Date
July 3, 2025, 10:10 a.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 23.281790] ================================================================== [ 23.282538] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 23.282871] Write of size 8 at addr ffff888105479e71 by task kunit_try_catch/225 [ 23.283320] [ 23.283415] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.283477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.283489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.283510] Call Trace: [ 23.283522] <TASK> [ 23.283537] dump_stack_lvl+0x73/0xb0 [ 23.283565] print_report+0xd1/0x650 [ 23.283587] ? __virt_addr_valid+0x1db/0x2d0 [ 23.283609] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.283630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.283654] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.283675] kasan_report+0x141/0x180 [ 23.283695] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.283721] kasan_check_range+0x10c/0x1c0 [ 23.283743] __asan_memset+0x27/0x50 [ 23.283765] kmalloc_oob_memset_8+0x166/0x330 [ 23.283786] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.283808] ? __schedule+0x10cc/0x2b60 [ 23.283832] ? __pfx_read_tsc+0x10/0x10 [ 23.283853] ? ktime_get_ts64+0x86/0x230 [ 23.283876] kunit_try_run_case+0x1a5/0x480 [ 23.283900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.283922] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.283943] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.283968] ? __kthread_parkme+0x82/0x180 [ 23.283988] ? preempt_count_sub+0x50/0x80 [ 23.284010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.284034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.284057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.284080] kthread+0x337/0x6f0 [ 23.284099] ? trace_preempt_on+0x20/0xc0 [ 23.284121] ? __pfx_kthread+0x10/0x10 [ 23.284141] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.284221] ? calculate_sigpending+0x7b/0xa0 [ 23.284244] ? __pfx_kthread+0x10/0x10 [ 23.284266] ret_from_fork+0x116/0x1d0 [ 23.284285] ? __pfx_kthread+0x10/0x10 [ 23.284305] ret_from_fork_asm+0x1a/0x30 [ 23.284336] </TASK> [ 23.284347] [ 23.293799] Allocated by task 225: [ 23.293965] kasan_save_stack+0x45/0x70 [ 23.294472] kasan_save_track+0x18/0x40 [ 23.294718] kasan_save_alloc_info+0x3b/0x50 [ 23.295020] __kasan_kmalloc+0xb7/0xc0 [ 23.295617] __kmalloc_cache_noprof+0x189/0x420 [ 23.295835] kmalloc_oob_memset_8+0xac/0x330 [ 23.296018] kunit_try_run_case+0x1a5/0x480 [ 23.296547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.296915] kthread+0x337/0x6f0 [ 23.297212] ret_from_fork+0x116/0x1d0 [ 23.297597] ret_from_fork_asm+0x1a/0x30 [ 23.297794] [ 23.297880] The buggy address belongs to the object at ffff888105479e00 [ 23.297880] which belongs to the cache kmalloc-128 of size 128 [ 23.298806] The buggy address is located 113 bytes inside of [ 23.298806] allocated 120-byte region [ffff888105479e00, ffff888105479e78) [ 23.299923] [ 23.300036] The buggy address belongs to the physical page: [ 23.300261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 23.300624] flags: 0x200000000000000(node=0|zone=2) [ 23.300945] page_type: f5(slab) [ 23.301105] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.301443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.301747] page dumped because: kasan: bad access detected [ 23.301937] [ 23.302027] Memory state around the buggy address: [ 23.302263] ffff888105479d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.302561] ffff888105479d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.302831] >ffff888105479e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.303103] ^ [ 23.303391] ffff888105479e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.303859] ffff888105479f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.304129] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 23.252865] ================================================================== [ 23.253485] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.253834] Write of size 4 at addr ffff888105479d75 by task kunit_try_catch/223 [ 23.254246] [ 23.254362] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.254623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.254642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.254665] Call Trace: [ 23.254677] <TASK> [ 23.254692] dump_stack_lvl+0x73/0xb0 [ 23.254810] print_report+0xd1/0x650 [ 23.254833] ? __virt_addr_valid+0x1db/0x2d0 [ 23.254857] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.254877] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.254901] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.254922] kasan_report+0x141/0x180 [ 23.254943] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.254968] kasan_check_range+0x10c/0x1c0 [ 23.254990] __asan_memset+0x27/0x50 [ 23.255012] kmalloc_oob_memset_4+0x166/0x330 [ 23.255034] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.255055] ? __schedule+0x10cc/0x2b60 [ 23.255080] ? __pfx_read_tsc+0x10/0x10 [ 23.255101] ? ktime_get_ts64+0x86/0x230 [ 23.255124] kunit_try_run_case+0x1a5/0x480 [ 23.255157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.255180] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.255200] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.255224] ? __kthread_parkme+0x82/0x180 [ 23.255244] ? preempt_count_sub+0x50/0x80 [ 23.255267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.255292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.255314] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.255337] kthread+0x337/0x6f0 [ 23.255356] ? trace_preempt_on+0x20/0xc0 [ 23.255378] ? __pfx_kthread+0x10/0x10 [ 23.255398] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.255421] ? calculate_sigpending+0x7b/0xa0 [ 23.255444] ? __pfx_kthread+0x10/0x10 [ 23.255612] ret_from_fork+0x116/0x1d0 [ 23.255634] ? __pfx_kthread+0x10/0x10 [ 23.255655] ret_from_fork_asm+0x1a/0x30 [ 23.255686] </TASK> [ 23.255697] [ 23.265926] Allocated by task 223: [ 23.266317] kasan_save_stack+0x45/0x70 [ 23.266535] kasan_save_track+0x18/0x40 [ 23.266725] kasan_save_alloc_info+0x3b/0x50 [ 23.267119] __kasan_kmalloc+0xb7/0xc0 [ 23.267450] __kmalloc_cache_noprof+0x189/0x420 [ 23.267814] kmalloc_oob_memset_4+0xac/0x330 [ 23.268044] kunit_try_run_case+0x1a5/0x480 [ 23.268219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.268781] kthread+0x337/0x6f0 [ 23.269049] ret_from_fork+0x116/0x1d0 [ 23.269349] ret_from_fork_asm+0x1a/0x30 [ 23.269669] [ 23.269763] The buggy address belongs to the object at ffff888105479d00 [ 23.269763] which belongs to the cache kmalloc-128 of size 128 [ 23.270316] The buggy address is located 117 bytes inside of [ 23.270316] allocated 120-byte region [ffff888105479d00, ffff888105479d78) [ 23.271192] [ 23.271278] The buggy address belongs to the physical page: [ 23.271741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 23.272066] flags: 0x200000000000000(node=0|zone=2) [ 23.272465] page_type: f5(slab) [ 23.272798] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.273198] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.273648] page dumped because: kasan: bad access detected [ 23.274016] [ 23.274114] Memory state around the buggy address: [ 23.274509] ffff888105479c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.274985] ffff888105479c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.275596] >ffff888105479d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.275877] ^ [ 23.276368] ffff888105479d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.276764] ffff888105479e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.277308] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 23.229422] ================================================================== [ 23.229895] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.230192] Write of size 2 at addr ffff888105ab1377 by task kunit_try_catch/221 [ 23.230510] [ 23.230733] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.230784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.230797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.230818] Call Trace: [ 23.230830] <TASK> [ 23.230846] dump_stack_lvl+0x73/0xb0 [ 23.230875] print_report+0xd1/0x650 [ 23.230898] ? __virt_addr_valid+0x1db/0x2d0 [ 23.230921] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.230942] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.230967] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.230988] kasan_report+0x141/0x180 [ 23.231167] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.231197] kasan_check_range+0x10c/0x1c0 [ 23.231220] __asan_memset+0x27/0x50 [ 23.231243] kmalloc_oob_memset_2+0x166/0x330 [ 23.231265] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.231287] ? __schedule+0x10cc/0x2b60 [ 23.231312] ? __pfx_read_tsc+0x10/0x10 [ 23.231340] ? ktime_get_ts64+0x86/0x230 [ 23.231365] kunit_try_run_case+0x1a5/0x480 [ 23.231391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.231414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.231435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.231474] ? __kthread_parkme+0x82/0x180 [ 23.231495] ? preempt_count_sub+0x50/0x80 [ 23.231518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.231542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.231566] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.231590] kthread+0x337/0x6f0 [ 23.231610] ? trace_preempt_on+0x20/0xc0 [ 23.231633] ? __pfx_kthread+0x10/0x10 [ 23.231654] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.231677] ? calculate_sigpending+0x7b/0xa0 [ 23.231700] ? __pfx_kthread+0x10/0x10 [ 23.231722] ret_from_fork+0x116/0x1d0 [ 23.231741] ? __pfx_kthread+0x10/0x10 [ 23.231762] ret_from_fork_asm+0x1a/0x30 [ 23.231794] </TASK> [ 23.231805] [ 23.239045] Allocated by task 221: [ 23.239175] kasan_save_stack+0x45/0x70 [ 23.239605] kasan_save_track+0x18/0x40 [ 23.239795] kasan_save_alloc_info+0x3b/0x50 [ 23.239998] __kasan_kmalloc+0xb7/0xc0 [ 23.240261] __kmalloc_cache_noprof+0x189/0x420 [ 23.240422] kmalloc_oob_memset_2+0xac/0x330 [ 23.240572] kunit_try_run_case+0x1a5/0x480 [ 23.240775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.241018] kthread+0x337/0x6f0 [ 23.241478] ret_from_fork+0x116/0x1d0 [ 23.241665] ret_from_fork_asm+0x1a/0x30 [ 23.241811] [ 23.241881] The buggy address belongs to the object at ffff888105ab1300 [ 23.241881] which belongs to the cache kmalloc-128 of size 128 [ 23.242269] The buggy address is located 119 bytes inside of [ 23.242269] allocated 120-byte region [ffff888105ab1300, ffff888105ab1378) [ 23.242820] [ 23.242911] The buggy address belongs to the physical page: [ 23.243161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 23.244476] flags: 0x200000000000000(node=0|zone=2) [ 23.245071] page_type: f5(slab) [ 23.245279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.245688] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.246012] page dumped because: kasan: bad access detected [ 23.246571] [ 23.246651] Memory state around the buggy address: [ 23.246886] ffff888105ab1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.247436] ffff888105ab1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.247884] >ffff888105ab1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.248151] ^ [ 23.248819] ffff888105ab1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.249322] ffff888105ab1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.249622] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 23.205618] ================================================================== [ 23.205980] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.206311] Write of size 128 at addr ffff888105479c00 by task kunit_try_catch/219 [ 23.207376] [ 23.207508] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.207557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.207570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.207590] Call Trace: [ 23.207603] <TASK> [ 23.207619] dump_stack_lvl+0x73/0xb0 [ 23.207647] print_report+0xd1/0x650 [ 23.207668] ? __virt_addr_valid+0x1db/0x2d0 [ 23.207690] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.207711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.207735] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.207756] kasan_report+0x141/0x180 [ 23.207777] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.207802] kasan_check_range+0x10c/0x1c0 [ 23.207824] __asan_memset+0x27/0x50 [ 23.207846] kmalloc_oob_in_memset+0x15f/0x320 [ 23.207867] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.207888] ? __schedule+0x207f/0x2b60 [ 23.207912] ? __pfx_read_tsc+0x10/0x10 [ 23.207933] ? ktime_get_ts64+0x86/0x230 [ 23.207956] kunit_try_run_case+0x1a5/0x480 [ 23.207982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.208004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.208024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.208048] ? __kthread_parkme+0x82/0x180 [ 23.208068] ? preempt_count_sub+0x50/0x80 [ 23.208090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.208114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.208145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.208170] kthread+0x337/0x6f0 [ 23.208189] ? trace_preempt_on+0x20/0xc0 [ 23.208211] ? __pfx_kthread+0x10/0x10 [ 23.208231] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.208254] ? calculate_sigpending+0x7b/0xa0 [ 23.208277] ? __pfx_kthread+0x10/0x10 [ 23.208298] ret_from_fork+0x116/0x1d0 [ 23.208316] ? __pfx_kthread+0x10/0x10 [ 23.208336] ret_from_fork_asm+0x1a/0x30 [ 23.208367] </TASK> [ 23.208377] [ 23.215896] Allocated by task 219: [ 23.216074] kasan_save_stack+0x45/0x70 [ 23.216360] kasan_save_track+0x18/0x40 [ 23.216563] kasan_save_alloc_info+0x3b/0x50 [ 23.216725] __kasan_kmalloc+0xb7/0xc0 [ 23.216907] __kmalloc_cache_noprof+0x189/0x420 [ 23.217093] kmalloc_oob_in_memset+0xac/0x320 [ 23.217349] kunit_try_run_case+0x1a5/0x480 [ 23.217535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.217786] kthread+0x337/0x6f0 [ 23.217952] ret_from_fork+0x116/0x1d0 [ 23.218100] ret_from_fork_asm+0x1a/0x30 [ 23.218495] [ 23.218570] The buggy address belongs to the object at ffff888105479c00 [ 23.218570] which belongs to the cache kmalloc-128 of size 128 [ 23.218919] The buggy address is located 0 bytes inside of [ 23.218919] allocated 120-byte region [ffff888105479c00, ffff888105479c78) [ 23.219559] [ 23.219656] The buggy address belongs to the physical page: [ 23.219897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 23.220323] flags: 0x200000000000000(node=0|zone=2) [ 23.220552] page_type: f5(slab) [ 23.220665] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.220934] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.221334] page dumped because: kasan: bad access detected [ 23.221588] [ 23.221674] Memory state around the buggy address: [ 23.221875] ffff888105479b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.222344] ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.222654] >ffff888105479c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.222934] ^ [ 23.223316] ffff888105479c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.223605] ffff888105479d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.223845] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 23.175372] ================================================================== [ 23.176047] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 23.176826] Read of size 16 at addr ffff888104b06e40 by task kunit_try_catch/217 [ 23.177448] [ 23.177580] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.177630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.177642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.177663] Call Trace: [ 23.177676] <TASK> [ 23.177692] dump_stack_lvl+0x73/0xb0 [ 23.177721] print_report+0xd1/0x650 [ 23.177742] ? __virt_addr_valid+0x1db/0x2d0 [ 23.177765] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.177785] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.177810] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.177830] kasan_report+0x141/0x180 [ 23.177855] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.177880] __asan_report_load16_noabort+0x18/0x20 [ 23.177904] kmalloc_uaf_16+0x47b/0x4c0 [ 23.177924] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 23.177945] ? __schedule+0x10cc/0x2b60 [ 23.177970] ? __pfx_read_tsc+0x10/0x10 [ 23.177998] ? ktime_get_ts64+0x86/0x230 [ 23.178021] kunit_try_run_case+0x1a5/0x480 [ 23.178046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.178069] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.178090] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.178114] ? __kthread_parkme+0x82/0x180 [ 23.178134] ? preempt_count_sub+0x50/0x80 [ 23.178158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.178183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.178206] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.178231] kthread+0x337/0x6f0 [ 23.178251] ? trace_preempt_on+0x20/0xc0 [ 23.178274] ? __pfx_kthread+0x10/0x10 [ 23.178294] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.178317] ? calculate_sigpending+0x7b/0xa0 [ 23.178392] ? __pfx_kthread+0x10/0x10 [ 23.178416] ret_from_fork+0x116/0x1d0 [ 23.178435] ? __pfx_kthread+0x10/0x10 [ 23.178479] ret_from_fork_asm+0x1a/0x30 [ 23.178510] </TASK> [ 23.178521] [ 23.188430] Allocated by task 217: [ 23.189085] kasan_save_stack+0x45/0x70 [ 23.189317] kasan_save_track+0x18/0x40 [ 23.189647] kasan_save_alloc_info+0x3b/0x50 [ 23.189861] __kasan_kmalloc+0xb7/0xc0 [ 23.190192] __kmalloc_cache_noprof+0x189/0x420 [ 23.190504] kmalloc_uaf_16+0x15b/0x4c0 [ 23.190738] kunit_try_run_case+0x1a5/0x480 [ 23.190992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.191335] kthread+0x337/0x6f0 [ 23.191497] ret_from_fork+0x116/0x1d0 [ 23.191843] ret_from_fork_asm+0x1a/0x30 [ 23.192041] [ 23.192330] Freed by task 217: [ 23.192490] kasan_save_stack+0x45/0x70 [ 23.192681] kasan_save_track+0x18/0x40 [ 23.192837] kasan_save_free_info+0x3f/0x60 [ 23.193015] __kasan_slab_free+0x56/0x70 [ 23.193178] kfree+0x222/0x3f0 [ 23.193825] kmalloc_uaf_16+0x1d6/0x4c0 [ 23.194016] kunit_try_run_case+0x1a5/0x480 [ 23.194215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.194553] kthread+0x337/0x6f0 [ 23.194728] ret_from_fork+0x116/0x1d0 [ 23.194905] ret_from_fork_asm+0x1a/0x30 [ 23.195091] [ 23.195163] The buggy address belongs to the object at ffff888104b06e40 [ 23.195163] which belongs to the cache kmalloc-16 of size 16 [ 23.196113] The buggy address is located 0 bytes inside of [ 23.196113] freed 16-byte region [ffff888104b06e40, ffff888104b06e50) [ 23.196874] [ 23.196955] The buggy address belongs to the physical page: [ 23.197708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 23.198021] flags: 0x200000000000000(node=0|zone=2) [ 23.198387] page_type: f5(slab) [ 23.198575] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.198881] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.199518] page dumped because: kasan: bad access detected [ 23.199740] [ 23.199818] Memory state around the buggy address: [ 23.200167] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.200642] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 23.201035] >ffff888104b06e00: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 23.201545] ^ [ 23.201773] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.202138] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.202801] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 23.146799] ================================================================== [ 23.147213] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 23.147720] Write of size 16 at addr ffff8881054e09c0 by task kunit_try_catch/215 [ 23.148041] [ 23.148143] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.148191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.148205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.148227] Call Trace: [ 23.148239] <TASK> [ 23.148255] dump_stack_lvl+0x73/0xb0 [ 23.148285] print_report+0xd1/0x650 [ 23.148306] ? __virt_addr_valid+0x1db/0x2d0 [ 23.148329] ? kmalloc_oob_16+0x452/0x4a0 [ 23.148348] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.148373] ? kmalloc_oob_16+0x452/0x4a0 [ 23.148393] kasan_report+0x141/0x180 [ 23.148413] ? kmalloc_oob_16+0x452/0x4a0 [ 23.148437] __asan_report_store16_noabort+0x1b/0x30 [ 23.148471] kmalloc_oob_16+0x452/0x4a0 [ 23.148491] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.148512] ? __schedule+0x10cc/0x2b60 [ 23.148537] ? __pfx_read_tsc+0x10/0x10 [ 23.148558] ? ktime_get_ts64+0x86/0x230 [ 23.148583] kunit_try_run_case+0x1a5/0x480 [ 23.148608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.148631] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.148653] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.148677] ? __kthread_parkme+0x82/0x180 [ 23.148750] ? preempt_count_sub+0x50/0x80 [ 23.148773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.148809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.148833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.148857] kthread+0x337/0x6f0 [ 23.148876] ? trace_preempt_on+0x20/0xc0 [ 23.148900] ? __pfx_kthread+0x10/0x10 [ 23.148921] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.148944] ? calculate_sigpending+0x7b/0xa0 [ 23.148980] ? __pfx_kthread+0x10/0x10 [ 23.149001] ret_from_fork+0x116/0x1d0 [ 23.149020] ? __pfx_kthread+0x10/0x10 [ 23.149040] ret_from_fork_asm+0x1a/0x30 [ 23.149071] </TASK> [ 23.149083] [ 23.158792] Allocated by task 215: [ 23.158965] kasan_save_stack+0x45/0x70 [ 23.159147] kasan_save_track+0x18/0x40 [ 23.159684] kasan_save_alloc_info+0x3b/0x50 [ 23.160001] __kasan_kmalloc+0xb7/0xc0 [ 23.160316] __kmalloc_cache_noprof+0x189/0x420 [ 23.160555] kmalloc_oob_16+0xa8/0x4a0 [ 23.160723] kunit_try_run_case+0x1a5/0x480 [ 23.160908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.161126] kthread+0x337/0x6f0 [ 23.161381] ret_from_fork+0x116/0x1d0 [ 23.161553] ret_from_fork_asm+0x1a/0x30 [ 23.161726] [ 23.161808] The buggy address belongs to the object at ffff8881054e09c0 [ 23.161808] which belongs to the cache kmalloc-16 of size 16 [ 23.162373] The buggy address is located 0 bytes inside of [ 23.162373] allocated 13-byte region [ffff8881054e09c0, ffff8881054e09cd) [ 23.163941] [ 23.164170] The buggy address belongs to the physical page: [ 23.164705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054e0 [ 23.165363] flags: 0x200000000000000(node=0|zone=2) [ 23.165804] page_type: f5(slab) [ 23.166109] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.166885] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.167831] page dumped because: kasan: bad access detected [ 23.168144] [ 23.168452] Memory state around the buggy address: [ 23.168881] ffff8881054e0880: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 23.169428] ffff8881054e0900: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.169716] >ffff8881054e0980: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 23.170007] ^ [ 23.170669] ffff8881054e0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.171110] ffff8881054e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.171610] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 23.081385] ================================================================== [ 23.081862] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 23.082140] Read of size 1 at addr ffff8881055a1000 by task kunit_try_catch/213 [ 23.082683] [ 23.082781] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.082868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.082882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.082903] Call Trace: [ 23.082915] <TASK> [ 23.082931] dump_stack_lvl+0x73/0xb0 [ 23.082961] print_report+0xd1/0x650 [ 23.083016] ? __virt_addr_valid+0x1db/0x2d0 [ 23.083041] ? krealloc_uaf+0x1b8/0x5e0 [ 23.083061] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.083087] ? krealloc_uaf+0x1b8/0x5e0 [ 23.083108] kasan_report+0x141/0x180 [ 23.083129] ? krealloc_uaf+0x1b8/0x5e0 [ 23.083153] ? krealloc_uaf+0x1b8/0x5e0 [ 23.083207] __kasan_check_byte+0x3d/0x50 [ 23.083230] krealloc_noprof+0x3f/0x340 [ 23.083258] krealloc_uaf+0x1b8/0x5e0 [ 23.083289] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.083469] ? finish_task_switch.isra.0+0x153/0x700 [ 23.083493] ? __switch_to+0x47/0xf50 [ 23.083527] ? __schedule+0x10cc/0x2b60 [ 23.083553] ? __pfx_read_tsc+0x10/0x10 [ 23.083580] ? ktime_get_ts64+0x86/0x230 [ 23.083607] kunit_try_run_case+0x1a5/0x480 [ 23.083634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.083657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.083678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.083703] ? __kthread_parkme+0x82/0x180 [ 23.083723] ? preempt_count_sub+0x50/0x80 [ 23.083747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.083771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.083794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.083818] kthread+0x337/0x6f0 [ 23.083837] ? trace_preempt_on+0x20/0xc0 [ 23.083860] ? __pfx_kthread+0x10/0x10 [ 23.083880] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.083904] ? calculate_sigpending+0x7b/0xa0 [ 23.083928] ? __pfx_kthread+0x10/0x10 [ 23.083949] ret_from_fork+0x116/0x1d0 [ 23.083969] ? __pfx_kthread+0x10/0x10 [ 23.083989] ret_from_fork_asm+0x1a/0x30 [ 23.084023] </TASK> [ 23.084035] [ 23.092710] Allocated by task 213: [ 23.092832] kasan_save_stack+0x45/0x70 [ 23.092970] kasan_save_track+0x18/0x40 [ 23.093095] kasan_save_alloc_info+0x3b/0x50 [ 23.093402] __kasan_kmalloc+0xb7/0xc0 [ 23.093732] __kmalloc_cache_noprof+0x189/0x420 [ 23.094335] krealloc_uaf+0xbb/0x5e0 [ 23.094600] kunit_try_run_case+0x1a5/0x480 [ 23.094818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.095093] kthread+0x337/0x6f0 [ 23.095367] ret_from_fork+0x116/0x1d0 [ 23.095578] ret_from_fork_asm+0x1a/0x30 [ 23.095730] [ 23.095795] Freed by task 213: [ 23.095897] kasan_save_stack+0x45/0x70 [ 23.096077] kasan_save_track+0x18/0x40 [ 23.096253] kasan_save_free_info+0x3f/0x60 [ 23.096444] __kasan_slab_free+0x56/0x70 [ 23.096777] kfree+0x222/0x3f0 [ 23.096896] krealloc_uaf+0x13d/0x5e0 [ 23.097219] kunit_try_run_case+0x1a5/0x480 [ 23.097417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.097661] kthread+0x337/0x6f0 [ 23.097922] ret_from_fork+0x116/0x1d0 [ 23.098050] ret_from_fork_asm+0x1a/0x30 [ 23.098554] [ 23.098659] The buggy address belongs to the object at ffff8881055a1000 [ 23.098659] which belongs to the cache kmalloc-256 of size 256 [ 23.099330] The buggy address is located 0 bytes inside of [ 23.099330] freed 256-byte region [ffff8881055a1000, ffff8881055a1100) [ 23.099856] [ 23.099984] The buggy address belongs to the physical page: [ 23.100347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0 [ 23.100594] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.100807] flags: 0x200000000000040(head|node=0|zone=2) [ 23.101053] page_type: f5(slab) [ 23.101244] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.101725] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.102152] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.102751] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.102989] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff [ 23.103634] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.103979] page dumped because: kasan: bad access detected [ 23.104217] [ 23.104279] Memory state around the buggy address: [ 23.104679] ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.104992] ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.105365] >ffff8881055a1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.105710] ^ [ 23.105871] ffff8881055a1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.106200] ffff8881055a1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.106589] ================================================================== [ 23.107581] ================================================================== [ 23.107961] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 23.108288] Read of size 1 at addr ffff8881055a1000 by task kunit_try_catch/213 [ 23.108725] [ 23.108830] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.108877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.108888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.108910] Call Trace: [ 23.108923] <TASK> [ 23.108938] dump_stack_lvl+0x73/0xb0 [ 23.108966] print_report+0xd1/0x650 [ 23.108989] ? __virt_addr_valid+0x1db/0x2d0 [ 23.109012] ? krealloc_uaf+0x53c/0x5e0 [ 23.109033] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.109058] ? krealloc_uaf+0x53c/0x5e0 [ 23.109079] kasan_report+0x141/0x180 [ 23.109100] ? krealloc_uaf+0x53c/0x5e0 [ 23.109127] __asan_report_load1_noabort+0x18/0x20 [ 23.109150] krealloc_uaf+0x53c/0x5e0 [ 23.109171] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.109191] ? finish_task_switch.isra.0+0x153/0x700 [ 23.109212] ? __switch_to+0x47/0xf50 [ 23.109245] ? __schedule+0x10cc/0x2b60 [ 23.109270] ? __pfx_read_tsc+0x10/0x10 [ 23.109296] ? ktime_get_ts64+0x86/0x230 [ 23.109322] kunit_try_run_case+0x1a5/0x480 [ 23.109347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.109369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.109390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.109415] ? __kthread_parkme+0x82/0x180 [ 23.109435] ? preempt_count_sub+0x50/0x80 [ 23.109469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.109494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.109517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.109581] kthread+0x337/0x6f0 [ 23.109602] ? trace_preempt_on+0x20/0xc0 [ 23.109625] ? __pfx_kthread+0x10/0x10 [ 23.109646] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.109669] ? calculate_sigpending+0x7b/0xa0 [ 23.109693] ? __pfx_kthread+0x10/0x10 [ 23.109715] ret_from_fork+0x116/0x1d0 [ 23.109734] ? __pfx_kthread+0x10/0x10 [ 23.109755] ret_from_fork_asm+0x1a/0x30 [ 23.109788] </TASK> [ 23.109799] [ 23.121764] Allocated by task 213: [ 23.122383] kasan_save_stack+0x45/0x70 [ 23.122986] kasan_save_track+0x18/0x40 [ 23.123658] kasan_save_alloc_info+0x3b/0x50 [ 23.123898] __kasan_kmalloc+0xb7/0xc0 [ 23.124033] __kmalloc_cache_noprof+0x189/0x420 [ 23.124597] krealloc_uaf+0xbb/0x5e0 [ 23.125098] kunit_try_run_case+0x1a5/0x480 [ 23.125753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.126416] kthread+0x337/0x6f0 [ 23.126568] ret_from_fork+0x116/0x1d0 [ 23.126701] ret_from_fork_asm+0x1a/0x30 [ 23.126834] [ 23.126900] Freed by task 213: [ 23.127005] kasan_save_stack+0x45/0x70 [ 23.127229] kasan_save_track+0x18/0x40 [ 23.127578] kasan_save_free_info+0x3f/0x60 [ 23.128369] __kasan_slab_free+0x56/0x70 [ 23.128933] kfree+0x222/0x3f0 [ 23.129323] krealloc_uaf+0x13d/0x5e0 [ 23.129676] kunit_try_run_case+0x1a5/0x480 [ 23.130052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.130598] kthread+0x337/0x6f0 [ 23.130890] ret_from_fork+0x116/0x1d0 [ 23.131434] ret_from_fork_asm+0x1a/0x30 [ 23.131595] [ 23.131662] The buggy address belongs to the object at ffff8881055a1000 [ 23.131662] which belongs to the cache kmalloc-256 of size 256 [ 23.132013] The buggy address is located 0 bytes inside of [ 23.132013] freed 256-byte region [ffff8881055a1000, ffff8881055a1100) [ 23.132946] [ 23.133112] The buggy address belongs to the physical page: [ 23.133695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0 [ 23.134494] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.135109] flags: 0x200000000000040(head|node=0|zone=2) [ 23.135692] page_type: f5(slab) [ 23.135979] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.136277] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.137110] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.137695] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.137932] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff [ 23.138355] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.138637] page dumped because: kasan: bad access detected [ 23.138804] [ 23.138869] Memory state around the buggy address: [ 23.139016] ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.139817] ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.140649] >ffff8881055a1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.141435] ^ [ 23.141765] ffff8881055a1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.142615] ffff8881055a1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.143335] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 22.778638] ================================================================== [ 22.779128] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.780779] Write of size 1 at addr ffff8881055a0ec9 by task kunit_try_catch/207 [ 22.781895] [ 22.782021] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.782070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.782083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.782104] Call Trace: [ 22.782117] <TASK> [ 22.782200] dump_stack_lvl+0x73/0xb0 [ 22.782234] print_report+0xd1/0x650 [ 22.782257] ? __virt_addr_valid+0x1db/0x2d0 [ 22.782280] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.782302] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.782327] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.782350] kasan_report+0x141/0x180 [ 22.782372] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.782399] __asan_report_store1_noabort+0x1b/0x30 [ 22.782422] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.782448] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.782482] ? finish_task_switch.isra.0+0x153/0x700 [ 22.782503] ? __switch_to+0x47/0xf50 [ 22.782531] ? __schedule+0x10cc/0x2b60 [ 22.782556] ? __pfx_read_tsc+0x10/0x10 [ 22.782581] krealloc_less_oob+0x1c/0x30 [ 22.782603] kunit_try_run_case+0x1a5/0x480 [ 22.782628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.782651] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.782671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.782696] ? __kthread_parkme+0x82/0x180 [ 22.782716] ? preempt_count_sub+0x50/0x80 [ 22.782738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.782763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.782786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.782810] kthread+0x337/0x6f0 [ 22.782829] ? trace_preempt_on+0x20/0xc0 [ 22.782852] ? __pfx_kthread+0x10/0x10 [ 22.782873] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.782896] ? calculate_sigpending+0x7b/0xa0 [ 22.782919] ? __pfx_kthread+0x10/0x10 [ 22.782940] ret_from_fork+0x116/0x1d0 [ 22.782959] ? __pfx_kthread+0x10/0x10 [ 22.782979] ret_from_fork_asm+0x1a/0x30 [ 22.783010] </TASK> [ 22.783021] [ 22.790385] Allocated by task 207: [ 22.790570] kasan_save_stack+0x45/0x70 [ 22.790768] kasan_save_track+0x18/0x40 [ 22.790953] kasan_save_alloc_info+0x3b/0x50 [ 22.791251] __kasan_krealloc+0x190/0x1f0 [ 22.791430] krealloc_noprof+0xf3/0x340 [ 22.791616] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.791770] krealloc_less_oob+0x1c/0x30 [ 22.791901] kunit_try_run_case+0x1a5/0x480 [ 22.792040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.792360] kthread+0x337/0x6f0 [ 22.792542] ret_from_fork+0x116/0x1d0 [ 22.792725] ret_from_fork_asm+0x1a/0x30 [ 22.792914] [ 22.793008] The buggy address belongs to the object at ffff8881055a0e00 [ 22.793008] which belongs to the cache kmalloc-256 of size 256 [ 22.793621] The buggy address is located 0 bytes to the right of [ 22.793621] allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9) [ 22.794025] [ 22.794115] The buggy address belongs to the physical page: [ 22.794445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0 [ 22.794813] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.795104] flags: 0x200000000000040(head|node=0|zone=2) [ 22.795535] page_type: f5(slab) [ 22.795686] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.795973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.796295] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.796570] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.796913] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff [ 22.797336] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.797667] page dumped because: kasan: bad access detected [ 22.797882] [ 22.797972] Memory state around the buggy address: [ 22.798244] ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.798484] ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.798692] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.798969] ^ [ 22.799303] ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.799632] ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.799934] ================================================================== [ 22.853585] ================================================================== [ 22.853889] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 22.854140] Write of size 1 at addr ffff8881055a0eea by task kunit_try_catch/207 [ 22.855492] [ 22.855616] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.855664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.855677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.855697] Call Trace: [ 22.855710] <TASK> [ 22.855725] dump_stack_lvl+0x73/0xb0 [ 22.855752] print_report+0xd1/0x650 [ 22.855774] ? __virt_addr_valid+0x1db/0x2d0 [ 22.855796] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.855819] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.855844] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.855866] kasan_report+0x141/0x180 [ 22.855888] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 22.855915] __asan_report_store1_noabort+0x1b/0x30 [ 22.855938] krealloc_less_oob_helper+0xe90/0x11d0 [ 22.855963] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.855986] ? finish_task_switch.isra.0+0x153/0x700 [ 22.856006] ? __switch_to+0x47/0xf50 [ 22.856031] ? __schedule+0x10cc/0x2b60 [ 22.856058] ? __pfx_read_tsc+0x10/0x10 [ 22.856086] krealloc_less_oob+0x1c/0x30 [ 22.856107] kunit_try_run_case+0x1a5/0x480 [ 22.856131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.856154] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.856175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.856212] ? __kthread_parkme+0x82/0x180 [ 22.856231] ? preempt_count_sub+0x50/0x80 [ 22.856254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.856279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.856303] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.856327] kthread+0x337/0x6f0 [ 22.856346] ? trace_preempt_on+0x20/0xc0 [ 22.856368] ? __pfx_kthread+0x10/0x10 [ 22.856388] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.856411] ? calculate_sigpending+0x7b/0xa0 [ 22.856434] ? __pfx_kthread+0x10/0x10 [ 22.856465] ret_from_fork+0x116/0x1d0 [ 22.856484] ? __pfx_kthread+0x10/0x10 [ 22.856504] ret_from_fork_asm+0x1a/0x30 [ 22.856535] </TASK> [ 22.856546] [ 22.870389] Allocated by task 207: [ 22.870530] kasan_save_stack+0x45/0x70 [ 22.870674] kasan_save_track+0x18/0x40 [ 22.870798] kasan_save_alloc_info+0x3b/0x50 [ 22.870933] __kasan_krealloc+0x190/0x1f0 [ 22.871061] krealloc_noprof+0xf3/0x340 [ 22.871254] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.872101] krealloc_less_oob+0x1c/0x30 [ 22.872683] kunit_try_run_case+0x1a5/0x480 [ 22.873215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.873965] kthread+0x337/0x6f0 [ 22.874540] ret_from_fork+0x116/0x1d0 [ 22.874990] ret_from_fork_asm+0x1a/0x30 [ 22.875500] [ 22.875717] The buggy address belongs to the object at ffff8881055a0e00 [ 22.875717] which belongs to the cache kmalloc-256 of size 256 [ 22.877138] The buggy address is located 33 bytes to the right of [ 22.877138] allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9) [ 22.877781] [ 22.877862] The buggy address belongs to the physical page: [ 22.878033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0 [ 22.878285] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.878783] flags: 0x200000000000040(head|node=0|zone=2) [ 22.879426] page_type: f5(slab) [ 22.879616] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.880064] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.880646] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.881076] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.881596] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff [ 22.882028] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.882490] page dumped because: kasan: bad access detected [ 22.882842] [ 22.882941] Memory state around the buggy address: [ 22.883149] ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.883815] ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.884215] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.884739] ^ [ 22.885005] ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.885391] ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.886002] ================================================================== [ 22.887167] ================================================================== [ 22.887809] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 22.888877] Write of size 1 at addr ffff8881055a0eeb by task kunit_try_catch/207 [ 22.889653] [ 22.889936] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.890124] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.890139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.890211] Call Trace: [ 22.890230] <TASK> [ 22.890246] dump_stack_lvl+0x73/0xb0 [ 22.890275] print_report+0xd1/0x650 [ 22.890298] ? __virt_addr_valid+0x1db/0x2d0 [ 22.890320] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.890343] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.890368] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.890391] kasan_report+0x141/0x180 [ 22.890412] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 22.890439] __asan_report_store1_noabort+0x1b/0x30 [ 22.890473] krealloc_less_oob_helper+0xd47/0x11d0 [ 22.890498] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.890522] ? finish_task_switch.isra.0+0x153/0x700 [ 22.890542] ? __switch_to+0x47/0xf50 [ 22.890568] ? __schedule+0x10cc/0x2b60 [ 22.890594] ? __pfx_read_tsc+0x10/0x10 [ 22.890619] krealloc_less_oob+0x1c/0x30 [ 22.890641] kunit_try_run_case+0x1a5/0x480 [ 22.890666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.890689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.890710] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.890735] ? __kthread_parkme+0x82/0x180 [ 22.890755] ? preempt_count_sub+0x50/0x80 [ 22.890778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.890802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.890825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.890849] kthread+0x337/0x6f0 [ 22.890869] ? trace_preempt_on+0x20/0xc0 [ 22.890891] ? __pfx_kthread+0x10/0x10 [ 22.890912] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.890935] ? calculate_sigpending+0x7b/0xa0 [ 22.890959] ? __pfx_kthread+0x10/0x10 [ 22.890980] ret_from_fork+0x116/0x1d0 [ 22.890999] ? __pfx_kthread+0x10/0x10 [ 22.891019] ret_from_fork_asm+0x1a/0x30 [ 22.891050] </TASK> [ 22.891060] [ 22.902270] Allocated by task 207: [ 22.902605] kasan_save_stack+0x45/0x70 [ 22.902806] kasan_save_track+0x18/0x40 [ 22.902983] kasan_save_alloc_info+0x3b/0x50 [ 22.903179] __kasan_krealloc+0x190/0x1f0 [ 22.903351] krealloc_noprof+0xf3/0x340 [ 22.903531] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.903750] krealloc_less_oob+0x1c/0x30 [ 22.903931] kunit_try_run_case+0x1a5/0x480 [ 22.904119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.904888] kthread+0x337/0x6f0 [ 22.905046] ret_from_fork+0x116/0x1d0 [ 22.905227] ret_from_fork_asm+0x1a/0x30 [ 22.905712] [ 22.905813] The buggy address belongs to the object at ffff8881055a0e00 [ 22.905813] which belongs to the cache kmalloc-256 of size 256 [ 22.906855] The buggy address is located 34 bytes to the right of [ 22.906855] allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9) [ 22.907720] [ 22.907902] The buggy address belongs to the physical page: [ 22.908122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0 [ 22.908745] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.909106] flags: 0x200000000000040(head|node=0|zone=2) [ 22.909453] page_type: f5(slab) [ 22.909766] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.910270] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.910714] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.911098] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.911504] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff [ 22.911833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.912142] page dumped because: kasan: bad access detected [ 22.912806] [ 22.912902] Memory state around the buggy address: [ 22.913069] ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.913592] ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.913879] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.914136] ^ [ 22.914400] ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.914708] ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.914988] ================================================================== [ 22.974710] ================================================================== [ 22.975082] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.975475] Write of size 1 at addr ffff8881057460c9 by task kunit_try_catch/211 [ 22.976588] [ 22.976896] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.976949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.977068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.977090] Call Trace: [ 22.977104] <TASK> [ 22.977121] dump_stack_lvl+0x73/0xb0 [ 22.977154] print_report+0xd1/0x650 [ 22.977176] ? __virt_addr_valid+0x1db/0x2d0 [ 22.977221] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.977244] ? kasan_addr_to_slab+0x11/0xa0 [ 22.977268] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.977290] kasan_report+0x141/0x180 [ 22.977312] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.977339] __asan_report_store1_noabort+0x1b/0x30 [ 22.977363] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.977388] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.977410] ? finish_task_switch.isra.0+0x153/0x700 [ 22.977432] ? __switch_to+0x47/0xf50 [ 22.977476] ? __schedule+0x10cc/0x2b60 [ 22.977502] ? __pfx_read_tsc+0x10/0x10 [ 22.977533] krealloc_large_less_oob+0x1c/0x30 [ 22.977556] kunit_try_run_case+0x1a5/0x480 [ 22.977582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.977604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.977625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.977650] ? __kthread_parkme+0x82/0x180 [ 22.977670] ? preempt_count_sub+0x50/0x80 [ 22.977692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.977715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.977738] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.977762] kthread+0x337/0x6f0 [ 22.977781] ? trace_preempt_on+0x20/0xc0 [ 22.977804] ? __pfx_kthread+0x10/0x10 [ 22.977825] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.977851] ? calculate_sigpending+0x7b/0xa0 [ 22.977875] ? __pfx_kthread+0x10/0x10 [ 22.977896] ret_from_fork+0x116/0x1d0 [ 22.977915] ? __pfx_kthread+0x10/0x10 [ 22.977935] ret_from_fork_asm+0x1a/0x30 [ 22.977967] </TASK> [ 22.977978] [ 22.994543] The buggy address belongs to the physical page: [ 22.994723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744 [ 22.995737] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.996536] flags: 0x200000000000040(head|node=0|zone=2) [ 22.997196] page_type: f8(unknown) [ 22.997683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.998364] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.998605] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.998827] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.999066] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff [ 22.999476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.999793] page dumped because: kasan: bad access detected [ 23.000447] [ 23.000568] Memory state around the buggy address: [ 23.001065] ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.001531] ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.001777] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.002096] ^ [ 23.002572] ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.002947] ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.003499] ================================================================== [ 23.040710] ================================================================== [ 