS: 0000000000000000(0000) GS:ffff8881c6d2d000(0000) knlGS:0000000000000000 [ 178.934994] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.935216] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 178.935477] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499483 [ 178.936105] DR3: ffffffff94499485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.936823] Call Trace: [ 178.937062] <TASK> [ 178.937291] drm_test_framebuffer_free+0x1ab/0x610 [ 178.937673] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 178.938088] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.938312] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 178.938821] ? __drmm_add_action_or_reset+0x22/0x50 [ 178.939399] ? __schedule+0x10cc/0x2b60 [ 178.939778] ? __pfx_read_tsc+0x10/0x10 [ 178.940237] ? ktime_get_ts64+0x86/0x230 [ 178.940571] kunit_try_run_case+0x1a5/0x480 [ 178.940780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.941222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.941780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.942254] ? __kthread_parkme+0x82/0x180 [ 178.942472] ? preempt_count_sub+0x50/0x80 [ 178.942618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.943005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.943512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.944185] kthread+0x337/0x6f0 [ 178.944537] ? trace_preempt_on+0x20/0xc0 [ 178.944687] ? __pfx_kthread+0x10/0x10 [ 178.944887] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.945299] ? calculate_sigpending+0x7b/0xa0 [ 178.945841] ? __pfx_kthread+0x10/0x10 [ 178.946255] ret_from_fork+0x116/0x1d0 [ 178.946416] ? __pfx_kthread+0x10/0x10 [ 178.946576] ret_from_fork_asm+0x1a/0x30 [ 178.946978] </TASK> [ 178.947207] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 177.739063] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2026 [ 177.739823] Modules linked in: [ 177.740328] CPU: 0 UID: 0 PID: 2026 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 177.740741] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.741281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.742344] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 177.742569] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 90 22 2a 02 48 89 df e8 68 [ 177.744044] RSP: 0000:ffff888103a97c90 EFLAGS: 00010246 [ 177.744249] RAX: dffffc0000000000 RBX: ffff88810388a000 RCX: 0000000000000000 [ 177.744656] RDX: 1ffff11020711434 RSI: ffffffff8f604e28 RDI: ffff88810388a1a0 [ 177.745395] RBP: ffff888103a97ca0 R08: 1ffff11020078f6a R09: ffffed1020752f65 [ 177.746131] R10: 0000000000000003 R11: ffffffff8eb83fa8 R12: 0000000000000000 [ 177.746373] R13: ffff888103a97d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 177.746581] FS: 0000000000000000(0000) GS:ffff8881c6c2d000(0000) knlGS:0000000000000000 [ 177.746843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.747198] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 177.747589] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499482 [ 177.748111] DR3: ffffffff94499483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.748403] Call Trace: [ 177.748507] <TASK> [ 177.748641] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 177.749012] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 177.749354] ? __schedule+0x10cc/0x2b60 [ 177.749528] ? __pfx_read_tsc+0x10/0x10 [ 177.749690] ? ktime_get_ts64+0x86/0x230 [ 177.749833] kunit_try_run_case+0x1a5/0x480 [ 177.750086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.750557] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.750721] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.750995] ? __kthread_parkme+0x82/0x180 [ 177.751282] ? preempt_count_sub+0x50/0x80 [ 177.751464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.751802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.752040] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.752304] kthread+0x337/0x6f0 [ 177.752562] ? trace_preempt_on+0x20/0xc0 [ 177.752860] ? __pfx_kthread+0x10/0x10 [ 177.753027] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.753251] ? calculate_sigpending+0x7b/0xa0 [ 177.753478] ? __pfx_kthread+0x10/0x10 [ 177.753657] ret_from_fork+0x116/0x1d0 [ 177.753957] ? __pfx_kthread+0x10/0x10 [ 177.754157] ret_from_fork_asm+0x1a/0x30 [ 177.754363] </TASK> [ 177.754459] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 177.657488] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2018 [ 177.658666] Modules linked in: [ 177.659262] CPU: 1 UID: 0 PID: 2018 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 177.660061] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.660261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.661074] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 177.661952] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 90 22 2a 02 48 89 df e8 68 [ 177.663927] RSP: 0000:ffff88810404fc90 EFLAGS: 00010246 [ 177.664778] RAX: dffffc0000000000 RBX: ffff888103ddc000 RCX: 0000000000000000 [ 177.665525] RDX: 1ffff110207bb834 RSI: ffffffff8f604e28 RDI: ffff888103ddc1a0 [ 177.666287] RBP: ffff88810404fca0 R08: 1ffff11020078f6a R09: ffffed1020809f65 [ 177.667225] R10: 0000000000000003 R11: ffffffff8eb83fa8 R12: 0000000000000000 [ 177.668078] R13: ffff88810404fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 177.669042] FS: 0000000000000000(0000) GS:ffff8881c6d2d000(0000) knlGS:0000000000000000 [ 177.669302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.670012] CR2: 00007ffff7ffe000 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 177.670779] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499483 [ 177.671505] DR3: ffffffff94499485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.672081] Call Trace: [ 177.672390] <TASK> [ 177.672644] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 177.673383] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 177.673633] ? __schedule+0x10cc/0x2b60 [ 177.673868] ? __pfx_read_tsc+0x10/0x10 [ 177.674473] ? ktime_get_ts64+0x86/0x230 [ 177.675029] kunit_try_run_case+0x1a5/0x480 [ 177.675579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.676202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.676969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.677350] ? __kthread_parkme+0x82/0x180 [ 177.677828] ? preempt_count_sub+0x50/0x80 [ 177.678252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.678666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.679300] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.679977] kthread+0x337/0x6f0 [ 177.680136] ? trace_preempt_on+0x20/0xc0 [ 177.680296] ? __pfx_kthread+0x10/0x10 [ 177.680484] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.680644] ? calculate_sigpending+0x7b/0xa0 [ 177.680929] ? __pfx_kthread+0x10/0x10 [ 177.681119] ret_from_fork+0x116/0x1d0 [ 177.681298] ? __pfx_kthread+0x10/0x10 [ 177.682071] ret_from_fork_asm+0x1a/0x30 [ 177.682286] </TASK> [ 177.682760] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 123.695983] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/706 [ 123.696309] Modules linked in: [ 123.696465] CPU: 0 UID: 0 PID: 706 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 123.697054] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 123.697340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 123.698265] RIP: 0010:intlog10+0x2a/0x40 [ 123.698454] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 57 68 8e 02 90 <0f> 0b 90 31 c0 e9 4c 68 8e 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 123.698986] RSP: 0000:ffff88810a127cb0 EFLAGS: 00010246 [ 123.699168] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021424fb4 [ 123.699391] RDX: 1ffffffff24530fc RSI: 1ffff11021424fb3 RDI: 0000000000000000 [ 123.699600] RBP: ffff88810a127d60 R08: 0000000000000000 R09: ffffed10203d9a20 [ 123.699805] R10: ffff888101ecd107 R11: 0000000000000000 R12: 1ffff11021424f97 [ 123.700009] R13: ffffffff922987e0 R14: 0000000000000000 R15: ffff88810a127d38 [ 123.700215] FS: 0000000000000000(0000) GS:ffff8881c6c2d000(0000) knlGS:0000000000000000 [ 123.701876] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.702582] CR2: ffff88815a93afe0 