23.041212] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.041669] Write of size 1 at addr ffff8881057460ea by task kunit_try_catch/211 [ 23.041971] [ 23.042099] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.042200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.042215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.042235] Call Trace: [ 23.042248] <TASK> [ 23.042262] dump_stack_lvl+0x73/0xb0 [ 23.042289] print_report+0xd1/0x650 [ 23.042310] ? __virt_addr_valid+0x1db/0x2d0 [ 23.042333] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.042355] ? kasan_addr_to_slab+0x11/0xa0 [ 23.042379] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.042402] kasan_report+0x141/0x180 [ 23.042423] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.042450] __asan_report_store1_noabort+0x1b/0x30 [ 23.042487] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.042512] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.042535] ? finish_task_switch.isra.0+0x153/0x700 [ 23.042555] ? __switch_to+0x47/0xf50 [ 23.042586] ? __schedule+0x10cc/0x2b60 [ 23.042610] ? __pfx_read_tsc+0x10/0x10 [ 23.042639] krealloc_large_less_oob+0x1c/0x30 [ 23.042661] kunit_try_run_case+0x1a5/0x480 [ 23.042685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042707] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.042727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.042775] ? __kthread_parkme+0x82/0x180 [ 23.042795] ? preempt_count_sub+0x50/0x80 [ 23.042817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.042879] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.042916] kthread+0x337/0x6f0 [ 23.042949] ? trace_preempt_on+0x20/0xc0 [ 23.042971] ? __pfx_kthread+0x10/0x10 [ 23.042991] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.043014] ? calculate_sigpending+0x7b/0xa0 [ 23.043037] ? __pfx_kthread+0x10/0x10 [ 23.043059] ret_from_fork+0x116/0x1d0 [ 23.043078] ? __pfx_kthread+0x10/0x10 [ 23.043099] ret_from_fork_asm+0x1a/0x30 [ 23.043129] </TASK> [ 23.043140] [ 23.051821] The buggy address belongs to the physical page: [ 23.052588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744 [ 23.052830] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.053126] flags: 0x200000000000040(head|node=0|zone=2) [ 23.053415] page_type: f8(unknown) [ 23.053601] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.053943] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.054310] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.054720] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.055054] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff [ 23.055479] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.055799] page dumped because: kasan: bad access detected [ 23.055972] [ 23.056042] Memory state around the buggy address: [ 23.056418] ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.056930] ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.057283] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.057744] ^ [ 23.058055] ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.058489] ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.058732] ================================================================== [ 22.801892] ================================================================== [ 22.802500] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.802746] Write of size 1 at addr ffff8881055a0ed0 by task kunit_try_catch/207 [ 22.802963] [ 22.803042] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.803086] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.803098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.803117] Call Trace: [ 22.803130] <TASK> [ 22.803810] dump_stack_lvl+0x73/0xb0 [ 22.803852] print_report+0xd1/0x650 [ 22.803876] ? __virt_addr_valid+0x1db/0x2d0 [ 22.803898] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.803921] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.803948] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.803972] kasan_report+0x141/0x180 [ 22.803994] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.804021] __asan_report_store1_noabort+0x1b/0x30 [ 22.804045] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.804070] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.804094] ? finish_task_switch.isra.0+0x153/0x700 [ 22.804115] ? __switch_to+0x47/0xf50 [ 22.804149] ? __schedule+0x10cc/0x2b60 [ 22.804174] ? __pfx_read_tsc+0x10/0x10 [ 22.804199] krealloc_less_oob+0x1c/0x30 [ 22.804220] kunit_try_run_case+0x1a5/0x480 [ 22.804244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.804267] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.804287] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.804312] ? __kthread_parkme+0x82/0x180 [ 22.804332] ? preempt_count_sub+0x50/0x80 [ 22.804354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.804378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.804402] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.804425] kthread+0x337/0x6f0 [ 22.804446] ? trace_preempt_on+0x20/0xc0 [ 22.804480] ? __pfx_kthread+0x10/0x10 [ 22.804545] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.804569] ? calculate_sigpending+0x7b/0xa0 [ 22.804593] ? __pfx_kthread+0x10/0x10 [ 22.804615] ret_from_fork+0x116/0x1d0 [ 22.804635] ? __pfx_kthread+0x10/0x10 [ 22.804656] ret_from_fork_asm+0x1a/0x30 [ 22.804688] </TASK> [ 22.804700] [ 22.812869] Allocated by task 207: [ 22.813029] kasan_save_stack+0x45/0x70 [ 22.813228] kasan_save_track+0x18/0x40 [ 22.813505] kasan_save_alloc_info+0x3b/0x50 [ 22.813716] __kasan_krealloc+0x190/0x1f0 [ 22.813917] krealloc_noprof+0xf3/0x340 [ 22.814105] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.814412] krealloc_less_oob+0x1c/0x30 [ 22.814788] kunit_try_run_case+0x1a5/0x480 [ 22.814946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.815145] kthread+0x337/0x6f0 [ 22.815325] ret_from_fork+0x116/0x1d0 [ 22.815594] ret_from_fork_asm+0x1a/0x30 [ 22.815736] [ 22.815800] The buggy address belongs to the object at ffff8881055a0e00 [ 22.815800] which belongs to the cache kmalloc-256 of size 256 [ 22.816359] The buggy address is located 7 bytes to the right of [ 22.816359] allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9) [ 22.816992] [ 22.817086] The buggy address belongs to the physical page: [ 22.817328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0 [ 22.817574] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.818312] flags: 0x200000000000040(head|node=0|zone=2) [ 22.818565] page_type: f5(slab) [ 22.818683] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.818935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.819736] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.820562] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.821370] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff [ 22.821858] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.822369] page dumped because: kasan: bad access detected [ 22.822759] [ 22.822849] Memory state around the buggy address: [ 22.823053] ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.823612] ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.823916] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.824551] ^ [ 22.824958] ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.825606] ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.825903] ================================================================== [ 23.023109] ================================================================== [ 23.023443] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.023872] Write of size 1 at addr ffff8881057460da by task kunit_try_catch/211 [ 23.024286] [ 23.024374] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.024440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.024453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.024484] Call Trace: [ 23.024498] <TASK> [ 23.024513] dump_stack_lvl+0x73/0xb0 [ 23.024538] print_report+0xd1/0x650 [ 23.024559] ? __virt_addr_valid+0x1db/0x2d0 [ 23.024581] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.024624] ? kasan_addr_to_slab+0x11/0xa0 [ 23.024648] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.024670] kasan_report+0x141/0x180 [ 23.024691] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.024718] __asan_report_store1_noabort+0x1b/0x30 [ 23.024742] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.024785] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.024808] ? finish_task_switch.isra.0+0x153/0x700 [ 23.024829] ? __switch_to+0x47/0xf50 [ 23.024859] ? __schedule+0x10cc/0x2b60 [ 23.024884] ? __pfx_read_tsc+0x10/0x10 [ 23.024913] krealloc_large_less_oob+0x1c/0x30 [ 23.024936] kunit_try_run_case+0x1a5/0x480 [ 23.024960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.024983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.025020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.025045] ? __kthread_parkme+0x82/0x180 [ 23.025064] ? preempt_count_sub+0x50/0x80 [ 23.025103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.025127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.025194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.025219] kthread+0x337/0x6f0 [ 23.025239] ? trace_preempt_on+0x20/0xc0 [ 23.025261] ? __pfx_kthread+0x10/0x10 [ 23.025281] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.025304] ? calculate_sigpending+0x7b/0xa0 [ 23.025328] ? __pfx_kthread+0x10/0x10 [ 23.025349] ret_from_fork+0x116/0x1d0 [ 23.025369] ? __pfx_kthread+0x10/0x10 [ 23.025389] ret_from_fork_asm+0x1a/0x30 [ 23.025419] </TASK> [ 23.025430] [ 23.033725] The buggy address belongs to the physical page: [ 23.033928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744 [ 23.034541] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.034916] flags: 0x200000000000040(head|node=0|zone=2) [ 23.035262] page_type: f8(unknown) [ 23.035469] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.035804] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.036159] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.036504] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.036772] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff [ 23.037103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.037667] page dumped because: kasan: bad access detected [ 23.037850] [ 23.037916] Memory state around the buggy address: [ 23.038065] ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.038586] ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.038929] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.039491] ^ [ 23.039794] ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.040102] ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.040365] ================================================================== [ 23.004414] ================================================================== [ 23.005674] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.006078] Write of size 1 at addr ffff8881057460d0 by task kunit_try_catch/211 [ 23.007013] [ 23.007224] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.007371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.007385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.007405] Call Trace: [ 23.007418] <TASK> [ 23.007432] dump_stack_lvl+0x73/0xb0 [ 23.007475] print_report+0xd1/0x650 [ 23.007497] ? __virt_addr_valid+0x1db/0x2d0 [ 23.007520] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.007542] ? kasan_addr_to_slab+0x11/0xa0 [ 23.007565] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.007588] kasan_report+0x141/0x180 [ 23.007609] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.007636] __asan_report_store1_noabort+0x1b/0x30 [ 23.007660] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.007684] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.007707] ? finish_task_switch.isra.0+0x153/0x700 [ 23.007728] ? __switch_to+0x47/0xf50 [ 23.007758] ? __schedule+0x10cc/0x2b60 [ 23.007783] ? __pfx_read_tsc+0x10/0x10 [ 23.007812] krealloc_large_less_oob+0x1c/0x30 [ 23.007833] kunit_try_run_case+0x1a5/0x480 [ 23.007858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.007880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.007900] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.007925] ? __kthread_parkme+0x82/0x180 [ 23.007944] ? preempt_count_sub+0x50/0x80 [ 23.007966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.007990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.008012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.008036] kthread+0x337/0x6f0 [ 23.008054] ? trace_preempt_on+0x20/0xc0 [ 23.008076] ? __pfx_kthread+0x10/0x10 [ 23.008096] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.008118] ? calculate_sigpending+0x7b/0xa0 [ 23.008142] ? __pfx_kthread+0x10/0x10 [ 23.008163] ret_from_fork+0x116/0x1d0 [ 23.008182] ? __pfx_kthread+0x10/0x10 [ 23.008203] ret_from_fork_asm+0x1a/0x30 [ 23.008233] </TASK> [ 23.008245] [ 23.016151] The buggy address belongs to the physical page: [ 23.016529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744 [ 23.016900] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.017438] flags: 0x200000000000040(head|node=0|zone=2) [ 23.017729] page_type: f8(unknown) [ 23.017890] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.018106] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.018342] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.018927] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.019339] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff [ 23.019691] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.019990] page dumped because: kasan: bad access detected [ 23.020195] [ 23.020286] Memory state around the buggy address: [ 23.020512] ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.020821] ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.021154] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.021451] ^ [ 23.021714] ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.022112] ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.022704] ================================================================== [ 23.059106] ================================================================== [ 23.059371] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.059725] Write of size 1 at addr ffff8881057460eb by task kunit_try_catch/211 [ 23.059966] [ 23.060041] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.060082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.060094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.060113] Call Trace: [ 23.060128] <TASK> [ 23.060143] dump_stack_lvl+0x73/0xb0 [ 23.060168] print_report+0xd1/0x650 [ 23.060189] ? __virt_addr_valid+0x1db/0x2d0 [ 23.060211] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.060233] ? kasan_addr_to_slab+0x11/0xa0 [ 23.060257] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.060279] kasan_report+0x141/0x180 [ 23.060300] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.060328] __asan_report_store1_noabort+0x1b/0x30 [ 23.060351] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.060375] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.060398] ? finish_task_switch.isra.0+0x153/0x700 [ 23.060419] ? __switch_to+0x47/0xf50 [ 23.060449] ? __schedule+0x10cc/0x2b60 [ 23.060584] ? __pfx_read_tsc+0x10/0x10 [ 23.060614] krealloc_large_less_oob+0x1c/0x30 [ 23.060637] kunit_try_run_case+0x1a5/0x480 [ 23.060662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.060684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.060705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.060729] ? __kthread_parkme+0x82/0x180 [ 23.060749] ? preempt_count_sub+0x50/0x80 [ 23.060771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.060795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.060818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.060841] kthread+0x337/0x6f0 [ 23.060860] ? trace_preempt_on+0x20/0xc0 [ 23.060882] ? __pfx_kthread+0x10/0x10 [ 23.060902] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.060925] ? calculate_sigpending+0x7b/0xa0 [ 23.060949] ? __pfx_kthread+0x10/0x10 [ 23.060970] ret_from_fork+0x116/0x1d0 [ 23.060989] ? __pfx_kthread+0x10/0x10 [ 23.061009] ret_from_fork_asm+0x1a/0x30 [ 23.061039] </TASK> [ 23.061049] [ 23.070038] The buggy address belongs to the physical page: [ 23.070360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744 [ 23.070845] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.071173] flags: 0x200000000000040(head|node=0|zone=2) [ 23.071503] page_type: f8(unknown) [ 23.071648] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.071983] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.072329] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.072569] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.072975] head: 0200000000000002 ffffea000415d101 00000000ffffffff 00000000ffffffff [ 23.073438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.073773] page dumped because: kasan: bad access detected [ 23.074017] [ 23.074083] Memory state around the buggy address: [ 23.074224] ffff888105745f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.074425] ffff888105746000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.074765] >ffff888105746080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.075076] ^ [ 23.075563] ffff888105746100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.076103] ffff888105746180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.076526] ================================================================== [ 22.827038] ================================================================== [ 22.827671] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.828136] Write of size 1 at addr ffff8881055a0eda by task kunit_try_catch/207 [ 22.828744] [ 22.828853] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.828898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.828911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.828930] Call Trace: [ 22.828945] <TASK> [ 22.828960] dump_stack_lvl+0x73/0xb0 [ 22.828989] print_report+0xd1/0x650 [ 22.829010] ? __virt_addr_valid+0x1db/0x2d0 [ 22.829033] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.829055] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.829080] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.829103] kasan_report+0x141/0x180 [ 22.829125] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.829154] __asan_report_store1_noabort+0x1b/0x30 [ 22.829178] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.829359] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.829385] ? finish_task_switch.isra.0+0x153/0x700 [ 22.829421] ? __switch_to+0x47/0xf50 [ 22.829447] ? __schedule+0x10cc/0x2b60 [ 22.829484] ? __pfx_read_tsc+0x10/0x10 [ 22.829509] krealloc_less_oob+0x1c/0x30 [ 22.829531] kunit_try_run_case+0x1a5/0x480 [ 22.829556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.829579] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.829601] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.829626] ? __kthread_parkme+0x82/0x180 [ 22.829645] ? preempt_count_sub+0x50/0x80 [ 22.829667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.829691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.829714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.829738] kthread+0x337/0x6f0 [ 22.829758] ? trace_preempt_on+0x20/0xc0 [ 22.829779] ? __pfx_kthread+0x10/0x10 [ 22.829799] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.829822] ? calculate_sigpending+0x7b/0xa0 [ 22.829854] ? __pfx_kthread+0x10/0x10 [ 22.829876] ret_from_fork+0x116/0x1d0 [ 22.829894] ? __pfx_kthread+0x10/0x10 [ 22.829915] ret_from_fork_asm+0x1a/0x30 [ 22.829946] </TASK> [ 22.829956] [ 22.840036] Allocated by task 207: [ 22.840498] kasan_save_stack+0x45/0x70 [ 22.840710] kasan_save_track+0x18/0x40 [ 22.840924] kasan_save_alloc_info+0x3b/0x50 [ 22.841111] __kasan_krealloc+0x190/0x1f0 [ 22.841580] krealloc_noprof+0xf3/0x340 [ 22.841866] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.842049] krealloc_less_oob+0x1c/0x30 [ 22.842262] kunit_try_run_case+0x1a5/0x480 [ 22.842688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.843102] kthread+0x337/0x6f0 [ 22.843262] ret_from_fork+0x116/0x1d0 [ 22.843477] ret_from_fork_asm+0x1a/0x30 [ 22.843882] [ 22.844087] The buggy address belongs to the object at ffff8881055a0e00 [ 22.844087] which belongs to the cache kmalloc-256 of size 256 [ 22.844858] The buggy address is located 17 bytes to the right of [ 22.844858] allocated 201-byte region [ffff8881055a0e00, ffff8881055a0ec9) [ 22.845467] [ 22.845561] The buggy address belongs to the physical page: [ 22.845782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055a0 [ 22.846127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.846641] flags: 0x200000000000040(head|node=0|zone=2) [ 22.846962] page_type: f5(slab) [ 22.847113] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.847757] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.848121] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.848558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.849104] head: 0200000000000001 ffffea0004156801 00000000ffffffff 00000000ffffffff [ 22.849565] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.849893] page dumped because: kasan: bad access detected [ 22.850112] [ 22.850417] Memory state around the buggy address: [ 22.850654] ffff8881055a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.850941] ffff8881055a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.851402] >ffff8881055a0e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.851801] ^ [ 22.852341] ffff8881055a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.852629] ffff8881055a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.853047] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 22.754526] ================================================================== [ 22.754819] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.755097] Write of size 1 at addr ffff888100a900f0 by task kunit_try_catch/205 [ 22.755321] [ 22.755401] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.755444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.755466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.755486] Call Trace: [ 22.755497] <TASK> [ 22.755510] dump_stack_lvl+0x73/0xb0 [ 22.755536] print_report+0xd1/0x650 [ 22.755556] ? __virt_addr_valid+0x1db/0x2d0 [ 22.755578] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.755599] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.755624] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.755646] kasan_report+0x141/0x180 [ 22.755667] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.755694] __asan_report_store1_noabort+0x1b/0x30 [ 22.755717] krealloc_more_oob_helper+0x7eb/0x930 [ 22.755738] ? __schedule+0x10cc/0x2b60 [ 22.755765] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.755789] ? __kasan_check_write+0x18/0x20 [ 22.755811] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.755831] ? irqentry_exit+0x2a/0x60 [ 22.755851] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.755873] ? trace_hardirqs_on+0x37/0xe0 [ 22.755894] ? __pfx_read_tsc+0x10/0x10 [ 22.755917] krealloc_more_oob+0x1c/0x30 [ 22.755938] kunit_try_run_case+0x1a5/0x480 [ 22.755961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.755985] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.756006] ? __kthread_parkme+0x82/0x180 [ 22.756025] ? preempt_count_sub+0x50/0x80 [ 22.756047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.756071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.756093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.756116] kthread+0x337/0x6f0 [ 22.756135] ? trace_preempt_on+0x20/0xc0 [ 22.756156] ? __pfx_kthread+0x10/0x10 [ 22.756176] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.756202] ? calculate_sigpending+0x7b/0xa0 [ 22.756225] ? __pfx_kthread+0x10/0x10 [ 22.756246] ret_from_fork+0x116/0x1d0 [ 22.756264] ? __pfx_kthread+0x10/0x10 [ 22.756284] ret_from_fork_asm+0x1a/0x30 [ 22.756314] </TASK> [ 22.756324] [ 22.764297] Allocated by task 205: [ 22.764481] kasan_save_stack+0x45/0x70 [ 22.764679] kasan_save_track+0x18/0x40 [ 22.764863] kasan_save_alloc_info+0x3b/0x50 [ 22.765065] __kasan_krealloc+0x190/0x1f0 [ 22.765495] krealloc_noprof+0xf3/0x340 [ 22.765694] krealloc_more_oob_helper+0x1a9/0x930 [ 22.765911] krealloc_more_oob+0x1c/0x30 [ 22.766079] kunit_try_run_case+0x1a5/0x480 [ 22.766343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.766573] kthread+0x337/0x6f0 [ 22.766688] ret_from_fork+0x116/0x1d0 [ 22.766865] ret_from_fork_asm+0x1a/0x30 [ 22.767049] [ 22.767120] The buggy address belongs to the object at ffff888100a90000 [ 22.767120] which belongs to the cache kmalloc-256 of size 256 [ 22.767550] The buggy address is located 5 bytes to the right of [ 22.767550] allocated 235-byte region [ffff888100a90000, ffff888100a900eb) [ 22.768039] [ 22.768198] The buggy address belongs to the physical page: [ 22.768448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a90 [ 22.768797] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.769044] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 22.769452] page_type: f5(slab) [ 22.769638] raw: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.769973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.770403] head: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.770735] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.771038] head: 0200000000000001 ffffea000402a401 00000000ffffffff 00000000ffffffff [ 22.771414] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.771734] page dumped because: kasan: bad access detected [ 22.771954] [ 22.772037] Memory state around the buggy address: [ 22.772318] ffff888100a8ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.772607] ffff888100a90000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.772881] >ffff888100a90080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.773336] ^ [ 22.773623] ffff888100a90100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.773910] ffff888100a90180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.774255] ================================================================== [ 22.919811] ================================================================== [ 22.920279] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.920536] Write of size 1 at addr ffff888105eae0eb by task kunit_try_catch/209 [ 22.922018] [ 22.922201] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.922253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.922266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.922288] Call Trace: [ 22.922301] <TASK> [ 22.922318] dump_stack_lvl+0x73/0xb0 [ 22.922348] print_report+0xd1/0x650 [ 22.922394] ? __virt_addr_valid+0x1db/0x2d0 [ 22.922433] ? krealloc_more_oob_helper+0x821/0x930 [ 22.922475] ? kasan_addr_to_slab+0x11/0xa0 [ 22.922499] ? krealloc_more_oob_helper+0x821/0x930 [ 22.922656] kasan_report+0x141/0x180 [ 22.922684] ? krealloc_more_oob_helper+0x821/0x930 [ 22.922713] __asan_report_store1_noabort+0x1b/0x30 [ 22.922736] krealloc_more_oob_helper+0x821/0x930 [ 22.922758] ? __schedule+0x10cc/0x2b60 [ 22.922784] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.922807] ? finish_task_switch.isra.0+0x153/0x700 [ 22.922830] ? __switch_to+0x47/0xf50 [ 22.922856] ? __schedule+0x10cc/0x2b60 [ 22.922880] ? __pfx_read_tsc+0x10/0x10 [ 22.922920] krealloc_large_more_oob+0x1c/0x30 [ 22.922942] kunit_try_run_case+0x1a5/0x480 [ 22.922990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.923013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.923034] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.923058] ? __kthread_parkme+0x82/0x180 [ 22.923079] ? preempt_count_sub+0x50/0x80 [ 22.923101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.923125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.923148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.923172] kthread+0x337/0x6f0 [ 22.923192] ? trace_preempt_on+0x20/0xc0 [ 22.923215] ? __pfx_kthread+0x10/0x10 [ 22.923236] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.923259] ? calculate_sigpending+0x7b/0xa0 [ 22.923282] ? __pfx_kthread+0x10/0x10 [ 22.923303] ret_from_fork+0x116/0x1d0 [ 22.923322] ? __pfx_kthread+0x10/0x10 [ 22.923343] ret_from_fork_asm+0x1a/0x30 [ 22.923374] </TASK> [ 22.923385] [ 22.937587] The buggy address belongs to the physical page: [ 22.937832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eac [ 22.938072] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.938772] flags: 0x200000000000040(head|node=0|zone=2) [ 22.939345] page_type: f8(unknown) [ 22.939686] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.940357] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.940822] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.941055] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.941320] head: 0200000000000002 ffffea000417ab01 00000000ffffffff 00000000ffffffff [ 22.942096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.942700] page dumped because: kasan: bad access detected [ 22.942878] [ 22.942944] Memory state around the buggy address: [ 22.943094] ffff888105eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.943745] ffff888105eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.944472] >ffff888105eae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 22.945086] ^ [ 22.945733] ffff888105eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.946083] ffff888105eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.946666] ================================================================== [ 22.947034] ================================================================== [ 22.947304] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.948039] Write of size 1 at addr ffff888105eae0f0 by task kunit_try_catch/209 [ 22.948406] [ 22.948723] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.948775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.948787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.948808] Call Trace: [ 22.948823] <TASK> [ 22.948840] dump_stack_lvl+0x73/0xb0 [ 22.948868] print_report+0xd1/0x650 [ 22.948890] ? __virt_addr_valid+0x1db/0x2d0 [ 22.948928] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.948950] ? kasan_addr_to_slab+0x11/0xa0 [ 22.948986] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.949009] kasan_report+0x141/0x180 [ 22.949031] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.949058] __asan_report_store1_noabort+0x1b/0x30 [ 22.949091] krealloc_more_oob_helper+0x7eb/0x930 [ 22.949112] ? __schedule+0x10cc/0x2b60 [ 22.949137] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.949180] ? finish_task_switch.isra.0+0x153/0x700 [ 22.949594] ? __switch_to+0x47/0xf50 [ 22.949622] ? __schedule+0x10cc/0x2b60 [ 22.949646] ? __pfx_read_tsc+0x10/0x10 [ 22.949682] krealloc_large_more_oob+0x1c/0x30 [ 22.949704] kunit_try_run_case+0x1a5/0x480 [ 22.949731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.949754] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.949775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.949800] ? __kthread_parkme+0x82/0x180 [ 22.949819] ? preempt_count_sub+0x50/0x80 [ 22.949846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.949870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.949894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.949917] kthread+0x337/0x6f0 [ 22.949936] ? trace_preempt_on+0x20/0xc0 [ 22.949959] ? __pfx_kthread+0x10/0x10 [ 22.949979] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.950002] ? calculate_sigpending+0x7b/0xa0 [ 22.950025] ? __pfx_kthread+0x10/0x10 [ 22.950046] ret_from_fork+0x116/0x1d0 [ 22.950065] ? __pfx_kthread+0x10/0x10 [ 22.950085] ret_from_fork_asm+0x1a/0x30 [ 22.950116] </TASK> [ 22.950127] [ 22.959934] The buggy address belongs to the physical page: [ 22.960552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eac [ 22.961016] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.961640] flags: 0x200000000000040(head|node=0|zone=2) [ 22.962094] page_type: f8(unknown) [ 22.962721] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.963429] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.964022] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.964903] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.965739] head: 0200000000000002 ffffea000417ab01 00000000ffffffff 00000000ffffffff [ 22.966392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.967053] page dumped because: kasan: bad access detected [ 22.967483] [ 22.967579] Memory state around the buggy address: [ 22.967794] ffff888105eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.968078] ffff888105eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.968736] >ffff888105eae080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 22.969357] ^ [ 22.969868] ffff888105eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.970655] ffff888105eae180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.971163] ================================================================== [ 22.733518] ================================================================== [ 22.734041] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.734508] Write of size 1 at addr ffff888100a900eb by task kunit_try_catch/205 [ 22.734814] [ 22.734918] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.734965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.734977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.734998] Call Trace: [ 22.735012] <TASK> [ 22.735028] dump_stack_lvl+0x73/0xb0 [ 22.735058] print_report+0xd1/0x650 [ 22.735080] ? __virt_addr_valid+0x1db/0x2d0 [ 22.735106] ? krealloc_more_oob_helper+0x821/0x930 [ 22.735128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.735244] ? krealloc_more_oob_helper+0x821/0x930 [ 22.735267] kasan_report+0x141/0x180 [ 22.735289] ? krealloc_more_oob_helper+0x821/0x930 [ 22.735317] __asan_report_store1_noabort+0x1b/0x30 [ 22.735340] krealloc_more_oob_helper+0x821/0x930 [ 22.735361] ? __schedule+0x10cc/0x2b60 [ 22.735390] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.735415] ? __kasan_check_write+0x18/0x20 [ 22.735437] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.735467] ? irqentry_exit+0x2a/0x60 [ 22.735488] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.735510] ? trace_hardirqs_on+0x37/0xe0 [ 22.735531] ? __pfx_read_tsc+0x10/0x10 [ 22.735556] krealloc_more_oob+0x1c/0x30 [ 22.735576] kunit_try_run_case+0x1a5/0x480 [ 22.735602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.735627] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.735647] ? __kthread_parkme+0x82/0x180 [ 22.735667] ? preempt_count_sub+0x50/0x80 [ 22.735690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.735714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.735737] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.735761] kthread+0x337/0x6f0 [ 22.735781] ? trace_preempt_on+0x20/0xc0 [ 22.735803] ? __pfx_kthread+0x10/0x10 [ 22.735823] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.735848] ? calculate_sigpending+0x7b/0xa0 [ 22.735872] ? __pfx_kthread+0x10/0x10 [ 22.735894] ret_from_fork+0x116/0x1d0 [ 22.735912] ? __pfx_kthread+0x10/0x10 [ 22.735933] ret_from_fork_asm+0x1a/0x30 [ 22.735963] </TASK> [ 22.735974] [ 22.743959] Allocated by task 205: [ 22.744114] kasan_save_stack+0x45/0x70 [ 22.744343] kasan_save_track+0x18/0x40 [ 22.744485] kasan_save_alloc_info+0x3b/0x50 [ 22.744645] __kasan_krealloc+0x190/0x1f0 [ 22.744832] krealloc_noprof+0xf3/0x340 [ 22.745023] krealloc_more_oob_helper+0x1a9/0x930 [ 22.745404] krealloc_more_oob+0x1c/0x30 [ 22.745617] kunit_try_run_case+0x1a5/0x480 [ 22.745797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.746004] kthread+0x337/0x6f0 [ 22.746118] ret_from_fork+0x116/0x1d0 [ 22.746424] ret_from_fork_asm+0x1a/0x30 [ 22.746633] [ 22.746725] The buggy address belongs to the object at ffff888100a90000 [ 22.746725] which belongs to the cache kmalloc-256 of size 256 [ 22.747287] The buggy address is located 0 bytes to the right of [ 22.747287] allocated 235-byte region [ffff888100a90000, ffff888100a900eb) [ 22.747799] [ 22.747888] The buggy address belongs to the physical page: [ 22.748100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a90 [ 22.748497] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.748720] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 22.748899] page_type: f5(slab) [ 22.749013] raw: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.749469] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.749807] head: 0200000000000040 ffff888100041b40 ffffea000402a380 dead000000000003 [ 22.750255] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.750556] head: 0200000000000001 ffffea000402a401 00000000ffffffff 00000000ffffffff [ 22.750783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.751073] page dumped because: kasan: bad access detected [ 22.751398] [ 22.751503] Memory state around the buggy address: [ 22.751729] ffff888100a8ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.752039] ffff888100a90000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.752396] >ffff888100a90080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.752653] ^ [ 22.752940] ffff888100a90100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.753365] ffff888100a90180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.753640] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 25.066263] ================================================================== [ 25.067894] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 25.068741] Read of size 1 at addr ffff888105ec6450 by task kunit_try_catch/308 [ 25.069065] [ 25.069150] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.069200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.069214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.069236] Call Trace: [ 25.069248] <TASK> [ 25.069265] dump_stack_lvl+0x73/0xb0 [ 25.069294] print_report+0xd1/0x650 [ 25.069319] ? __virt_addr_valid+0x1db/0x2d0 [ 25.069343] ? strcmp+0xb0/0xc0 [ 25.069363] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.069391] ? strcmp+0xb0/0xc0 [ 25.069411] kasan_report+0x141/0x180 [ 25.069433] ? strcmp+0xb0/0xc0 [ 25.069471] __asan_report_load1_noabort+0x18/0x20 [ 25.069496] strcmp+0xb0/0xc0 [ 25.069518] kasan_strings+0x431/0xe80 [ 25.069537] ? trace_hardirqs_on+0x37/0xe0 [ 25.069561] ? __pfx_kasan_strings+0x10/0x10 [ 25.069582] ? finish_task_switch.isra.0+0x153/0x700 [ 25.069605] ? __switch_to+0x47/0xf50 [ 25.069633] ? __schedule+0x10cc/0x2b60 [ 25.069658] ? __pfx_read_tsc+0x10/0x10 [ 25.069680] ? ktime_get_ts64+0x86/0x230 [ 25.069706] kunit_try_run_case+0x1a5/0x480 [ 25.069732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.069756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.069778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.069804] ? __kthread_parkme+0x82/0x180 [ 25.069825] ? preempt_count_sub+0x50/0x80 [ 25.069854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.069879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.069903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.069927] kthread+0x337/0x6f0 [ 25.069947] ? trace_preempt_on+0x20/0xc0 [ 25.069968] ? __pfx_kthread+0x10/0x10 [ 25.069989] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.070012] ? calculate_sigpending+0x7b/0xa0 [ 25.070037] ? __pfx_kthread+0x10/0x10 [ 25.070059] ret_from_fork+0x116/0x1d0 [ 25.070078] ? __pfx_kthread+0x10/0x10 [ 25.070099] ret_from_fork_asm+0x1a/0x30 [ 25.070131] </TASK> [ 25.070143] [ 25.077154] Allocated by task 308: [ 25.077364] kasan_save_stack+0x45/0x70 [ 25.077640] kasan_save_track+0x18/0x40 [ 25.077820] kasan_save_alloc_info+0x3b/0x50 [ 25.078042] __kasan_kmalloc+0xb7/0xc0 [ 25.078268] __kmalloc_cache_noprof+0x189/0x420 [ 25.078489] kasan_strings+0xc0/0xe80 [ 25.078743] kunit_try_run_case+0x1a5/0x480 [ 25.078951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.079390] kthread+0x337/0x6f0 [ 25.079555] ret_from_fork+0x116/0x1d0 [ 25.079762] ret_from_fork_asm+0x1a/0x30 [ 25.079905] [ 25.079971] Freed by task 308: [ 25.080078] kasan_save_stack+0x45/0x70 [ 25.080210] kasan_save_track+0x18/0x40 [ 25.080337] kasan_save_free_info+0x3f/0x60 [ 25.080523] __kasan_slab_free+0x56/0x70 [ 25.080961] kfree+0x222/0x3f0 [ 25.081125] kasan_strings+0x2aa/0xe80 [ 25.081303] kunit_try_run_case+0x1a5/0x480 [ 25.081703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.082162] kthread+0x337/0x6f0 [ 25.082286] ret_from_fork+0x116/0x1d0 [ 25.082412] ret_from_fork_asm+0x1a/0x30 [ 25.082555] [ 25.082620] The buggy address belongs to the object at ffff888105ec6440 [ 25.082620] which belongs to the cache kmalloc-32 of size 32 [ 25.083078] The buggy address is located 16 bytes inside of [ 25.083078] freed 32-byte region [ffff888105ec6440, ffff888105ec6460) [ 25.083681] [ 25.083769] The buggy address belongs to the physical page: [ 25.084010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec6 [ 25.084484] flags: 0x200000000000000(node=0|zone=2) [ 25.084710] page_type: f5(slab) [ 25.084869] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.085226] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.085679] page dumped because: kasan: bad access detected [ 25.085861] [ 25.085927] Memory state around the buggy address: [ 25.086190] ffff888105ec6300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.086512] ffff888105ec6380: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.086823] >ffff888105ec6400: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.087128] ^ [ 25.087332] ffff888105ec6480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.087834] ffff888105ec6500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.088129] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 23.648523] ================================================================== [ 23.648829] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 23.649105] Read of size 1 at addr ffff888105540100 by task kunit_try_catch/245 [ 23.650262] [ 23.650448] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.650570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.650583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.650604] Call Trace: [ 23.650622] <TASK> [ 23.650638] dump_stack_lvl+0x73/0xb0 [ 23.650668] print_report+0xd1/0x650 [ 23.650689] ? __virt_addr_valid+0x1db/0x2d0 [ 23.650712] ? ksize_uaf+0x5fe/0x6c0 [ 23.650731] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.650756] ? ksize_uaf+0x5fe/0x6c0 [ 23.650775] kasan_report+0x141/0x180 [ 23.650796] ? ksize_uaf+0x5fe/0x6c0 [ 23.650820] __asan_report_load1_noabort+0x18/0x20 [ 23.650843] ksize_uaf+0x5fe/0x6c0 [ 23.650862] ? __pfx_ksize_uaf+0x10/0x10 [ 23.650882] ? __schedule+0x10cc/0x2b60 [ 23.650907] ? __pfx_read_tsc+0x10/0x10 [ 23.650928] ? ktime_get_ts64+0x86/0x230 [ 23.650952] kunit_try_run_case+0x1a5/0x480 [ 23.650978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.651000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.651021] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.651045] ? __kthread_parkme+0x82/0x180 [ 23.651065] ? preempt_count_sub+0x50/0x80 [ 23.651088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.651111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.651134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.651230] kthread+0x337/0x6f0 [ 23.651252] ? trace_preempt_on+0x20/0xc0 [ 23.651275] ? __pfx_kthread+0x10/0x10 [ 23.651295] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.651318] ? calculate_sigpending+0x7b/0xa0 [ 23.651341] ? __pfx_kthread+0x10/0x10 [ 23.651363] ret_from_fork+0x116/0x1d0 [ 23.651381] ? __pfx_kthread+0x10/0x10 [ 23.651401] ret_from_fork_asm+0x1a/0x30 [ 23.651431] </TASK> [ 23.651442] [ 23.659965] Allocated by task 245: [ 23.660094] kasan_save_stack+0x45/0x70 [ 23.660523] kasan_save_track+0x18/0x40 [ 23.660672] kasan_save_alloc_info+0x3b/0x50 [ 23.660874] __kasan_kmalloc+0xb7/0xc0 [ 23.661224] __kmalloc_cache_noprof+0x189/0x420 [ 23.661399] ksize_uaf+0xaa/0x6c0 [ 23.661581] kunit_try_run_case+0x1a5/0x480 [ 23.661755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.661979] kthread+0x337/0x6f0 [ 23.662132] ret_from_fork+0x116/0x1d0 [ 23.662279] ret_from_fork_asm+0x1a/0x30 [ 23.662781] [ 23.662861] Freed by task 245: [ 23.662984] kasan_save_stack+0x45/0x70 [ 23.663333] kasan_save_track+0x18/0x40 [ 23.663544] kasan_save_free_info+0x3f/0x60 [ 23.663845] __kasan_slab_free+0x56/0x70 [ 23.663984] kfree+0x222/0x3f0 [ 23.664202] ksize_uaf+0x12c/0x6c0 [ 23.664429] kunit_try_run_case+0x1a5/0x480 [ 23.664713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.664913] kthread+0x337/0x6f0 [ 23.665072] ret_from_fork+0x116/0x1d0 [ 23.665239] ret_from_fork_asm+0x1a/0x30 [ 23.665660] [ 23.665757] The buggy address belongs to the object at ffff888105540100 [ 23.665757] which belongs to the cache kmalloc-128 of size 128 [ 23.666295] The buggy address is located 0 bytes inside of [ 23.666295] freed 128-byte region [ffff888105540100, ffff888105540180) [ 23.666907] [ 23.667004] The buggy address belongs to the physical page: [ 23.667331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.667661] flags: 0x200000000000000(node=0|zone=2) [ 23.667860] page_type: f5(slab) [ 23.668005] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.668599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.668866] page dumped because: kasan: bad access detected [ 23.669214] [ 23.669357] Memory state around the buggy address: [ 23.669544] ffff888105540000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.669981] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.670404] >ffff888105540100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.670770] ^ [ 23.670981] ffff888105540180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.671311] ffff888105540200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.671776] ================================================================== [ 23.620053] ================================================================== [ 23.620554] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 23.620765] Read of size 1 at addr ffff888105540100 by task kunit_try_catch/245 [ 23.620980] [ 23.621059] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.621107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.621119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.621140] Call Trace: [ 23.621152] <TASK> [ 23.621169] dump_stack_lvl+0x73/0xb0 [ 23.621224] print_report+0xd1/0x650 [ 23.621245] ? __virt_addr_valid+0x1db/0x2d0 [ 23.621267] ? ksize_uaf+0x19d/0x6c0 [ 23.621286] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.621338] ? ksize_uaf+0x19d/0x6c0 [ 23.621359] kasan_report+0x141/0x180 [ 23.621379] ? ksize_uaf+0x19d/0x6c0 [ 23.621402] ? ksize_uaf+0x19d/0x6c0 [ 23.621421] __kasan_check_byte+0x3d/0x50 [ 23.621442] ksize+0x20/0x60 [ 23.621474] ksize_uaf+0x19d/0x6c0 [ 23.621494] ? __pfx_ksize_uaf+0x10/0x10 [ 23.621514] ? __schedule+0x10cc/0x2b60 [ 23.621539] ? __pfx_read_tsc+0x10/0x10 [ 23.621559] ? ktime_get_ts64+0x86/0x230 [ 23.621582] kunit_try_run_case+0x1a5/0x480 [ 23.621608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.621631] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.621651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.621676] ? __kthread_parkme+0x82/0x180 [ 23.621695] ? preempt_count_sub+0x50/0x80 [ 23.621718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.621742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.621764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.621788] kthread+0x337/0x6f0 [ 23.621807] ? trace_preempt_on+0x20/0xc0 [ 23.621828] ? __pfx_kthread+0x10/0x10 [ 23.621853] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.621875] ? calculate_sigpending+0x7b/0xa0 [ 23.621899] ? __pfx_kthread+0x10/0x10 [ 23.621920] ret_from_fork+0x116/0x1d0 [ 23.621938] ? __pfx_kthread+0x10/0x10 [ 23.621958] ret_from_fork_asm+0x1a/0x30 [ 23.621989] </TASK> [ 23.622001] [ 23.633061] Allocated by task 245: [ 23.633210] kasan_save_stack+0x45/0x70 [ 23.633559] kasan_save_track+0x18/0x40 [ 23.633892] kasan_save_alloc_info+0x3b/0x50 [ 23.634277] __kasan_kmalloc+0xb7/0xc0 [ 23.634635] __kmalloc_cache_noprof+0x189/0x420 [ 23.635034] ksize_uaf+0xaa/0x6c0 [ 23.635356] kunit_try_run_case+0x1a5/0x480 [ 23.635741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.636234] kthread+0x337/0x6f0 [ 23.636536] ret_from_fork+0x116/0x1d0 [ 23.636871] ret_from_fork_asm+0x1a/0x30 [ 23.637241] [ 23.637390] Freed by task 245: [ 23.637663] kasan_save_stack+0x45/0x70 [ 23.638017] kasan_save_track+0x18/0x40 [ 23.638317] kasan_save_free_info+0x3f/0x60 [ 23.638465] __kasan_slab_free+0x56/0x70 [ 23.638593] kfree+0x222/0x3f0 [ 23.638701] ksize_uaf+0x12c/0x6c0 [ 23.638817] kunit_try_run_case+0x1a5/0x480 [ 23.638954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.639119] kthread+0x337/0x6f0 [ 23.639361] ret_from_fork+0x116/0x1d0 [ 23.639688] ret_from_fork_asm+0x1a/0x30 [ 23.640025] [ 23.640173] The buggy address belongs to the object at ffff888105540100 [ 23.640173] which belongs to the cache kmalloc-128 of size 128 [ 23.641231] The buggy address is located 0 bytes inside of [ 23.641231] freed 128-byte region [ffff888105540100, ffff888105540180) [ 23.642231] [ 23.642400] The buggy address belongs to the physical page: [ 23.642873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.643747] flags: 0x200000000000000(node=0|zone=2) [ 23.644232] page_type: f5(slab) [ 23.644535] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.644825] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.645052] page dumped because: kasan: bad access detected [ 23.645225] [ 23.645288] Memory state around the buggy address: [ 23.645512] ffff888105540000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.645816] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.646114] >ffff888105540100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.646399] ^ [ 23.646780] ffff888105540180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.647079] ffff888105540200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.647708] ================================================================== [ 23.672400] ================================================================== [ 23.672712] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 23.672973] Read of size 1 at addr ffff888105540178 by task kunit_try_catch/245 [ 23.673632] [ 23.673721] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.673767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.673779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.673799] Call Trace: [ 23.673812] <TASK> [ 23.673827] dump_stack_lvl+0x73/0xb0 [ 23.673867] print_report+0xd1/0x650 [ 23.673888] ? __virt_addr_valid+0x1db/0x2d0 [ 23.674061] ? ksize_uaf+0x5e4/0x6c0 [ 23.674084] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.674109] ? ksize_uaf+0x5e4/0x6c0 [ 23.674131] kasan_report+0x141/0x180 [ 23.674153] ? ksize_uaf+0x5e4/0x6c0 [ 23.674178] __asan_report_load1_noabort+0x18/0x20 [ 23.674201] ksize_uaf+0x5e4/0x6c0 [ 23.674221] ? __pfx_ksize_uaf+0x10/0x10 [ 23.674241] ? __schedule+0x10cc/0x2b60 [ 23.674266] ? __pfx_read_tsc+0x10/0x10 [ 23.674286] ? ktime_get_ts64+0x86/0x230 [ 23.674309] kunit_try_run_case+0x1a5/0x480 [ 23.674333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.674356] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.674375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.674400] ? __kthread_parkme+0x82/0x180 [ 23.674420] ? preempt_count_sub+0x50/0x80 [ 23.674443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.674481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.674606] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.674630] kthread+0x337/0x6f0 [ 23.674649] ? trace_preempt_on+0x20/0xc0 [ 23.674671] ? __pfx_kthread+0x10/0x10 [ 23.674691] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.674714] ? calculate_sigpending+0x7b/0xa0 [ 23.674738] ? __pfx_kthread+0x10/0x10 [ 23.674759] ret_from_fork+0x116/0x1d0 [ 23.674777] ? __pfx_kthread+0x10/0x10 [ 23.674797] ret_from_fork_asm+0x1a/0x30 [ 23.674827] </TASK> [ 23.674838] [ 23.683099] Allocated by task 245: [ 23.683278] kasan_save_stack+0x45/0x70 [ 23.683837] kasan_save_track+0x18/0x40 [ 23.684016] kasan_save_alloc_info+0x3b/0x50 [ 23.684370] __kasan_kmalloc+0xb7/0xc0 [ 23.684558] __kmalloc_cache_noprof+0x189/0x420 [ 23.684904] ksize_uaf+0xaa/0x6c0 [ 23.685047] kunit_try_run_case+0x1a5/0x480 [ 23.685385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.685606] kthread+0x337/0x6f0 [ 23.685874] ret_from_fork+0x116/0x1d0 [ 23.686049] ret_from_fork_asm+0x1a/0x30 [ 23.686341] [ 23.686437] Freed by task 245: [ 23.686576] kasan_save_stack+0x45/0x70 [ 23.686774] kasan_save_track+0x18/0x40 [ 23.686955] kasan_save_free_info+0x3f/0x60 [ 23.687126] __kasan_slab_free+0x56/0x70 [ 23.687597] kfree+0x222/0x3f0 [ 23.687809] ksize_uaf+0x12c/0x6c0 [ 23.687951] kunit_try_run_case+0x1a5/0x480 [ 23.688156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.688561] kthread+0x337/0x6f0 [ 23.688734] ret_from_fork+0x116/0x1d0 [ 23.688892] ret_from_fork_asm+0x1a/0x30 [ 23.689194] [ 23.689340] The buggy address belongs to the object at ffff888105540100 [ 23.689340] which belongs to the cache kmalloc-128 of size 128 [ 23.689831] The buggy address is located 120 bytes inside of [ 23.689831] freed 128-byte region [ffff888105540100, ffff888105540180) [ 23.690307] [ 23.690686] The buggy address belongs to the physical page: [ 23.690926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.691367] flags: 0x200000000000000(node=0|zone=2) [ 23.691673] page_type: f5(slab) [ 23.691800] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.692127] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.692682] page dumped because: kasan: bad access detected [ 23.692909] [ 23.693123] Memory state around the buggy address: [ 23.693342] ffff888105540000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.693778] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.694086] >ffff888105540100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.694511] ^ [ 23.694806] ffff888105540180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.695184] ffff888105540200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.695584] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 23.592534] ================================================================== [ 23.593005] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594015] Read of size 1 at addr ffff88810554007f by task kunit_try_catch/243 [ 23.594545] [ 23.594648] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.594695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.594707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.594727] Call Trace: [ 23.594738] <TASK> [ 23.594752] dump_stack_lvl+0x73/0xb0 [ 23.594780] print_report+0xd1/0x650 [ 23.594801] ? __virt_addr_valid+0x1db/0x2d0 [ 23.594823] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594845] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.594870] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594892] kasan_report+0x141/0x180 [ 23.594913] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594939] __asan_report_load1_noabort+0x18/0x20 [ 23.594961] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.594984] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.595005] ? finish_task_switch.isra.0+0x153/0x700 [ 23.595026] ? __switch_to+0x47/0xf50 [ 23.595050] ? __schedule+0x10cc/0x2b60 [ 23.595076] ? __pfx_read_tsc+0x10/0x10 [ 23.595096] ? ktime_get_ts64+0x86/0x230 [ 23.595137] kunit_try_run_case+0x1a5/0x480 [ 23.595173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.595196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.595216] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.595241] ? __kthread_parkme+0x82/0x180 [ 23.595260] ? preempt_count_sub+0x50/0x80 [ 23.595282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.595313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.595335] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.595359] kthread+0x337/0x6f0 [ 23.595378] ? trace_preempt_on+0x20/0xc0 [ 23.595400] ? __pfx_kthread+0x10/0x10 [ 23.595420] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.595443] ? calculate_sigpending+0x7b/0xa0 [ 23.595478] ? __pfx_kthread+0x10/0x10 [ 23.595500] ret_from_fork+0x116/0x1d0 [ 23.595519] ? __pfx_kthread+0x10/0x10 [ 23.595540] ret_from_fork_asm+0x1a/0x30 [ 23.595570] </TASK> [ 23.595581] [ 23.604074] Allocated by task 243: [ 23.604537] kasan_save_stack+0x45/0x70 [ 23.604702] kasan_save_track+0x18/0x40 [ 23.605024] kasan_save_alloc_info+0x3b/0x50 [ 23.605354] __kasan_kmalloc+0xb7/0xc0 [ 23.605627] __kmalloc_cache_noprof+0x189/0x420 [ 23.605794] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.606134] kunit_try_run_case+0x1a5/0x480 [ 23.606363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.606604] kthread+0x337/0x6f0 [ 23.606756] ret_from_fork+0x116/0x1d0 [ 23.606923] ret_from_fork_asm+0x1a/0x30 [ 23.607096] [ 23.607172] The buggy address belongs to the object at ffff888105540000 [ 23.607172] which belongs to the cache kmalloc-128 of size 128 [ 23.608035] The buggy address is located 12 bytes to the right of [ 23.608035] allocated 115-byte region [ffff888105540000, ffff888105540073) [ 23.608812] [ 23.608913] The buggy address belongs to the physical page: [ 23.609269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.609805] flags: 0x200000000000000(node=0|zone=2) [ 23.610345] page_type: f5(slab) [ 23.610817] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.611670] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.612078] page dumped because: kasan: bad access detected [ 23.612388] [ 23.612642] Memory state around the buggy address: [ 23.613173] ffff88810553ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.613765] ffff88810553ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.613985] >ffff888105540000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.614184] ^ [ 23.614798] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.615566] ffff888105540100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.616185] ================================================================== [ 23.533120] ================================================================== [ 23.533713] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.534743] Read of size 1 at addr ffff888105540073 by task kunit_try_catch/243 [ 23.535298] [ 23.535585] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.535638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.535651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.535674] Call Trace: [ 23.535687] <TASK> [ 23.535705] dump_stack_lvl+0x73/0xb0 [ 23.535735] print_report+0xd1/0x650 [ 23.535757] ? __virt_addr_valid+0x1db/0x2d0 [ 23.535781] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.535827] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535849] kasan_report+0x141/0x180 [ 23.535870] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535897] __asan_report_load1_noabort+0x18/0x20 [ 23.535919] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.535942] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.535963] ? finish_task_switch.isra.0+0x153/0x700 [ 23.535984] ? __switch_to+0x47/0xf50 [ 23.536010] ? __schedule+0x10cc/0x2b60 [ 23.536035] ? __pfx_read_tsc+0x10/0x10 [ 23.536057] ? ktime_get_ts64+0x86/0x230 [ 23.536081] kunit_try_run_case+0x1a5/0x480 [ 23.536107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.536129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.536149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.536175] ? __kthread_parkme+0x82/0x180 [ 23.536195] ? preempt_count_sub+0x50/0x80 [ 23.536217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.536241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.536263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.536287] kthread+0x337/0x6f0 [ 23.536305] ? trace_preempt_on+0x20/0xc0 [ 23.536328] ? __pfx_kthread+0x10/0x10 [ 23.536359] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.536382] ? calculate_sigpending+0x7b/0xa0 [ 23.536406] ? __pfx_kthread+0x10/0x10 [ 23.536433] ret_from_fork+0x116/0x1d0 [ 23.536451] ? __pfx_kthread+0x10/0x10 [ 23.536479] ret_from_fork_asm+0x1a/0x30 [ 23.536510] </TASK> [ 23.536521] [ 23.548582] Allocated by task 243: [ 23.548706] kasan_save_stack+0x45/0x70 [ 23.548843] kasan_save_track+0x18/0x40 [ 23.548967] kasan_save_alloc_info+0x3b/0x50 [ 23.549103] __kasan_kmalloc+0xb7/0xc0 [ 23.549485] __kmalloc_cache_noprof+0x189/0x420 [ 23.549883] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.550381] kunit_try_run_case+0x1a5/0x480 [ 23.550776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.551266] kthread+0x337/0x6f0 [ 23.551633] ret_from_fork+0x116/0x1d0 [ 23.551979] ret_from_fork_asm+0x1a/0x30 [ 23.552352] [ 23.552542] The buggy address belongs to the object at ffff888105540000 [ 23.552542] which belongs to the cache kmalloc-128 of size 128 [ 23.553030] The buggy address is located 0 bytes to the right of [ 23.553030] allocated 115-byte region [ffff888105540000, ffff888105540073) [ 23.554055] [ 23.554221] The buggy address belongs to the physical page: [ 23.554797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.555512] flags: 0x200000000000000(node=0|zone=2) [ 23.556049] page_type: f5(slab) [ 23.556346] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.556626] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.556837] page dumped because: kasan: bad access detected [ 23.556994] [ 23.557056] Memory state around the buggy address: [ 23.557518] ffff88810553ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.557795] ffff88810553ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.558084] >ffff888105540000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.558950] ^ [ 23.559390] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.559910] ffff888105540100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.560589] ================================================================== [ 23.561227] ================================================================== [ 23.561995] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.562739] Read of size 1 at addr ffff888105540078 by task kunit_try_catch/243 [ 23.563287] [ 23.563580] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.563634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.563649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.563669] Call Trace: [ 23.563682] <TASK> [ 23.563697] dump_stack_lvl+0x73/0xb0 [ 23.563736] print_report+0xd1/0x650 [ 23.563757] ? __virt_addr_valid+0x1db/0x2d0 [ 23.563779] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563801] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.563825] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563847] kasan_report+0x141/0x180 [ 23.563868] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563894] __asan_report_load1_noabort+0x18/0x20 [ 23.563917] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.563939] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.563960] ? finish_task_switch.isra.0+0x153/0x700 [ 23.563981] ? __switch_to+0x47/0xf50 [ 23.564006] ? __schedule+0x10cc/0x2b60 [ 23.564031] ? __pfx_read_tsc+0x10/0x10 [ 23.564052] ? ktime_get_ts64+0x86/0x230 [ 23.564076] kunit_try_run_case+0x1a5/0x480 [ 23.564101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.564123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.564143] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.564170] ? __kthread_parkme+0x82/0x180 [ 23.564190] ? preempt_count_sub+0x50/0x80 [ 23.564245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.564269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.564292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.564315] kthread+0x337/0x6f0 [ 23.564334] ? trace_preempt_on+0x20/0xc0 [ 23.564356] ? __pfx_kthread+0x10/0x10 [ 23.564375] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.564398] ? calculate_sigpending+0x7b/0xa0 [ 23.564422] ? __pfx_kthread+0x10/0x10 [ 23.564444] ret_from_fork+0x116/0x1d0 [ 23.564472] ? __pfx_kthread+0x10/0x10 [ 23.564493] ret_from_fork_asm+0x1a/0x30 [ 23.564523] </TASK> [ 23.564533] [ 23.578227] Allocated by task 243: [ 23.578405] kasan_save_stack+0x45/0x70 [ 23.578606] kasan_save_track+0x18/0x40 [ 23.578778] kasan_save_alloc_info+0x3b/0x50 [ 23.578961] __kasan_kmalloc+0xb7/0xc0 [ 23.579130] __kmalloc_cache_noprof+0x189/0x420 [ 23.580180] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.580674] kunit_try_run_case+0x1a5/0x480 [ 23.581361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.581618] kthread+0x337/0x6f0 [ 23.581772] ret_from_fork+0x116/0x1d0 [ 23.581954] ret_from_fork_asm+0x1a/0x30 [ 23.582125] [ 23.582523] The buggy address belongs to the object at ffff888105540000 [ 23.582523] which belongs to the cache kmalloc-128 of size 128 [ 23.583531] The buggy address is located 5 bytes to the right of [ 23.583531] allocated 115-byte region [ffff888105540000, ffff888105540073) [ 23.584388] [ 23.584495] The buggy address belongs to the physical page: [ 23.584726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 23.585045] flags: 0x200000000000000(node=0|zone=2) [ 23.585658] page_type: f5(slab) [ 23.585968] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.586803] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.587115] page dumped because: kasan: bad access detected [ 23.587590] [ 23.587818] Memory state around the buggy address: [ 23.588023] ffff88810553ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.588607] ffff88810553ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.588907] >ffff888105540000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.589510] ^ [ 23.589882] ffff888105540080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.590413] ffff888105540100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.590706] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 23.500041] ================================================================== [ 23.500636] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 23.501002] Free of addr ffff8881054e0a20 by task kunit_try_catch/241 [ 23.501438] [ 23.501544] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.501589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.501601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.501632] Call Trace: [ 23.501848] <TASK> [ 23.501866] dump_stack_lvl+0x73/0xb0 [ 23.501895] print_report+0xd1/0x650 [ 23.501917] ? __virt_addr_valid+0x1db/0x2d0 [ 23.501940] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.501965] ? kfree_sensitive+0x2e/0x90 [ 23.501989] kasan_report_invalid_free+0x10a/0x130 [ 23.502012] ? kfree_sensitive+0x2e/0x90 [ 23.502037] ? kfree_sensitive+0x2e/0x90 [ 23.502060] check_slab_allocation+0x101/0x130 [ 23.502084] __kasan_slab_pre_free+0x28/0x40 [ 23.502104] kfree+0xf0/0x3f0 [ 23.502124] ? kfree_sensitive+0x2e/0x90 [ 23.502193] kfree_sensitive+0x2e/0x90 [ 23.502219] kmalloc_double_kzfree+0x19c/0x350 [ 23.502241] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.502264] ? __schedule+0x10cc/0x2b60 [ 23.502289] ? __pfx_read_tsc+0x10/0x10 [ 23.502310] ? ktime_get_ts64+0x86/0x230 [ 23.502334] kunit_try_run_case+0x1a5/0x480 [ 23.502358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.502380] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.502401] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.502426] ? __kthread_parkme+0x82/0x180 [ 23.502445] ? preempt_count_sub+0x50/0x80 [ 23.502482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.502506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.502530] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.502553] kthread+0x337/0x6f0 [ 23.502572] ? trace_preempt_on+0x20/0xc0 [ 23.502593] ? __pfx_kthread+0x10/0x10 [ 23.502613] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.502636] ? calculate_sigpending+0x7b/0xa0 [ 23.502659] ? __pfx_kthread+0x10/0x10 [ 23.502681] ret_from_fork+0x116/0x1d0 [ 23.502699] ? __pfx_kthread+0x10/0x10 [ 23.502719] ret_from_fork_asm+0x1a/0x30 [ 23.502749] </TASK> [ 23.502759] [ 23.513255] Allocated by task 241: [ 23.513415] kasan_save_stack+0x45/0x70 [ 23.513836] kasan_save_track+0x18/0x40 [ 23.514034] kasan_save_alloc_info+0x3b/0x50 [ 23.514553] __kasan_kmalloc+0xb7/0xc0 [ 23.514726] __kmalloc_cache_noprof+0x189/0x420 [ 23.515057] kmalloc_double_kzfree+0xa9/0x350 [ 23.515281] kunit_try_run_case+0x1a5/0x480 [ 23.515645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.515976] kthread+0x337/0x6f0 [ 23.516104] ret_from_fork+0x116/0x1d0 [ 23.516318] ret_from_fork_asm+0x1a/0x30 [ 23.516817] [ 23.516889] Freed by task 241: [ 23.517029] kasan_save_stack+0x45/0x70 [ 23.517217] kasan_save_track+0x18/0x40 [ 23.517476] kasan_save_free_info+0x3f/0x60 [ 23.518056] __kasan_slab_free+0x56/0x70 [ 23.518198] kfree+0x222/0x3f0 [ 23.518593] kfree_sensitive+0x67/0x90 [ 23.518840] kmalloc_double_kzfree+0x12b/0x350 [ 23.519013] kunit_try_run_case+0x1a5/0x480 [ 23.519247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.519848] kthread+0x337/0x6f0 [ 23.520069] ret_from_fork+0x116/0x1d0 [ 23.520353] ret_from_fork_asm+0x1a/0x30 [ 23.520554] [ 23.520631] The buggy address belongs to the object at ffff8881054e0a20 [ 23.520631] which belongs to the cache kmalloc-16 of size 16 [ 23.521101] The buggy address is located 0 bytes inside of [ 23.521101] 16-byte region [ffff8881054e0a20, ffff8881054e0a30) [ 23.521884] [ 23.521974] The buggy address belongs to the physical page: [ 23.522771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054e0 [ 23.523098] flags: 0x200000000000000(node=0|zone=2) [ 23.523556] page_type: f5(slab) [ 23.523736] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.524151] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.524658] page dumped because: kasan: bad access detected [ 23.524859] [ 23.525072] Memory state around the buggy address: [ 23.525398] ffff8881054e0900: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.525991] ffff8881054e0980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.526424] >ffff8881054e0a00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.526790] ^ [ 23.526991] ffff8881054e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.527595] ffff8881054e0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.527891] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 59.522084] ================================================================== [ 59.522471] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 59.522471] [ 59.523114] Use-after-free read at 0x(____ptrval____) (in kfence-#156): [ 59.523325] test_krealloc+0x6fc/0xbe0 [ 59.523683] kunit_try_run_case+0x1a5/0x480 [ 59.524133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.524391] kthread+0x337/0x6f0 [ 59.524556] ret_from_fork+0x116/0x1d0 [ 59.524720] ret_from_fork_asm+0x1a/0x30 [ 59.524900] [ 59.524973] kfence-#156: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 59.524973] [ 59.525793] allocated by task 386 on cpu 1 at 59.521410s (0.004380s ago): [ 59.526102] test_alloc+0x364/0x10f0 [ 59.526346] test_krealloc+0xad/0xbe0 [ 59.526521] kunit_try_run_case+0x1a5/0x480 [ 59.526721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.526907] kthread+0x337/0x6f0 [ 59.527070] ret_from_fork+0x116/0x1d0 [ 59.527216] ret_from_fork_asm+0x1a/0x30 [ 59.527467] [ 59.527558] freed by task 386 on cpu 1 at 59.521708s (0.005848s ago): [ 59.527803] krealloc_noprof+0x108/0x340 [ 59.527949] test_krealloc+0x226/0xbe0 [ 59.528131] kunit_try_run_case+0x1a5/0x480 [ 59.528347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.528543] kthread+0x337/0x6f0 [ 59.528710] ret_from_fork+0x116/0x1d0 [ 59.528894] ret_from_fork_asm+0x1a/0x30 [ 59.529062] [ 59.529168] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 59.529546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 59.529743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 59.530139] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 23.473540] ================================================================== [ 23.473978] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 23.474394] Read of size 1 at addr ffff8881054e0a20 by task kunit_try_catch/241 [ 23.474778] [ 23.474878] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.474926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.474938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.474959] Call Trace: [ 23.474973] <TASK> [ 23.474988] dump_stack_lvl+0x73/0xb0 [ 23.475018] print_report+0xd1/0x650 [ 23.475040] ? __virt_addr_valid+0x1db/0x2d0 [ 23.475064] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.475085] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.475110] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.475132] kasan_report+0x141/0x180 [ 23.475153] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.475178] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.475201] __kasan_check_byte+0x3d/0x50 [ 23.475222] kfree_sensitive+0x22/0x90 [ 23.475249] kmalloc_double_kzfree+0x19c/0x350 [ 23.475271] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.475294] ? __schedule+0x10cc/0x2b60 [ 23.475319] ? __pfx_read_tsc+0x10/0x10 [ 23.475341] ? ktime_get_ts64+0x86/0x230 [ 23.475366] kunit_try_run_case+0x1a5/0x480 [ 23.475392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.475415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.475435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.475472] ? __kthread_parkme+0x82/0x180 [ 23.475493] ? preempt_count_sub+0x50/0x80 [ 23.475516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.475540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.475562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.475586] kthread+0x337/0x6f0 [ 23.475605] ? trace_preempt_on+0x20/0xc0 [ 23.475629] ? __pfx_kthread+0x10/0x10 [ 23.475649] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.475673] ? calculate_sigpending+0x7b/0xa0 [ 23.475697] ? __pfx_kthread+0x10/0x10 [ 23.475718] ret_from_fork+0x116/0x1d0 [ 23.475738] ? __pfx_kthread+0x10/0x10 [ 23.475758] ret_from_fork_asm+0x1a/0x30 [ 23.475790] </TASK> [ 23.475801] [ 23.484810] Allocated by task 241: [ 23.485330] kasan_save_stack+0x45/0x70 [ 23.485532] kasan_save_track+0x18/0x40 [ 23.486074] kasan_save_alloc_info+0x3b/0x50 [ 23.486577] __kasan_kmalloc+0xb7/0xc0 [ 23.486859] __kmalloc_cache_noprof+0x189/0x420 [ 23.487038] kmalloc_double_kzfree+0xa9/0x350 [ 23.487495] kunit_try_run_case+0x1a5/0x480 [ 23.487780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.487999] kthread+0x337/0x6f0 [ 23.488480] ret_from_fork+0x116/0x1d0 [ 23.488642] ret_from_fork_asm+0x1a/0x30 [ 23.488829] [ 23.488918] Freed by task 241: [ 23.489062] kasan_save_stack+0x45/0x70 [ 23.489564] kasan_save_track+0x18/0x40 [ 23.489759] kasan_save_free_info+0x3f/0x60 [ 23.490082] __kasan_slab_free+0x56/0x70 [ 23.490288] kfree+0x222/0x3f0 [ 23.490593] kfree_sensitive+0x67/0x90 [ 23.490754] kmalloc_double_kzfree+0x12b/0x350 [ 23.490945] kunit_try_run_case+0x1a5/0x480 [ 23.491135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.491815] kthread+0x337/0x6f0 [ 23.491982] ret_from_fork+0x116/0x1d0 [ 23.492136] ret_from_fork_asm+0x1a/0x30 [ 23.492609] [ 23.492695] The buggy address belongs to the object at ffff8881054e0a20 [ 23.492695] which belongs to the cache kmalloc-16 of size 16 [ 23.493489] The buggy address is located 0 bytes inside of [ 23.493489] freed 16-byte region [ffff8881054e0a20, ffff8881054e0a30) [ 23.494022] [ 23.494122] The buggy address belongs to the physical page: [ 23.494652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054e0 [ 23.495006] flags: 0x200000000000000(node=0|zone=2) [ 23.495401] page_type: f5(slab) [ 23.495551] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.495963] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.496480] page dumped because: kasan: bad access detected [ 23.496726] [ 23.496813] Memory state around the buggy address: [ 23.496985] ffff8881054e0900: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.497296] ffff8881054e0980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.497589] >ffff8881054e0a00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.497878] ^ [ 23.498052] ffff8881054e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.498775] ffff8881054e0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.499110] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 23.433799] ================================================================== [ 23.434265] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 23.434549] Read of size 1 at addr ffff888105abcba8 by task kunit_try_catch/237 [ 23.435369] [ 23.435825] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.435880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.435893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.435915] Call Trace: [ 23.435928] <TASK> [ 23.435946] dump_stack_lvl+0x73/0xb0 [ 23.435976] print_report+0xd1/0x650 [ 23.435998] ? __virt_addr_valid+0x1db/0x2d0 [ 23.436022] ? kmalloc_uaf2+0x4a8/0x520 [ 23.436041] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.436066] ? kmalloc_uaf2+0x4a8/0x520 [ 23.436085] kasan_report+0x141/0x180 [ 23.436106] ? kmalloc_uaf2+0x4a8/0x520 [ 23.436130] __asan_report_load1_noabort+0x18/0x20 [ 23.436153] kmalloc_uaf2+0x4a8/0x520 [ 23.436173] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 23.436342] ? finish_task_switch.isra.0+0x153/0x700 [ 23.436366] ? __switch_to+0x47/0xf50 [ 23.436421] ? __schedule+0x10cc/0x2b60 [ 23.436448] ? __pfx_read_tsc+0x10/0x10 [ 23.436511] ? ktime_get_ts64+0x86/0x230 [ 23.436536] kunit_try_run_case+0x1a5/0x480 [ 23.436562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.436584] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.436606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.436630] ? __kthread_parkme+0x82/0x180 [ 23.436651] ? preempt_count_sub+0x50/0x80 [ 23.436673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.436697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.436720] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.436743] kthread+0x337/0x6f0 [ 23.436763] ? trace_preempt_on+0x20/0xc0 [ 23.436786] ? __pfx_kthread+0x10/0x10 [ 23.436806] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.436829] ? calculate_sigpending+0x7b/0xa0 [ 23.436852] ? __pfx_kthread+0x10/0x10 [ 23.436873] ret_from_fork+0x116/0x1d0 [ 23.436893] ? __pfx_kthread+0x10/0x10 [ 23.436913] ret_from_fork_asm+0x1a/0x30 [ 23.436944] </TASK> [ 23.436956] [ 23.452012] Allocated by task 237: [ 23.452490] kasan_save_stack+0x45/0x70 [ 23.452692] kasan_save_track+0x18/0x40 [ 23.453067] kasan_save_alloc_info+0x3b/0x50 [ 23.453477] __kasan_kmalloc+0xb7/0xc0 [ 23.453703] __kmalloc_cache_noprof+0x189/0x420 [ 23.454099] kmalloc_uaf2+0xc6/0x520 [ 23.454239] kunit_try_run_case+0x1a5/0x480 [ 23.454719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.455228] kthread+0x337/0x6f0 [ 23.455444] ret_from_fork+0x116/0x1d0 [ 23.455821] ret_from_fork_asm+0x1a/0x30 [ 23.455952] [ 23.456017] Freed by task 237: [ 23.456122] kasan_save_stack+0x45/0x70 [ 23.456414] kasan_save_track+0x18/0x40 [ 23.456803] kasan_save_free_info+0x3f/0x60 [ 23.457195] __kasan_slab_free+0x56/0x70 [ 23.457625] kfree+0x222/0x3f0 [ 23.458011] kmalloc_uaf2+0x14c/0x520 [ 23.458349] kunit_try_run_case+0x1a5/0x480 [ 23.458854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.459321] kthread+0x337/0x6f0 [ 23.459468] ret_from_fork+0x116/0x1d0 [ 23.459608] ret_from_fork_asm+0x1a/0x30 [ 23.459837] [ 23.459903] The buggy address belongs to the object at ffff888105abcb80 [ 23.459903] which belongs to the cache kmalloc-64 of size 64 [ 23.461050] The buggy address is located 40 bytes inside of [ 23.461050] freed 64-byte region [ffff888105abcb80, ffff888105abcbc0) [ 23.461763] [ 23.461978] The buggy address belongs to the physical page: [ 23.462587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 23.463207] flags: 0x200000000000000(node=0|zone=2) [ 23.463539] page_type: f5(slab) [ 23.463660] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.463876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.464090] page dumped because: kasan: bad access detected [ 23.464627] [ 23.464783] Memory state around the buggy address: [ 23.465250] ffff888105abca80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.465947] ffff888105abcb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.466664] >ffff888105abcb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.467314] ^ [ 23.467819] ffff888105abcc00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 23.468358] ffff888105abcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.468594] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 59.434171] ================================================================== [ 59.434591] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 59.434591] [ 59.434970] Use-after-free read at 0x(____ptrval____) (in kfence-#155): [ 59.435278] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 59.435929] kunit_try_run_case+0x1a5/0x480 [ 59.436129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.436348] kthread+0x337/0x6f0 [ 59.436761] ret_from_fork+0x116/0x1d0 [ 59.436950] ret_from_fork_asm+0x1a/0x30 [ 59.437130] [ 59.437202] kfence-#155: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 59.437202] [ 59.437585] allocated by task 384 on cpu 1 at 59.417997s (0.019586s ago): [ 59.437900] test_alloc+0x2a6/0x10f0 [ 59.438067] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 59.438355] kunit_try_run_case+0x1a5/0x480 [ 59.438525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.438778] kthread+0x337/0x6f0 [ 59.438933] ret_from_fork+0x116/0x1d0 [ 59.439118] ret_from_fork_asm+0x1a/0x30 [ 59.439321] [ 59.439413] freed by task 384 on cpu 1 at 59.418105s (0.021307s ago): [ 59.439697] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 59.439864] kunit_try_run_case+0x1a5/0x480 [ 59.440065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 59.440328] kthread+0x337/0x6f0 [ 59.440700] ret_from_fork+0x116/0x1d0 [ 59.440882] ret_from_fork_asm+0x1a/0x30 [ 59.441065] [ 59.441177] CPU: 1 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 59.442085] Tainted: [B]=BAD_PAGE, [N]=TEST [ 59.442238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 59.442611] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 34.681068] ================================================================== [ 34.681630] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 34.681630] [ 34.682052] Invalid read at 0x(____ptrval____): [ 34.682249] test_invalid_access+0xf0/0x210 [ 34.682443] kunit_try_run_case+0x1a5/0x480 [ 34.682669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.682905] kthread+0x337/0x6f0 [ 34.683042] ret_from_fork+0x116/0x1d0 [ 34.683225] ret_from_fork_asm+0x1a/0x30 [ 34.683425] [ 34.683558] CPU: 0 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 34.683999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.684197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.684883] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 34.457752] ================================================================== [ 34.458286] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.458286] [ 34.458680] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#150): [ 34.459320] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.459558] kunit_try_run_case+0x1a5/0x480 [ 34.459760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.459975] kthread+0x337/0x6f0 [ 34.460143] ret_from_fork+0x116/0x1d0 [ 34.460357] ret_from_fork_asm+0x1a/0x30 [ 34.460517] [ 34.460611] kfence-#150: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 34.460611] [ 34.460999] allocated by task 374 on cpu 0 at 34.457482s (0.003515s ago): [ 34.461300] test_alloc+0x364/0x10f0 [ 34.461495] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 34.461719] kunit_try_run_case+0x1a5/0x480 [ 34.461896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.462142] kthread+0x337/0x6f0 [ 34.462268] ret_from_fork+0x116/0x1d0 [ 34.462395] ret_from_fork_asm+0x1a/0x30 [ 34.462540] [ 34.462649] freed by task 374 on cpu 0 at 34.457626s (0.005021s ago): [ 34.462946] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.463212] kunit_try_run_case+0x1a5/0x480 [ 34.463365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.463593] kthread+0x337/0x6f0 [ 34.463758] ret_from_fork+0x116/0x1d0 [ 34.463941] ret_from_fork_asm+0x1a/0x30 [ 34.464081] [ 34.464176] CPU: 0 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 34.464925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.465122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.465431] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 34.041692] ================================================================== [ 34.042065] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.042065] [ 34.042570] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#146): [ 34.042920] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.043094] kunit_try_run_case+0x1a5/0x480 [ 34.043445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.043718] kthread+0x337/0x6f0 [ 34.043914] ret_from_fork+0x116/0x1d0 [ 34.044102] ret_from_fork_asm+0x1a/0x30 [ 34.044301] [ 34.044368] kfence-#146: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 34.044368] [ 34.044938] allocated by task 372 on cpu 1 at 34.041468s (0.003468s ago): [ 34.045344] test_alloc+0x364/0x10f0 [ 34.045551] test_kmalloc_aligned_oob_read+0x105/0x560 [ 34.045725] kunit_try_run_case+0x1a5/0x480 [ 34.045950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.046200] kthread+0x337/0x6f0 [ 34.046380] ret_from_fork+0x116/0x1d0 [ 34.046560] ret_from_fork_asm+0x1a/0x30 [ 34.046762] [ 34.046875] CPU: 1 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 34.047443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.047583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.048411] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 29.569699] ================================================================== [ 29.570165] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 29.570165] [ 29.570570] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#103): [ 29.571389] test_corruption+0x2d2/0x3e0 [ 29.571616] kunit_try_run_case+0x1a5/0x480 [ 29.571816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.572073] kthread+0x337/0x6f0 [ 29.572279] ret_from_fork+0x116/0x1d0 [ 29.572433] ret_from_fork_asm+0x1a/0x30 [ 29.572659] [ 29.572753] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.572753] [ 29.573133] allocated by task 360 on cpu 1 at 29.569421s (0.003710s ago): [ 29.573442] test_alloc+0x364/0x10f0 [ 29.573659] test_corruption+0xe6/0x3e0 [ 29.573849] kunit_try_run_case+0x1a5/0x480 [ 29.574022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.574283] kthread+0x337/0x6f0 [ 29.574451] ret_from_fork+0x116/0x1d0 [ 29.574630] ret_from_fork_asm+0x1a/0x30 [ 29.574779] [ 29.574845] freed by task 360 on cpu 1 at 29.569530s (0.005313s ago): [ 29.575094] test_corruption+0x2d2/0x3e0 [ 29.575407] kunit_try_run_case+0x1a5/0x480 [ 29.575640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.575904] kthread+0x337/0x6f0 [ 29.576063] ret_from_fork+0x116/0x1d0 [ 29.576243] ret_from_fork_asm+0x1a/0x30 [ 29.576432] [ 29.576574] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 29.577199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.577362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.577622] ================================================================== [ 29.985716] ================================================================== [ 29.986105] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 29.986105] [ 29.986406] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#107): [ 29.986873] test_corruption+0x2df/0x3e0 [ 29.987076] kunit_try_run_case+0x1a5/0x480 [ 29.987327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.987557] kthread+0x337/0x6f0 [ 29.987743] ret_from_fork+0x116/0x1d0 [ 29.987926] ret_from_fork_asm+0x1a/0x30 [ 29.988070] [ 29.988136] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.988136] [ 29.988782] allocated by task 360 on cpu 1 at 29.985430s (0.003350s ago): [ 29.989107] test_alloc+0x364/0x10f0 [ 29.989306] test_corruption+0x1cb/0x3e0 [ 29.989473] kunit_try_run_case+0x1a5/0x480 [ 29.989690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.989965] kthread+0x337/0x6f0 [ 29.990141] ret_from_fork+0x116/0x1d0 [ 29.990316] ret_from_fork_asm+0x1a/0x30 [ 29.990539] [ 29.990607] freed by task 360 on cpu 1 at 29.985539s (0.005065s ago): [ 29.990836] test_corruption+0x2df/0x3e0 [ 29.991050] kunit_try_run_case+0x1a5/0x480 [ 29.991328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.991610] kthread+0x337/0x6f0 [ 29.991757] ret_from_fork+0x116/0x1d0 [ 29.991928] ret_from_fork_asm+0x1a/0x30 [ 29.992116] [ 29.992216] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 29.992721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.992908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.993256] ================================================================== [ 30.193607] ================================================================== [ 30.193997] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 30.193997] [ 30.194355] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#109): [ 30.195026] test_corruption+0x131/0x3e0 [ 30.195181] kunit_try_run_case+0x1a5/0x480 [ 30.195466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.195676] kthread+0x337/0x6f0 [ 30.195847] ret_from_fork+0x116/0x1d0 [ 30.196043] ret_from_fork_asm+0x1a/0x30 [ 30.196231] [ 30.196398] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.196398] [ 30.196693] allocated by task 362 on cpu 0 at 30.193451s (0.003239s ago): [ 30.197039] test_alloc+0x2a6/0x10f0 [ 30.197249] test_corruption+0xe6/0x3e0 [ 30.197386] kunit_try_run_case+0x1a5/0x480 [ 30.197572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.197848] kthread+0x337/0x6f0 [ 30.198024] ret_from_fork+0x116/0x1d0 [ 30.198173] ret_from_fork_asm+0x1a/0x30 [ 30.198395] [ 30.198489] freed by task 362 on cpu 0 at 30.193524s (0.004963s ago): [ 30.198762] test_corruption+0x131/0x3e0 [ 30.198956] kunit_try_run_case+0x1a5/0x480 [ 30.199149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.199495] kthread+0x337/0x6f0 [ 30.199665] ret_from_fork+0x116/0x1d0 [ 30.199871] ret_from_fork_asm+0x1a/0x30 [ 30.200066] [ 30.200181] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 30.200688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.200819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.201402] ================================================================== [ 30.297510] ================================================================== [ 30.297884] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 30.297884] [ 30.298259] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#110): [ 30.298658] test_corruption+0x216/0x3e0 [ 30.298849] kunit_try_run_case+0x1a5/0x480 [ 30.299071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.299324] kthread+0x337/0x6f0 [ 30.299446] ret_from_fork+0x116/0x1d0 [ 30.299731] ret_from_fork_asm+0x1a/0x30 [ 30.299930] [ 30.300031] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.300031] [ 30.300465] allocated by task 362 on cpu 0 at 30.297367s (0.003096s ago): [ 30.300770] test_alloc+0x2a6/0x10f0 [ 30.300901] test_corruption+0x1cb/0x3e0 [ 30.301091] kunit_try_run_case+0x1a5/0x480 [ 30.301316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.301651] kthread+0x337/0x6f0 [ 30.301837] ret_from_fork+0x116/0x1d0 [ 30.302030] ret_from_fork_asm+0x1a/0x30 [ 30.302258] [ 30.302329] freed by task 362 on cpu 0 at 30.297421s (0.004906s ago): [ 30.302619] test_corruption+0x216/0x3e0 [ 30.302764] kunit_try_run_case+0x1a5/0x480 [ 30.302965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.303209] kthread+0x337/0x6f0 [ 30.303389] ret_from_fork+0x116/0x1d0 [ 30.303555] ret_from_fork_asm+0x1a/0x30 [ 30.303690] [ 30.303776] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 30.304408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.304627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.305048] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 29.257593] ================================================================== [ 29.257954] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 29.257954] [ 29.258511] Invalid free of 0x(____ptrval____) (in kfence-#100): [ 29.258754] test_invalid_addr_free+0x1e1/0x260 [ 29.258959] kunit_try_run_case+0x1a5/0x480 [ 29.259152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.259848] kthread+0x337/0x6f0 [ 29.260216] ret_from_fork+0x116/0x1d0 [ 29.260387] ret_from_fork_asm+0x1a/0x30 [ 29.260611] [ 29.260991] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.260991] [ 29.261400] allocated by task 356 on cpu 1 at 29.257466s (0.003931s ago): [ 29.261746] test_alloc+0x364/0x10f0 [ 29.262117] test_invalid_addr_free+0xdb/0x260 [ 29.262377] kunit_try_run_case+0x1a5/0x480 [ 29.262697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.262956] kthread+0x337/0x6f0 [ 29.263247] ret_from_fork+0x116/0x1d0 [ 29.263532] ret_from_fork_asm+0x1a/0x30 [ 29.263733] [ 29.264013] CPU: 1 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 29.264570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.264781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.265324] ================================================================== [ 29.361618] ================================================================== [ 29.361989] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 29.361989] [ 29.362352] Invalid free of 0x(____ptrval____) (in kfence-#101): [ 29.362662] test_invalid_addr_free+0xfb/0x260 [ 29.362865] kunit_try_run_case+0x1a5/0x480 [ 29.363024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.363279] kthread+0x337/0x6f0 [ 29.363414] ret_from_fork+0x116/0x1d0 [ 29.363601] ret_from_fork_asm+0x1a/0x30 [ 29.363738] [ 29.363830] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.363830] [ 29.364284] allocated by task 358 on cpu 0 at 29.361497s (0.002785s ago): [ 29.364578] test_alloc+0x2a6/0x10f0 [ 29.364730] test_invalid_addr_free+0xdb/0x260 [ 29.364877] kunit_try_run_case+0x1a5/0x480 [ 29.365038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.365281] kthread+0x337/0x6f0 [ 29.365421] ret_from_fork+0x116/0x1d0 [ 29.365558] ret_from_fork_asm+0x1a/0x30 [ 29.365692] [ 29.365868] CPU: 0 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 29.366580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.366731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.367042] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 23.407755] ================================================================== [ 23.408234] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 23.408568] Write of size 33 at addr ffff888104bb9980 by task kunit_try_catch/235 [ 23.409053] [ 23.409468] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.409521] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.409535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.409555] Call Trace: [ 23.409567] <TASK> [ 23.409583] dump_stack_lvl+0x73/0xb0 [ 23.409613] print_report+0xd1/0x650 [ 23.409635] ? __virt_addr_valid+0x1db/0x2d0 [ 23.409658] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.409678] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.409703] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.409724] kasan_report+0x141/0x180 [ 23.409745] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.409770] kasan_check_range+0x10c/0x1c0 [ 23.409792] __asan_memset+0x27/0x50 [ 23.409815] kmalloc_uaf_memset+0x1a3/0x360 [ 23.409835] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 23.409862] ? __schedule+0x10cc/0x2b60 [ 23.409887] ? __pfx_read_tsc+0x10/0x10 [ 23.409907] ? ktime_get_ts64+0x86/0x230 [ 23.409931] kunit_try_run_case+0x1a5/0x480 [ 23.409956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.409979] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.410000] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.410024] ? __kthread_parkme+0x82/0x180 [ 23.410045] ? preempt_count_sub+0x50/0x80 [ 23.410068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.410092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.410115] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.410138] kthread+0x337/0x6f0 [ 23.410380] ? trace_preempt_on+0x20/0xc0 [ 23.410403] ? __pfx_kthread+0x10/0x10 [ 23.410424] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.410447] ? calculate_sigpending+0x7b/0xa0 [ 23.410483] ? __pfx_kthread+0x10/0x10 [ 23.410504] ret_from_fork+0x116/0x1d0 [ 23.410523] ? __pfx_kthread+0x10/0x10 [ 23.410543] ret_from_fork_asm+0x1a/0x30 [ 23.410574] </TASK> [ 23.410585] [ 23.418060] Allocated by task 235: [ 23.418348] kasan_save_stack+0x45/0x70 [ 23.418538] kasan_save_track+0x18/0x40 [ 23.418671] kasan_save_alloc_info+0x3b/0x50 [ 23.418811] __kasan_kmalloc+0xb7/0xc0 [ 23.418996] __kmalloc_cache_noprof+0x189/0x420 [ 23.419403] kmalloc_uaf_memset+0xa9/0x360 [ 23.419637] kunit_try_run_case+0x1a5/0x480 [ 