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 123.703588] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499482 [ 123.704645] DR3: ffffffff94499483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 123.705455] Call Trace: [ 123.705930] <TASK> [ 123.706351] ? intlog10_test+0xf2/0x220 [ 123.707153] ? __pfx_intlog10_test+0x10/0x10 [ 123.707779] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 123.708600] ? __pfx_read_tsc+0x10/0x10 [ 123.709221] ? ktime_get_ts64+0x86/0x230 [ 123.709867] kunit_try_run_case+0x1a5/0x480 [ 123.710582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.711278] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 123.712035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 123.712399] ? __kthread_parkme+0x82/0x180 [ 123.712560] ? preempt_count_sub+0x50/0x80 [ 123.713031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.713646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 123.714415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 123.715236] kthread+0x337/0x6f0 [ 123.715396] ? trace_preempt_on+0x20/0xc0 [ 123.715541] ? __pfx_kthread+0x10/0x10 [ 123.715744] ? _raw_spin_unlock_irq+0x47/0x80 [ 123.716187] ? calculate_sigpending+0x7b/0xa0 [ 123.716631] ? __pfx_kthread+0x10/0x10 [ 123.717105] ret_from_fork+0x116/0x1d0 [ 123.717494] ? __pfx_kthread+0x10/0x10 [ 123.718448] ret_from_fork_asm+0x1a/0x30 [ 123.719042] </TASK> [ 123.719148] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 123.657307] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/688 [ 123.657823] Modules linked in: [ 123.658223] CPU: 0 UID: 0 PID: 688 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250702 #1 PREEMPT(voluntary) [ 123.659405] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 123.659654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 123.660453] RIP: 0010:intlog2+0xdf/0x110 [ 123.660683] Code: 29 92 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 c2 68 8e 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 6f cb 55 ff 8b 45 e4 eb [ 123.661568] RSP: 0000:ffff88810a2ffcb0 EFLAGS: 00010246 [ 123.661887] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff1102145ffb4 [ 123.662502] RDX: 1ffffffff2453150 RSI: 1ffff1102145ffb3 RDI: 0000000000000000 [ 123.663134] RBP: ffff88810a2ffd60 R08: 0000000000000000 R09: ffffed1020c962a0 [ 123.663618] R10: ffff8881064b1507 R11: 0000000000000000 R12: 1ffff1102145ff97 [ 123.663907] R13: ffffffff92298a80 R14: 0000000000000000 R15: ffff88810a2ffd38 [ 123.664518] FS: 0000000000000000(0000) GS:ffff8881c6c2d000(0000) knlGS:0000000000000000 [ 123.665252] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.665815] CR2: ffff88815a93afe0 CR3: 000000010f8bc000 CR4: 00000000000006f0 [ 123.666193] DR0: ffffffff94499480 DR1: ffffffff94499481 DR2: ffffffff94499482 [ 123.666414] DR3: ffffffff94499483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 123.666622] Call Trace: [ 123.666730] <TASK> [ 123.666817] ? intlog2_test+0xf2/0x220 [ 123.667199] ? __pfx_intlog2_test+0x10/0x10 [ 123.667384] ? __schedule+0x10cc/0x2b60 [ 123.667595] ? __pfx_read_tsc+0x10/0x10 [ 123.667745] ? ktime_get_ts64+0x86/0x230 [ 123.667899] kunit_try_run_case+0x1a5/0x480 [ 123.668251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.668513] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 123.668683] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 123.669023] ? __kthread_parkme+0x82/0x180 [ 123.669230] ? preempt_count_sub+0x50/0x80 [ 123.669505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.669769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 123.669938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 123.670541] kthread+0x337/0x6f0 [ 123.670756] ? trace_preempt_on+0x20/0xc0 [ 123.671009] ? __pfx_kthread+0x10/0x10 [ 123.671210] ? _raw_spin_unlock_irq+0x47/0x80 [ 123.671440] ? calculate_sigpending+0x7b/0xa0 [ 123.671653] ? __pfx_kthread+0x10/0x10 [ 123.671783] ret_from_fork+0x116/0x1d0 [ 123.671909] ? __pfx_kthread+0x10/0x10 [ 123.672305] ret_from_fork_asm+0x1a/0x30 [ 123.672579] </TASK> [ 123.673104] ---[ end trace 0000000000000000 ]---