23.419864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.420107] kthread+0x337/0x6f0 [ 23.420324] ret_from_fork+0x116/0x1d0 [ 23.420450] ret_from_fork_asm+0x1a/0x30 [ 23.420592] [ 23.420664] Freed by task 235: [ 23.421018] kasan_save_stack+0x45/0x70 [ 23.421211] kasan_save_track+0x18/0x40 [ 23.421512] kasan_save_free_info+0x3f/0x60 [ 23.421664] __kasan_slab_free+0x56/0x70 [ 23.421814] kfree+0x222/0x3f0 [ 23.421981] kmalloc_uaf_memset+0x12b/0x360 [ 23.422255] kunit_try_run_case+0x1a5/0x480 [ 23.422448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.422628] kthread+0x337/0x6f0 [ 23.422741] ret_from_fork+0x116/0x1d0 [ 23.422865] ret_from_fork_asm+0x1a/0x30 [ 23.423073] [ 23.423161] The buggy address belongs to the object at ffff888104bb9980 [ 23.423161] which belongs to the cache kmalloc-64 of size 64 [ 23.423680] The buggy address is located 0 bytes inside of [ 23.423680] freed 64-byte region [ffff888104bb9980, ffff888104bb99c0) [ 23.424379] [ 23.424451] The buggy address belongs to the physical page: [ 23.424629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104bb9 [ 23.424895] flags: 0x200000000000000(node=0|zone=2) [ 23.425121] page_type: f5(slab) [ 23.425432] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.425778] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.426452] page dumped because: kasan: bad access detected [ 23.426677] [ 23.426757] Memory state around the buggy address: [ 23.426994] ffff888104bb9880: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 23.427380] ffff888104bb9900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.427682] >ffff888104bb9980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.427953] ^ [ 23.428097] ffff888104bb9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.428398] ffff888104bb9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.428809] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 23.377517] ================================================================== [ 23.377964] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 23.378503] Read of size 1 at addr ffff8881054e0a08 by task kunit_try_catch/233 [ 23.378801] [ 23.378908] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.378955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.378968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.378989] Call Trace: [ 23.379002] <TASK> [ 23.379020] dump_stack_lvl+0x73/0xb0 [ 23.379048] print_report+0xd1/0x650 [ 23.379069] ? __virt_addr_valid+0x1db/0x2d0 [ 23.379092] ? kmalloc_uaf+0x320/0x380 [ 23.379110] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.379135] ? kmalloc_uaf+0x320/0x380 [ 23.379154] kasan_report+0x141/0x180 [ 23.379175] ? kmalloc_uaf+0x320/0x380 [ 23.379199] __asan_report_load1_noabort+0x18/0x20 [ 23.379222] kmalloc_uaf+0x320/0x380 [ 23.379241] ? __pfx_kmalloc_uaf+0x10/0x10 [ 23.379323] ? __schedule+0x10cc/0x2b60 [ 23.379353] ? __pfx_read_tsc+0x10/0x10 [ 23.379374] ? ktime_get_ts64+0x86/0x230 [ 23.379398] kunit_try_run_case+0x1a5/0x480 [ 23.379424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.379447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.379480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.379504] ? __kthread_parkme+0x82/0x180 [ 23.379525] ? preempt_count_sub+0x50/0x80 [ 23.379547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.379571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.379594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.379618] kthread+0x337/0x6f0 [ 23.379637] ? trace_preempt_on+0x20/0xc0 [ 23.379659] ? __pfx_kthread+0x10/0x10 [ 23.379680] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.379703] ? calculate_sigpending+0x7b/0xa0 [ 23.379727] ? __pfx_kthread+0x10/0x10 [ 23.379748] ret_from_fork+0x116/0x1d0 [ 23.379767] ? __pfx_kthread+0x10/0x10 [ 23.379787] ret_from_fork_asm+0x1a/0x30 [ 23.379818] </TASK> [ 23.379830] [ 23.389033] Allocated by task 233: [ 23.389329] kasan_save_stack+0x45/0x70 [ 23.389799] kasan_save_track+0x18/0x40 [ 23.390134] kasan_save_alloc_info+0x3b/0x50 [ 23.390463] __kasan_kmalloc+0xb7/0xc0 [ 23.390620] __kmalloc_cache_noprof+0x189/0x420 [ 23.390937] kmalloc_uaf+0xaa/0x380 [ 23.391311] kunit_try_run_case+0x1a5/0x480 [ 23.391487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.391895] kthread+0x337/0x6f0 [ 23.392164] ret_from_fork+0x116/0x1d0 [ 23.392300] ret_from_fork_asm+0x1a/0x30 [ 23.392705] [ 23.392795] Freed by task 233: [ 23.392939] kasan_save_stack+0x45/0x70 [ 23.393336] kasan_save_track+0x18/0x40 [ 23.393533] kasan_save_free_info+0x3f/0x60 [ 23.394069] __kasan_slab_free+0x56/0x70 [ 23.394203] kfree+0x222/0x3f0 [ 23.394644] kmalloc_uaf+0x12c/0x380 [ 23.394789] kunit_try_run_case+0x1a5/0x480 [ 23.395081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.395539] kthread+0x337/0x6f0 [ 23.395732] ret_from_fork+0x116/0x1d0 [ 23.396000] ret_from_fork_asm+0x1a/0x30 [ 23.396151] [ 23.396320] The buggy address belongs to the object at ffff8881054e0a00 [ 23.396320] which belongs to the cache kmalloc-16 of size 16 [ 23.397032] The buggy address is located 8 bytes inside of [ 23.397032] freed 16-byte region [ffff8881054e0a00, ffff8881054e0a10) [ 23.397778] [ 23.397956] The buggy address belongs to the physical page: [ 23.398501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054e0 [ 23.398836] flags: 0x200000000000000(node=0|zone=2) [ 23.399142] page_type: f5(slab) [ 23.399420] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.399892] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.400368] page dumped because: kasan: bad access detected [ 23.400703] [ 23.400797] Memory state around the buggy address: [ 23.400988] ffff8881054e0900: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.401636] ffff8881054e0980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.401885] >ffff8881054e0a00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.402437] ^ [ 23.402707] ffff8881054e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.402956] ffff8881054e0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.403579] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 23.351414] ================================================================== [ 23.351907] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.352212] Read of size 64 at addr ffff888105abc984 by task kunit_try_catch/231 [ 23.352575] [ 23.352654] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.352699] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.352711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.352847] Call Trace: [ 23.352861] <TASK> [ 23.352877] dump_stack_lvl+0x73/0xb0 [ 23.352905] print_report+0xd1/0x650 [ 23.352926] ? __virt_addr_valid+0x1db/0x2d0 [ 23.352949] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.352973] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.353007] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.353031] kasan_report+0x141/0x180 [ 23.353054] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.353083] kasan_check_range+0x10c/0x1c0 [ 23.353106] __asan_memmove+0x27/0x70 [ 23.353129] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.353242] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.353268] ? __schedule+0x10cc/0x2b60 [ 23.353293] ? __pfx_read_tsc+0x10/0x10 [ 23.353319] ? ktime_get_ts64+0x86/0x230 [ 23.353344] kunit_try_run_case+0x1a5/0x480 [ 23.353369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.353392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.353412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.353437] ? __kthread_parkme+0x82/0x180 [ 23.353471] ? preempt_count_sub+0x50/0x80 [ 23.353493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.353518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.353541] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.353565] kthread+0x337/0x6f0 [ 23.353584] ? trace_preempt_on+0x20/0xc0 [ 23.353606] ? __pfx_kthread+0x10/0x10 [ 23.353626] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.353650] ? calculate_sigpending+0x7b/0xa0 [ 23.353673] ? __pfx_kthread+0x10/0x10 [ 23.353694] ret_from_fork+0x116/0x1d0 [ 23.353714] ? __pfx_kthread+0x10/0x10 [ 23.353734] ret_from_fork_asm+0x1a/0x30 [ 23.353764] </TASK> [ 23.353775] [ 23.361106] Allocated by task 231: [ 23.361861] kasan_save_stack+0x45/0x70 [ 23.362360] kasan_save_track+0x18/0x40 [ 23.362503] kasan_save_alloc_info+0x3b/0x50 [ 23.363081] __kasan_kmalloc+0xb7/0xc0 [ 23.363693] __kmalloc_cache_noprof+0x189/0x420 [ 23.364028] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.364389] kunit_try_run_case+0x1a5/0x480 [ 23.364602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.364832] kthread+0x337/0x6f0 [ 23.364972] ret_from_fork+0x116/0x1d0 [ 23.365132] ret_from_fork_asm+0x1a/0x30 [ 23.365665] [ 23.365762] The buggy address belongs to the object at ffff888105abc980 [ 23.365762] which belongs to the cache kmalloc-64 of size 64 [ 23.366836] The buggy address is located 4 bytes inside of [ 23.366836] allocated 64-byte region [ffff888105abc980, ffff888105abc9c0) [ 23.367719] [ 23.367817] The buggy address belongs to the physical page: [ 23.368044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 23.368749] flags: 0x200000000000000(node=0|zone=2) [ 23.369104] page_type: f5(slab) [ 23.369669] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.370001] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.370761] page dumped because: kasan: bad access detected [ 23.371118] [ 23.371474] Memory state around the buggy address: [ 23.371695] ffff888105abc880: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.371980] ffff888105abc900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.372639] >ffff888105abc980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.373131] ^ [ 23.373608] ffff888105abca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.374081] ffff888105abca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.374463] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 23.331528] ================================================================== [ 23.331991] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 23.332359] Read of size 18446744073709551614 at addr ffff888104bb9784 by task kunit_try_catch/229 [ 23.332761] [ 23.332857] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.332902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.332915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.332936] Call Trace: [ 23.332948] <TASK> [ 23.332963] dump_stack_lvl+0x73/0xb0 [ 23.332992] print_report+0xd1/0x650 [ 23.333013] ? __virt_addr_valid+0x1db/0x2d0 [ 23.333038] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.333061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.333085] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.333125] kasan_report+0x141/0x180 [ 23.333146] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.333174] kasan_check_range+0x10c/0x1c0 [ 23.333197] __asan_memmove+0x27/0x70 [ 23.333231] kmalloc_memmove_negative_size+0x171/0x330 [ 23.333254] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.333278] ? __schedule+0x10cc/0x2b60 [ 23.333303] ? __pfx_read_tsc+0x10/0x10 [ 23.333324] ? ktime_get_ts64+0x86/0x230 [ 23.333349] kunit_try_run_case+0x1a5/0x480 [ 23.333374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.333397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.333418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.333443] ? __kthread_parkme+0x82/0x180 [ 23.333477] ? preempt_count_sub+0x50/0x80 [ 23.333501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.333525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.333548] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.333571] kthread+0x337/0x6f0 [ 23.333591] ? trace_preempt_on+0x20/0xc0 [ 23.333615] ? __pfx_kthread+0x10/0x10 [ 23.333635] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.333658] ? calculate_sigpending+0x7b/0xa0 [ 23.333681] ? __pfx_kthread+0x10/0x10 [ 23.333703] ret_from_fork+0x116/0x1d0 [ 23.333721] ? __pfx_kthread+0x10/0x10 [ 23.333741] ret_from_fork_asm+0x1a/0x30 [ 23.333772] </TASK> [ 23.333784] [ 23.340741] Allocated by task 229: [ 23.340898] kasan_save_stack+0x45/0x70 [ 23.341080] kasan_save_track+0x18/0x40 [ 23.341290] kasan_save_alloc_info+0x3b/0x50 [ 23.341474] __kasan_kmalloc+0xb7/0xc0 [ 23.341638] __kmalloc_cache_noprof+0x189/0x420 [ 23.341795] kmalloc_memmove_negative_size+0xac/0x330 [ 23.342016] kunit_try_run_case+0x1a5/0x480 [ 23.342223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.342470] kthread+0x337/0x6f0 [ 23.342610] ret_from_fork+0x116/0x1d0 [ 23.342760] ret_from_fork_asm+0x1a/0x30 [ 23.342913] [ 23.343001] The buggy address belongs to the object at ffff888104bb9780 [ 23.343001] which belongs to the cache kmalloc-64 of size 64 [ 23.343541] The buggy address is located 4 bytes inside of [ 23.343541] 64-byte region [ffff888104bb9780, ffff888104bb97c0) [ 23.343968] [ 23.344054] The buggy address belongs to the physical page: [ 23.344223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104bb9 [ 23.344462] flags: 0x200000000000000(node=0|zone=2) [ 23.344619] page_type: f5(slab) [ 23.344734] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.344991] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.345311] page dumped because: kasan: bad access detected [ 23.345577] [ 23.345669] Memory state around the buggy address: [ 23.345909] ffff888104bb9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.346378] ffff888104bb9700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.346593] >ffff888104bb9780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.346794] ^ [ 23.346901] ffff888104bb9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.347104] ffff888104bb9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.348098] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 23.308586] ================================================================== [ 23.309056] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.309406] Write of size 16 at addr ffff888105479f69 by task kunit_try_catch/227 [ 23.309721] [ 23.309827] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.309877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.309890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.309911] Call Trace: [ 23.309924] <TASK> [ 23.309939] dump_stack_lvl+0x73/0xb0 [ 23.309966] print_report+0xd1/0x650 [ 23.309987] ? __virt_addr_valid+0x1db/0x2d0 [ 23.310010] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.310030] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.310055] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.310076] kasan_report+0x141/0x180 [ 23.310097] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.310122] kasan_check_range+0x10c/0x1c0 [ 23.310145] __asan_memset+0x27/0x50 [ 23.310167] kmalloc_oob_memset_16+0x166/0x330 [ 23.310189] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.310211] ? __schedule+0x10cc/0x2b60 [ 23.310236] ? __pfx_read_tsc+0x10/0x10 [ 23.310342] ? ktime_get_ts64+0x86/0x230 [ 23.310367] kunit_try_run_case+0x1a5/0x480 [ 23.310393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.310416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.310437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.310474] ? __kthread_parkme+0x82/0x180 [ 23.310495] ? preempt_count_sub+0x50/0x80 [ 23.310518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.310542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.310565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.310588] kthread+0x337/0x6f0 [ 23.310608] ? trace_preempt_on+0x20/0xc0 [ 23.310631] ? __pfx_kthread+0x10/0x10 [ 23.310651] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.310674] ? calculate_sigpending+0x7b/0xa0 [ 23.310698] ? __pfx_kthread+0x10/0x10 [ 23.310719] ret_from_fork+0x116/0x1d0 [ 23.310738] ? __pfx_kthread+0x10/0x10 [ 23.310758] ret_from_fork_asm+0x1a/0x30 [ 23.310790] </TASK> [ 23.310801] [ 23.318637] Allocated by task 227: [ 23.319032] kasan_save_stack+0x45/0x70 [ 23.319230] kasan_save_track+0x18/0x40 [ 23.319411] kasan_save_alloc_info+0x3b/0x50 [ 23.319565] __kasan_kmalloc+0xb7/0xc0 [ 23.319694] __kmalloc_cache_noprof+0x189/0x420 [ 23.320001] kmalloc_oob_memset_16+0xac/0x330 [ 23.320215] kunit_try_run_case+0x1a5/0x480 [ 23.320726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.320981] kthread+0x337/0x6f0 [ 23.321117] ret_from_fork+0x116/0x1d0 [ 23.321241] ret_from_fork_asm+0x1a/0x30 [ 23.321521] [ 23.321646] The buggy address belongs to the object at ffff888105479f00 [ 23.321646] which belongs to the cache kmalloc-128 of size 128 [ 23.322049] The buggy address is located 105 bytes inside of [ 23.322049] allocated 120-byte region [ffff888105479f00, ffff888105479f78) [ 23.322431] [ 23.322589] The buggy address belongs to the physical page: [ 23.322835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 23.323232] flags: 0x200000000000000(node=0|zone=2) [ 23.323396] page_type: f5(slab) [ 23.323524] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.323765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.324091] page dumped because: kasan: bad access detected [ 23.324735] [ 23.324841] Memory state around the buggy address: [ 23.325060] ffff888105479e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.325437] ffff888105479e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.325664] >ffff888105479f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.325973] ^ [ 23.326302] ffff888105479f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.326518] ffff88810547a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.326723] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 29.153644] ================================================================== [ 29.154027] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 29.154027] [ 29.154380] Invalid free of 0x(____ptrval____) (in kfence-#99): [ 29.154669] test_double_free+0x112/0x260 [ 29.154819] kunit_try_run_case+0x1a5/0x480 [ 29.155012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.155291] kthread+0x337/0x6f0 [ 29.155413] ret_from_fork+0x116/0x1d0 [ 29.155620] ret_from_fork_asm+0x1a/0x30 [ 29.155815] [ 29.155900] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.155900] [ 29.156298] allocated by task 354 on cpu 0 at 29.153449s (0.002847s ago): [ 29.156616] test_alloc+0x2a6/0x10f0 [ 29.156789] test_double_free+0xdb/0x260 [ 29.156956] kunit_try_run_case+0x1a5/0x480 [ 29.157123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.157294] kthread+0x337/0x6f0 [ 29.157438] ret_from_fork+0x116/0x1d0 [ 29.157639] ret_from_fork_asm+0x1a/0x30 [ 29.157824] [ 29.157905] freed by task 354 on cpu 0 at 29.153505s (0.004397s ago): [ 29.158157] test_double_free+0xfa/0x260 [ 29.158429] kunit_try_run_case+0x1a5/0x480 [ 29.158611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.158789] kthread+0x337/0x6f0 [ 29.158954] ret_from_fork+0x116/0x1d0 [ 29.159138] ret_from_fork_asm+0x1a/0x30 [ 29.159417] [ 29.159533] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 29.160014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.160168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.160431] ================================================================== [ 29.049715] ================================================================== [ 29.050119] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 29.050119] [ 29.050514] Invalid free of 0x(____ptrval____) (in kfence-#98): [ 29.050799] test_double_free+0x1d3/0x260 [ 29.050945] kunit_try_run_case+0x1a5/0x480 [ 29.051159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.051418] kthread+0x337/0x6f0 [ 29.051579] ret_from_fork+0x116/0x1d0 [ 29.051755] ret_from_fork_asm+0x1a/0x30 [ 29.051929] [ 29.051998] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.051998] [ 29.052498] allocated by task 352 on cpu 1 at 29.049479s (0.003017s ago): [ 29.052754] test_alloc+0x364/0x10f0 [ 29.052884] test_double_free+0xdb/0x260 [ 29.053074] kunit_try_run_case+0x1a5/0x480 [ 29.053277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.053507] kthread+0x337/0x6f0 [ 29.053624] ret_from_fork+0x116/0x1d0 [ 29.053751] ret_from_fork_asm+0x1a/0x30 [ 29.053922] [ 29.054013] freed by task 352 on cpu 1 at 29.049530s (0.004481s ago): [ 29.054574] test_double_free+0x1e0/0x260 [ 29.054792] kunit_try_run_case+0x1a5/0x480 [ 29.054974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.055201] kthread+0x337/0x6f0 [ 29.055340] ret_from_fork+0x116/0x1d0 [ 29.055506] ret_from_fork_asm+0x1a/0x30 [ 29.055641] [ 29.055761] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 29.056277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.056448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.057291] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 28.737621] ================================================================== [ 28.738015] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.738015] [ 28.738530] Use-after-free read at 0x(____ptrval____) (in kfence-#95): [ 28.738828] test_use_after_free_read+0x129/0x270 [ 28.739023] kunit_try_run_case+0x1a5/0x480 [ 28.739191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.739439] kthread+0x337/0x6f0 [ 28.739711] ret_from_fork+0x116/0x1d0 [ 28.739881] ret_from_fork_asm+0x1a/0x30 [ 28.740029] [ 28.740097] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.740097] [ 28.740672] allocated by task 346 on cpu 0 at 28.737485s (0.003185s ago): [ 28.740987] test_alloc+0x2a6/0x10f0 [ 28.741152] test_use_after_free_read+0xdc/0x270 [ 28.741436] kunit_try_run_case+0x1a5/0x480 [ 28.741617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.741871] kthread+0x337/0x6f0 [ 28.742075] ret_from_fork+0x116/0x1d0 [ 28.742222] ret_from_fork_asm+0x1a/0x30 [ 28.742413] [ 28.742535] freed by task 346 on cpu 0 at 28.737544s (0.004988s ago): [ 28.742879] test_use_after_free_read+0xfb/0x270 [ 28.743093] kunit_try_run_case+0x1a5/0x480 [ 28.743342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.743515] kthread+0x337/0x6f0 [ 28.743627] ret_from_fork+0x116/0x1d0 [ 28.743797] ret_from_fork_asm+0x1a/0x30 [ 28.743990] [ 28.744128] CPU: 0 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 28.744881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.745082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.745478] ================================================================== [ 28.633648] ================================================================== [ 28.634075] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.634075] [ 28.634507] Use-after-free read at 0x(____ptrval____) (in kfence-#94): [ 28.634805] test_use_after_free_read+0x129/0x270 [ 28.635031] kunit_try_run_case+0x1a5/0x480 [ 28.635239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.635445] kthread+0x337/0x6f0 [ 28.635614] ret_from_fork+0x116/0x1d0 [ 28.635775] ret_from_fork_asm+0x1a/0x30 [ 28.635932] [ 28.636025] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.636025] [ 28.636470] allocated by task 344 on cpu 1 at 28.633412s (0.003056s ago): [ 28.636707] test_alloc+0x364/0x10f0 [ 28.636838] test_use_after_free_read+0xdc/0x270 [ 28.637055] kunit_try_run_case+0x1a5/0x480 [ 28.637257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.637515] kthread+0x337/0x6f0 [ 28.637716] ret_from_fork+0x116/0x1d0 [ 28.637885] ret_from_fork_asm+0x1a/0x30 [ 28.638068] [ 28.638267] freed by task 344 on cpu 1 at 28.633493s (0.004685s ago): [ 28.638656] test_use_after_free_read+0x1e7/0x270 [ 28.638893] kunit_try_run_case+0x1a5/0x480 [ 28.639068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.639270] kthread+0x337/0x6f0 [ 28.639387] ret_from_fork+0x116/0x1d0 [ 28.639594] ret_from_fork_asm+0x1a/0x30 [ 28.639817] [ 28.639932] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 28.640283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.640649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.641035] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 28.321517] ================================================================== [ 28.321928] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 28.321928] [ 28.322515] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#91): [ 28.322779] test_out_of_bounds_write+0x10d/0x260 [ 28.322992] kunit_try_run_case+0x1a5/0x480 [ 28.323138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.323515] kthread+0x337/0x6f0 [ 28.323684] ret_from_fork+0x116/0x1d0 [ 28.323819] ret_from_fork_asm+0x1a/0x30 [ 28.324013] [ 28.324103] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.324103] [ 28.324435] allocated by task 340 on cpu 1 at 28.321389s (0.003044s ago): [ 28.324782] test_alloc+0x364/0x10f0 [ 28.324959] test_out_of_bounds_write+0xd4/0x260 [ 28.325135] kunit_try_run_case+0x1a5/0x480 [ 28.325278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.325564] kthread+0x337/0x6f0 [ 28.325736] ret_from_fork+0x116/0x1d0 [ 28.325928] ret_from_fork_asm+0x1a/0x30 [ 28.326127] [ 28.326242] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 28.326629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.326817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.327245] ================================================================== [ 28.529485] ================================================================== [ 28.529879] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 28.529879] [ 28.530362] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#93): [ 28.530654] test_out_of_bounds_write+0x10d/0x260 [ 28.530883] kunit_try_run_case+0x1a5/0x480 [ 28.531056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.531229] kthread+0x337/0x6f0 [ 28.531396] ret_from_fork+0x116/0x1d0 [ 28.531595] ret_from_fork_asm+0x1a/0x30 [ 28.531878] [ 28.531978] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.531978] [ 28.532349] allocated by task 342 on cpu 1 at 28.529416s (0.002931s ago): [ 28.532652] test_alloc+0x2a6/0x10f0 [ 28.532799] test_out_of_bounds_write+0xd4/0x260 [ 28.532994] kunit_try_run_case+0x1a5/0x480 [ 28.533142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.533412] kthread+0x337/0x6f0 [ 28.533601] ret_from_fork+0x116/0x1d0 [ 28.533733] ret_from_fork_asm+0x1a/0x30 [ 28.533873] [ 28.533962] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 28.534545] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.534682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.534964] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 28.009505] ================================================================== [ 28.009894] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.009894] [ 28.010314] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#88): [ 28.010654] test_out_of_bounds_read+0x216/0x4e0 [ 28.010868] kunit_try_run_case+0x1a5/0x480 [ 28.011035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.011282] kthread+0x337/0x6f0 [ 28.011445] ret_from_fork+0x116/0x1d0 [ 28.011590] ret_from_fork_asm+0x1a/0x30 [ 28.011784] [ 28.011876] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.011876] [ 28.012200] allocated by task 338 on cpu 0 at 28.009441s (0.002757s ago): [ 28.012502] test_alloc+0x2a6/0x10f0 [ 28.012686] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.012904] kunit_try_run_case+0x1a5/0x480 [ 28.013068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.013364] kthread+0x337/0x6f0 [ 28.013508] ret_from_fork+0x116/0x1d0 [ 28.013660] ret_from_fork_asm+0x1a/0x30 [ 28.013819] [ 28.013914] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 28.014656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.014831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.015099] ================================================================== [ 27.801444] ================================================================== [ 27.801848] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.801848] [ 27.802237] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#86): [ 27.802526] test_out_of_bounds_read+0x126/0x4e0 [ 27.802750] kunit_try_run_case+0x1a5/0x480 [ 27.802924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.803138] kthread+0x337/0x6f0 [ 27.803285] ret_from_fork+0x116/0x1d0 [ 27.803497] ret_from_fork_asm+0x1a/0x30 [ 27.803679] [ 27.803771] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.803771] [ 27.804117] allocated by task 338 on cpu 0 at 27.801383s (0.002732s ago): [ 27.804435] test_alloc+0x2a6/0x10f0 [ 27.804640] test_out_of_bounds_read+0xed/0x4e0 [ 27.804845] kunit_try_run_case+0x1a5/0x480 [ 27.805021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.805203] kthread+0x337/0x6f0 [ 27.805383] ret_from_fork+0x116/0x1d0 [ 27.805564] ret_from_fork_asm+0x1a/0x30 [ 27.805764] [ 27.805882] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.806244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.806412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.806828] ================================================================== [ 27.697710] ================================================================== [ 27.698109] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.698109] [ 27.698598] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#85): [ 27.698962] test_out_of_bounds_read+0x216/0x4e0 [ 27.699296] kunit_try_run_case+0x1a5/0x480 [ 27.699536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.699723] kthread+0x337/0x6f0 [ 27.699896] ret_from_fork+0x116/0x1d0 [ 27.700051] ret_from_fork_asm+0x1a/0x30 [ 27.700249] [ 27.700366] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.700366] [ 27.700779] allocated by task 336 on cpu 1 at 27.697537s (0.003239s ago): [ 27.701101] test_alloc+0x364/0x10f0 [ 27.701289] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.701549] kunit_try_run_case+0x1a5/0x480 [ 27.701690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.701925] kthread+0x337/0x6f0 [ 27.702115] ret_from_fork+0x116/0x1d0 [ 27.702317] ret_from_fork_asm+0x1a/0x30 [ 27.702537] [ 27.702654] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.703138] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.703326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.703647] ================================================================== [ 27.490500] ================================================================== [ 27.490967] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.490967] [ 27.491606] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#83): [ 27.492121] test_out_of_bounds_read+0x126/0x4e0 [ 27.492356] kunit_try_run_case+0x1a5/0x480 [ 27.492573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.492807] kthread+0x337/0x6f0 [ 27.492930] ret_from_fork+0x116/0x1d0 [ 27.493091] ret_from_fork_asm+0x1a/0x30 [ 27.493426] [ 27.493725] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.493725] [ 27.494310] allocated by task 336 on cpu 1 at 27.489452s (0.004794s ago): [ 27.494979] test_alloc+0x364/0x10f0 [ 27.495238] test_out_of_bounds_read+0xed/0x4e0 [ 27.495450] kunit_try_run_case+0x1a5/0x480 [ 27.495619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.495862] kthread+0x337/0x6f0 [ 27.496034] ret_from_fork+0x116/0x1d0 [ 27.496164] ret_from_fork_asm+0x1a/0x30 [ 27.496541] [ 27.496723] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.497214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.497396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.497744] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 27.202040] ================================================================== [ 27.202497] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.202989] Write of size 1 at addr ffff888105ab1d78 by task kunit_try_catch/334 [ 27.203405] [ 27.203605] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.203656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.203671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.203695] Call Trace: [ 27.203709] <TASK> [ 27.203725] dump_stack_lvl+0x73/0xb0 [ 27.203755] print_report+0xd1/0x650 [ 27.203779] ? __virt_addr_valid+0x1db/0x2d0 [ 27.203804] ? strncpy_from_user+0x1a5/0x1d0 [ 27.203827] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.203854] ? strncpy_from_user+0x1a5/0x1d0 [ 27.203878] kasan_report+0x141/0x180 [ 27.203901] ? strncpy_from_user+0x1a5/0x1d0 [ 27.203929] __asan_report_store1_noabort+0x1b/0x30 [ 27.203955] strncpy_from_user+0x1a5/0x1d0 [ 27.203982] copy_user_test_oob+0x760/0x10f0 [ 27.204010] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.204034] ? finish_task_switch.isra.0+0x153/0x700 [ 27.204058] ? __switch_to+0x47/0xf50 [ 27.204086] ? __schedule+0x10cc/0x2b60 [ 27.204113] ? __pfx_read_tsc+0x10/0x10 [ 27.204136] ? ktime_get_ts64+0x86/0x230 [ 27.204161] kunit_try_run_case+0x1a5/0x480 [ 27.204188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.204321] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.204346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.204374] ? __kthread_parkme+0x82/0x180 [ 27.204396] ? preempt_count_sub+0x50/0x80 [ 27.204421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.204449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.204489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.204515] kthread+0x337/0x6f0 [ 27.204537] ? trace_preempt_on+0x20/0xc0 [ 27.204561] ? __pfx_kthread+0x10/0x10 [ 27.204584] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.204610] ? calculate_sigpending+0x7b/0xa0 [ 27.204636] ? __pfx_kthread+0x10/0x10 [ 27.204660] ret_from_fork+0x116/0x1d0 [ 27.204681] ? __pfx_kthread+0x10/0x10 [ 27.204705] ret_from_fork_asm+0x1a/0x30 [ 27.204737] </TASK> [ 27.204750] [ 27.213662] Allocated by task 334: [ 27.213831] kasan_save_stack+0x45/0x70 [ 27.214046] kasan_save_track+0x18/0x40 [ 27.214218] kasan_save_alloc_info+0x3b/0x50 [ 27.214791] __kasan_kmalloc+0xb7/0xc0 [ 27.214939] __kmalloc_noprof+0x1c9/0x500 [ 27.215253] kunit_kmalloc_array+0x25/0x60 [ 27.215452] copy_user_test_oob+0xab/0x10f0 [ 27.215758] kunit_try_run_case+0x1a5/0x480 [ 27.215961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.216332] kthread+0x337/0x6f0 [ 27.216661] ret_from_fork+0x116/0x1d0 [ 27.216802] ret_from_fork_asm+0x1a/0x30 [ 27.216934] [ 27.217001] The buggy address belongs to the object at ffff888105ab1d00 [ 27.217001] which belongs to the cache kmalloc-128 of size 128 [ 27.217965] The buggy address is located 0 bytes to the right of [ 27.217965] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.219350] [ 27.219531] The buggy address belongs to the physical page: [ 27.220142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.220522] flags: 0x200000000000000(node=0|zone=2) [ 27.220683] page_type: f5(slab) [ 27.220799] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.221023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.221363] page dumped because: kasan: bad access detected [ 27.221878] [ 27.222054] Memory state around the buggy address: [ 27.222567] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.223181] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.223792] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.224439] ^ [ 27.225035] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.225683] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.226138] ================================================================== [ 27.179646] ================================================================== [ 27.179890] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 27.180353] Write of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.180911] [ 27.181027] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.181075] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.181089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.181113] Call Trace: [ 27.181131] <TASK> [ 27.181149] dump_stack_lvl+0x73/0xb0 [ 27.181180] print_report+0xd1/0x650 [ 27.181403] ? __virt_addr_valid+0x1db/0x2d0 [ 27.181432] ? strncpy_from_user+0x2e/0x1d0 [ 27.181468] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.181496] ? strncpy_from_user+0x2e/0x1d0 [ 27.181521] kasan_report+0x141/0x180 [ 27.181659] ? strncpy_from_user+0x2e/0x1d0 [ 27.181696] kasan_check_range+0x10c/0x1c0 [ 27.181723] __kasan_check_write+0x18/0x20 [ 27.181748] strncpy_from_user+0x2e/0x1d0 [ 27.181772] ? __kasan_check_read+0x15/0x20 [ 27.181798] copy_user_test_oob+0x760/0x10f0 [ 27.181824] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.181855] ? finish_task_switch.isra.0+0x153/0x700 [ 27.181879] ? __switch_to+0x47/0xf50 [ 27.181907] ? __schedule+0x10cc/0x2b60 [ 27.181935] ? __pfx_read_tsc+0x10/0x10 [ 27.181958] ? ktime_get_ts64+0x86/0x230 [ 27.181983] kunit_try_run_case+0x1a5/0x480 [ 27.182011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.182036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.182059] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.182088] ? __kthread_parkme+0x82/0x180 [ 27.182110] ? preempt_count_sub+0x50/0x80 [ 27.182134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.182161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.182187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.182225] kthread+0x337/0x6f0 [ 27.182246] ? trace_preempt_on+0x20/0xc0 [ 27.182270] ? __pfx_kthread+0x10/0x10 [ 27.182292] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.182317] ? calculate_sigpending+0x7b/0xa0 [ 27.182343] ? __pfx_kthread+0x10/0x10 [ 27.182367] ret_from_fork+0x116/0x1d0 [ 27.182387] ? __pfx_kthread+0x10/0x10 [ 27.182410] ret_from_fork_asm+0x1a/0x30 [ 27.182442] </TASK> [ 27.182466] [ 27.191858] Allocated by task 334: [ 27.192170] kasan_save_stack+0x45/0x70 [ 27.192359] kasan_save_track+0x18/0x40 [ 27.192660] kasan_save_alloc_info+0x3b/0x50 [ 27.192857] __kasan_kmalloc+0xb7/0xc0 [ 27.193090] __kmalloc_noprof+0x1c9/0x500 [ 27.193269] kunit_kmalloc_array+0x25/0x60 [ 27.193626] copy_user_test_oob+0xab/0x10f0 [ 27.193831] kunit_try_run_case+0x1a5/0x480 [ 27.194135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.194379] kthread+0x337/0x6f0 [ 27.194617] ret_from_fork+0x116/0x1d0 [ 27.194782] ret_from_fork_asm+0x1a/0x30 [ 27.194961] [ 27.195048] The buggy address belongs to the object at ffff888105ab1d00 [ 27.195048] which belongs to the cache kmalloc-128 of size 128 [ 27.195835] The buggy address is located 0 bytes inside of [ 27.195835] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.196465] [ 27.196560] The buggy address belongs to the physical page: [ 27.196747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.197244] flags: 0x200000000000000(node=0|zone=2) [ 27.197532] page_type: f5(slab) [ 27.197658] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.198083] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.198512] page dumped because: kasan: bad access detected [ 27.198761] [ 27.199004] Memory state around the buggy address: [ 27.199175] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.199530] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.199827] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.200112] ^ [ 27.200636] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.200990] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.201284] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 27.113168] ================================================================== [ 27.113823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.114229] Read of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.114517] [ 27.114812] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.114861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.114876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.114986] Call Trace: [ 27.115002] <TASK> [ 27.115018] dump_stack_lvl+0x73/0xb0 [ 27.115048] print_report+0xd1/0x650 [ 27.115072] ? __virt_addr_valid+0x1db/0x2d0 [ 27.115098] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.115122] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.115323] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.115349] kasan_report+0x141/0x180 [ 27.115373] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.115402] kasan_check_range+0x10c/0x1c0 [ 27.115427] __kasan_check_read+0x15/0x20 [ 27.115451] copy_user_test_oob+0x4aa/0x10f0 [ 27.115489] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.115514] ? finish_task_switch.isra.0+0x153/0x700 [ 27.115538] ? __switch_to+0x47/0xf50 [ 27.115564] ? __schedule+0x10cc/0x2b60 [ 27.115591] ? __pfx_read_tsc+0x10/0x10 [ 27.115614] ? ktime_get_ts64+0x86/0x230 [ 27.115639] kunit_try_run_case+0x1a5/0x480 [ 27.115665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.115690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.115712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.115739] ? __kthread_parkme+0x82/0x180 [ 27.115760] ? preempt_count_sub+0x50/0x80 [ 27.115785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.115811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.115836] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.115862] kthread+0x337/0x6f0 [ 27.115883] ? trace_preempt_on+0x20/0xc0 [ 27.115907] ? __pfx_kthread+0x10/0x10 [ 27.115930] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.115955] ? calculate_sigpending+0x7b/0xa0 [ 27.115980] ? __pfx_kthread+0x10/0x10 [ 27.116003] ret_from_fork+0x116/0x1d0 [ 27.116024] ? __pfx_kthread+0x10/0x10 [ 27.116046] ret_from_fork_asm+0x1a/0x30 [ 27.116079] </TASK> [ 27.116091] [ 27.125354] Allocated by task 334: [ 27.125668] kasan_save_stack+0x45/0x70 [ 27.125844] kasan_save_track+0x18/0x40 [ 27.126093] kasan_save_alloc_info+0x3b/0x50 [ 27.126272] __kasan_kmalloc+0xb7/0xc0 [ 27.126616] __kmalloc_noprof+0x1c9/0x500 [ 27.126807] kunit_kmalloc_array+0x25/0x60 [ 27.127115] copy_user_test_oob+0xab/0x10f0 [ 27.127342] kunit_try_run_case+0x1a5/0x480 [ 27.127542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.127769] kthread+0x337/0x6f0 [ 27.127926] ret_from_fork+0x116/0x1d0 [ 27.128087] ret_from_fork_asm+0x1a/0x30 [ 27.128555] [ 27.128650] The buggy address belongs to the object at ffff888105ab1d00 [ 27.128650] which belongs to the cache kmalloc-128 of size 128 [ 27.129230] The buggy address is located 0 bytes inside of [ 27.129230] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.129903] [ 27.130061] The buggy address belongs to the physical page: [ 27.130294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.130735] flags: 0x200000000000000(node=0|zone=2) [ 27.130972] page_type: f5(slab) [ 27.131279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.131650] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.132044] page dumped because: kasan: bad access detected [ 27.132294] [ 27.132389] Memory state around the buggy address: [ 27.132594] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.132881] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.133170] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.133451] ^ [ 27.133741] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.134028] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.134313] ================================================================== [ 27.157040] ================================================================== [ 27.157552] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.158013] Read of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.158375] [ 27.158489] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.158688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.158704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.158728] Call Trace: [ 27.158747] <TASK> [ 27.158765] dump_stack_lvl+0x73/0xb0 [ 27.158798] print_report+0xd1/0x650 [ 27.158823] ? __virt_addr_valid+0x1db/0x2d0 [ 27.158848] ? copy_user_test_oob+0x604/0x10f0 [ 27.158872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.158899] ? copy_user_test_oob+0x604/0x10f0 [ 27.158924] kasan_report+0x141/0x180 [ 27.158947] ? copy_user_test_oob+0x604/0x10f0 [ 27.158976] kasan_check_range+0x10c/0x1c0 [ 27.159002] __kasan_check_read+0x15/0x20 [ 27.159026] copy_user_test_oob+0x604/0x10f0 [ 27.159053] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.159076] ? finish_task_switch.isra.0+0x153/0x700 [ 27.159099] ? __switch_to+0x47/0xf50 [ 27.159126] ? __schedule+0x10cc/0x2b60 [ 27.159153] ? __pfx_read_tsc+0x10/0x10 [ 27.159176] ? ktime_get_ts64+0x86/0x230 [ 27.159289] kunit_try_run_case+0x1a5/0x480 [ 27.159320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.159345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.159368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.159396] ? __kthread_parkme+0x82/0x180 [ 27.159418] ? preempt_count_sub+0x50/0x80 [ 27.159442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.159485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.159510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.159537] kthread+0x337/0x6f0 [ 27.159560] ? trace_preempt_on+0x20/0xc0 [ 27.159585] ? __pfx_kthread+0x10/0x10 [ 27.159607] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.159633] ? calculate_sigpending+0x7b/0xa0 [ 27.159657] ? __pfx_kthread+0x10/0x10 [ 27.159681] ret_from_fork+0x116/0x1d0 [ 27.159701] ? __pfx_kthread+0x10/0x10 [ 27.159724] ret_from_fork_asm+0x1a/0x30 [ 27.159757] </TASK> [ 27.159769] [ 27.168971] Allocated by task 334: [ 27.169145] kasan_save_stack+0x45/0x70 [ 27.169474] kasan_save_track+0x18/0x40 [ 27.169625] kasan_save_alloc_info+0x3b/0x50 [ 27.169990] __kasan_kmalloc+0xb7/0xc0 [ 27.170284] __kmalloc_noprof+0x1c9/0x500 [ 27.170450] kunit_kmalloc_array+0x25/0x60 [ 27.170780] copy_user_test_oob+0xab/0x10f0 [ 27.171045] kunit_try_run_case+0x1a5/0x480 [ 27.171299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.171550] kthread+0x337/0x6f0 [ 27.171703] ret_from_fork+0x116/0x1d0 [ 27.171866] ret_from_fork_asm+0x1a/0x30 [ 27.172040] [ 27.172115] The buggy address belongs to the object at ffff888105ab1d00 [ 27.172115] which belongs to the cache kmalloc-128 of size 128 [ 27.172947] The buggy address is located 0 bytes inside of [ 27.172947] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.173639] [ 27.173730] The buggy address belongs to the physical page: [ 27.173951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.174530] flags: 0x200000000000000(node=0|zone=2) [ 27.174813] page_type: f5(slab) [ 27.174941] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.175475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.175848] page dumped because: kasan: bad access detected [ 27.176081] [ 27.176162] Memory state around the buggy address: [ 27.176558] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.176854] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.177140] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.177699] ^ [ 27.178058] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.178401] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.178809] ================================================================== [ 27.091359] ================================================================== [ 27.091705] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.092120] Write of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.092574] [ 27.092671] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.092725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.092741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.092765] Call Trace: [ 27.092781] <TASK> [ 27.092799] dump_stack_lvl+0x73/0xb0 [ 27.092829] print_report+0xd1/0x650 [ 27.092853] ? __virt_addr_valid+0x1db/0x2d0 [ 27.092878] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.092902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.092929] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.092954] kasan_report+0x141/0x180 [ 27.092976] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.093006] kasan_check_range+0x10c/0x1c0 [ 27.093031] __kasan_check_write+0x18/0x20 [ 27.093055] copy_user_test_oob+0x3fd/0x10f0 [ 27.093082] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.093105] ? finish_task_switch.isra.0+0x153/0x700 [ 27.093130] ? __switch_to+0x47/0xf50 [ 27.093156] ? __schedule+0x10cc/0x2b60 [ 27.093183] ? __pfx_read_tsc+0x10/0x10 [ 27.093526] ? ktime_get_ts64+0x86/0x230 [ 27.093555] kunit_try_run_case+0x1a5/0x480 [ 27.093583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.093633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.093659] ? __kthread_parkme+0x82/0x180 [ 27.093682] ? preempt_count_sub+0x50/0x80 [ 27.093707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.093761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.093786] kthread+0x337/0x6f0 [ 27.093808] ? trace_preempt_on+0x20/0xc0 [ 27.093833] ? __pfx_kthread+0x10/0x10 [ 27.093868] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.093893] ? calculate_sigpending+0x7b/0xa0 [ 27.093918] ? __pfx_kthread+0x10/0x10 [ 27.093942] ret_from_fork+0x116/0x1d0 [ 27.093962] ? __pfx_kthread+0x10/0x10 [ 27.093985] ret_from_fork_asm+0x1a/0x30 [ 27.094017] </TASK> [ 27.094030] [ 27.103025] Allocated by task 334: [ 27.103273] kasan_save_stack+0x45/0x70 [ 27.103672] kasan_save_track+0x18/0x40 [ 27.103908] kasan_save_alloc_info+0x3b/0x50 [ 27.104104] __kasan_kmalloc+0xb7/0xc0 [ 27.104405] __kmalloc_noprof+0x1c9/0x500 [ 27.104619] kunit_kmalloc_array+0x25/0x60 [ 27.104911] copy_user_test_oob+0xab/0x10f0 [ 27.105184] kunit_try_run_case+0x1a5/0x480 [ 27.105435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.105740] kthread+0x337/0x6f0 [ 27.105877] ret_from_fork+0x116/0x1d0 [ 27.106063] ret_from_fork_asm+0x1a/0x30 [ 27.106415] [ 27.106520] The buggy address belongs to the object at ffff888105ab1d00 [ 27.106520] which belongs to the cache kmalloc-128 of size 128 [ 27.107120] The buggy address is located 0 bytes inside of [ 27.107120] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.107749] [ 27.107842] The buggy address belongs to the physical page: [ 27.108067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.108586] flags: 0x200000000000000(node=0|zone=2) [ 27.108873] page_type: f5(slab) [ 27.109007] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.109450] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.109856] page dumped because: kasan: bad access detected [ 27.110084] [ 27.110154] Memory state around the buggy address: [ 27.110359] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.110665] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.110956] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.111240] ^ [ 27.111832] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.112195] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.112442] ================================================================== [ 27.135229] ================================================================== [ 27.135651] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.136029] Write of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.136325] [ 27.136405] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.136695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.136712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.136736] Call Trace: [ 27.136751] <TASK> [ 27.136768] dump_stack_lvl+0x73/0xb0 [ 27.136799] print_report+0xd1/0x650 [ 27.136823] ? __virt_addr_valid+0x1db/0x2d0 [ 27.136847] ? copy_user_test_oob+0x557/0x10f0 [ 27.136871] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.136900] ? copy_user_test_oob+0x557/0x10f0 [ 27.136926] kasan_report+0x141/0x180 [ 27.136949] ? copy_user_test_oob+0x557/0x10f0 [ 27.136978] kasan_check_range+0x10c/0x1c0 [ 27.137003] __kasan_check_write+0x18/0x20 [ 27.137028] copy_user_test_oob+0x557/0x10f0 [ 27.137055] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.137079] ? finish_task_switch.isra.0+0x153/0x700 [ 27.137102] ? __switch_to+0x47/0xf50 [ 27.137129] ? __schedule+0x10cc/0x2b60 [ 27.137155] ? __pfx_read_tsc+0x10/0x10 [ 27.137177] ? ktime_get_ts64+0x86/0x230 [ 27.137217] kunit_try_run_case+0x1a5/0x480 [ 27.137244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.137270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.137291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.137318] ? __kthread_parkme+0x82/0x180 [ 27.137340] ? preempt_count_sub+0x50/0x80 [ 27.137364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.137390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.137415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.137441] kthread+0x337/0x6f0 [ 27.137474] ? trace_preempt_on+0x20/0xc0 [ 27.137498] ? __pfx_kthread+0x10/0x10 [ 27.137521] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.137545] ? calculate_sigpending+0x7b/0xa0 [ 27.137571] ? __pfx_kthread+0x10/0x10 [ 27.137595] ret_from_fork+0x116/0x1d0 [ 27.137615] ? __pfx_kthread+0x10/0x10 [ 27.137638] ret_from_fork_asm+0x1a/0x30 [ 27.137670] </TASK> [ 27.137683] [ 27.146845] Allocated by task 334: [ 27.147135] kasan_save_stack+0x45/0x70 [ 27.147401] kasan_save_track+0x18/0x40 [ 27.147589] kasan_save_alloc_info+0x3b/0x50 [ 27.147785] __kasan_kmalloc+0xb7/0xc0 [ 27.147967] __kmalloc_noprof+0x1c9/0x500 [ 27.148138] kunit_kmalloc_array+0x25/0x60 [ 27.148634] copy_user_test_oob+0xab/0x10f0 [ 27.148811] kunit_try_run_case+0x1a5/0x480 [ 27.149017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.149377] kthread+0x337/0x6f0 [ 27.149669] ret_from_fork+0x116/0x1d0 [ 27.149814] ret_from_fork_asm+0x1a/0x30 [ 27.150083] [ 27.150247] The buggy address belongs to the object at ffff888105ab1d00 [ 27.150247] which belongs to the cache kmalloc-128 of size 128 [ 27.150874] The buggy address is located 0 bytes inside of [ 27.150874] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.151427] [ 27.151605] The buggy address belongs to the physical page: [ 27.151855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.152179] flags: 0x200000000000000(node=0|zone=2) [ 27.152592] page_type: f5(slab) [ 27.152749] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.153164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.153545] page dumped because: kasan: bad access detected [ 27.153772] [ 27.153876] Memory state around the buggy address: [ 27.154244] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.154647] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.154908] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.155316] ^ [ 27.155637] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.155936] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.156226] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 27.064006] ================================================================== [ 27.064442] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 27.064851] Read of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.065225] [ 27.065318] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.065393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.065586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.065612] Call Trace: [ 27.065632] <TASK> [ 27.065651] dump_stack_lvl+0x73/0xb0 [ 27.065683] print_report+0xd1/0x650 [ 27.065709] ? __virt_addr_valid+0x1db/0x2d0 [ 27.065735] ? _copy_to_user+0x3c/0x70 [ 27.065756] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.065784] ? _copy_to_user+0x3c/0x70 [ 27.065806] kasan_report+0x141/0x180 [ 27.065829] ? _copy_to_user+0x3c/0x70 [ 27.065863] kasan_check_range+0x10c/0x1c0 [ 27.065888] __kasan_check_read+0x15/0x20 [ 27.065912] _copy_to_user+0x3c/0x70 [ 27.065935] copy_user_test_oob+0x364/0x10f0 [ 27.065962] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.065986] ? finish_task_switch.isra.0+0x153/0x700 [ 27.066010] ? __switch_to+0x47/0xf50 [ 27.066037] ? __schedule+0x10cc/0x2b60 [ 27.066064] ? __pfx_read_tsc+0x10/0x10 [ 27.066086] ? ktime_get_ts64+0x86/0x230 [ 27.066112] kunit_try_run_case+0x1a5/0x480 [ 27.066138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.066163] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.066186] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.066241] ? __kthread_parkme+0x82/0x180 [ 27.066263] ? preempt_count_sub+0x50/0x80 [ 27.066288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.066315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.066340] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.066366] kthread+0x337/0x6f0 [ 27.066388] ? trace_preempt_on+0x20/0xc0 [ 27.066411] ? __pfx_kthread+0x10/0x10 [ 27.066435] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.066470] ? calculate_sigpending+0x7b/0xa0 [ 27.066497] ? __pfx_kthread+0x10/0x10 [ 27.066521] ret_from_fork+0x116/0x1d0 [ 27.066542] ? __pfx_kthread+0x10/0x10 [ 27.066565] ret_from_fork_asm+0x1a/0x30 [ 27.066597] </TASK> [ 27.066610] [ 27.076720] Allocated by task 334: [ 27.076890] kasan_save_stack+0x45/0x70 [ 27.077221] kasan_save_track+0x18/0x40 [ 27.077434] kasan_save_alloc_info+0x3b/0x50 [ 27.077798] __kasan_kmalloc+0xb7/0xc0 [ 27.078061] __kmalloc_noprof+0x1c9/0x500 [ 27.078399] kunit_kmalloc_array+0x25/0x60 [ 27.078582] copy_user_test_oob+0xab/0x10f0 [ 27.078891] kunit_try_run_case+0x1a5/0x480 [ 27.079173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.079388] kthread+0x337/0x6f0 [ 27.079550] ret_from_fork+0x116/0x1d0 [ 27.079721] ret_from_fork_asm+0x1a/0x30 [ 27.079902] [ 27.079977] The buggy address belongs to the object at ffff888105ab1d00 [ 27.079977] which belongs to the cache kmalloc-128 of size 128 [ 27.080824] The buggy address is located 0 bytes inside of [ 27.080824] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.081511] [ 27.081613] The buggy address belongs to the physical page: [ 27.081986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.082437] flags: 0x200000000000000(node=0|zone=2) [ 27.082751] page_type: f5(slab) [ 27.082905] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.083352] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.083729] page dumped because: kasan: bad access detected [ 27.083921] [ 27.084008] Memory state around the buggy address: [ 27.084236] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.084758] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.085124] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.085624] ^ [ 27.085931] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.086372] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.086741] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 27.037047] ================================================================== [ 27.037777] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 27.038502] Write of size 121 at addr ffff888105ab1d00 by task kunit_try_catch/334 [ 27.038924] [ 27.039026] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 27.039083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.039098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.039124] Call Trace: [ 27.039140] <TASK> [ 27.039162] dump_stack_lvl+0x73/0xb0 [ 27.039196] print_report+0xd1/0x650 [ 27.039437] ? __virt_addr_valid+0x1db/0x2d0 [ 27.039491] ? _copy_from_user+0x32/0x90 [ 27.039516] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.039545] ? _copy_from_user+0x32/0x90 [ 27.039568] kasan_report+0x141/0x180 [ 27.039592] ? _copy_from_user+0x32/0x90 [ 27.039619] kasan_check_range+0x10c/0x1c0 [ 27.039644] __kasan_check_write+0x18/0x20 [ 27.039668] _copy_from_user+0x32/0x90 [ 27.039692] copy_user_test_oob+0x2be/0x10f0 [ 27.039719] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.039743] ? finish_task_switch.isra.0+0x153/0x700 [ 27.039768] ? __switch_to+0x47/0xf50 [ 27.039797] ? __schedule+0x10cc/0x2b60 [ 27.039825] ? __pfx_read_tsc+0x10/0x10 [ 27.039848] ? ktime_get_ts64+0x86/0x230 [ 27.039875] kunit_try_run_case+0x1a5/0x480 [ 27.039901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.039926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.039949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.039977] ? __kthread_parkme+0x82/0x180 [ 27.039999] ? preempt_count_sub+0x50/0x80 [ 27.040023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.040050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.040076] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.040101] kthread+0x337/0x6f0 [ 27.040122] ? trace_preempt_on+0x20/0xc0 [ 27.040148] ? __pfx_kthread+0x10/0x10 [ 27.040170] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.040195] ? calculate_sigpending+0x7b/0xa0 [ 27.040221] ? __pfx_kthread+0x10/0x10 [ 27.040244] ret_from_fork+0x116/0x1d0 [ 27.040265] ? __pfx_kthread+0x10/0x10 [ 27.040287] ret_from_fork_asm+0x1a/0x30 [ 27.040320] </TASK> [ 27.040334] [ 27.049909] Allocated by task 334: [ 27.050212] kasan_save_stack+0x45/0x70 [ 27.050545] kasan_save_track+0x18/0x40 [ 27.050823] kasan_save_alloc_info+0x3b/0x50 [ 27.051151] __kasan_kmalloc+0xb7/0xc0 [ 27.051342] __kmalloc_noprof+0x1c9/0x500 [ 27.051626] kunit_kmalloc_array+0x25/0x60 [ 27.051893] copy_user_test_oob+0xab/0x10f0 [ 27.052050] kunit_try_run_case+0x1a5/0x480 [ 27.052421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.052783] kthread+0x337/0x6f0 [ 27.052919] ret_from_fork+0x116/0x1d0 [ 27.053243] ret_from_fork_asm+0x1a/0x30 [ 27.053433] [ 27.053629] The buggy address belongs to the object at ffff888105ab1d00 [ 27.053629] which belongs to the cache kmalloc-128 of size 128 [ 27.054100] The buggy address is located 0 bytes inside of [ 27.054100] allocated 120-byte region [ffff888105ab1d00, ffff888105ab1d78) [ 27.054834] [ 27.055003] The buggy address belongs to the physical page: [ 27.055332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 27.055749] flags: 0x200000000000000(node=0|zone=2) [ 27.056077] page_type: f5(slab) [ 27.056224] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.056700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.057072] page dumped because: kasan: bad access detected [ 27.057345] [ 27.057596] Memory state around the buggy address: [ 27.057978] ffff888105ab1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.058314] ffff888105ab1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.058688] >ffff888105ab1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.059046] ^ [ 27.059446] ffff888105ab1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.059785] ffff888105ab1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.060028] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 26.959086] ================================================================== [ 26.960482] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 26.960749] Read of size 8 at addr ffff888105540b78 by task kunit_try_catch/330 [ 26.961466] [ 26.961694] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.961781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.961796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.961822] Call Trace: [ 26.961838] <TASK> [ 26.961863] dump_stack_lvl+0x73/0xb0 [ 26.961921] print_report+0xd1/0x650 [ 26.961947] ? __virt_addr_valid+0x1db/0x2d0 [ 26.961973] ? copy_to_kernel_nofault+0x225/0x260 [ 26.961998] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.962026] ? copy_to_kernel_nofault+0x225/0x260 [ 26.962050] kasan_report+0x141/0x180 [ 26.962074] ? copy_to_kernel_nofault+0x225/0x260 [ 26.962103] __asan_report_load8_noabort+0x18/0x20 [ 26.962136] copy_to_kernel_nofault+0x225/0x260 [ 26.962162] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 26.962188] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.962212] ? finish_task_switch.isra.0+0x153/0x700 [ 26.962237] ? __schedule+0x10cc/0x2b60 [ 26.962264] ? trace_hardirqs_on+0x37/0xe0 [ 26.962323] ? __pfx_read_tsc+0x10/0x10 [ 26.962347] ? ktime_get_ts64+0x86/0x230 [ 26.962376] kunit_try_run_case+0x1a5/0x480 [ 26.962406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.962431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.962464] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.962491] ? __kthread_parkme+0x82/0x180 [ 26.962514] ? preempt_count_sub+0x50/0x80 [ 26.962537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.962564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.962589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.962627] kthread+0x337/0x6f0 [ 26.962649] ? trace_preempt_on+0x20/0xc0 [ 26.962672] ? __pfx_kthread+0x10/0x10 [ 26.962694] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.962719] ? calculate_sigpending+0x7b/0xa0 [ 26.962744] ? __pfx_kthread+0x10/0x10 [ 26.962767] ret_from_fork+0x116/0x1d0 [ 26.962789] ? __pfx_kthread+0x10/0x10 [ 26.962811] ret_from_fork_asm+0x1a/0x30 [ 26.962846] </TASK> [ 26.962859] [ 26.978843] Allocated by task 330: [ 26.979481] kasan_save_stack+0x45/0x70 [ 26.980092] kasan_save_track+0x18/0x40 [ 26.980651] kasan_save_alloc_info+0x3b/0x50 [ 26.981175] __kasan_kmalloc+0xb7/0xc0 [ 26.981646] __kmalloc_cache_noprof+0x189/0x420 [ 26.982283] copy_to_kernel_nofault_oob+0x12f/0x560 [ 26.982691] kunit_try_run_case+0x1a5/0x480 [ 26.982845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.983018] kthread+0x337/0x6f0 [ 26.983136] ret_from_fork+0x116/0x1d0 [ 26.983791] ret_from_fork_asm+0x1a/0x30 [ 26.984429] [ 26.984709] The buggy address belongs to the object at ffff888105540b00 [ 26.984709] which belongs to the cache kmalloc-128 of size 128 [ 26.986163] The buggy address is located 0 bytes to the right of [ 26.986163] allocated 120-byte region [ffff888105540b00, ffff888105540b78) [ 26.987693] [ 26.987953] The buggy address belongs to the physical page: [ 26.988489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 26.989010] flags: 0x200000000000000(node=0|zone=2) [ 26.989664] page_type: f5(slab) [ 26.989986] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.990538] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.991466] page dumped because: kasan: bad access detected [ 26.992243] [ 26.992348] Memory state around the buggy address: [ 26.992571] ffff888105540a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.993391] ffff888105540a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.993903] >ffff888105540b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.994139] ^ [ 26.995027] ffff888105540b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.995514] ffff888105540c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.995733] ================================================================== [ 26.996675] ================================================================== [ 26.997488] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 26.998135] Write of size 8 at addr ffff888105540b78 by task kunit_try_catch/330 [ 26.998867] [ 26.999045] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.999108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.999123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.999146] Call Trace: [ 26.999162] <TASK> [ 26.999192] dump_stack_lvl+0x73/0xb0 [ 26.999251] print_report+0xd1/0x650 [ 26.999276] ? __virt_addr_valid+0x1db/0x2d0 [ 26.999303] ? copy_to_kernel_nofault+0x99/0x260 [ 26.999327] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.999355] ? copy_to_kernel_nofault+0x99/0x260 [ 26.999379] kasan_report+0x141/0x180 [ 26.999403] ? copy_to_kernel_nofault+0x99/0x260 [ 26.999432] kasan_check_range+0x10c/0x1c0 [ 26.999466] __kasan_check_write+0x18/0x20 [ 26.999491] copy_to_kernel_nofault+0x99/0x260 [ 26.999517] copy_to_kernel_nofault_oob+0x288/0x560 [ 26.999542] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 26.999566] ? finish_task_switch.isra.0+0x153/0x700 [ 26.999590] ? __schedule+0x10cc/0x2b60 [ 26.999616] ? trace_hardirqs_on+0x37/0xe0 [ 26.999648] ? __pfx_read_tsc+0x10/0x10 [ 26.999671] ? ktime_get_ts64+0x86/0x230 [ 26.999697] kunit_try_run_case+0x1a5/0x480 [ 26.999725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.999749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.999772] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.999799] ? __kthread_parkme+0x82/0x180 [ 26.999819] ? preempt_count_sub+0x50/0x80 [ 26.999844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.999870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.999894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.999920] kthread+0x337/0x6f0 [ 26.999941] ? trace_preempt_on+0x20/0xc0 [ 26.999964] ? __pfx_kthread+0x10/0x10 [ 26.999986] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.000010] ? calculate_sigpending+0x7b/0xa0 [ 27.000036] ? __pfx_kthread+0x10/0x10 [ 27.000059] ret_from_fork+0x116/0x1d0 [ 27.000080] ? __pfx_kthread+0x10/0x10 [ 27.000103] ret_from_fork_asm+0x1a/0x30 [ 27.000135] </TASK> [ 27.000150] [ 27.010039] Allocated by task 330: [ 27.010184] kasan_save_stack+0x45/0x70 [ 27.010959] kasan_save_track+0x18/0x40 [ 27.011673] kasan_save_alloc_info+0x3b/0x50 [ 27.012277] __kasan_kmalloc+0xb7/0xc0 [ 27.012821] __kmalloc_cache_noprof+0x189/0x420 [ 27.012993] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.013346] kunit_try_run_case+0x1a5/0x480 [ 27.013873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.014589] kthread+0x337/0x6f0 [ 27.015091] ret_from_fork+0x116/0x1d0 [ 27.015680] ret_from_fork_asm+0x1a/0x30 [ 27.015871] [ 27.015943] The buggy address belongs to the object at ffff888105540b00 [ 27.015943] which belongs to the cache kmalloc-128 of size 128 [ 27.016297] The buggy address is located 0 bytes to the right of [ 27.016297] allocated 120-byte region [ffff888105540b00, ffff888105540b78) [ 27.017478] [ 27.017667] The buggy address belongs to the physical page: [ 27.018277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 27.019024] flags: 0x200000000000000(node=0|zone=2) [ 27.019517] page_type: f5(slab) [ 27.019887] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.020562] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.021302] page dumped because: kasan: bad access detected [ 27.021483] [ 27.021550] Memory state around the buggy address: [ 27.021701] ffff888105540a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.021921] ffff888105540a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.022131] >ffff888105540b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.022680] ^ [ 27.023399] ffff888105540b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.024092] ffff888105540c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.024790] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 26.711745] ================================================================== [ 26.712041] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 26.712391] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.712732] [ 26.712835] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.712883] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.712897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.712919] Call Trace: [ 26.712933] <TASK> [ 26.712950] dump_stack_lvl+0x73/0xb0 [ 26.712976] print_report+0xd1/0x650 [ 26.712999] ? __virt_addr_valid+0x1db/0x2d0 [ 26.713022] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.713048] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.713075] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.713102] kasan_report+0x141/0x180 [ 26.713124] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.713154] kasan_check_range+0x10c/0x1c0 [ 26.713178] __kasan_check_write+0x18/0x20 [ 26.713201] kasan_atomics_helper+0x1eaa/0x5450 [ 26.713228] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.713254] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.713279] ? kasan_atomics+0x152/0x310 [ 26.713306] kasan_atomics+0x1dc/0x310 [ 26.713329] ? __pfx_kasan_atomics+0x10/0x10 [ 26.713353] ? trace_hardirqs_on+0x37/0xe0 [ 26.713375] ? __pfx_read_tsc+0x10/0x10 [ 26.713396] ? ktime_get_ts64+0x86/0x230 [ 26.713421] kunit_try_run_case+0x1a5/0x480 [ 26.713445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.713520] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.713558] ? __kthread_parkme+0x82/0x180 [ 26.713593] ? preempt_count_sub+0x50/0x80 [ 26.713630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.713669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.713706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.713821] kthread+0x337/0x6f0 [ 26.713851] ? trace_preempt_on+0x20/0xc0 [ 26.713876] ? __pfx_kthread+0x10/0x10 [ 26.713897] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.713924] ? calculate_sigpending+0x7b/0xa0 [ 26.713948] ? __pfx_kthread+0x10/0x10 [ 26.713971] ret_from_fork+0x116/0x1d0 [ 26.714014] ? __pfx_kthread+0x10/0x10 [ 26.714037] ret_from_fork_asm+0x1a/0x30 [ 26.714069] </TASK> [ 26.714082] [ 26.721405] Allocated by task 314: [ 26.721612] kasan_save_stack+0x45/0x70 [ 26.721852] kasan_save_track+0x18/0x40 [ 26.722061] kasan_save_alloc_info+0x3b/0x50 [ 26.722322] __kasan_kmalloc+0xb7/0xc0 [ 26.722569] __kmalloc_cache_noprof+0x189/0x420 [ 26.722808] kasan_atomics+0x95/0x310 [ 26.722951] kunit_try_run_case+0x1a5/0x480 [ 26.723088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.723288] kthread+0x337/0x6f0 [ 26.723480] ret_from_fork+0x116/0x1d0 [ 26.723681] ret_from_fork_asm+0x1a/0x30 [ 26.723894] [ 26.724003] The buggy address belongs to the object at ffff888106195400 [ 26.724003] which belongs to the cache kmalloc-64 of size 64 [ 26.724519] The buggy address is located 0 bytes to the right of [ 26.724519] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.725144] [ 26.725247] The buggy address belongs to the physical page: [ 26.725524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.725875] flags: 0x200000000000000(node=0|zone=2) [ 26.726235] page_type: f5(slab) [ 26.726404] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.726759] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.727085] page dumped because: kasan: bad access detected [ 26.727420] [ 26.727532] Memory state around the buggy address: [ 26.727733] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.727936] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.728138] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.728336] ^ [ 26.728501] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.728847] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.729205] ================================================================== [ 25.890864] ================================================================== [ 25.891153] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 25.891600] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.891886] [ 25.891969] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.892019] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.892033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.892055] Call Trace: [ 25.892070] <TASK> [ 25.892086] dump_stack_lvl+0x73/0xb0 [ 25.892114] print_report+0xd1/0x650 [ 25.892137] ? __virt_addr_valid+0x1db/0x2d0 [ 25.892161] ? kasan_atomics_helper+0x860/0x5450 [ 25.892186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.892213] ? kasan_atomics_helper+0x860/0x5450 [ 25.892238] kasan_report+0x141/0x180 [ 25.892261] ? kasan_atomics_helper+0x860/0x5450 [ 25.892299] kasan_check_range+0x10c/0x1c0 [ 25.892324] __kasan_check_write+0x18/0x20 [ 25.892349] kasan_atomics_helper+0x860/0x5450 [ 25.892395] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.892422] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.892447] ? kasan_atomics+0x152/0x310 [ 25.892484] kasan_atomics+0x1dc/0x310 [ 25.892508] ? __pfx_kasan_atomics+0x10/0x10 [ 25.892530] ? trace_hardirqs_on+0x37/0xe0 [ 25.892555] ? __pfx_read_tsc+0x10/0x10 [ 25.892577] ? ktime_get_ts64+0x86/0x230 [ 25.892602] kunit_try_run_case+0x1a5/0x480 [ 25.892627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.892654] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.892677] ? __kthread_parkme+0x82/0x180 [ 25.892699] ? preempt_count_sub+0x50/0x80 [ 25.892723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.892749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.892774] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.892800] kthread+0x337/0x6f0 [ 25.892820] ? trace_preempt_on+0x20/0xc0 [ 25.892842] ? __pfx_kthread+0x10/0x10 [ 25.892864] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.892890] ? calculate_sigpending+0x7b/0xa0 [ 25.892915] ? __pfx_kthread+0x10/0x10 [ 25.892938] ret_from_fork+0x116/0x1d0 [ 25.892959] ? __pfx_kthread+0x10/0x10 [ 25.892981] ret_from_fork_asm+0x1a/0x30 [ 25.893014] </TASK> [ 25.893026] [ 25.901108] Allocated by task 314: [ 25.901333] kasan_save_stack+0x45/0x70 [ 25.901763] kasan_save_track+0x18/0x40 [ 25.901954] kasan_save_alloc_info+0x3b/0x50 [ 25.902098] __kasan_kmalloc+0xb7/0xc0 [ 25.902266] __kmalloc_cache_noprof+0x189/0x420 [ 25.902581] kasan_atomics+0x95/0x310 [ 25.902755] kunit_try_run_case+0x1a5/0x480 [ 25.902952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.903156] kthread+0x337/0x6f0 [ 25.903388] ret_from_fork+0x116/0x1d0 [ 25.903589] ret_from_fork_asm+0x1a/0x30 [ 25.903795] [ 25.903863] The buggy address belongs to the object at ffff888106195400 [ 25.903863] which belongs to the cache kmalloc-64 of size 64 [ 25.904365] The buggy address is located 0 bytes to the right of [ 25.904365] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.904971] [ 25.905038] The buggy address belongs to the physical page: [ 25.905204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.905436] flags: 0x200000000000000(node=0|zone=2) [ 25.905676] page_type: f5(slab) [ 25.906037] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.906660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.907015] page dumped because: kasan: bad access detected [ 25.907317] [ 25.907437] Memory state around the buggy address: [ 25.907597] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.907808] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.908017] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.908410] ^ [ 25.908829] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.909149] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.909440] ================================================================== [ 26.009603] ================================================================== [ 26.009910] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 26.010141] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.010973] [ 26.011076] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.011125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.011139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.011219] Call Trace: [ 26.011233] <TASK> [ 26.011249] dump_stack_lvl+0x73/0xb0 [ 26.011279] print_report+0xd1/0x650 [ 26.011302] ? __virt_addr_valid+0x1db/0x2d0 [ 26.011327] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.011352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.011380] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.011406] kasan_report+0x141/0x180 [ 26.011428] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.011471] kasan_check_range+0x10c/0x1c0 [ 26.011497] __kasan_check_write+0x18/0x20 [ 26.011522] kasan_atomics_helper+0xb6a/0x5450 [ 26.011549] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.011576] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.011603] ? kasan_atomics+0x152/0x310 [ 26.011630] kasan_atomics+0x1dc/0x310 [ 26.011653] ? __pfx_kasan_atomics+0x10/0x10 [ 26.011677] ? trace_hardirqs_on+0x37/0xe0 [ 26.011700] ? __pfx_read_tsc+0x10/0x10 [ 26.011723] ? ktime_get_ts64+0x86/0x230 [ 26.011748] kunit_try_run_case+0x1a5/0x480 [ 26.011774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.011800] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.011825] ? __kthread_parkme+0x82/0x180 [ 26.011847] ? preempt_count_sub+0x50/0x80 [ 26.011872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.011898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.011924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.011950] kthread+0x337/0x6f0 [ 26.011970] ? trace_preempt_on+0x20/0xc0 [ 26.011993] ? __pfx_kthread+0x10/0x10 [ 26.012016] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.012041] ? calculate_sigpending+0x7b/0xa0 [ 26.012067] ? __pfx_kthread+0x10/0x10 [ 26.012090] ret_from_fork+0x116/0x1d0 [ 26.012111] ? __pfx_kthread+0x10/0x10 [ 26.012134] ret_from_fork_asm+0x1a/0x30 [ 26.012246] </TASK> [ 26.012259] [ 26.019883] Allocated by task 314: [ 26.020049] kasan_save_stack+0x45/0x70 [ 26.020191] kasan_save_track+0x18/0x40 [ 26.020321] kasan_save_alloc_info+0x3b/0x50 [ 26.020645] __kasan_kmalloc+0xb7/0xc0 [ 26.020851] __kmalloc_cache_noprof+0x189/0x420 [ 26.021072] kasan_atomics+0x95/0x310 [ 26.021331] kunit_try_run_case+0x1a5/0x480 [ 26.021685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.021995] kthread+0x337/0x6f0 [ 26.022249] ret_from_fork+0x116/0x1d0 [ 26.022419] ret_from_fork_asm+0x1a/0x30 [ 26.022589] [ 26.022657] The buggy address belongs to the object at ffff888106195400 [ 26.022657] which belongs to the cache kmalloc-64 of size 64 [ 26.023098] The buggy address is located 0 bytes to the right of [ 26.023098] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.023929] [ 26.024029] The buggy address belongs to the physical page: [ 26.024206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.024439] flags: 0x200000000000000(node=0|zone=2) [ 26.024608] page_type: f5(slab) [ 26.024724] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.025237] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.026106] page dumped because: kasan: bad access detected [ 26.026400] [ 26.026488] Memory state around the buggy address: [ 26.026641] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.026958] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.027446] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.027743] ^ [ 26.027940] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.028431] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.028730] ================================================================== [ 25.756794] ================================================================== [ 25.757074] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 25.757358] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.757745] [ 25.758141] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.758193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.758208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.758231] Call Trace: [ 25.758247] <TASK> [ 25.758264] dump_stack_lvl+0x73/0xb0 [ 25.758294] print_report+0xd1/0x650 [ 25.758317] ? __virt_addr_valid+0x1db/0x2d0 [ 25.758341] ? kasan_atomics_helper+0x565/0x5450 [ 25.758366] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.758393] ? kasan_atomics_helper+0x565/0x5450 [ 25.758486] kasan_report+0x141/0x180 [ 25.758510] ? kasan_atomics_helper+0x565/0x5450 [ 25.758541] kasan_check_range+0x10c/0x1c0 [ 25.758566] __kasan_check_write+0x18/0x20 [ 25.758590] kasan_atomics_helper+0x565/0x5450 [ 25.758619] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.758646] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.758671] ? kasan_atomics+0x152/0x310 [ 25.758699] kasan_atomics+0x1dc/0x310 [ 25.758723] ? __pfx_kasan_atomics+0x10/0x10 [ 25.758746] ? trace_hardirqs_on+0x37/0xe0 [ 25.758769] ? __pfx_read_tsc+0x10/0x10 [ 25.758793] ? ktime_get_ts64+0x86/0x230 [ 25.758819] kunit_try_run_case+0x1a5/0x480 [ 25.758844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.758871] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.758895] ? __kthread_parkme+0x82/0x180 [ 25.758917] ? preempt_count_sub+0x50/0x80 [ 25.758941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.758968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.758993] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.759018] kthread+0x337/0x6f0 [ 25.759040] ? trace_preempt_on+0x20/0xc0 [ 25.759063] ? __pfx_kthread+0x10/0x10 [ 25.759086] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.759112] ? calculate_sigpending+0x7b/0xa0 [ 25.759138] ? __pfx_kthread+0x10/0x10 [ 25.759161] ret_from_fork+0x116/0x1d0 [ 25.759182] ? __pfx_kthread+0x10/0x10 [ 25.759204] ret_from_fork_asm+0x1a/0x30 [ 25.759237] </TASK> [ 25.759248] [ 25.766697] Allocated by task 314: [ 25.766873] kasan_save_stack+0x45/0x70 [ 25.767073] kasan_save_track+0x18/0x40 [ 25.767257] kasan_save_alloc_info+0x3b/0x50 [ 25.767450] __kasan_kmalloc+0xb7/0xc0 [ 25.767590] __kmalloc_cache_noprof+0x189/0x420 [ 25.767738] kasan_atomics+0x95/0x310 [ 25.768238] kunit_try_run_case+0x1a5/0x480 [ 25.768478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.768732] kthread+0x337/0x6f0 [ 25.768900] ret_from_fork+0x116/0x1d0 [ 25.769068] ret_from_fork_asm+0x1a/0x30 [ 25.769417] [ 25.769519] The buggy address belongs to the object at ffff888106195400 [ 25.769519] which belongs to the cache kmalloc-64 of size 64 [ 25.769972] The buggy address is located 0 bytes to the right of [ 25.769972] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.770413] [ 25.770489] The buggy address belongs to the physical page: [ 25.770656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.771113] flags: 0x200000000000000(node=0|zone=2) [ 25.771449] page_type: f5(slab) [ 25.771643] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.771891] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.772111] page dumped because: kasan: bad access detected [ 25.772654] [ 25.772762] Memory state around the buggy address: [ 25.772980] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.773492] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.773728] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.773974] ^ [ 25.774190] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.774687] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.774967] ================================================================== [ 26.272594] ================================================================== [ 26.272932] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 26.273441] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.273732] [ 26.273835] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.273890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.273903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.273926] Call Trace: [ 26.273940] <TASK> [ 26.273955] dump_stack_lvl+0x73/0xb0 [ 26.273982] print_report+0xd1/0x650 [ 26.274005] ? __virt_addr_valid+0x1db/0x2d0 [ 26.274029] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.274057] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.274083] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.274110] kasan_report+0x141/0x180 [ 26.274133] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.274163] __asan_report_load4_noabort+0x18/0x20 [ 26.274189] kasan_atomics_helper+0x49e8/0x5450 [ 26.274230] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.274257] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.274282] ? kasan_atomics+0x152/0x310 [ 26.274308] kasan_atomics+0x1dc/0x310 [ 26.274331] ? __pfx_kasan_atomics+0x10/0x10 [ 26.274355] ? trace_hardirqs_on+0x37/0xe0 [ 26.274378] ? __pfx_read_tsc+0x10/0x10 [ 26.274401] ? ktime_get_ts64+0x86/0x230 [ 26.274426] kunit_try_run_case+0x1a5/0x480 [ 26.274452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.274490] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.274514] ? __kthread_parkme+0x82/0x180 [ 26.274536] ? preempt_count_sub+0x50/0x80 [ 26.274561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.274586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.274611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.274637] kthread+0x337/0x6f0 [ 26.274658] ? trace_preempt_on+0x20/0xc0 [ 26.274681] ? __pfx_kthread+0x10/0x10 [ 26.274704] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.274729] ? calculate_sigpending+0x7b/0xa0 [ 26.274754] ? __pfx_kthread+0x10/0x10 [ 26.274777] ret_from_fork+0x116/0x1d0 [ 26.274798] ? __pfx_kthread+0x10/0x10 [ 26.274820] ret_from_fork_asm+0x1a/0x30 [ 26.274852] </TASK> [ 26.274864] [ 26.281605] Allocated by task 314: [ 26.281782] kasan_save_stack+0x45/0x70 [ 26.281987] kasan_save_track+0x18/0x40 [ 26.282176] kasan_save_alloc_info+0x3b/0x50 [ 26.282374] __kasan_kmalloc+0xb7/0xc0 [ 26.282574] __kmalloc_cache_noprof+0x189/0x420 [ 26.282748] kasan_atomics+0x95/0x310 [ 26.282927] kunit_try_run_case+0x1a5/0x480 [ 26.283113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.283362] kthread+0x337/0x6f0 [ 26.283506] ret_from_fork+0x116/0x1d0 [ 26.283666] ret_from_fork_asm+0x1a/0x30 [ 26.283832] [ 26.283923] The buggy address belongs to the object at ffff888106195400 [ 26.283923] which belongs to the cache kmalloc-64 of size 64 [ 26.284369] The buggy address is located 0 bytes to the right of [ 26.284369] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.284865] [ 26.284933] The buggy address belongs to the physical page: [ 26.285161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.285441] flags: 0x200000000000000(node=0|zone=2) [ 26.285680] page_type: f5(slab) [ 26.285844] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.286075] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.286579] page dumped because: kasan: bad access detected [ 26.286799] [ 26.286882] Memory state around the buggy address: [ 26.287045] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.287469] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.287756] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.288038] ^ [ 26.288255] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.288537] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.288824] ================================================================== [ 26.831254] ================================================================== [ 26.831989] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 26.832442] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.832682] [ 26.832761] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.832806] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.832820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.832843] Call Trace: [ 26.832860] <TASK> [ 26.832876] dump_stack_lvl+0x73/0xb0 [ 26.832902] print_report+0xd1/0x650 [ 26.832926] ? __virt_addr_valid+0x1db/0x2d0 [ 26.832950] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.832976] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.833003] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.833029] kasan_report+0x141/0x180 [ 26.833052] ? kasan_atomics_helper+0x4fb2/0x5450 [ 26.833083] __asan_report_load8_noabort+0x18/0x20 [ 26.833108] kasan_atomics_helper+0x4fb2/0x5450 [ 26.833135] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.833162] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.833188] ? kasan_atomics+0x152/0x310 [ 26.833214] kasan_atomics+0x1dc/0x310 [ 26.833238] ? __pfx_kasan_atomics+0x10/0x10 [ 26.833261] ? trace_hardirqs_on+0x37/0xe0 [ 26.833285] ? __pfx_read_tsc+0x10/0x10 [ 26.833307] ? ktime_get_ts64+0x86/0x230 [ 26.833333] kunit_try_run_case+0x1a5/0x480 [ 26.833360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.833386] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.833410] ? __kthread_parkme+0x82/0x180 [ 26.833432] ? preempt_count_sub+0x50/0x80 [ 26.833467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.833492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.833518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.833545] kthread+0x337/0x6f0 [ 26.833566] ? trace_preempt_on+0x20/0xc0 [ 26.833588] ? __pfx_kthread+0x10/0x10 [ 26.833611] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.833637] ? calculate_sigpending+0x7b/0xa0 [ 26.833662] ? __pfx_kthread+0x10/0x10 [ 26.833685] ret_from_fork+0x116/0x1d0 [ 26.833705] ? __pfx_kthread+0x10/0x10 [ 26.833727] ret_from_fork_asm+0x1a/0x30 [ 26.833760] </TASK> [ 26.833772] [ 26.846009] Allocated by task 314: [ 26.846693] kasan_save_stack+0x45/0x70 [ 26.847282] kasan_save_track+0x18/0x40 [ 26.847792] kasan_save_alloc_info+0x3b/0x50 [ 26.848352] __kasan_kmalloc+0xb7/0xc0 [ 26.848820] __kmalloc_cache_noprof+0x189/0x420 [ 26.849408] kasan_atomics+0x95/0x310 [ 26.849877] kunit_try_run_case+0x1a5/0x480 [ 26.850434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.851119] kthread+0x337/0x6f0 [ 26.851531] ret_from_fork+0x116/0x1d0 [ 26.851682] ret_from_fork_asm+0x1a/0x30 [ 26.851819] [ 26.851887] The buggy address belongs to the object at ffff888106195400 [ 26.851887] which belongs to the cache kmalloc-64 of size 64 [ 26.852542] The buggy address is located 0 bytes to the right of [ 26.852542] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.853316] [ 26.853553] The buggy address belongs to the physical page: [ 26.853798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.854121] flags: 0x200000000000000(node=0|zone=2) [ 26.854632] page_type: f5(slab) [ 26.854920] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.855376] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.855869] page dumped because: kasan: bad access detected [ 26.856258] [ 26.856352] Memory state around the buggy address: [ 26.856569] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.856847] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.857113] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.857729] ^ [ 26.858213] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.858630] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.858851] ================================================================== [ 26.657632] ================================================================== [ 26.658024] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 26.658436] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.658762] [ 26.658888] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.658935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.658948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.658969] Call Trace: [ 26.658986] <TASK> [ 26.659001] dump_stack_lvl+0x73/0xb0 [ 26.659029] print_report+0xd1/0x650 [ 26.659051] ? __virt_addr_valid+0x1db/0x2d0 [ 26.659075] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.659100] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.659127] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.659153] kasan_report+0x141/0x180 [ 26.659176] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.659229] kasan_check_range+0x10c/0x1c0 [ 26.659254] __kasan_check_write+0x18/0x20 [ 26.659279] kasan_atomics_helper+0x1ce1/0x5450 [ 26.659307] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.659333] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.659358] ? kasan_atomics+0x152/0x310 [ 26.659385] kasan_atomics+0x1dc/0x310 [ 26.659408] ? __pfx_kasan_atomics+0x10/0x10 [ 26.659431] ? trace_hardirqs_on+0x37/0xe0 [ 26.659463] ? __pfx_read_tsc+0x10/0x10 [ 26.659485] ? ktime_get_ts64+0x86/0x230 [ 26.659510] kunit_try_run_case+0x1a5/0x480 [ 26.659535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.659562] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.659585] ? __kthread_parkme+0x82/0x180 [ 26.659606] ? preempt_count_sub+0x50/0x80 [ 26.659630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.659655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.659681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.659707] kthread+0x337/0x6f0 [ 26.659727] ? trace_preempt_on+0x20/0xc0 [ 26.659750] ? __pfx_kthread+0x10/0x10 [ 26.659772] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.659797] ? calculate_sigpending+0x7b/0xa0 [ 26.659821] ? __pfx_kthread+0x10/0x10 [ 26.659844] ret_from_fork+0x116/0x1d0 [ 26.659865] ? __pfx_kthread+0x10/0x10 [ 26.659887] ret_from_fork_asm+0x1a/0x30 [ 26.659919] </TASK> [ 26.659931] [ 26.667577] Allocated by task 314: [ 26.667705] kasan_save_stack+0x45/0x70 [ 26.667845] kasan_save_track+0x18/0x40 [ 26.667974] kasan_save_alloc_info+0x3b/0x50 [ 26.668117] __kasan_kmalloc+0xb7/0xc0 [ 26.668272] __kmalloc_cache_noprof+0x189/0x420 [ 26.668422] kasan_atomics+0x95/0x310 [ 26.668612] kunit_try_run_case+0x1a5/0x480 [ 26.668833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.669115] kthread+0x337/0x6f0 [ 26.669351] ret_from_fork+0x116/0x1d0 [ 26.669577] ret_from_fork_asm+0x1a/0x30 [ 26.669802] [ 26.669926] The buggy address belongs to the object at ffff888106195400 [ 26.669926] which belongs to the cache kmalloc-64 of size 64 [ 26.670563] The buggy address is located 0 bytes to the right of [ 26.670563] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.671154] [ 26.671292] The buggy address belongs to the physical page: [ 26.671563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.671910] flags: 0x200000000000000(node=0|zone=2) [ 26.672144] page_type: f5(slab) [ 26.672288] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.672554] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.672921] page dumped because: kasan: bad access detected [ 26.673221] [ 26.673315] Memory state around the buggy address: [ 26.673568] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.673876] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.674090] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.674323] ^ [ 26.674482] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.674690] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.674898] ================================================================== [ 26.460567] ================================================================== [ 26.460846] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 26.461116] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.461935] [ 26.462052] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.462248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.462264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.462287] Call Trace: [ 26.462302] <TASK> [ 26.462318] dump_stack_lvl+0x73/0xb0 [ 26.462348] print_report+0xd1/0x650 [ 26.462371] ? __virt_addr_valid+0x1db/0x2d0 [ 26.462395] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.462421] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.462448] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.462486] kasan_report+0x141/0x180 [ 26.462509] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.462542] kasan_check_range+0x10c/0x1c0 [ 26.462567] __kasan_check_write+0x18/0x20 [ 26.462591] kasan_atomics_helper+0x16e7/0x5450 [ 26.462618] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.462644] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.462669] ? kasan_atomics+0x152/0x310 [ 26.462696] kasan_atomics+0x1dc/0x310 [ 26.462719] ? __pfx_kasan_atomics+0x10/0x10 [ 26.462742] ? trace_hardirqs_on+0x37/0xe0 [ 26.462765] ? __pfx_read_tsc+0x10/0x10 [ 26.462787] ? ktime_get_ts64+0x86/0x230 [ 26.462812] kunit_try_run_case+0x1a5/0x480 [ 26.462838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.462865] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.462888] ? __kthread_parkme+0x82/0x180 [ 26.462909] ? preempt_count_sub+0x50/0x80 [ 26.462934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.462960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.462985] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.463011] kthread+0x337/0x6f0 [ 26.463033] ? trace_preempt_on+0x20/0xc0 [ 26.463055] ? __pfx_kthread+0x10/0x10 [ 26.463078] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.463103] ? calculate_sigpending+0x7b/0xa0 [ 26.463128] ? __pfx_kthread+0x10/0x10 [ 26.463151] ret_from_fork+0x116/0x1d0 [ 26.463172] ? __pfx_kthread+0x10/0x10 [ 26.463195] ret_from_fork_asm+0x1a/0x30 [ 26.463230] </TASK> [ 26.463242] [ 26.473275] Allocated by task 314: [ 26.473439] kasan_save_stack+0x45/0x70 [ 26.473644] kasan_save_track+0x18/0x40 [ 26.473818] kasan_save_alloc_info+0x3b/0x50 [ 26.474016] __kasan_kmalloc+0xb7/0xc0 [ 26.474185] __kmalloc_cache_noprof+0x189/0x420 [ 26.474762] kasan_atomics+0x95/0x310 [ 26.474919] kunit_try_run_case+0x1a5/0x480 [ 26.475224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.475570] kthread+0x337/0x6f0 [ 26.475746] ret_from_fork+0x116/0x1d0 [ 26.476052] ret_from_fork_asm+0x1a/0x30 [ 26.476417] [ 26.476532] The buggy address belongs to the object at ffff888106195400 [ 26.476532] which belongs to the cache kmalloc-64 of size 64 [ 26.477213] The buggy address is located 0 bytes to the right of [ 26.477213] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.477721] [ 26.477818] The buggy address belongs to the physical page: [ 26.478057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.478632] flags: 0x200000000000000(node=0|zone=2) [ 26.478834] page_type: f5(slab) [ 26.478984] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.479586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.479965] page dumped because: kasan: bad access detected [ 26.480289] [ 26.480385] Memory state around the buggy address: [ 26.480594] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.481083] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.481465] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.481824] ^ [ 26.482136] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.482544] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.482870] ================================================================== [ 26.162590] ================================================================== [ 26.162891] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 26.163435] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.163715] [ 26.163796] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.163843] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.163857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.163880] Call Trace: [ 26.163898] <TASK> [ 26.163915] dump_stack_lvl+0x73/0xb0 [ 26.163944] print_report+0xd1/0x650 [ 26.163967] ? __virt_addr_valid+0x1db/0x2d0 [ 26.163992] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.164018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.164045] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.164071] kasan_report+0x141/0x180 [ 26.164094] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.164126] __asan_report_load4_noabort+0x18/0x20 [ 26.164168] kasan_atomics_helper+0x4a36/0x5450 [ 26.164196] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.164223] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.164249] ? kasan_atomics+0x152/0x310 [ 26.164276] kasan_atomics+0x1dc/0x310 [ 26.164300] ? __pfx_kasan_atomics+0x10/0x10 [ 26.164324] ? trace_hardirqs_on+0x37/0xe0 [ 26.164348] ? __pfx_read_tsc+0x10/0x10 [ 26.164370] ? ktime_get_ts64+0x86/0x230 [ 26.164396] kunit_try_run_case+0x1a5/0x480 [ 26.164422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.164449] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.164486] ? __kthread_parkme+0x82/0x180 [ 26.164508] ? preempt_count_sub+0x50/0x80 [ 26.164532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.164558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.164584] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.164610] kthread+0x337/0x6f0 [ 26.164632] ? trace_preempt_on+0x20/0xc0 [ 26.164655] ? __pfx_kthread+0x10/0x10 [ 26.164677] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.164702] ? calculate_sigpending+0x7b/0xa0 [ 26.164727] ? __pfx_kthread+0x10/0x10 [ 26.164750] ret_from_fork+0x116/0x1d0 [ 26.164770] ? __pfx_kthread+0x10/0x10 [ 26.164793] ret_from_fork_asm+0x1a/0x30 [ 26.164825] </TASK> [ 26.164837] [ 26.171959] Allocated by task 314: [ 26.172084] kasan_save_stack+0x45/0x70 [ 26.172317] kasan_save_track+0x18/0x40 [ 26.172517] kasan_save_alloc_info+0x3b/0x50 [ 26.172720] __kasan_kmalloc+0xb7/0xc0 [ 26.172911] __kmalloc_cache_noprof+0x189/0x420 [ 26.173096] kasan_atomics+0x95/0x310 [ 26.173299] kunit_try_run_case+0x1a5/0x480 [ 26.173509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.173682] kthread+0x337/0x6f0 [ 26.173797] ret_from_fork+0x116/0x1d0 [ 26.173929] ret_from_fork_asm+0x1a/0x30 [ 26.174061] [ 26.174127] The buggy address belongs to the object at ffff888106195400 [ 26.174127] which belongs to the cache kmalloc-64 of size 64 [ 26.174579] The buggy address is located 0 bytes to the right of [ 26.174579] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.175122] [ 26.175264] The buggy address belongs to the physical page: [ 26.175520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.175865] flags: 0x200000000000000(node=0|zone=2) [ 26.176070] page_type: f5(slab) [ 26.176188] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.176542] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.176762] page dumped because: kasan: bad access detected [ 26.176928] [ 26.176993] Memory state around the buggy address: [ 26.177140] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.177805] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.178128] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.178480] ^ [ 26.178688] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.178972] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.179312] ================================================================== [ 26.322884] ================================================================== [ 26.323175] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 26.323496] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.323715] [ 26.323793] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.323840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.323854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.323875] Call Trace: [ 26.323892] <TASK> [ 26.323908] dump_stack_lvl+0x73/0xb0 [ 26.323934] print_report+0xd1/0x650 [ 26.323957] ? __virt_addr_valid+0x1db/0x2d0 [ 26.323980] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.324006] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.324033] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.324060] kasan_report+0x141/0x180 [ 26.324082] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.324113] kasan_check_range+0x10c/0x1c0 [ 26.324138] __kasan_check_read+0x15/0x20 [ 26.324162] kasan_atomics_helper+0x13b5/0x5450 [ 26.324189] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.324216] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.324242] ? kasan_atomics+0x152/0x310 [ 26.324269] kasan_atomics+0x1dc/0x310 [ 26.324292] ? __pfx_kasan_atomics+0x10/0x10 [ 26.324316] ? trace_hardirqs_on+0x37/0xe0 [ 26.324339] ? __pfx_read_tsc+0x10/0x10 [ 26.324362] ? ktime_get_ts64+0x86/0x230 [ 26.324387] kunit_try_run_case+0x1a5/0x480 [ 26.324413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.324439] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.324473] ? __kthread_parkme+0x82/0x180 [ 26.324495] ? preempt_count_sub+0x50/0x80 [ 26.324520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.324546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.324598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.324623] kthread+0x337/0x6f0 [ 26.324644] ? trace_preempt_on+0x20/0xc0 [ 26.324667] ? __pfx_kthread+0x10/0x10 [ 26.324689] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.324715] ? calculate_sigpending+0x7b/0xa0 [ 26.324740] ? __pfx_kthread+0x10/0x10 [ 26.324763] ret_from_fork+0x116/0x1d0 [ 26.324783] ? __pfx_kthread+0x10/0x10 [ 26.324806] ret_from_fork_asm+0x1a/0x30 [ 26.324838] </TASK> [ 26.324849] [ 26.332345] Allocated by task 314: [ 26.332484] kasan_save_stack+0x45/0x70 [ 26.332625] kasan_save_track+0x18/0x40 [ 26.332813] kasan_save_alloc_info+0x3b/0x50 [ 26.333017] __kasan_kmalloc+0xb7/0xc0 [ 26.333212] __kmalloc_cache_noprof+0x189/0x420 [ 26.333401] kasan_atomics+0x95/0x310 [ 26.333579] kunit_try_run_case+0x1a5/0x480 [ 26.333780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.333963] kthread+0x337/0x6f0 [ 26.334080] ret_from_fork+0x116/0x1d0 [ 26.334243] ret_from_fork_asm+0x1a/0x30 [ 26.334436] [ 26.334536] The buggy address belongs to the object at ffff888106195400 [ 26.334536] which belongs to the cache kmalloc-64 of size 64 [ 26.335053] The buggy address is located 0 bytes to the right of [ 26.335053] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.335558] [ 26.335650] The buggy address belongs to the physical page: [ 26.335867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.336173] flags: 0x200000000000000(node=0|zone=2) [ 26.336375] page_type: f5(slab) [ 26.336532] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.336760] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.336980] page dumped because: kasan: bad access detected [ 26.337147] [ 26.337225] Memory state around the buggy address: [ 26.337443] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.337770] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.338262] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.338586] ^ [ 26.338754] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.338964] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.339185] ================================================================== [ 26.590823] ================================================================== [ 26.591143] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 26.591464] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.591733] [ 26.591841] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.591889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.591904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.591927] Call Trace: [ 26.591947] <TASK> [ 26.591964] dump_stack_lvl+0x73/0xb0 [ 26.591992] print_report+0xd1/0x650 [ 26.592015] ? __virt_addr_valid+0x1db/0x2d0 [ 26.592039] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.592064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.592091] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.592117] kasan_report+0x141/0x180 [ 26.592139] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.592170] kasan_check_range+0x10c/0x1c0 [ 26.592194] __kasan_check_write+0x18/0x20 [ 26.592217] kasan_atomics_helper+0x1a7f/0x5450 [ 26.592244] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.592270] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.592295] ? kasan_atomics+0x152/0x310 [ 26.592321] kasan_atomics+0x1dc/0x310 [ 26.592345] ? __pfx_kasan_atomics+0x10/0x10 [ 26.592367] ? trace_hardirqs_on+0x37/0xe0 [ 26.592390] ? __pfx_read_tsc+0x10/0x10 [ 26.592412] ? ktime_get_ts64+0x86/0x230 [ 26.592438] kunit_try_run_case+0x1a5/0x480 [ 26.592661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.592693] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.592718] ? __kthread_parkme+0x82/0x180 [ 26.592741] ? preempt_count_sub+0x50/0x80 [ 26.592766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.592792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.592818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.592845] kthread+0x337/0x6f0 [ 26.592866] ? trace_preempt_on+0x20/0xc0 [ 26.592890] ? __pfx_kthread+0x10/0x10 [ 26.592913] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.592939] ? calculate_sigpending+0x7b/0xa0 [ 26.592965] ? __pfx_kthread+0x10/0x10 [ 26.592988] ret_from_fork+0x116/0x1d0 [ 26.593009] ? __pfx_kthread+0x10/0x10 [ 26.593031] ret_from_fork_asm+0x1a/0x30 [ 26.593063] </TASK> [ 26.593076] [ 26.600120] Allocated by task 314: [ 26.600305] kasan_save_stack+0x45/0x70 [ 26.600470] kasan_save_track+0x18/0x40 [ 26.600659] kasan_save_alloc_info+0x3b/0x50 [ 26.600832] __kasan_kmalloc+0xb7/0xc0 [ 26.601014] __kmalloc_cache_noprof+0x189/0x420 [ 26.601168] kasan_atomics+0x95/0x310 [ 26.601314] kunit_try_run_case+0x1a5/0x480 [ 26.601464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.601634] kthread+0x337/0x6f0 [ 26.601750] ret_from_fork+0x116/0x1d0 [ 26.601885] ret_from_fork_asm+0x1a/0x30 [ 26.602018] [ 26.602083] The buggy address belongs to the object at ffff888106195400 [ 26.602083] which belongs to the cache kmalloc-64 of size 64 [ 26.602466] The buggy address is located 0 bytes to the right of [ 26.602466] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.603006] [ 26.603095] The buggy address belongs to the physical page: [ 26.603365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.603720] flags: 0x200000000000000(node=0|zone=2) [ 26.603948] page_type: f5(slab) [ 26.604109] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.604398] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.604631] page dumped because: kasan: bad access detected [ 26.604798] [ 26.604863] Memory state around the buggy address: [ 26.605012] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.605248] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.605468] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.605777] ^ [ 26.606008] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.606355] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.606677] ================================================================== [ 25.593537] ================================================================== [ 25.593961] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 25.594416] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.594666] [ 25.594746] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.594793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.594806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.594826] Call Trace: [ 25.594867] <TASK> [ 25.594884] dump_stack_lvl+0x73/0xb0 [ 25.594913] print_report+0xd1/0x650 [ 25.594935] ? __virt_addr_valid+0x1db/0x2d0 [ 25.594959] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.594984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.595009] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.595056] kasan_report+0x141/0x180 [ 25.595078] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.595108] __asan_report_store4_noabort+0x1b/0x30 [ 25.595132] kasan_atomics_helper+0x4ba2/0x5450 [ 25.595292] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.595320] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.595345] ? kasan_atomics+0x152/0x310 [ 25.595372] kasan_atomics+0x1dc/0x310 [ 25.595394] ? __pfx_kasan_atomics+0x10/0x10 [ 25.595416] ? trace_hardirqs_on+0x37/0xe0 [ 25.595438] ? __pfx_read_tsc+0x10/0x10 [ 25.595472] ? ktime_get_ts64+0x86/0x230 [ 25.595496] kunit_try_run_case+0x1a5/0x480 [ 25.595522] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.595547] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.595569] ? __kthread_parkme+0x82/0x180 [ 25.595591] ? preempt_count_sub+0x50/0x80 [ 25.595614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.595639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.595663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.595687] kthread+0x337/0x6f0 [ 25.595707] ? trace_preempt_on+0x20/0xc0 [ 25.595729] ? __pfx_kthread+0x10/0x10 [ 25.595750] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.595774] ? calculate_sigpending+0x7b/0xa0 [ 25.595798] ? __pfx_kthread+0x10/0x10 [ 25.595819] ret_from_fork+0x116/0x1d0 [ 25.595838] ? __pfx_kthread+0x10/0x10 [ 25.595859] ret_from_fork_asm+0x1a/0x30 [ 25.595963] </TASK> [ 25.595976] [ 25.604410] Allocated by task 314: [ 25.604601] kasan_save_stack+0x45/0x70 [ 25.604772] kasan_save_track+0x18/0x40 [ 25.605046] kasan_save_alloc_info+0x3b/0x50 [ 25.605331] __kasan_kmalloc+0xb7/0xc0 [ 25.605547] __kmalloc_cache_noprof+0x189/0x420 [ 25.605739] kasan_atomics+0x95/0x310 [ 25.605870] kunit_try_run_case+0x1a5/0x480 [ 25.606009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.606416] kthread+0x337/0x6f0 [ 25.606657] ret_from_fork+0x116/0x1d0 [ 25.606845] ret_from_fork_asm+0x1a/0x30 [ 25.607058] [ 25.607124] The buggy address belongs to the object at ffff888106195400 [ 25.607124] which belongs to the cache kmalloc-64 of size 64 [ 25.607965] The buggy address is located 0 bytes to the right of [ 25.607965] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.608688] [ 25.608784] The buggy address belongs to the physical page: [ 25.609113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.609615] flags: 0x200000000000000(node=0|zone=2) [ 25.609851] page_type: f5(slab) [ 25.609999] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.610227] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.610506] page dumped because: kasan: bad access detected [ 25.610779] [ 25.610872] Memory state around the buggy address: [ 25.611242] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.611970] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.612679] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.612971] ^ [ 25.613179] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.613717] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.614123] ================================================================== [ 25.634563] ================================================================== [ 25.635383] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 25.635740] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.636080] [ 25.636706] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.636760] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.636776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.636800] Call Trace: [ 25.636815] <TASK> [ 25.636833] dump_stack_lvl+0x73/0xb0 [ 25.636863] print_report+0xd1/0x650 [ 25.636887] ? __virt_addr_valid+0x1db/0x2d0 [ 25.636911] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.636937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.636964] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.636992] kasan_report+0x141/0x180 [ 25.637016] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.637047] __asan_report_store4_noabort+0x1b/0x30 [ 25.637073] kasan_atomics_helper+0x4b6e/0x5450 [ 25.637100] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.637128] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.637173] ? kasan_atomics+0x152/0x310 [ 25.637201] kasan_atomics+0x1dc/0x310 [ 25.637225] ? __pfx_kasan_atomics+0x10/0x10 [ 25.637249] ? trace_hardirqs_on+0x37/0xe0 [ 25.637273] ? __pfx_read_tsc+0x10/0x10 [ 25.637296] ? ktime_get_ts64+0x86/0x230 [ 25.637322] kunit_try_run_case+0x1a5/0x480 [ 25.637348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.637375] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.637399] ? __kthread_parkme+0x82/0x180 [ 25.637421] ? preempt_count_sub+0x50/0x80 [ 25.637446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.637484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.637510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.637536] kthread+0x337/0x6f0 [ 25.637558] ? trace_preempt_on+0x20/0xc0 [ 25.637581] ? __pfx_kthread+0x10/0x10 [ 25.637604] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.637630] ? calculate_sigpending+0x7b/0xa0 [ 25.637654] ? __pfx_kthread+0x10/0x10 [ 25.637678] ret_from_fork+0x116/0x1d0 [ 25.637699] ? __pfx_kthread+0x10/0x10 [ 25.637721] ret_from_fork_asm+0x1a/0x30 [ 25.637753] </TASK> [ 25.637765] [ 25.649221] Allocated by task 314: [ 25.649471] kasan_save_stack+0x45/0x70 [ 25.649818] kasan_save_track+0x18/0x40 [ 25.650102] kasan_save_alloc_info+0x3b/0x50 [ 25.650535] __kasan_kmalloc+0xb7/0xc0 [ 25.650812] __kmalloc_cache_noprof+0x189/0x420 [ 25.651055] kasan_atomics+0x95/0x310 [ 25.651477] kunit_try_run_case+0x1a5/0x480 [ 25.651643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.651937] kthread+0x337/0x6f0 [ 25.652281] ret_from_fork+0x116/0x1d0 [ 25.652781] ret_from_fork_asm+0x1a/0x30 [ 25.652966] [ 25.653077] The buggy address belongs to the object at ffff888106195400 [ 25.653077] which belongs to the cache kmalloc-64 of size 64 [ 25.654056] The buggy address is located 0 bytes to the right of [ 25.654056] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.654865] [ 25.654956] The buggy address belongs to the physical page: [ 25.655482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.655849] flags: 0x200000000000000(node=0|zone=2) [ 25.656420] page_type: f5(slab) [ 25.656602] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.657128] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.657618] page dumped because: kasan: bad access detected [ 25.657958] [ 25.658081] Memory state around the buggy address: [ 25.658605] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.658887] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.659436] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.659848] ^ [ 25.660168] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.660730] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.661055] ================================================================== [ 26.374382] ================================================================== [ 26.374746] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 26.375359] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.375716] [ 26.375822] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.375870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.375884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.375907] Call Trace: [ 26.375921] <TASK> [ 26.375938] dump_stack_lvl+0x73/0xb0 [ 26.375965] print_report+0xd1/0x650 [ 26.375988] ? __virt_addr_valid+0x1db/0x2d0 [ 26.376013] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.376039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.376065] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.376093] kasan_report+0x141/0x180 [ 26.376116] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.376147] __asan_report_store8_noabort+0x1b/0x30 [ 26.376173] kasan_atomics_helper+0x50d4/0x5450 [ 26.376214] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.376241] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.376266] ? kasan_atomics+0x152/0x310 [ 26.376294] kasan_atomics+0x1dc/0x310 [ 26.376317] ? __pfx_kasan_atomics+0x10/0x10 [ 26.376341] ? trace_hardirqs_on+0x37/0xe0 [ 26.376364] ? __pfx_read_tsc+0x10/0x10 [ 26.376387] ? ktime_get_ts64+0x86/0x230 [ 26.376412] kunit_try_run_case+0x1a5/0x480 [ 26.376438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.376476] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.376499] ? __kthread_parkme+0x82/0x180 [ 26.376522] ? preempt_count_sub+0x50/0x80 [ 26.376546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.376572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.376597] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.376623] kthread+0x337/0x6f0 [ 26.376645] ? trace_preempt_on+0x20/0xc0 [ 26.376668] ? __pfx_kthread+0x10/0x10 [ 26.376690] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.376715] ? calculate_sigpending+0x7b/0xa0 [ 26.376741] ? __pfx_kthread+0x10/0x10 [ 26.376765] ret_from_fork+0x116/0x1d0 [ 26.376785] ? __pfx_kthread+0x10/0x10 [ 26.376808] ret_from_fork_asm+0x1a/0x30 [ 26.376840] </TASK> [ 26.376852] [ 26.383643] Allocated by task 314: [ 26.383770] kasan_save_stack+0x45/0x70 [ 26.383912] kasan_save_track+0x18/0x40 [ 26.384043] kasan_save_alloc_info+0x3b/0x50 [ 26.384187] __kasan_kmalloc+0xb7/0xc0 [ 26.384318] __kmalloc_cache_noprof+0x189/0x420 [ 26.384486] kasan_atomics+0x95/0x310 [ 26.384670] kunit_try_run_case+0x1a5/0x480 [ 26.384871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.385124] kthread+0x337/0x6f0 [ 26.385291] ret_from_fork+0x116/0x1d0 [ 26.385484] ret_from_fork_asm+0x1a/0x30 [ 26.385677] [ 26.385766] The buggy address belongs to the object at ffff888106195400 [ 26.385766] which belongs to the cache kmalloc-64 of size 64 [ 26.386298] The buggy address is located 0 bytes to the right of [ 26.386298] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.387204] [ 26.387299] The buggy address belongs to the physical page: [ 26.387561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.387911] flags: 0x200000000000000(node=0|zone=2) [ 26.388124] page_type: f5(slab) [ 26.388327] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.388639] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.388865] page dumped because: kasan: bad access detected [ 26.389031] [ 26.389096] Memory state around the buggy address: [ 26.389390] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.389717] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.390040] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.390552] ^ [ 26.390745] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.391026] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.391297] ================================================================== [ 25.935582] ================================================================== [ 25.935896] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 25.936735] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.937593] [ 25.937716] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.937767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.937783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.937805] Call Trace: [ 25.937821] <TASK> [ 25.937837] dump_stack_lvl+0x73/0xb0 [ 25.937874] print_report+0xd1/0x650 [ 25.937899] ? __virt_addr_valid+0x1db/0x2d0 [ 25.937924] ? kasan_atomics_helper+0x992/0x5450 [ 25.937950] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.937976] ? kasan_atomics_helper+0x992/0x5450 [ 25.938002] kasan_report+0x141/0x180 [ 25.938025] ? kasan_atomics_helper+0x992/0x5450 [ 25.938055] kasan_check_range+0x10c/0x1c0 [ 25.938079] __kasan_check_write+0x18/0x20 [ 25.938104] kasan_atomics_helper+0x992/0x5450 [ 25.938130] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.938326] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.938354] ? kasan_atomics+0x152/0x310 [ 25.938382] kasan_atomics+0x1dc/0x310 [ 25.938406] ? __pfx_kasan_atomics+0x10/0x10 [ 25.938429] ? trace_hardirqs_on+0x37/0xe0 [ 25.938502] ? __pfx_read_tsc+0x10/0x10 [ 25.938525] ? ktime_get_ts64+0x86/0x230 [ 25.938550] kunit_try_run_case+0x1a5/0x480 [ 25.938576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.938603] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.938626] ? __kthread_parkme+0x82/0x180 [ 25.938648] ? preempt_count_sub+0x50/0x80 [ 25.938673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.938699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.938723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.938749] kthread+0x337/0x6f0 [ 25.938770] ? trace_preempt_on+0x20/0xc0 [ 25.938793] ? __pfx_kthread+0x10/0x10 [ 25.938815] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.938840] ? calculate_sigpending+0x7b/0xa0 [ 25.938866] ? __pfx_kthread+0x10/0x10 [ 25.938888] ret_from_fork+0x116/0x1d0 [ 25.938909] ? __pfx_kthread+0x10/0x10 [ 25.938930] ret_from_fork_asm+0x1a/0x30 [ 25.938963] </TASK> [ 25.938975] [ 25.949944] Allocated by task 314: [ 25.950077] kasan_save_stack+0x45/0x70 [ 25.950431] kasan_save_track+0x18/0x40 [ 25.950581] kasan_save_alloc_info+0x3b/0x50 [ 25.950726] __kasan_kmalloc+0xb7/0xc0 [ 25.950862] __kmalloc_cache_noprof+0x189/0x420 [ 25.951083] kasan_atomics+0x95/0x310 [ 25.951373] kunit_try_run_case+0x1a5/0x480 [ 25.951549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.951721] kthread+0x337/0x6f0 [ 25.951837] ret_from_fork+0x116/0x1d0 [ 25.951979] ret_from_fork_asm+0x1a/0x30 [ 25.952203] [ 25.952319] The buggy address belongs to the object at ffff888106195400 [ 25.952319] which belongs to the cache kmalloc-64 of size 64 [ 25.952946] The buggy address is located 0 bytes to the right of [ 25.952946] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.953634] [ 25.953719] The buggy address belongs to the physical page: [ 25.953924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.954260] flags: 0x200000000000000(node=0|zone=2) [ 25.954418] page_type: f5(slab) [ 25.954545] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.954821] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.955151] page dumped because: kasan: bad access detected [ 25.955431] [ 25.955507] Memory state around the buggy address: [ 25.955759] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.956897] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.957451] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.957741] ^ [ 25.957968] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.958551] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.959039] ================================================================== [ 26.214734] ================================================================== [ 26.215049] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 26.215398] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.215638] [ 26.215720] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.215767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.215781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.215804] Call Trace: [ 26.215817] <TASK> [ 26.215836] dump_stack_lvl+0x73/0xb0 [ 26.215863] print_report+0xd1/0x650 [ 26.215886] ? __virt_addr_valid+0x1db/0x2d0 [ 26.215910] ? kasan_atomics_helper+0x1148/0x5450 [ 26.215936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.215963] ? kasan_atomics_helper+0x1148/0x5450 [ 26.215990] kasan_report+0x141/0x180 [ 26.216014] ? kasan_atomics_helper+0x1148/0x5450 [ 26.216045] kasan_check_range+0x10c/0x1c0 [ 26.216069] __kasan_check_write+0x18/0x20 [ 26.216094] kasan_atomics_helper+0x1148/0x5450 [ 26.216122] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.216149] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.216174] ? kasan_atomics+0x152/0x310 [ 26.216288] kasan_atomics+0x1dc/0x310 [ 26.216318] ? __pfx_kasan_atomics+0x10/0x10 [ 26.216342] ? trace_hardirqs_on+0x37/0xe0 [ 26.216366] ? __pfx_read_tsc+0x10/0x10 [ 26.216388] ? ktime_get_ts64+0x86/0x230 [ 26.216413] kunit_try_run_case+0x1a5/0x480 [ 26.216439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.216480] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.216504] ? __kthread_parkme+0x82/0x180 [ 26.216526] ? preempt_count_sub+0x50/0x80 [ 26.216550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.216577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.216602] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.216628] kthread+0x337/0x6f0 [ 26.216649] ? trace_preempt_on+0x20/0xc0 [ 26.216673] ? __pfx_kthread+0x10/0x10 [ 26.216695] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.216721] ? calculate_sigpending+0x7b/0xa0 [ 26.216747] ? __pfx_kthread+0x10/0x10 [ 26.216771] ret_from_fork+0x116/0x1d0 [ 26.216792] ? __pfx_kthread+0x10/0x10 [ 26.216814] ret_from_fork_asm+0x1a/0x30 [ 26.216846] </TASK> [ 26.216859] [ 26.225567] Allocated by task 314: [ 26.225696] kasan_save_stack+0x45/0x70 [ 26.225849] kasan_save_track+0x18/0x40 [ 26.225982] kasan_save_alloc_info+0x3b/0x50 [ 26.226127] __kasan_kmalloc+0xb7/0xc0 [ 26.226257] __kmalloc_cache_noprof+0x189/0x420 [ 26.226407] kasan_atomics+0x95/0x310 [ 26.227341] kunit_try_run_case+0x1a5/0x480 [ 26.227633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.228075] kthread+0x337/0x6f0 [ 26.228568] ret_from_fork+0x116/0x1d0 [ 26.228950] ret_from_fork_asm+0x1a/0x30 [ 26.229285] [ 26.229514] The buggy address belongs to the object at ffff888106195400 [ 26.229514] which belongs to the cache kmalloc-64 of size 64 [ 26.230176] The buggy address is located 0 bytes to the right of [ 26.230176] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.230692] [ 26.230780] The buggy address belongs to the physical page: [ 26.231009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.231607] flags: 0x200000000000000(node=0|zone=2) [ 26.232043] page_type: f5(slab) [ 26.232331] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.232850] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.233423] page dumped because: kasan: bad access detected [ 26.233795] [ 26.234030] Memory state around the buggy address: [ 26.234467] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.234841] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.235134] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.235644] ^ [ 26.236038] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.236505] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.236819] ================================================================== [ 26.391843] ================================================================== [ 26.392163] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 26.392435] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.392672] [ 26.392750] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.392795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.392810] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.392832] Call Trace: [ 26.392848] <TASK> [ 26.392864] dump_stack_lvl+0x73/0xb0 [ 26.392891] print_report+0xd1/0x650 [ 26.392914] ? __virt_addr_valid+0x1db/0x2d0 [ 26.392939] ? kasan_atomics_helper+0x151d/0x5450 [ 26.392965] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.392992] ? kasan_atomics_helper+0x151d/0x5450 [ 26.393019] kasan_report+0x141/0x180 [ 26.393043] ? kasan_atomics_helper+0x151d/0x5450 [ 26.393073] kasan_check_range+0x10c/0x1c0 [ 26.393098] __kasan_check_write+0x18/0x20 [ 26.393123] kasan_atomics_helper+0x151d/0x5450 [ 26.393150] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.393178] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.393204] ? kasan_atomics+0x152/0x310 [ 26.393231] kasan_atomics+0x1dc/0x310 [ 26.393254] ? __pfx_kasan_atomics+0x10/0x10 [ 26.393277] ? trace_hardirqs_on+0x37/0xe0 [ 26.393301] ? __pfx_read_tsc+0x10/0x10 [ 26.393323] ? ktime_get_ts64+0x86/0x230 [ 26.393349] kunit_try_run_case+0x1a5/0x480 [ 26.393375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.393400] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.393424] ? __kthread_parkme+0x82/0x180 [ 26.393447] ? preempt_count_sub+0x50/0x80 [ 26.393483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.393509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.393534] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.393560] kthread+0x337/0x6f0 [ 26.393580] ? trace_preempt_on+0x20/0xc0 [ 26.393603] ? __pfx_kthread+0x10/0x10 [ 26.393625] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.393651] ? calculate_sigpending+0x7b/0xa0 [ 26.393675] ? __pfx_kthread+0x10/0x10 [ 26.393698] ret_from_fork+0x116/0x1d0 [ 26.393718] ? __pfx_kthread+0x10/0x10 [ 26.393740] ret_from_fork_asm+0x1a/0x30 [ 26.393772] </TASK> [ 26.393785] [ 26.400658] Allocated by task 314: [ 26.400829] kasan_save_stack+0x45/0x70 [ 26.401026] kasan_save_track+0x18/0x40 [ 26.401217] kasan_save_alloc_info+0x3b/0x50 [ 26.401424] __kasan_kmalloc+0xb7/0xc0 [ 26.401625] __kmalloc_cache_noprof+0x189/0x420 [ 26.401850] kasan_atomics+0x95/0x310 [ 26.402033] kunit_try_run_case+0x1a5/0x480 [ 26.402270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.402542] kthread+0x337/0x6f0 [ 26.402718] ret_from_fork+0x116/0x1d0 [ 26.402905] ret_from_fork_asm+0x1a/0x30 [ 26.403101] [ 26.403188] The buggy address belongs to the object at ffff888106195400 [ 26.403188] which belongs to the cache kmalloc-64 of size 64 [ 26.403716] The buggy address is located 0 bytes to the right of [ 26.403716] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.404188] [ 26.404283] The buggy address belongs to the physical page: [ 26.404481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.404721] flags: 0x200000000000000(node=0|zone=2) [ 26.404880] page_type: f5(slab) [ 26.405002] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.405306] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.405643] page dumped because: kasan: bad access detected [ 26.405898] [ 26.405988] Memory state around the buggy address: [ 26.406202] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.406534] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.406845] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.407159] ^ [ 26.407382] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.407604] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.407813] ================================================================== [ 26.483492] ================================================================== [ 26.483905] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 26.484163] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.484745] [ 26.484849] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.484897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.484912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.484934] Call Trace: [ 26.484949] <TASK> [ 26.484965] dump_stack_lvl+0x73/0xb0 [ 26.484994] print_report+0xd1/0x650 [ 26.485017] ? __virt_addr_valid+0x1db/0x2d0 [ 26.485041] ? kasan_atomics_helper+0x177f/0x5450 [ 26.485068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.485094] ? kasan_atomics_helper+0x177f/0x5450 [ 26.485121] kasan_report+0x141/0x180 [ 26.485144] ? kasan_atomics_helper+0x177f/0x5450 [ 26.485175] kasan_check_range+0x10c/0x1c0 [ 26.485200] __kasan_check_write+0x18/0x20 [ 26.485685] kasan_atomics_helper+0x177f/0x5450 [ 26.485727] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.485756] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.485783] ? kasan_atomics+0x152/0x310 [ 26.485811] kasan_atomics+0x1dc/0x310 [ 26.485836] ? __pfx_kasan_atomics+0x10/0x10 [ 26.485868] ? trace_hardirqs_on+0x37/0xe0 [ 26.485891] ? __pfx_read_tsc+0x10/0x10 [ 26.485913] ? ktime_get_ts64+0x86/0x230 [ 26.485938] kunit_try_run_case+0x1a5/0x480 [ 26.485965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.485991] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.486016] ? __kthread_parkme+0x82/0x180 [ 26.486038] ? preempt_count_sub+0x50/0x80 [ 26.486063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.486089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.486114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.486140] kthread+0x337/0x6f0 [ 26.486160] ? trace_preempt_on+0x20/0xc0 [ 26.486183] ? __pfx_kthread+0x10/0x10 [ 26.486220] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.486246] ? calculate_sigpending+0x7b/0xa0 [ 26.486271] ? __pfx_kthread+0x10/0x10 [ 26.486295] ret_from_fork+0x116/0x1d0 [ 26.486315] ? __pfx_kthread+0x10/0x10 [ 26.486337] ret_from_fork_asm+0x1a/0x30 [ 26.486370] </TASK> [ 26.486382] [ 26.496289] Allocated by task 314: [ 26.496674] kasan_save_stack+0x45/0x70 [ 26.496964] kasan_save_track+0x18/0x40 [ 26.497279] kasan_save_alloc_info+0x3b/0x50 [ 26.497568] __kasan_kmalloc+0xb7/0xc0 [ 26.497715] __kmalloc_cache_noprof+0x189/0x420 [ 26.497987] kasan_atomics+0x95/0x310 [ 26.498167] kunit_try_run_case+0x1a5/0x480 [ 26.498577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.498900] kthread+0x337/0x6f0 [ 26.499030] ret_from_fork+0x116/0x1d0 [ 26.499380] ret_from_fork_asm+0x1a/0x30 [ 26.499674] [ 26.499750] The buggy address belongs to the object at ffff888106195400 [ 26.499750] which belongs to the cache kmalloc-64 of size 64 [ 26.500416] The buggy address is located 0 bytes to the right of [ 26.500416] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.500923] [ 26.501003] The buggy address belongs to the physical page: [ 26.501539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.501972] flags: 0x200000000000000(node=0|zone=2) [ 26.502271] page_type: f5(slab) [ 26.502443] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.502915] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.503333] page dumped because: kasan: bad access detected [ 26.503654] [ 26.503749] Memory state around the buggy address: [ 26.504096] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.504487] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.504842] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.505146] ^ [ 26.505505] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.505916] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.506309] ================================================================== [ 26.876022] ================================================================== [ 26.876249] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 26.876598] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.876918] [ 26.877013] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.877061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.877075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.877097] Call Trace: [ 26.877111] <TASK> [ 26.877127] dump_stack_lvl+0x73/0xb0 [ 26.877154] print_report+0xd1/0x650 [ 26.877177] ? __virt_addr_valid+0x1db/0x2d0 [ 26.877201] ? kasan_atomics_helper+0x4fa5/0x5450 [ 26.877227] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.877254] ? kasan_atomics_helper+0x4fa5/0x5450 [ 26.877280] kasan_report+0x141/0x180 [ 26.877303] ? kasan_atomics_helper+0x4fa5/0x5450 [ 26.877334] __asan_report_load8_noabort+0x18/0x20 [ 26.877359] kasan_atomics_helper+0x4fa5/0x5450 [ 26.877387] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.877413] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.877438] ? kasan_atomics+0x152/0x310 [ 26.877475] kasan_atomics+0x1dc/0x310 [ 26.877499] ? __pfx_kasan_atomics+0x10/0x10 [ 26.877522] ? trace_hardirqs_on+0x37/0xe0 [ 26.877545] ? __pfx_read_tsc+0x10/0x10 [ 26.877568] ? ktime_get_ts64+0x86/0x230 [ 26.877592] kunit_try_run_case+0x1a5/0x480 [ 26.877618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.877644] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.877668] ? __kthread_parkme+0x82/0x180 [ 26.877689] ? preempt_count_sub+0x50/0x80 [ 26.877714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.877740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.877765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.877792] kthread+0x337/0x6f0 [ 26.877814] ? trace_preempt_on+0x20/0xc0 [ 26.877840] ? __pfx_kthread+0x10/0x10 [ 26.877872] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.877897] ? calculate_sigpending+0x7b/0xa0 [ 26.877922] ? __pfx_kthread+0x10/0x10 [ 26.877945] ret_from_fork+0x116/0x1d0 [ 26.877966] ? __pfx_kthread+0x10/0x10 [ 26.877988] ret_from_fork_asm+0x1a/0x30 [ 26.878020] </TASK> [ 26.878032] [ 26.888424] Allocated by task 314: [ 26.888735] kasan_save_stack+0x45/0x70 [ 26.888932] kasan_save_track+0x18/0x40 [ 26.889273] kasan_save_alloc_info+0x3b/0x50 [ 26.889547] __kasan_kmalloc+0xb7/0xc0 [ 26.889706] __kmalloc_cache_noprof+0x189/0x420 [ 26.889930] kasan_atomics+0x95/0x310 [ 26.890074] kunit_try_run_case+0x1a5/0x480 [ 26.890297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.890476] kthread+0x337/0x6f0 [ 26.890591] ret_from_fork+0x116/0x1d0 [ 26.890718] ret_from_fork_asm+0x1a/0x30 [ 26.890851] [ 26.890918] The buggy address belongs to the object at ffff888106195400 [ 26.890918] which belongs to the cache kmalloc-64 of size 64 [ 26.891375] The buggy address is located 0 bytes to the right of [ 26.891375] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.892483] [ 26.892584] The buggy address belongs to the physical page: [ 26.893053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.893549] flags: 0x200000000000000(node=0|zone=2) [ 26.893776] page_type: f5(slab) [ 26.893984] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.894216] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.894439] page dumped because: kasan: bad access detected [ 26.894616] [ 26.894683] Memory state around the buggy address: [ 26.894834] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.895256] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.895919] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.896243] ^ [ 26.896595] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.896845] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.897301] ================================================================== [ 26.046569] ================================================================== [ 26.046922] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 26.047280] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.047573] [ 26.047670] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.047719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.047734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.047756] Call Trace: [ 26.047771] <TASK> [ 26.047788] dump_stack_lvl+0x73/0xb0 [ 26.047814] print_report+0xd1/0x650 [ 26.047837] ? __virt_addr_valid+0x1db/0x2d0 [ 26.047860] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.047886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.047913] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.047938] kasan_report+0x141/0x180 [ 26.047961] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.047992] __asan_report_load4_noabort+0x18/0x20 [ 26.048017] kasan_atomics_helper+0x4a84/0x5450 [ 26.048044] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.048070] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.048095] ? kasan_atomics+0x152/0x310 [ 26.048122] kasan_atomics+0x1dc/0x310 [ 26.048145] ? __pfx_kasan_atomics+0x10/0x10 [ 26.048168] ? trace_hardirqs_on+0x37/0xe0 [ 26.048192] ? __pfx_read_tsc+0x10/0x10 [ 26.048215] ? ktime_get_ts64+0x86/0x230 [ 26.048239] kunit_try_run_case+0x1a5/0x480 [ 26.048265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.048292] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.048315] ? __kthread_parkme+0x82/0x180 [ 26.048336] ? preempt_count_sub+0x50/0x80 [ 26.048361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.048387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.048412] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.048438] kthread+0x337/0x6f0 [ 26.048469] ? trace_preempt_on+0x20/0xc0 [ 26.048493] ? __pfx_kthread+0x10/0x10 [ 26.048516] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.048541] ? calculate_sigpending+0x7b/0xa0 [ 26.048567] ? __pfx_kthread+0x10/0x10 [ 26.048590] ret_from_fork+0x116/0x1d0 [ 26.048610] ? __pfx_kthread+0x10/0x10 [ 26.048633] ret_from_fork_asm+0x1a/0x30 [ 26.048665] </TASK> [ 26.048677] [ 26.055950] Allocated by task 314: [ 26.056127] kasan_save_stack+0x45/0x70 [ 26.056332] kasan_save_track+0x18/0x40 [ 26.056479] kasan_save_alloc_info+0x3b/0x50 [ 26.056623] __kasan_kmalloc+0xb7/0xc0 [ 26.056753] __kmalloc_cache_noprof+0x189/0x420 [ 26.056902] kasan_atomics+0x95/0x310 [ 26.057029] kunit_try_run_case+0x1a5/0x480 [ 26.057169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.057421] kthread+0x337/0x6f0 [ 26.057592] ret_from_fork+0x116/0x1d0 [ 26.057774] ret_from_fork_asm+0x1a/0x30 [ 26.057969] [ 26.058059] The buggy address belongs to the object at ffff888106195400 [ 26.058059] which belongs to the cache kmalloc-64 of size 64 [ 26.058802] The buggy address is located 0 bytes to the right of [ 26.058802] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.059160] [ 26.059226] The buggy address belongs to the physical page: [ 26.059394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.059708] flags: 0x200000000000000(node=0|zone=2) [ 26.059939] page_type: f5(slab) [ 26.060102] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.060552] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.060888] page dumped because: kasan: bad access detected [ 26.061141] [ 26.061283] Memory state around the buggy address: [ 26.061515] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.061833] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.062108] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.062576] ^ [ 26.062727] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.062936] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.063213] ================================================================== [ 26.506938] ================================================================== [ 26.507363] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 26.507818] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.508150] [ 26.508704] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.508828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.508845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.508867] Call Trace: [ 26.508885] <TASK> [ 26.508903] dump_stack_lvl+0x73/0xb0 [ 26.508933] print_report+0xd1/0x650 [ 26.508957] ? __virt_addr_valid+0x1db/0x2d0 [ 26.508981] ? kasan_atomics_helper+0x1818/0x5450 [ 26.509009] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.509037] ? kasan_atomics_helper+0x1818/0x5450 [ 26.509063] kasan_report+0x141/0x180 [ 26.509087] ? kasan_atomics_helper+0x1818/0x5450 [ 26.509117] kasan_check_range+0x10c/0x1c0 [ 26.509142] __kasan_check_write+0x18/0x20 [ 26.509167] kasan_atomics_helper+0x1818/0x5450 [ 26.509195] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.509221] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.509247] ? kasan_atomics+0x152/0x310 [ 26.509275] kasan_atomics+0x1dc/0x310 [ 26.509298] ? __pfx_kasan_atomics+0x10/0x10 [ 26.509320] ? trace_hardirqs_on+0x37/0xe0 [ 26.509344] ? __pfx_read_tsc+0x10/0x10 [ 26.509367] ? ktime_get_ts64+0x86/0x230 [ 26.509392] kunit_try_run_case+0x1a5/0x480 [ 26.509419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.509445] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.509481] ? __kthread_parkme+0x82/0x180 [ 26.509503] ? preempt_count_sub+0x50/0x80 [ 26.509527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.509554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.509579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.509604] kthread+0x337/0x6f0 [ 26.509625] ? trace_preempt_on+0x20/0xc0 [ 26.509648] ? __pfx_kthread+0x10/0x10 [ 26.509671] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.509696] ? calculate_sigpending+0x7b/0xa0 [ 26.509721] ? __pfx_kthread+0x10/0x10 [ 26.509745] ret_from_fork+0x116/0x1d0 [ 26.509765] ? __pfx_kthread+0x10/0x10 [ 26.509787] ret_from_fork_asm+0x1a/0x30 [ 26.509820] </TASK> [ 26.509833] [ 26.519680] Allocated by task 314: [ 26.519838] kasan_save_stack+0x45/0x70 [ 26.520034] kasan_save_track+0x18/0x40 [ 26.520530] kasan_save_alloc_info+0x3b/0x50 [ 26.520735] __kasan_kmalloc+0xb7/0xc0 [ 26.520960] __kmalloc_cache_noprof+0x189/0x420 [ 26.521247] kasan_atomics+0x95/0x310 [ 26.521527] kunit_try_run_case+0x1a5/0x480 [ 26.521848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.522027] kthread+0x337/0x6f0 [ 26.522305] ret_from_fork+0x116/0x1d0 [ 26.522675] ret_from_fork_asm+0x1a/0x30 [ 26.523082] [ 26.523214] The buggy address belongs to the object at ffff888106195400 [ 26.523214] which belongs to the cache kmalloc-64 of size 64 [ 26.523842] The buggy address is located 0 bytes to the right of [ 26.523842] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.524493] [ 26.524600] The buggy address belongs to the physical page: [ 26.525002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.525415] flags: 0x200000000000000(node=0|zone=2) [ 26.525722] page_type: f5(slab) [ 26.525949] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.526264] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.526720] page dumped because: kasan: bad access detected [ 26.527049] [ 26.527146] Memory state around the buggy address: [ 26.527367] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.527677] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.527969] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.528544] ^ [ 26.528748] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.529153] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.529719] ================================================================== [ 25.687245] ================================================================== [ 25.687639] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 25.687960] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.688277] [ 25.688363] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.688582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.688598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.688620] Call Trace: [ 25.688635] <TASK> [ 25.688652] dump_stack_lvl+0x73/0xb0 [ 25.688682] print_report+0xd1/0x650 [ 25.688706] ? __virt_addr_valid+0x1db/0x2d0 [ 25.688730] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.688757] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.688784] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.688811] kasan_report+0x141/0x180 [ 25.688834] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.688866] __asan_report_load4_noabort+0x18/0x20 [ 25.688892] kasan_atomics_helper+0x4b54/0x5450 [ 25.688956] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.688984] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.689028] ? kasan_atomics+0x152/0x310 [ 25.689055] kasan_atomics+0x1dc/0x310 [ 25.689080] ? __pfx_kasan_atomics+0x10/0x10 [ 25.689103] ? trace_hardirqs_on+0x37/0xe0 [ 25.689127] ? __pfx_read_tsc+0x10/0x10 [ 25.689241] ? ktime_get_ts64+0x86/0x230 [ 25.689284] kunit_try_run_case+0x1a5/0x480 [ 25.689311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.689351] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.689375] ? __kthread_parkme+0x82/0x180 [ 25.689412] ? preempt_count_sub+0x50/0x80 [ 25.689437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.689477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.689503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.689543] kthread+0x337/0x6f0 [ 25.689565] ? trace_preempt_on+0x20/0xc0 [ 25.689588] ? __pfx_kthread+0x10/0x10 [ 25.689611] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.689637] ? calculate_sigpending+0x7b/0xa0 [ 25.689663] ? __pfx_kthread+0x10/0x10 [ 25.689686] ret_from_fork+0x116/0x1d0 [ 25.689707] ? __pfx_kthread+0x10/0x10 [ 25.689730] ret_from_fork_asm+0x1a/0x30 [ 25.689764] </TASK> [ 25.689777] [ 25.698215] Allocated by task 314: [ 25.698338] kasan_save_stack+0x45/0x70 [ 25.698559] kasan_save_track+0x18/0x40 [ 25.698854] kasan_save_alloc_info+0x3b/0x50 [ 25.699085] __kasan_kmalloc+0xb7/0xc0 [ 25.699415] __kmalloc_cache_noprof+0x189/0x420 [ 25.699637] kasan_atomics+0x95/0x310 [ 25.699797] kunit_try_run_case+0x1a5/0x480 [ 25.699941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.700229] kthread+0x337/0x6f0 [ 25.700415] ret_from_fork+0x116/0x1d0 [ 25.700762] ret_from_fork_asm+0x1a/0x30 [ 25.700929] [ 25.701031] The buggy address belongs to the object at ffff888106195400 [ 25.701031] which belongs to the cache kmalloc-64 of size 64 [ 25.701489] The buggy address is located 0 bytes to the right of [ 25.701489] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.702119] [ 25.702211] The buggy address belongs to the physical page: [ 25.702452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.702954] flags: 0x200000000000000(node=0|zone=2) [ 25.703121] page_type: f5(slab) [ 25.703429] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.703812] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.704128] page dumped because: kasan: bad access detected [ 25.704374] [ 25.704488] Memory state around the buggy address: [ 25.704699] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.705420] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.705650] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.706032] ^ [ 25.706409] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.706762] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.707268] ================================================================== [ 26.306050] ================================================================== [ 26.306319] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 26.306676] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.307001] [ 26.307104] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.307150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.307163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.307187] Call Trace: [ 26.307209] <TASK> [ 26.307225] dump_stack_lvl+0x73/0xb0 [ 26.307251] print_report+0xd1/0x650 [ 26.307275] ? __virt_addr_valid+0x1db/0x2d0 [ 26.307299] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.307325] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.307352] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.307379] kasan_report+0x141/0x180 [ 26.307402] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.307433] __asan_report_load4_noabort+0x18/0x20 [ 26.307470] kasan_atomics_helper+0x49ce/0x5450 [ 26.307497] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.307524] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.307549] ? kasan_atomics+0x152/0x310 [ 26.307577] kasan_atomics+0x1dc/0x310 [ 26.307600] ? __pfx_kasan_atomics+0x10/0x10 [ 26.307623] ? trace_hardirqs_on+0x37/0xe0 [ 26.307647] ? __pfx_read_tsc+0x10/0x10 [ 26.307670] ? ktime_get_ts64+0x86/0x230 [ 26.307694] kunit_try_run_case+0x1a5/0x480 [ 26.307720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.307746] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.307769] ? __kthread_parkme+0x82/0x180 [ 26.307792] ? preempt_count_sub+0x50/0x80 [ 26.307816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.307843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.307868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.307894] kthread+0x337/0x6f0 [ 26.307915] ? trace_preempt_on+0x20/0xc0 [ 26.307939] ? __pfx_kthread+0x10/0x10 [ 26.307961] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.307986] ? calculate_sigpending+0x7b/0xa0 [ 26.308012] ? __pfx_kthread+0x10/0x10 [ 26.308036] ret_from_fork+0x116/0x1d0 [ 26.308056] ? __pfx_kthread+0x10/0x10 [ 26.308079] ret_from_fork_asm+0x1a/0x30 [ 26.308111] </TASK> [ 26.308123] [ 26.315320] Allocated by task 314: [ 26.315497] kasan_save_stack+0x45/0x70 [ 26.315677] kasan_save_track+0x18/0x40 [ 26.315839] kasan_save_alloc_info+0x3b/0x50 [ 26.316043] __kasan_kmalloc+0xb7/0xc0 [ 26.316198] __kmalloc_cache_noprof+0x189/0x420 [ 26.316419] kasan_atomics+0x95/0x310 [ 26.316572] kunit_try_run_case+0x1a5/0x480 [ 26.316779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.316998] kthread+0x337/0x6f0 [ 26.317144] ret_from_fork+0x116/0x1d0 [ 26.317315] ret_from_fork_asm+0x1a/0x30 [ 26.317528] [ 26.317599] The buggy address belongs to the object at ffff888106195400 [ 26.317599] which belongs to the cache kmalloc-64 of size 64 [ 26.318044] The buggy address is located 0 bytes to the right of [ 26.318044] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.318539] [ 26.318605] The buggy address belongs to the physical page: [ 26.318774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.319100] flags: 0x200000000000000(node=0|zone=2) [ 26.319328] page_type: f5(slab) [ 26.319500] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.319768] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.319991] page dumped because: kasan: bad access detected [ 26.320217] [ 26.320307] Memory state around the buggy address: [ 26.320536] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.320859] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.321185] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.321531] ^ [ 26.321737] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.321998] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.322335] ================================================================== [ 25.614759] ================================================================== [ 25.615014] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 25.615971] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.616737] [ 25.616841] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.616892] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.616906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.616926] Call Trace: [ 25.616939] <TASK> [ 25.616955] dump_stack_lvl+0x73/0xb0 [ 25.616982] print_report+0xd1/0x650 [ 25.617004] ? __virt_addr_valid+0x1db/0x2d0 [ 25.617027] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.617052] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.617078] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.617103] kasan_report+0x141/0x180 [ 25.617125] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.617155] __asan_report_load4_noabort+0x18/0x20 [ 25.617179] kasan_atomics_helper+0x4b88/0x5450 [ 25.617219] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.617244] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.617268] ? kasan_atomics+0x152/0x310 [ 25.617294] kasan_atomics+0x1dc/0x310 [ 25.617317] ? __pfx_kasan_atomics+0x10/0x10 [ 25.617339] ? trace_hardirqs_on+0x37/0xe0 [ 25.617360] ? __pfx_read_tsc+0x10/0x10 [ 25.617381] ? ktime_get_ts64+0x86/0x230 [ 25.617405] kunit_try_run_case+0x1a5/0x480 [ 25.617430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.617468] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.617490] ? __kthread_parkme+0x82/0x180 [ 25.617511] ? preempt_count_sub+0x50/0x80 [ 25.617534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.617559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.617583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.617607] kthread+0x337/0x6f0 [ 25.617627] ? trace_preempt_on+0x20/0xc0 [ 25.617648] ? __pfx_kthread+0x10/0x10 [ 25.617670] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.617694] ? calculate_sigpending+0x7b/0xa0 [ 25.617719] ? __pfx_kthread+0x10/0x10 [ 25.617741] ret_from_fork+0x116/0x1d0 [ 25.617759] ? __pfx_kthread+0x10/0x10 [ 25.617780] ret_from_fork_asm+0x1a/0x30 [ 25.617810] </TASK> [ 25.617822] [ 25.625640] Allocated by task 314: [ 25.625820] kasan_save_stack+0x45/0x70 [ 25.626029] kasan_save_track+0x18/0x40 [ 25.626208] kasan_save_alloc_info+0x3b/0x50 [ 25.626512] __kasan_kmalloc+0xb7/0xc0 [ 25.626716] __kmalloc_cache_noprof+0x189/0x420 [ 25.626928] kasan_atomics+0x95/0x310 [ 25.627103] kunit_try_run_case+0x1a5/0x480 [ 25.627242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.627509] kthread+0x337/0x6f0 [ 25.627666] ret_from_fork+0x116/0x1d0 [ 25.627793] ret_from_fork_asm+0x1a/0x30 [ 25.628001] [ 25.628069] The buggy address belongs to the object at ffff888106195400 [ 25.628069] which belongs to the cache kmalloc-64 of size 64 [ 25.628402] The buggy address is located 0 bytes to the right of [ 25.628402] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.629034] [ 25.629136] The buggy address belongs to the physical page: [ 25.629444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.629812] flags: 0x200000000000000(node=0|zone=2) [ 25.630070] page_type: f5(slab) [ 25.630345] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.630676] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.630893] page dumped because: kasan: bad access detected [ 25.631130] [ 25.631244] Memory state around the buggy address: [ 25.631549] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.631784] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.631989] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.632189] ^ [ 25.632408] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.632731] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.633206] ================================================================== [ 25.707676] ================================================================== [ 25.708024] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 25.708577] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.708869] [ 25.708996] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.709083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.709097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.709121] Call Trace: [ 25.709137] <TASK> [ 25.709153] dump_stack_lvl+0x73/0xb0 [ 25.709322] print_report+0xd1/0x650 [ 25.709348] ? __virt_addr_valid+0x1db/0x2d0 [ 25.709373] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.709400] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.709427] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.709470] kasan_report+0x141/0x180 [ 25.709493] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.709524] kasan_check_range+0x10c/0x1c0 [ 25.709575] __kasan_check_write+0x18/0x20 [ 25.709600] kasan_atomics_helper+0x4a0/0x5450 [ 25.709642] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.709670] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.709695] ? kasan_atomics+0x152/0x310 [ 25.709723] kasan_atomics+0x1dc/0x310 [ 25.709747] ? __pfx_kasan_atomics+0x10/0x10 [ 25.709771] ? trace_hardirqs_on+0x37/0xe0 [ 25.709794] ? __pfx_read_tsc+0x10/0x10 [ 25.709816] ? ktime_get_ts64+0x86/0x230 [ 25.709846] kunit_try_run_case+0x1a5/0x480 [ 25.709871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.709898] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.709939] ? __kthread_parkme+0x82/0x180 [ 25.709962] ? preempt_count_sub+0x50/0x80 [ 25.709987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.710013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.710039] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.710065] kthread+0x337/0x6f0 [ 25.710086] ? trace_preempt_on+0x20/0xc0 [ 25.710128] ? __pfx_kthread+0x10/0x10 [ 25.710228] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.710260] ? calculate_sigpending+0x7b/0xa0 [ 25.710287] ? __pfx_kthread+0x10/0x10 [ 25.710311] ret_from_fork+0x116/0x1d0 [ 25.710358] ? __pfx_kthread+0x10/0x10 [ 25.710382] ret_from_fork_asm+0x1a/0x30 [ 25.710415] </TASK> [ 25.710429] [ 25.719199] Allocated by task 314: [ 25.719532] kasan_save_stack+0x45/0x70 [ 25.719739] kasan_save_track+0x18/0x40 [ 25.720191] kasan_save_alloc_info+0x3b/0x50 [ 25.720466] __kasan_kmalloc+0xb7/0xc0 [ 25.720661] __kmalloc_cache_noprof+0x189/0x420 [ 25.720808] kasan_atomics+0x95/0x310 [ 25.720989] kunit_try_run_case+0x1a5/0x480 [ 25.721226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.721551] kthread+0x337/0x6f0 [ 25.722019] ret_from_fork+0x116/0x1d0 [ 25.722248] ret_from_fork_asm+0x1a/0x30 [ 25.722424] [ 25.722547] The buggy address belongs to the object at ffff888106195400 [ 25.722547] which belongs to the cache kmalloc-64 of size 64 [ 25.723107] The buggy address is located 0 bytes to the right of [ 25.723107] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.723829] [ 25.723903] The buggy address belongs to the physical page: [ 25.724068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.724642] flags: 0x200000000000000(node=0|zone=2) [ 25.725015] page_type: f5(slab) [ 25.725166] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.725601] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.725970] page dumped because: kasan: bad access detected [ 25.726316] [ 25.726484] Memory state around the buggy address: [ 25.727244] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.727490] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.727733] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.728020] ^ [ 25.728488] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.729119] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.730332] ================================================================== [ 26.029322] ================================================================== [ 26.029668] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 26.029991] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.030362] [ 26.030443] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.030501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.030516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.030537] Call Trace: [ 26.030551] <TASK> [ 26.030567] dump_stack_lvl+0x73/0xb0 [ 26.030594] print_report+0xd1/0x650 [ 26.030616] ? __virt_addr_valid+0x1db/0x2d0 [ 26.030640] ? kasan_atomics_helper+0xc70/0x5450 [ 26.030666] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.030692] ? kasan_atomics_helper+0xc70/0x5450 [ 26.030718] kasan_report+0x141/0x180 [ 26.030742] ? kasan_atomics_helper+0xc70/0x5450 [ 26.030772] kasan_check_range+0x10c/0x1c0 [ 26.030797] __kasan_check_write+0x18/0x20 [ 26.030821] kasan_atomics_helper+0xc70/0x5450 [ 26.030849] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.030875] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.030901] ? kasan_atomics+0x152/0x310 [ 26.030927] kasan_atomics+0x1dc/0x310 [ 26.030951] ? __pfx_kasan_atomics+0x10/0x10 [ 26.030974] ? trace_hardirqs_on+0x37/0xe0 [ 26.030997] ? __pfx_read_tsc+0x10/0x10 [ 26.031020] ? ktime_get_ts64+0x86/0x230 [ 26.031045] kunit_try_run_case+0x1a5/0x480 [ 26.031070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.031096] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.031119] ? __kthread_parkme+0x82/0x180 [ 26.031141] ? preempt_count_sub+0x50/0x80 [ 26.031165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.031388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.031427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.031467] kthread+0x337/0x6f0 [ 26.031489] ? trace_preempt_on+0x20/0xc0 [ 26.031513] ? __pfx_kthread+0x10/0x10 [ 26.031536] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.031562] ? calculate_sigpending+0x7b/0xa0 [ 26.031587] ? __pfx_kthread+0x10/0x10 [ 26.031611] ret_from_fork+0x116/0x1d0 [ 26.031632] ? __pfx_kthread+0x10/0x10 [ 26.031654] ret_from_fork_asm+0x1a/0x30 [ 26.031686] </TASK> [ 26.031698] [ 26.038950] Allocated by task 314: [ 26.039125] kasan_save_stack+0x45/0x70 [ 26.039385] kasan_save_track+0x18/0x40 [ 26.039571] kasan_save_alloc_info+0x3b/0x50 [ 26.039715] __kasan_kmalloc+0xb7/0xc0 [ 26.039844] __kmalloc_cache_noprof+0x189/0x420 [ 26.039994] kasan_atomics+0x95/0x310 [ 26.040120] kunit_try_run_case+0x1a5/0x480 [ 26.040311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.040571] kthread+0x337/0x6f0 [ 26.040740] ret_from_fork+0x116/0x1d0 [ 26.040922] ret_from_fork_asm+0x1a/0x30 [ 26.041113] [ 26.041208] The buggy address belongs to the object at ffff888106195400 [ 26.041208] which belongs to the cache kmalloc-64 of size 64 [ 26.041744] The buggy address is located 0 bytes to the right of [ 26.041744] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.042336] [ 26.042418] The buggy address belongs to the physical page: [ 26.042642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.042900] flags: 0x200000000000000(node=0|zone=2) [ 26.043059] page_type: f5(slab) [ 26.043194] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.043541] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.043876] page dumped because: kasan: bad access detected [ 26.044107] [ 26.044203] Memory state around the buggy address: [ 26.044366] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.044666] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.044958] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.045287] ^ [ 26.045482] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.045736] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.046021] ================================================================== [ 26.356828] ================================================================== [ 26.357071] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 26.357304] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.357540] [ 26.357620] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.357666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.357680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.357703] Call Trace: [ 26.357717] <TASK> [ 26.357732] dump_stack_lvl+0x73/0xb0 [ 26.357757] print_report+0xd1/0x650 [ 26.357780] ? __virt_addr_valid+0x1db/0x2d0 [ 26.357804] ? kasan_atomics_helper+0x1467/0x5450 [ 26.357829] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.357864] ? kasan_atomics_helper+0x1467/0x5450 [ 26.357890] kasan_report+0x141/0x180 [ 26.357914] ? kasan_atomics_helper+0x1467/0x5450 [ 26.357944] kasan_check_range+0x10c/0x1c0 [ 26.357969] __kasan_check_write+0x18/0x20 [ 26.357994] kasan_atomics_helper+0x1467/0x5450 [ 26.358021] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.358048] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.358074] ? kasan_atomics+0x152/0x310 [ 26.358100] kasan_atomics+0x1dc/0x310 [ 26.358124] ? __pfx_kasan_atomics+0x10/0x10 [ 26.358147] ? trace_hardirqs_on+0x37/0xe0 [ 26.358170] ? __pfx_read_tsc+0x10/0x10 [ 26.358192] ? ktime_get_ts64+0x86/0x230 [ 26.358216] kunit_try_run_case+0x1a5/0x480 [ 26.358242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.358268] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.358291] ? __kthread_parkme+0x82/0x180 [ 26.358313] ? preempt_count_sub+0x50/0x80 [ 26.358338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.358363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.358407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.358433] kthread+0x337/0x6f0 [ 26.358465] ? trace_preempt_on+0x20/0xc0 [ 26.358490] ? __pfx_kthread+0x10/0x10 [ 26.358512] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.358538] ? calculate_sigpending+0x7b/0xa0 [ 26.358563] ? __pfx_kthread+0x10/0x10 [ 26.358587] ret_from_fork+0x116/0x1d0 [ 26.358607] ? __pfx_kthread+0x10/0x10 [ 26.358630] ret_from_fork_asm+0x1a/0x30 [ 26.358663] </TASK> [ 26.358675] [ 26.366373] Allocated by task 314: [ 26.366507] kasan_save_stack+0x45/0x70 [ 26.366648] kasan_save_track+0x18/0x40 [ 26.366778] kasan_save_alloc_info+0x3b/0x50 [ 26.366920] __kasan_kmalloc+0xb7/0xc0 [ 26.367051] __kmalloc_cache_noprof+0x189/0x420 [ 26.367201] kasan_atomics+0x95/0x310 [ 26.367327] kunit_try_run_case+0x1a5/0x480 [ 26.367486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.367735] kthread+0x337/0x6f0 [ 26.367901] ret_from_fork+0x116/0x1d0 [ 26.368085] ret_from_fork_asm+0x1a/0x30 [ 26.368279] [ 26.368370] The buggy address belongs to the object at ffff888106195400 [ 26.368370] which belongs to the cache kmalloc-64 of size 64 [ 26.369002] The buggy address is located 0 bytes to the right of [ 26.369002] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.369897] [ 26.370008] The buggy address belongs to the physical page: [ 26.370176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.370411] flags: 0x200000000000000(node=0|zone=2) [ 26.370578] page_type: f5(slab) [ 26.370692] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.370920] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.371326] page dumped because: kasan: bad access detected [ 26.371582] [ 26.371672] Memory state around the buggy address: [ 26.371888] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.372197] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.372517] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.372831] ^ [ 26.373047] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.373366] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.373588] ================================================================== [ 26.624089] ================================================================== [ 26.624446] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 26.624724] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.625052] [ 26.625153] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.625218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.625233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.625255] Call Trace: [ 26.625269] <TASK> [ 26.625286] dump_stack_lvl+0x73/0xb0 [ 26.625312] print_report+0xd1/0x650 [ 26.625335] ? __virt_addr_valid+0x1db/0x2d0 [ 26.625359] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.625385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.625411] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.625437] kasan_report+0x141/0x180 [ 26.625469] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.625500] kasan_check_range+0x10c/0x1c0 [ 26.625525] __kasan_check_write+0x18/0x20 [ 26.625549] kasan_atomics_helper+0x1c18/0x5450 [ 26.625576] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.625602] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.625628] ? kasan_atomics+0x152/0x310 [ 26.625654] kasan_atomics+0x1dc/0x310 [ 26.625677] ? __pfx_kasan_atomics+0x10/0x10 [ 26.625700] ? trace_hardirqs_on+0x37/0xe0 [ 26.625723] ? __pfx_read_tsc+0x10/0x10 [ 26.625745] ? ktime_get_ts64+0x86/0x230 [ 26.625770] kunit_try_run_case+0x1a5/0x480 [ 26.625794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.625821] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.625852] ? __kthread_parkme+0x82/0x180 [ 26.625873] ? preempt_count_sub+0x50/0x80 [ 26.625897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.625923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.625947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.625974] kthread+0x337/0x6f0 [ 26.625995] ? trace_preempt_on+0x20/0xc0 [ 26.626018] ? __pfx_kthread+0x10/0x10 [ 26.626040] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.626065] ? calculate_sigpending+0x7b/0xa0 [ 26.626090] ? __pfx_kthread+0x10/0x10 [ 26.626113] ret_from_fork+0x116/0x1d0 [ 26.626133] ? __pfx_kthread+0x10/0x10 [ 26.626156] ret_from_fork_asm+0x1a/0x30 [ 26.626208] </TASK> [ 26.626220] [ 26.633128] Allocated by task 314: [ 26.633275] kasan_save_stack+0x45/0x70 [ 26.633419] kasan_save_track+0x18/0x40 [ 26.633557] kasan_save_alloc_info+0x3b/0x50 [ 26.633724] __kasan_kmalloc+0xb7/0xc0 [ 26.633916] __kmalloc_cache_noprof+0x189/0x420 [ 26.634126] kasan_atomics+0x95/0x310 [ 26.634335] kunit_try_run_case+0x1a5/0x480 [ 26.634547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.634788] kthread+0x337/0x6f0 [ 26.634954] ret_from_fork+0x116/0x1d0 [ 26.635142] ret_from_fork_asm+0x1a/0x30 [ 26.635351] [ 26.635442] The buggy address belongs to the object at ffff888106195400 [ 26.635442] which belongs to the cache kmalloc-64 of size 64 [ 26.635961] The buggy address is located 0 bytes to the right of [ 26.635961] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.636350] [ 26.636443] The buggy address belongs to the physical page: [ 26.636702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.637033] flags: 0x200000000000000(node=0|zone=2) [ 26.637261] page_type: f5(slab) [ 26.637411] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.637704] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.638009] page dumped because: kasan: bad access detected [ 26.638274] [ 26.638355] Memory state around the buggy address: [ 26.638559] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.638831] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.639101] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.639402] ^ [ 26.639605] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.639879] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.640165] ================================================================== [ 26.693586] ================================================================== [ 26.693929] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 26.694424] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.694788] [ 26.694895] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.694942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.694956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.694978] Call Trace: [ 26.695012] <TASK> [ 26.695028] dump_stack_lvl+0x73/0xb0 [ 26.695070] print_report+0xd1/0x650 [ 26.695107] ? __virt_addr_valid+0x1db/0x2d0 [ 26.695157] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.695223] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.695250] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.695277] kasan_report+0x141/0x180 [ 26.695300] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.695331] kasan_check_range+0x10c/0x1c0 [ 26.695356] __kasan_check_write+0x18/0x20 [ 26.695380] kasan_atomics_helper+0x1e12/0x5450 [ 26.695407] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.695434] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.695467] ? kasan_atomics+0x152/0x310 [ 26.695495] kasan_atomics+0x1dc/0x310 [ 26.695517] ? __pfx_kasan_atomics+0x10/0x10 [ 26.695541] ? trace_hardirqs_on+0x37/0xe0 [ 26.695563] ? __pfx_read_tsc+0x10/0x10 [ 26.695587] ? ktime_get_ts64+0x86/0x230 [ 26.695612] kunit_try_run_case+0x1a5/0x480 [ 26.695638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.695665] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.695688] ? __kthread_parkme+0x82/0x180 [ 26.695709] ? preempt_count_sub+0x50/0x80 [ 26.695733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.695759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.695783] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.695809] kthread+0x337/0x6f0 [ 26.695830] ? trace_preempt_on+0x20/0xc0 [ 26.695872] ? __pfx_kthread+0x10/0x10 [ 26.695895] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.695920] ? calculate_sigpending+0x7b/0xa0 [ 26.695945] ? __pfx_kthread+0x10/0x10 [ 26.695968] ret_from_fork+0x116/0x1d0 [ 26.695988] ? __pfx_kthread+0x10/0x10 [ 26.696010] ret_from_fork_asm+0x1a/0x30 [ 26.696042] </TASK> [ 26.696055] [ 26.703366] Allocated by task 314: [ 26.703514] kasan_save_stack+0x45/0x70 [ 26.703712] kasan_save_track+0x18/0x40 [ 26.703897] kasan_save_alloc_info+0x3b/0x50 [ 26.704064] __kasan_kmalloc+0xb7/0xc0 [ 26.704220] __kmalloc_cache_noprof+0x189/0x420 [ 26.704371] kasan_atomics+0x95/0x310 [ 26.704560] kunit_try_run_case+0x1a5/0x480 [ 26.704785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.705036] kthread+0x337/0x6f0 [ 26.705247] ret_from_fork+0x116/0x1d0 [ 26.705429] ret_from_fork_asm+0x1a/0x30 [ 26.705638] [ 26.705718] The buggy address belongs to the object at ffff888106195400 [ 26.705718] which belongs to the cache kmalloc-64 of size 64 [ 26.706217] The buggy address is located 0 bytes to the right of [ 26.706217] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.706729] [ 26.706820] The buggy address belongs to the physical page: [ 26.707061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.707416] flags: 0x200000000000000(node=0|zone=2) [ 26.707654] page_type: f5(slab) [ 26.707803] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.708091] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.708479] page dumped because: kasan: bad access detected [ 26.708721] [ 26.708834] Memory state around the buggy address: [ 26.709096] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.709506] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.709819] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.710144] ^ [ 26.710389] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.710709] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.711013] ================================================================== [ 26.436898] ================================================================== [ 26.437351] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 26.437951] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.438550] [ 26.438878] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.439014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.439033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.439056] Call Trace: [ 26.439074] <TASK> [ 26.439092] dump_stack_lvl+0x73/0xb0 [ 26.439122] print_report+0xd1/0x650 [ 26.439146] ? __virt_addr_valid+0x1db/0x2d0 [ 26.439170] ? kasan_atomics_helper+0x164f/0x5450 [ 26.439196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.439223] ? kasan_atomics_helper+0x164f/0x5450 [ 26.439250] kasan_report+0x141/0x180 [ 26.439272] ? kasan_atomics_helper+0x164f/0x5450 [ 26.439303] kasan_check_range+0x10c/0x1c0 [ 26.439327] __kasan_check_write+0x18/0x20 [ 26.439352] kasan_atomics_helper+0x164f/0x5450 [ 26.439379] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.439406] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.439432] ? kasan_atomics+0x152/0x310 [ 26.439471] kasan_atomics+0x1dc/0x310 [ 26.439495] ? __pfx_kasan_atomics+0x10/0x10 [ 26.439518] ? trace_hardirqs_on+0x37/0xe0 [ 26.439542] ? __pfx_read_tsc+0x10/0x10 [ 26.439564] ? ktime_get_ts64+0x86/0x230 [ 26.439590] kunit_try_run_case+0x1a5/0x480 [ 26.439615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.439641] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.439664] ? __kthread_parkme+0x82/0x180 [ 26.439687] ? preempt_count_sub+0x50/0x80 [ 26.439711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.439737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.439762] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.439788] kthread+0x337/0x6f0 [ 26.439809] ? trace_preempt_on+0x20/0xc0 [ 26.439832] ? __pfx_kthread+0x10/0x10 [ 26.439854] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.439879] ? calculate_sigpending+0x7b/0xa0 [ 26.439904] ? __pfx_kthread+0x10/0x10 [ 26.439927] ret_from_fork+0x116/0x1d0 [ 26.439948] ? __pfx_kthread+0x10/0x10 [ 26.439970] ret_from_fork_asm+0x1a/0x30 [ 26.440002] </TASK> [ 26.440015] [ 26.450511] Allocated by task 314: [ 26.450754] kasan_save_stack+0x45/0x70 [ 26.450956] kasan_save_track+0x18/0x40 [ 26.451093] kasan_save_alloc_info+0x3b/0x50 [ 26.451298] __kasan_kmalloc+0xb7/0xc0 [ 26.451490] __kmalloc_cache_noprof+0x189/0x420 [ 26.451668] kasan_atomics+0x95/0x310 [ 26.451832] kunit_try_run_case+0x1a5/0x480 [ 26.452018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.452655] kthread+0x337/0x6f0 [ 26.452813] ret_from_fork+0x116/0x1d0 [ 26.452945] ret_from_fork_asm+0x1a/0x30 [ 26.453302] [ 26.453394] The buggy address belongs to the object at ffff888106195400 [ 26.453394] which belongs to the cache kmalloc-64 of size 64 [ 26.454110] The buggy address is located 0 bytes to the right of [ 26.454110] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.454739] [ 26.454967] The buggy address belongs to the physical page: [ 26.455266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.455619] flags: 0x200000000000000(node=0|zone=2) [ 26.455891] page_type: f5(slab) [ 26.456056] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.456585] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.456987] page dumped because: kasan: bad access detected [ 26.457192] [ 26.457473] Memory state around the buggy address: [ 26.457800] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.458099] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.458497] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.458902] ^ [ 26.459218] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.459521] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.459935] ================================================================== [ 25.567717] ================================================================== [ 25.568876] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 25.569338] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.569590] [ 25.569983] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.570039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.570053] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.570078] Call Trace: [ 25.570092] <TASK> [ 25.570109] dump_stack_lvl+0x73/0xb0 [ 25.570296] print_report+0xd1/0x650 [ 25.570332] ? __virt_addr_valid+0x1db/0x2d0 [ 25.570357] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.570383] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.570409] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.570434] kasan_report+0x141/0x180 [ 25.570472] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.570504] __asan_report_load4_noabort+0x18/0x20 [ 25.570529] kasan_atomics_helper+0x4bbc/0x5450 [ 25.570555] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.570581] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.570605] ? kasan_atomics+0x152/0x310 [ 25.570631] kasan_atomics+0x1dc/0x310 [ 25.570654] ? __pfx_kasan_atomics+0x10/0x10 [ 25.570676] ? trace_hardirqs_on+0x37/0xe0 [ 25.570699] ? __pfx_read_tsc+0x10/0x10 [ 25.570721] ? ktime_get_ts64+0x86/0x230 [ 25.570746] kunit_try_run_case+0x1a5/0x480 [ 25.570772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570797] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.570821] ? __kthread_parkme+0x82/0x180 [ 25.570842] ? preempt_count_sub+0x50/0x80 [ 25.570866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.570915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.570939] kthread+0x337/0x6f0 [ 25.570960] ? trace_preempt_on+0x20/0xc0 [ 25.570982] ? __pfx_kthread+0x10/0x10 [ 25.571003] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.571027] ? calculate_sigpending+0x7b/0xa0 [ 25.571052] ? __pfx_kthread+0x10/0x10 [ 25.571074] ret_from_fork+0x116/0x1d0 [ 25.571093] ? __pfx_kthread+0x10/0x10 [ 25.571114] ret_from_fork_asm+0x1a/0x30 [ 25.571146] </TASK> [ 25.571158] [ 25.582758] Allocated by task 314: [ 25.583117] kasan_save_stack+0x45/0x70 [ 25.583546] kasan_save_track+0x18/0x40 [ 25.583824] kasan_save_alloc_info+0x3b/0x50 [ 25.583998] __kasan_kmalloc+0xb7/0xc0 [ 25.584203] __kmalloc_cache_noprof+0x189/0x420 [ 25.584675] kasan_atomics+0x95/0x310 [ 25.584822] kunit_try_run_case+0x1a5/0x480 [ 25.585030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.585583] kthread+0x337/0x6f0 [ 25.585751] ret_from_fork+0x116/0x1d0 [ 25.585963] ret_from_fork_asm+0x1a/0x30 [ 25.586595] [ 25.586675] The buggy address belongs to the object at ffff888106195400 [ 25.586675] which belongs to the cache kmalloc-64 of size 64 [ 25.587622] The buggy address is located 0 bytes to the right of [ 25.587622] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.588146] [ 25.588525] The buggy address belongs to the physical page: [ 25.588862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.589364] flags: 0x200000000000000(node=0|zone=2) [ 25.589615] page_type: f5(slab) [ 25.589765] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.590093] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.590406] page dumped because: kasan: bad access detected [ 25.590644] [ 25.590720] Memory state around the buggy address: [ 25.590925] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.591226] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.591751] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.592037] ^ [ 25.592335] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.592610] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.592958] ================================================================== [ 26.119394] ================================================================== [ 26.119751] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 26.120097] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.120784] [ 26.120886] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.120936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.120951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.120974] Call Trace: [ 26.120990] <TASK> [ 26.121007] dump_stack_lvl+0x73/0xb0 [ 26.121035] print_report+0xd1/0x650 [ 26.121059] ? __virt_addr_valid+0x1db/0x2d0 [ 26.121084] ? kasan_atomics_helper+0xf10/0x5450 [ 26.121111] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.121139] ? kasan_atomics_helper+0xf10/0x5450 [ 26.121167] kasan_report+0x141/0x180 [ 26.121192] ? kasan_atomics_helper+0xf10/0x5450 [ 26.121410] kasan_check_range+0x10c/0x1c0 [ 26.121438] __kasan_check_write+0x18/0x20 [ 26.121479] kasan_atomics_helper+0xf10/0x5450 [ 26.121508] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.121536] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.121563] ? kasan_atomics+0x152/0x310 [ 26.121592] kasan_atomics+0x1dc/0x310 [ 26.121617] ? __pfx_kasan_atomics+0x10/0x10 [ 26.121641] ? trace_hardirqs_on+0x37/0xe0 [ 26.121665] ? __pfx_read_tsc+0x10/0x10 [ 26.121689] ? ktime_get_ts64+0x86/0x230 [ 26.121716] kunit_try_run_case+0x1a5/0x480 [ 26.121743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.121771] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.121796] ? __kthread_parkme+0x82/0x180 [ 26.121819] ? preempt_count_sub+0x50/0x80 [ 26.121852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.121880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.121907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.121935] kthread+0x337/0x6f0 [ 26.121957] ? trace_preempt_on+0x20/0xc0 [ 26.121981] ? __pfx_kthread+0x10/0x10 [ 26.122004] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.122032] ? calculate_sigpending+0x7b/0xa0 [ 26.122058] ? __pfx_kthread+0x10/0x10 [ 26.122083] ret_from_fork+0x116/0x1d0 [ 26.122104] ? __pfx_kthread+0x10/0x10 [ 26.122127] ret_from_fork_asm+0x1a/0x30 [ 26.122161] </TASK> [ 26.122175] [ 26.134418] Allocated by task 314: [ 26.134782] kasan_save_stack+0x45/0x70 [ 26.135170] kasan_save_track+0x18/0x40 [ 26.135632] kasan_save_alloc_info+0x3b/0x50 [ 26.136030] __kasan_kmalloc+0xb7/0xc0 [ 26.136385] __kmalloc_cache_noprof+0x189/0x420 [ 26.136793] kasan_atomics+0x95/0x310 [ 26.137126] kunit_try_run_case+0x1a5/0x480 [ 26.137564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.138169] kthread+0x337/0x6f0 [ 26.138508] ret_from_fork+0x116/0x1d0 [ 26.138867] ret_from_fork_asm+0x1a/0x30 [ 26.139225] [ 26.139379] The buggy address belongs to the object at ffff888106195400 [ 26.139379] which belongs to the cache kmalloc-64 of size 64 [ 26.139770] The buggy address is located 0 bytes to the right of [ 26.139770] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.140121] [ 26.140189] The buggy address belongs to the physical page: [ 26.140395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.140660] flags: 0x200000000000000(node=0|zone=2) [ 26.140875] page_type: f5(slab) [ 26.141032] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.141295] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.141651] page dumped because: kasan: bad access detected [ 26.141892] [ 26.141963] Memory state around the buggy address: [ 26.142180] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.142453] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.142704] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.143016] ^ [ 26.143187] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.143467] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.143692] ================================================================== [ 26.755771] ================================================================== [ 26.756673] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 26.757643] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.758622] [ 26.758893] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.758947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.758963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.758994] Call Trace: [ 26.759014] <TASK> [ 26.759031] dump_stack_lvl+0x73/0xb0 [ 26.759061] print_report+0xd1/0x650 [ 26.759085] ? __virt_addr_valid+0x1db/0x2d0 [ 26.759110] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.759137] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.759164] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.759190] kasan_report+0x141/0x180 [ 26.759214] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.759245] __asan_report_load8_noabort+0x18/0x20 [ 26.759271] kasan_atomics_helper+0x4f71/0x5450 [ 26.759298] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.759324] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.759350] ? kasan_atomics+0x152/0x310 [ 26.759377] kasan_atomics+0x1dc/0x310 [ 26.759401] ? __pfx_kasan_atomics+0x10/0x10 [ 26.759423] ? trace_hardirqs_on+0x37/0xe0 [ 26.759446] ? __pfx_read_tsc+0x10/0x10 [ 26.759478] ? ktime_get_ts64+0x86/0x230 [ 26.759503] kunit_try_run_case+0x1a5/0x480 [ 26.759530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.759556] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.759580] ? __kthread_parkme+0x82/0x180 [ 26.759602] ? preempt_count_sub+0x50/0x80 [ 26.759627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.759653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.759678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.759703] kthread+0x337/0x6f0 [ 26.759724] ? trace_preempt_on+0x20/0xc0 [ 26.759747] ? __pfx_kthread+0x10/0x10 [ 26.759769] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.759794] ? calculate_sigpending+0x7b/0xa0 [ 26.759820] ? __pfx_kthread+0x10/0x10 [ 26.759843] ret_from_fork+0x116/0x1d0 [ 26.759863] ? __pfx_kthread+0x10/0x10 [ 26.759885] ret_from_fork_asm+0x1a/0x30 [ 26.759918] </TASK> [ 26.759929] [ 26.772716] Allocated by task 314: [ 26.772847] kasan_save_stack+0x45/0x70 [ 26.772991] kasan_save_track+0x18/0x40 [ 26.773122] kasan_save_alloc_info+0x3b/0x50 [ 26.773291] __kasan_kmalloc+0xb7/0xc0 [ 26.773420] __kmalloc_cache_noprof+0x189/0x420 [ 26.773606] kasan_atomics+0x95/0x310 [ 26.773794] kunit_try_run_case+0x1a5/0x480 [ 26.774005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.774318] kthread+0x337/0x6f0 [ 26.774467] ret_from_fork+0x116/0x1d0 [ 26.774596] ret_from_fork_asm+0x1a/0x30 [ 26.774760] [ 26.774852] The buggy address belongs to the object at ffff888106195400 [ 26.774852] which belongs to the cache kmalloc-64 of size 64 [ 26.775463] The buggy address is located 0 bytes to the right of [ 26.775463] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.775947] [ 26.776039] The buggy address belongs to the physical page: [ 26.776282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.776529] flags: 0x200000000000000(node=0|zone=2) [ 26.776688] page_type: f5(slab) [ 26.776845] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.777174] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.777532] page dumped because: kasan: bad access detected [ 26.777697] [ 26.777760] Memory state around the buggy address: [ 26.778021] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.778419] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.778746] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.779026] ^ [ 26.779225] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.779546] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.779794] ================================================================== [ 26.797205] ================================================================== [ 26.797644] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 26.797888] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.798109] [ 26.798202] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.798248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.798261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.798282] Call Trace: [ 26.798295] <TASK> [ 26.798311] dump_stack_lvl+0x73/0xb0 [ 26.798336] print_report+0xd1/0x650 [ 26.798359] ? __virt_addr_valid+0x1db/0x2d0 [ 26.798383] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.798408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.798445] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.798483] kasan_report+0x141/0x180 [ 26.798505] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.798537] __asan_report_load8_noabort+0x18/0x20 [ 26.798562] kasan_atomics_helper+0x4f98/0x5450 [ 26.798590] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.798617] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.798642] ? kasan_atomics+0x152/0x310 [ 26.798669] kasan_atomics+0x1dc/0x310 [ 26.798693] ? __pfx_kasan_atomics+0x10/0x10 [ 26.798716] ? trace_hardirqs_on+0x37/0xe0 [ 26.798742] ? __pfx_read_tsc+0x10/0x10 [ 26.798767] ? ktime_get_ts64+0x86/0x230 [ 26.798792] kunit_try_run_case+0x1a5/0x480 [ 26.798818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.798844] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.798867] ? __kthread_parkme+0x82/0x180 [ 26.798889] ? preempt_count_sub+0x50/0x80 [ 26.798913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.798939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.798964] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.798989] kthread+0x337/0x6f0 [ 26.799009] ? trace_preempt_on+0x20/0xc0 [ 26.799033] ? __pfx_kthread+0x10/0x10 [ 26.799055] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.799080] ? calculate_sigpending+0x7b/0xa0 [ 26.799104] ? __pfx_kthread+0x10/0x10 [ 26.799128] ret_from_fork+0x116/0x1d0 [ 26.799148] ? __pfx_kthread+0x10/0x10 [ 26.799171] ret_from_fork_asm+0x1a/0x30 [ 26.799202] </TASK> [ 26.799213] [ 26.806297] Allocated by task 314: [ 26.806476] kasan_save_stack+0x45/0x70 [ 26.806641] kasan_save_track+0x18/0x40 [ 26.806824] kasan_save_alloc_info+0x3b/0x50 [ 26.806999] __kasan_kmalloc+0xb7/0xc0 [ 26.807187] __kmalloc_cache_noprof+0x189/0x420 [ 26.807368] kasan_atomics+0x95/0x310 [ 26.807550] kunit_try_run_case+0x1a5/0x480 [ 26.807751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.807952] kthread+0x337/0x6f0 [ 26.808117] ret_from_fork+0x116/0x1d0 [ 26.808308] ret_from_fork_asm+0x1a/0x30 [ 26.808497] [ 26.808574] The buggy address belongs to the object at ffff888106195400 [ 26.808574] which belongs to the cache kmalloc-64 of size 64 [ 26.809005] The buggy address is located 0 bytes to the right of [ 26.809005] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.809469] [ 26.809535] The buggy address belongs to the physical page: [ 26.809701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.809941] flags: 0x200000000000000(node=0|zone=2) [ 26.810096] page_type: f5(slab) [ 26.810212] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.810437] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.810696] page dumped because: kasan: bad access detected [ 26.810942] [ 26.811041] Memory state around the buggy address: [ 26.811344] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.811670] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.811980] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.812422] ^ [ 26.812654] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.812964] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.813372] ================================================================== [ 25.909847] ================================================================== [ 25.910091] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 25.910539] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.910869] [ 25.910972] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.911018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.911032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.911067] Call Trace: [ 25.911084] <TASK> [ 25.911101] dump_stack_lvl+0x73/0xb0 [ 25.911128] print_report+0xd1/0x650 [ 25.911151] ? __virt_addr_valid+0x1db/0x2d0 [ 25.911174] ? kasan_atomics_helper+0x8f9/0x5450 [ 25.911200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.911227] ? kasan_atomics_helper+0x8f9/0x5450 [ 25.911253] kasan_report+0x141/0x180 [ 25.911275] ? kasan_atomics_helper+0x8f9/0x5450 [ 25.911306] kasan_check_range+0x10c/0x1c0 [ 25.911331] __kasan_check_write+0x18/0x20 [ 25.911355] kasan_atomics_helper+0x8f9/0x5450 [ 25.911382] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.911408] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.911433] ? kasan_atomics+0x152/0x310 [ 25.911471] kasan_atomics+0x1dc/0x310 [ 25.911496] ? __pfx_kasan_atomics+0x10/0x10 [ 25.911519] ? trace_hardirqs_on+0x37/0xe0 [ 25.911541] ? __pfx_read_tsc+0x10/0x10 [ 25.911564] ? ktime_get_ts64+0x86/0x230 [ 25.911588] kunit_try_run_case+0x1a5/0x480 [ 25.911614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.911640] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.911664] ? __kthread_parkme+0x82/0x180 [ 25.911687] ? preempt_count_sub+0x50/0x80 [ 25.911711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.911738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.911764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.911793] kthread+0x337/0x6f0 [ 25.911814] ? trace_preempt_on+0x20/0xc0 [ 25.911838] ? __pfx_kthread+0x10/0x10 [ 25.911860] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.911886] ? calculate_sigpending+0x7b/0xa0 [ 25.911911] ? __pfx_kthread+0x10/0x10 [ 25.911933] ret_from_fork+0x116/0x1d0 [ 25.911953] ? __pfx_kthread+0x10/0x10 [ 25.911976] ret_from_fork_asm+0x1a/0x30 [ 25.912009] </TASK> [ 25.912034] [ 25.921168] Allocated by task 314: [ 25.921356] kasan_save_stack+0x45/0x70 [ 25.921568] kasan_save_track+0x18/0x40 [ 25.921740] kasan_save_alloc_info+0x3b/0x50 [ 25.921932] __kasan_kmalloc+0xb7/0xc0 [ 25.922106] __kmalloc_cache_noprof+0x189/0x420 [ 25.922288] kasan_atomics+0x95/0x310 [ 25.923083] kunit_try_run_case+0x1a5/0x480 [ 25.924123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.924413] kthread+0x337/0x6f0 [ 25.924597] ret_from_fork+0x116/0x1d0 [ 25.924784] ret_from_fork_asm+0x1a/0x30 [ 25.924958] [ 25.925064] The buggy address belongs to the object at ffff888106195400 [ 25.925064] which belongs to the cache kmalloc-64 of size 64 [ 25.925576] The buggy address is located 0 bytes to the right of [ 25.925576] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.926092] [ 25.926235] The buggy address belongs to the physical page: [ 25.926482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.926790] flags: 0x200000000000000(node=0|zone=2) [ 25.927654] page_type: f5(slab) [ 25.927786] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.928009] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.928704] page dumped because: kasan: bad access detected [ 25.929509] [ 25.929957] Memory state around the buggy address: [ 25.930781] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.931951] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.933125] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.933630] ^ [ 25.933792] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.934011] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.934679] ================================================================== [ 25.863226] ================================================================== [ 25.863817] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 25.864468] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.865387] [ 25.865644] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.865699] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.865816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.865845] Call Trace: [ 25.865859] <TASK> [ 25.865876] dump_stack_lvl+0x73/0xb0 [ 25.865908] print_report+0xd1/0x650 [ 25.865932] ? __virt_addr_valid+0x1db/0x2d0 [ 25.865965] ? kasan_atomics_helper+0x7c7/0x5450 [ 25.865991] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.866017] ? kasan_atomics_helper+0x7c7/0x5450 [ 25.866043] kasan_report+0x141/0x180 [ 25.866067] ? kasan_atomics_helper+0x7c7/0x5450 [ 25.866098] kasan_check_range+0x10c/0x1c0 [ 25.866123] __kasan_check_write+0x18/0x20 [ 25.866148] kasan_atomics_helper+0x7c7/0x5450 [ 25.866174] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.866201] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.866227] ? kasan_atomics+0x152/0x310 [ 25.866253] kasan_atomics+0x1dc/0x310 [ 25.866277] ? __pfx_kasan_atomics+0x10/0x10 [ 25.866300] ? trace_hardirqs_on+0x37/0xe0 [ 25.866323] ? __pfx_read_tsc+0x10/0x10 [ 25.866345] ? ktime_get_ts64+0x86/0x230 [ 25.866399] kunit_try_run_case+0x1a5/0x480 [ 25.866437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.866484] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.866507] ? __kthread_parkme+0x82/0x180 [ 25.866529] ? preempt_count_sub+0x50/0x80 [ 25.866554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.866580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.866605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.866631] kthread+0x337/0x6f0 [ 25.866653] ? trace_preempt_on+0x20/0xc0 [ 25.866676] ? __pfx_kthread+0x10/0x10 [ 25.866699] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.866724] ? calculate_sigpending+0x7b/0xa0 [ 25.866750] ? __pfx_kthread+0x10/0x10 [ 25.866773] ret_from_fork+0x116/0x1d0 [ 25.866794] ? __pfx_kthread+0x10/0x10 [ 25.866816] ret_from_fork_asm+0x1a/0x30 [ 25.866848] </TASK> [ 25.866862] [ 25.878015] Allocated by task 314: [ 25.878151] kasan_save_stack+0x45/0x70 [ 25.878797] kasan_save_track+0x18/0x40 [ 25.878994] kasan_save_alloc_info+0x3b/0x50 [ 25.879146] __kasan_kmalloc+0xb7/0xc0 [ 25.879279] __kmalloc_cache_noprof+0x189/0x420 [ 25.879429] kasan_atomics+0x95/0x310 [ 25.879568] kunit_try_run_case+0x1a5/0x480 [ 25.879709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.879882] kthread+0x337/0x6f0 [ 25.880003] ret_from_fork+0x116/0x1d0 [ 25.880131] ret_from_fork_asm+0x1a/0x30 [ 25.880265] [ 25.880333] The buggy address belongs to the object at ffff888106195400 [ 25.880333] which belongs to the cache kmalloc-64 of size 64 [ 25.881162] The buggy address is located 0 bytes to the right of [ 25.881162] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.882221] [ 25.882508] The buggy address belongs to the physical page: [ 25.883027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.883890] flags: 0x200000000000000(node=0|zone=2) [ 25.884548] page_type: f5(slab) [ 25.885043] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.885698] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.886149] page dumped because: kasan: bad access detected [ 25.886642] [ 25.886739] Memory state around the buggy address: [ 25.887073] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.887651] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.887963] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.888443] ^ [ 25.888797] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.889083] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.889786] ================================================================== [ 26.555950] ================================================================== [ 26.556426] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 26.556885] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.557177] [ 26.557287] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.557335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.557349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.557372] Call Trace: [ 26.557388] <TASK> [ 26.557406] dump_stack_lvl+0x73/0xb0 [ 26.557451] print_report+0xd1/0x650 [ 26.557488] ? __virt_addr_valid+0x1db/0x2d0 [ 26.557511] ? kasan_atomics_helper+0x194a/0x5450 [ 26.557537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.557563] ? kasan_atomics_helper+0x194a/0x5450 [ 26.557589] kasan_report+0x141/0x180 [ 26.557612] ? kasan_atomics_helper+0x194a/0x5450 [ 26.557642] kasan_check_range+0x10c/0x1c0 [ 26.557667] __kasan_check_write+0x18/0x20 [ 26.557691] kasan_atomics_helper+0x194a/0x5450 [ 26.557718] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.557745] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.557770] ? kasan_atomics+0x152/0x310 [ 26.557796] kasan_atomics+0x1dc/0x310 [ 26.557820] ? __pfx_kasan_atomics+0x10/0x10 [ 26.557851] ? trace_hardirqs_on+0x37/0xe0 [ 26.557875] ? __pfx_read_tsc+0x10/0x10 [ 26.557898] ? ktime_get_ts64+0x86/0x230 [ 26.557923] kunit_try_run_case+0x1a5/0x480 [ 26.557949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.557974] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.557998] ? __kthread_parkme+0x82/0x180 [ 26.558020] ? preempt_count_sub+0x50/0x80 [ 26.558044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.558070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.558096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.558121] kthread+0x337/0x6f0 [ 26.558142] ? trace_preempt_on+0x20/0xc0 [ 26.558166] ? __pfx_kthread+0x10/0x10 [ 26.558188] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.558226] ? calculate_sigpending+0x7b/0xa0 [ 26.558251] ? __pfx_kthread+0x10/0x10 [ 26.558274] ret_from_fork+0x116/0x1d0 [ 26.558294] ? __pfx_kthread+0x10/0x10 [ 26.558317] ret_from_fork_asm+0x1a/0x30 [ 26.558349] </TASK> [ 26.558361] [ 26.565662] Allocated by task 314: [ 26.565834] kasan_save_stack+0x45/0x70 [ 26.566036] kasan_save_track+0x18/0x40 [ 26.566235] kasan_save_alloc_info+0x3b/0x50 [ 26.566407] __kasan_kmalloc+0xb7/0xc0 [ 26.566597] __kmalloc_cache_noprof+0x189/0x420 [ 26.566789] kasan_atomics+0x95/0x310 [ 26.566932] kunit_try_run_case+0x1a5/0x480 [ 26.567137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.567340] kthread+0x337/0x6f0 [ 26.567463] ret_from_fork+0x116/0x1d0 [ 26.567594] ret_from_fork_asm+0x1a/0x30 [ 26.567780] [ 26.567870] The buggy address belongs to the object at ffff888106195400 [ 26.567870] which belongs to the cache kmalloc-64 of size 64 [ 26.568394] The buggy address is located 0 bytes to the right of [ 26.568394] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.568762] [ 26.568829] The buggy address belongs to the physical page: [ 26.568996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.569567] flags: 0x200000000000000(node=0|zone=2) [ 26.569797] page_type: f5(slab) [ 26.569961] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.570247] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.570479] page dumped because: kasan: bad access detected [ 26.570646] [ 26.570711] Memory state around the buggy address: [ 26.570859] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.571194] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.571541] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.571867] ^ [ 26.572094] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.572636] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.572893] ================================================================== [ 26.408318] ================================================================== [ 26.408667] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 26.409010] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.409607] [ 26.409721] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.409767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.409781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.409802] Call Trace: [ 26.409820] <TASK> [ 26.409835] dump_stack_lvl+0x73/0xb0 [ 26.409867] print_report+0xd1/0x650 [ 26.409889] ? __virt_addr_valid+0x1db/0x2d0 [ 26.409913] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.409939] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.409967] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.409994] kasan_report+0x141/0x180 [ 26.410017] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.410048] kasan_check_range+0x10c/0x1c0 [ 26.410073] __kasan_check_write+0x18/0x20 [ 26.410098] kasan_atomics_helper+0x15b6/0x5450 [ 26.410126] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.410153] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.410179] ? kasan_atomics+0x152/0x310 [ 26.410220] kasan_atomics+0x1dc/0x310 [ 26.410244] ? __pfx_kasan_atomics+0x10/0x10 [ 26.410267] ? trace_hardirqs_on+0x37/0xe0 [ 26.410291] ? __pfx_read_tsc+0x10/0x10 [ 26.410314] ? ktime_get_ts64+0x86/0x230 [ 26.410339] kunit_try_run_case+0x1a5/0x480 [ 26.410366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.410392] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.410416] ? __kthread_parkme+0x82/0x180 [ 26.410440] ? preempt_count_sub+0x50/0x80 [ 26.410517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.410544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.410589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.410615] kthread+0x337/0x6f0 [ 26.410637] ? trace_preempt_on+0x20/0xc0 [ 26.410660] ? __pfx_kthread+0x10/0x10 [ 26.410683] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.410709] ? calculate_sigpending+0x7b/0xa0 [ 26.410735] ? __pfx_kthread+0x10/0x10 [ 26.410758] ret_from_fork+0x116/0x1d0 [ 26.410778] ? __pfx_kthread+0x10/0x10 [ 26.410801] ret_from_fork_asm+0x1a/0x30 [ 26.410833] </TASK> [ 26.410863] [ 26.424265] Allocated by task 314: [ 26.424656] kasan_save_stack+0x45/0x70 [ 26.425029] kasan_save_track+0x18/0x40 [ 26.425410] kasan_save_alloc_info+0x3b/0x50 [ 26.425893] __kasan_kmalloc+0xb7/0xc0 [ 26.426274] __kmalloc_cache_noprof+0x189/0x420 [ 26.426705] kasan_atomics+0x95/0x310 [ 26.427049] kunit_try_run_case+0x1a5/0x480 [ 26.427232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.427893] kthread+0x337/0x6f0 [ 26.428192] ret_from_fork+0x116/0x1d0 [ 26.428543] ret_from_fork_asm+0x1a/0x30 [ 26.428794] [ 26.428964] The buggy address belongs to the object at ffff888106195400 [ 26.428964] which belongs to the cache kmalloc-64 of size 64 [ 26.429493] The buggy address is located 0 bytes to the right of [ 26.429493] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.429861] [ 26.429929] The buggy address belongs to the physical page: [ 26.430095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.430341] flags: 0x200000000000000(node=0|zone=2) [ 26.430645] page_type: f5(slab) [ 26.431378] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.432086] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.432781] page dumped because: kasan: bad access detected [ 26.433327] [ 26.433491] Memory state around the buggy address: [ 26.434079] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.434740] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.434961] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.435172] ^ [ 26.435395] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.435922] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.436211] ================================================================== [ 26.530221] ================================================================== [ 26.530507] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 26.530769] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.531095] [ 26.531756] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.531825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.531841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.531866] Call Trace: [ 26.531883] <TASK> [ 26.531898] dump_stack_lvl+0x73/0xb0 [ 26.531929] print_report+0xd1/0x650 [ 26.531951] ? __virt_addr_valid+0x1db/0x2d0 [ 26.531976] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.532001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.532028] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.532055] kasan_report+0x141/0x180 [ 26.532077] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.532107] kasan_check_range+0x10c/0x1c0 [ 26.532132] __kasan_check_write+0x18/0x20 [ 26.532156] kasan_atomics_helper+0x18b1/0x5450 [ 26.532194] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.532222] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.532247] ? kasan_atomics+0x152/0x310 [ 26.532274] kasan_atomics+0x1dc/0x310 [ 26.532301] ? __pfx_kasan_atomics+0x10/0x10 [ 26.532325] ? trace_hardirqs_on+0x37/0xe0 [ 26.532348] ? __pfx_read_tsc+0x10/0x10 [ 26.532370] ? ktime_get_ts64+0x86/0x230 [ 26.532396] kunit_try_run_case+0x1a5/0x480 [ 26.532423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.532449] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.532483] ? __kthread_parkme+0x82/0x180 [ 26.532527] ? preempt_count_sub+0x50/0x80 [ 26.532552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.532579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.532605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.532631] kthread+0x337/0x6f0 [ 26.532653] ? trace_preempt_on+0x20/0xc0 [ 26.532677] ? __pfx_kthread+0x10/0x10 [ 26.532700] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.532725] ? calculate_sigpending+0x7b/0xa0 [ 26.532750] ? __pfx_kthread+0x10/0x10 [ 26.532773] ret_from_fork+0x116/0x1d0 [ 26.532794] ? __pfx_kthread+0x10/0x10 [ 26.532815] ret_from_fork_asm+0x1a/0x30 [ 26.532847] </TASK> [ 26.532859] [ 26.544748] Allocated by task 314: [ 26.545111] kasan_save_stack+0x45/0x70 [ 26.545550] kasan_save_track+0x18/0x40 [ 26.545892] kasan_save_alloc_info+0x3b/0x50 [ 26.546287] __kasan_kmalloc+0xb7/0xc0 [ 26.546650] __kmalloc_cache_noprof+0x189/0x420 [ 26.547042] kasan_atomics+0x95/0x310 [ 26.547423] kunit_try_run_case+0x1a5/0x480 [ 26.547623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.547794] kthread+0x337/0x6f0 [ 26.547909] ret_from_fork+0x116/0x1d0 [ 26.548037] ret_from_fork_asm+0x1a/0x30 [ 26.548172] [ 26.548332] The buggy address belongs to the object at ffff888106195400 [ 26.548332] which belongs to the cache kmalloc-64 of size 64 [ 26.549378] The buggy address is located 0 bytes to the right of [ 26.549378] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.550733] [ 26.550891] The buggy address belongs to the physical page: [ 26.551464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.552317] flags: 0x200000000000000(node=0|zone=2) [ 26.552680] page_type: f5(slab) [ 26.552799] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.553027] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.553292] page dumped because: kasan: bad access detected [ 26.553524] [ 26.553614] Memory state around the buggy address: [ 26.553832] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.554119] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.554489] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.554754] ^ [ 26.554968] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.555183] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.555479] ================================================================== [ 26.573477] ================================================================== [ 26.573794] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 26.574095] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.574443] [ 26.574560] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.574607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.574621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.574643] Call Trace: [ 26.574659] <TASK> [ 26.574676] dump_stack_lvl+0x73/0xb0 [ 26.574703] print_report+0xd1/0x650 [ 26.574726] ? __virt_addr_valid+0x1db/0x2d0 [ 26.574750] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.574775] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.574802] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.574828] kasan_report+0x141/0x180 [ 26.574851] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.574881] kasan_check_range+0x10c/0x1c0 [ 26.574905] __kasan_check_write+0x18/0x20 [ 26.574929] kasan_atomics_helper+0x19e3/0x5450 [ 26.574956] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.574983] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.575008] ? kasan_atomics+0x152/0x310 [ 26.575034] kasan_atomics+0x1dc/0x310 [ 26.575057] ? __pfx_kasan_atomics+0x10/0x10 [ 26.575081] ? trace_hardirqs_on+0x37/0xe0 [ 26.575103] ? __pfx_read_tsc+0x10/0x10 [ 26.575126] ? ktime_get_ts64+0x86/0x230 [ 26.575152] kunit_try_run_case+0x1a5/0x480 [ 26.575177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.575223] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.575247] ? __kthread_parkme+0x82/0x180 [ 26.575269] ? preempt_count_sub+0x50/0x80 [ 26.575293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.575318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.575344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.575369] kthread+0x337/0x6f0 [ 26.575390] ? trace_preempt_on+0x20/0xc0 [ 26.575413] ? __pfx_kthread+0x10/0x10 [ 26.575435] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.575470] ? calculate_sigpending+0x7b/0xa0 [ 26.575497] ? __pfx_kthread+0x10/0x10 [ 26.575520] ret_from_fork+0x116/0x1d0 [ 26.575540] ? __pfx_kthread+0x10/0x10 [ 26.575562] ret_from_fork_asm+0x1a/0x30 [ 26.575595] </TASK> [ 26.575607] [ 26.583027] Allocated by task 314: [ 26.583179] kasan_save_stack+0x45/0x70 [ 26.583379] kasan_save_track+0x18/0x40 [ 26.583574] kasan_save_alloc_info+0x3b/0x50 [ 26.583785] __kasan_kmalloc+0xb7/0xc0 [ 26.583971] __kmalloc_cache_noprof+0x189/0x420 [ 26.584187] kasan_atomics+0x95/0x310 [ 26.584365] kunit_try_run_case+0x1a5/0x480 [ 26.584562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.584782] kthread+0x337/0x6f0 [ 26.584946] ret_from_fork+0x116/0x1d0 [ 26.585106] ret_from_fork_asm+0x1a/0x30 [ 26.585334] [ 26.585400] The buggy address belongs to the object at ffff888106195400 [ 26.585400] which belongs to the cache kmalloc-64 of size 64 [ 26.585882] The buggy address is located 0 bytes to the right of [ 26.585882] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.586401] [ 26.586476] The buggy address belongs to the physical page: [ 26.586642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.586876] flags: 0x200000000000000(node=0|zone=2) [ 26.587032] page_type: f5(slab) [ 26.587147] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.587477] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.587805] page dumped because: kasan: bad access detected [ 26.588049] [ 26.588136] Memory state around the buggy address: [ 26.588308] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.588564] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.588778] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.588987] ^ [ 26.589141] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.589469] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.589732] ================================================================== [ 26.197329] ================================================================== [ 26.197681] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 26.198018] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.198391] [ 26.198483] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.198530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.198544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.198566] Call Trace: [ 26.198580] <TASK> [ 26.198594] dump_stack_lvl+0x73/0xb0 [ 26.198621] print_report+0xd1/0x650 [ 26.198644] ? __virt_addr_valid+0x1db/0x2d0 [ 26.198668] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.198694] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.198721] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.198748] kasan_report+0x141/0x180 [ 26.198770] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.198802] __asan_report_load4_noabort+0x18/0x20 [ 26.198827] kasan_atomics_helper+0x4a1c/0x5450 [ 26.198854] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.198881] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.198906] ? kasan_atomics+0x152/0x310 [ 26.198933] kasan_atomics+0x1dc/0x310 [ 26.198957] ? __pfx_kasan_atomics+0x10/0x10 [ 26.198981] ? trace_hardirqs_on+0x37/0xe0 [ 26.199004] ? __pfx_read_tsc+0x10/0x10 [ 26.199027] ? ktime_get_ts64+0x86/0x230 [ 26.199052] kunit_try_run_case+0x1a5/0x480 [ 26.199078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.199105] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.199128] ? __kthread_parkme+0x82/0x180 [ 26.199150] ? preempt_count_sub+0x50/0x80 [ 26.199175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.199201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.199226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.199251] kthread+0x337/0x6f0 [ 26.199272] ? trace_preempt_on+0x20/0xc0 [ 26.199296] ? __pfx_kthread+0x10/0x10 [ 26.199318] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.199344] ? calculate_sigpending+0x7b/0xa0 [ 26.199369] ? __pfx_kthread+0x10/0x10 [ 26.199392] ret_from_fork+0x116/0x1d0 [ 26.199413] ? __pfx_kthread+0x10/0x10 [ 26.199435] ret_from_fork_asm+0x1a/0x30 [ 26.199477] </TASK> [ 26.199489] [ 26.207152] Allocated by task 314: [ 26.207309] kasan_save_stack+0x45/0x70 [ 26.207567] kasan_save_track+0x18/0x40 [ 26.207700] kasan_save_alloc_info+0x3b/0x50 [ 26.207842] __kasan_kmalloc+0xb7/0xc0 [ 26.207972] __kmalloc_cache_noprof+0x189/0x420 [ 26.208162] kasan_atomics+0x95/0x310 [ 26.208464] kunit_try_run_case+0x1a5/0x480 [ 26.208672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.208923] kthread+0x337/0x6f0 [ 26.209087] ret_from_fork+0x116/0x1d0 [ 26.209267] ret_from_fork_asm+0x1a/0x30 [ 26.209419] [ 26.209522] The buggy address belongs to the object at ffff888106195400 [ 26.209522] which belongs to the cache kmalloc-64 of size 64 [ 26.209905] The buggy address is located 0 bytes to the right of [ 26.209905] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.210471] [ 26.210553] The buggy address belongs to the physical page: [ 26.210719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.211018] flags: 0x200000000000000(node=0|zone=2) [ 26.211242] page_type: f5(slab) [ 26.211406] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.211655] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.211961] page dumped because: kasan: bad access detected [ 26.212214] [ 26.212305] Memory state around the buggy address: [ 26.212536] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.212855] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.213127] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.213395] ^ [ 26.213582] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.213904] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.214190] ================================================================== [ 25.959892] ================================================================== [ 25.960372] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 25.961047] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.961499] [ 25.961583] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.961677] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.961692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.961716] Call Trace: [ 25.961733] <TASK> [ 25.961751] dump_stack_lvl+0x73/0xb0 [ 25.961780] print_report+0xd1/0x650 [ 25.961803] ? __virt_addr_valid+0x1db/0x2d0 [ 25.961827] ? kasan_atomics_helper+0xa2b/0x5450 [ 25.961859] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.961886] ? kasan_atomics_helper+0xa2b/0x5450 [ 25.961914] kasan_report+0x141/0x180 [ 25.961959] ? kasan_atomics_helper+0xa2b/0x5450 [ 25.962051] kasan_check_range+0x10c/0x1c0 [ 25.962076] __kasan_check_write+0x18/0x20 [ 25.962100] kasan_atomics_helper+0xa2b/0x5450 [ 25.962127] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.962154] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.962181] ? kasan_atomics+0x152/0x310 [ 25.962223] kasan_atomics+0x1dc/0x310 [ 25.962247] ? __pfx_kasan_atomics+0x10/0x10 [ 25.962270] ? trace_hardirqs_on+0x37/0xe0 [ 25.962294] ? __pfx_read_tsc+0x10/0x10 [ 25.962317] ? ktime_get_ts64+0x86/0x230 [ 25.962342] kunit_try_run_case+0x1a5/0x480 [ 25.962368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.962394] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.962438] ? __kthread_parkme+0x82/0x180 [ 25.962474] ? preempt_count_sub+0x50/0x80 [ 25.962500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.962746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.962772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.962797] kthread+0x337/0x6f0 [ 25.962819] ? trace_preempt_on+0x20/0xc0 [ 25.962842] ? __pfx_kthread+0x10/0x10 [ 25.962865] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.962890] ? calculate_sigpending+0x7b/0xa0 [ 25.962915] ? __pfx_kthread+0x10/0x10 [ 25.962938] ret_from_fork+0x116/0x1d0 [ 25.962959] ? __pfx_kthread+0x10/0x10 [ 25.962981] ret_from_fork_asm+0x1a/0x30 [ 25.963013] </TASK> [ 25.963026] [ 25.971375] Allocated by task 314: [ 25.971714] kasan_save_stack+0x45/0x70 [ 25.971926] kasan_save_track+0x18/0x40 [ 25.972104] kasan_save_alloc_info+0x3b/0x50 [ 25.973127] __kasan_kmalloc+0xb7/0xc0 [ 25.973898] __kmalloc_cache_noprof+0x189/0x420 [ 25.974484] kasan_atomics+0x95/0x310 [ 25.974795] kunit_try_run_case+0x1a5/0x480 [ 25.975008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.975473] kthread+0x337/0x6f0 [ 25.975708] ret_from_fork+0x116/0x1d0 [ 25.976007] ret_from_fork_asm+0x1a/0x30 [ 25.976412] [ 25.976524] The buggy address belongs to the object at ffff888106195400 [ 25.976524] which belongs to the cache kmalloc-64 of size 64 [ 25.977145] The buggy address is located 0 bytes to the right of [ 25.977145] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.978136] [ 25.978255] The buggy address belongs to the physical page: [ 25.978674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.978997] flags: 0x200000000000000(node=0|zone=2) [ 25.979404] page_type: f5(slab) [ 25.979701] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.980302] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.980759] page dumped because: kasan: bad access detected [ 25.981006] [ 25.981090] Memory state around the buggy address: [ 25.981626] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.982124] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.982801] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.983270] ^ [ 25.983636] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.983928] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.984478] ================================================================== [ 26.081309] ================================================================== [ 26.081667] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 26.082007] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.082327] [ 26.082427] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.082482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.082497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.082519] Call Trace: [ 26.082536] <TASK> [ 26.082552] dump_stack_lvl+0x73/0xb0 [ 26.082578] print_report+0xd1/0x650 [ 26.082602] ? __virt_addr_valid+0x1db/0x2d0 [ 26.082626] ? kasan_atomics_helper+0xde0/0x5450 [ 26.082650] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.082677] ? kasan_atomics_helper+0xde0/0x5450 [ 26.082703] kasan_report+0x141/0x180 [ 26.082726] ? kasan_atomics_helper+0xde0/0x5450 [ 26.082757] kasan_check_range+0x10c/0x1c0 [ 26.082781] __kasan_check_write+0x18/0x20 [ 26.082805] kasan_atomics_helper+0xde0/0x5450 [ 26.082832] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.082858] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.082884] ? kasan_atomics+0x152/0x310 [ 26.082911] kasan_atomics+0x1dc/0x310 [ 26.082934] ? __pfx_kasan_atomics+0x10/0x10 [ 26.082957] ? trace_hardirqs_on+0x37/0xe0 [ 26.082980] ? __pfx_read_tsc+0x10/0x10 [ 26.083002] ? ktime_get_ts64+0x86/0x230 [ 26.083027] kunit_try_run_case+0x1a5/0x480 [ 26.083053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.083080] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.083102] ? __kthread_parkme+0x82/0x180 [ 26.083124] ? preempt_count_sub+0x50/0x80 [ 26.083149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.083175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.083200] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.083225] kthread+0x337/0x6f0 [ 26.083334] ? trace_preempt_on+0x20/0xc0 [ 26.083359] ? __pfx_kthread+0x10/0x10 [ 26.083382] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.083407] ? calculate_sigpending+0x7b/0xa0 [ 26.083433] ? __pfx_kthread+0x10/0x10 [ 26.083468] ret_from_fork+0x116/0x1d0 [ 26.083489] ? __pfx_kthread+0x10/0x10 [ 26.083511] ret_from_fork_asm+0x1a/0x30 [ 26.083544] </TASK> [ 26.083556] [ 26.091322] Allocated by task 314: [ 26.091509] kasan_save_stack+0x45/0x70 [ 26.091679] kasan_save_track+0x18/0x40 [ 26.091858] kasan_save_alloc_info+0x3b/0x50 [ 26.092024] __kasan_kmalloc+0xb7/0xc0 [ 26.092155] __kmalloc_cache_noprof+0x189/0x420 [ 26.092305] kasan_atomics+0x95/0x310 [ 26.092433] kunit_try_run_case+0x1a5/0x480 [ 26.092646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.092921] kthread+0x337/0x6f0 [ 26.093102] ret_from_fork+0x116/0x1d0 [ 26.093399] ret_from_fork_asm+0x1a/0x30 [ 26.093605] [ 26.093672] The buggy address belongs to the object at ffff888106195400 [ 26.093672] which belongs to the cache kmalloc-64 of size 64 [ 26.094080] The buggy address is located 0 bytes to the right of [ 26.094080] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.094932] [ 26.095027] The buggy address belongs to the physical page: [ 26.095232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.095513] flags: 0x200000000000000(node=0|zone=2) [ 26.095672] page_type: f5(slab) [ 26.095791] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.096019] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.096278] page dumped because: kasan: bad access detected [ 26.096532] [ 26.096622] Memory state around the buggy address: [ 26.096836] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.097145] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.097463] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.097852] ^ [ 26.098058] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.098497] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.098761] ================================================================== [ 26.255181] ================================================================== [ 26.255687] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 26.256028] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.256618] [ 26.256702] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.256750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.256765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.256788] Call Trace: [ 26.256803] <TASK> [ 26.256819] dump_stack_lvl+0x73/0xb0 [ 26.256849] print_report+0xd1/0x650 [ 26.256873] ? __virt_addr_valid+0x1db/0x2d0 [ 26.256897] ? kasan_atomics_helper+0x1217/0x5450 [ 26.256923] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.256950] ? kasan_atomics_helper+0x1217/0x5450 [ 26.256976] kasan_report+0x141/0x180 [ 26.257001] ? kasan_atomics_helper+0x1217/0x5450 [ 26.257032] kasan_check_range+0x10c/0x1c0 [ 26.257057] __kasan_check_write+0x18/0x20 [ 26.257081] kasan_atomics_helper+0x1217/0x5450 [ 26.257108] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.257135] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.257160] ? kasan_atomics+0x152/0x310 [ 26.257198] kasan_atomics+0x1dc/0x310 [ 26.257222] ? __pfx_kasan_atomics+0x10/0x10 [ 26.257246] ? trace_hardirqs_on+0x37/0xe0 [ 26.257270] ? __pfx_read_tsc+0x10/0x10 [ 26.257293] ? ktime_get_ts64+0x86/0x230 [ 26.257371] kunit_try_run_case+0x1a5/0x480 [ 26.257400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.257426] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.257451] ? __kthread_parkme+0x82/0x180 [ 26.257486] ? preempt_count_sub+0x50/0x80 [ 26.257511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.257537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.257563] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.257589] kthread+0x337/0x6f0 [ 26.257610] ? trace_preempt_on+0x20/0xc0 [ 26.257634] ? __pfx_kthread+0x10/0x10 [ 26.257656] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.257682] ? calculate_sigpending+0x7b/0xa0 [ 26.257708] ? __pfx_kthread+0x10/0x10 [ 26.257731] ret_from_fork+0x116/0x1d0 [ 26.257752] ? __pfx_kthread+0x10/0x10 [ 26.257775] ret_from_fork_asm+0x1a/0x30 [ 26.257807] </TASK> [ 26.257820] [ 26.265280] Allocated by task 314: [ 26.265439] kasan_save_stack+0x45/0x70 [ 26.265630] kasan_save_track+0x18/0x40 [ 26.265788] kasan_save_alloc_info+0x3b/0x50 [ 26.265996] __kasan_kmalloc+0xb7/0xc0 [ 26.266154] __kmalloc_cache_noprof+0x189/0x420 [ 26.266393] kasan_atomics+0x95/0x310 [ 26.266572] kunit_try_run_case+0x1a5/0x480 [ 26.266714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.266963] kthread+0x337/0x6f0 [ 26.267125] ret_from_fork+0x116/0x1d0 [ 26.267410] ret_from_fork_asm+0x1a/0x30 [ 26.267600] [ 26.267687] The buggy address belongs to the object at ffff888106195400 [ 26.267687] which belongs to the cache kmalloc-64 of size 64 [ 26.268127] The buggy address is located 0 bytes to the right of [ 26.268127] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.268662] [ 26.268753] The buggy address belongs to the physical page: [ 26.268962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.269286] flags: 0x200000000000000(node=0|zone=2) [ 26.269491] page_type: f5(slab) [ 26.269624] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.269858] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.270138] page dumped because: kasan: bad access detected [ 26.270385] [ 26.270490] Memory state around the buggy address: [ 26.270706] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.270956] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.271164] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.271371] ^ [ 26.271530] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.271760] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.272067] ================================================================== [ 26.144834] ================================================================== [ 26.145385] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 26.145683] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.146023] [ 26.146115] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.146166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.146181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.146206] Call Trace: [ 26.146224] <TASK> [ 26.146243] dump_stack_lvl+0x73/0xb0 [ 26.146271] print_report+0xd1/0x650 [ 26.146296] ? __virt_addr_valid+0x1db/0x2d0 [ 26.146322] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.146349] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.146377] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.146405] kasan_report+0x141/0x180 [ 26.146430] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.146472] kasan_check_range+0x10c/0x1c0 [ 26.146499] __kasan_check_write+0x18/0x20 [ 26.146524] kasan_atomics_helper+0xfa9/0x5450 [ 26.146553] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.146581] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.146608] ? kasan_atomics+0x152/0x310 [ 26.146636] kasan_atomics+0x1dc/0x310 [ 26.146661] ? __pfx_kasan_atomics+0x10/0x10 [ 26.146686] ? trace_hardirqs_on+0x37/0xe0 [ 26.146711] ? __pfx_read_tsc+0x10/0x10 [ 26.146736] ? ktime_get_ts64+0x86/0x230 [ 26.146762] kunit_try_run_case+0x1a5/0x480 [ 26.146790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.146818] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.146842] ? __kthread_parkme+0x82/0x180 [ 26.146865] ? preempt_count_sub+0x50/0x80 [ 26.146891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.146919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.146946] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.146973] kthread+0x337/0x6f0 [ 26.146995] ? trace_preempt_on+0x20/0xc0 [ 26.147020] ? __pfx_kthread+0x10/0x10 [ 26.147043] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.147069] ? calculate_sigpending+0x7b/0xa0 [ 26.147096] ? __pfx_kthread+0x10/0x10 [ 26.147120] ret_from_fork+0x116/0x1d0 [ 26.147142] ? __pfx_kthread+0x10/0x10 [ 26.147166] ret_from_fork_asm+0x1a/0x30 [ 26.147199] </TASK> [ 26.147212] [ 26.154607] Allocated by task 314: [ 26.154776] kasan_save_stack+0x45/0x70 [ 26.154947] kasan_save_track+0x18/0x40 [ 26.155135] kasan_save_alloc_info+0x3b/0x50 [ 26.155330] __kasan_kmalloc+0xb7/0xc0 [ 26.155502] __kmalloc_cache_noprof+0x189/0x420 [ 26.155652] kasan_atomics+0x95/0x310 [ 26.155779] kunit_try_run_case+0x1a5/0x480 [ 26.155980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.156223] kthread+0x337/0x6f0 [ 26.156384] ret_from_fork+0x116/0x1d0 [ 26.156573] ret_from_fork_asm+0x1a/0x30 [ 26.156765] [ 26.157250] The buggy address belongs to the object at ffff888106195400 [ 26.157250] which belongs to the cache kmalloc-64 of size 64 [ 26.157686] The buggy address is located 0 bytes to the right of [ 26.157686] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.158053] [ 26.158130] The buggy address belongs to the physical page: [ 26.158371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.158725] flags: 0x200000000000000(node=0|zone=2) [ 26.158920] page_type: f5(slab) [ 26.159085] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.159516] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.159739] page dumped because: kasan: bad access detected [ 26.159906] [ 26.159972] Memory state around the buggy address: [ 26.160180] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.160509] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.160821] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.161127] ^ [ 26.161543] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.161816] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.162092] ================================================================== [ 26.918438] ================================================================== [ 26.918731] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 26.919319] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.919703] [ 26.919795] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.919842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.919856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.919878] Call Trace: [ 26.919895] <TASK> [ 26.919912] dump_stack_lvl+0x73/0xb0 [ 26.919940] print_report+0xd1/0x650 [ 26.919963] ? __virt_addr_valid+0x1db/0x2d0 [ 26.919987] ? kasan_atomics_helper+0x5115/0x5450 [ 26.920013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.920039] ? kasan_atomics_helper+0x5115/0x5450 [ 26.920065] kasan_report+0x141/0x180 [ 26.920089] ? kasan_atomics_helper+0x5115/0x5450 [ 26.920119] __asan_report_load8_noabort+0x18/0x20 [ 26.920145] kasan_atomics_helper+0x5115/0x5450 [ 26.920172] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.920424] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.920453] ? kasan_atomics+0x152/0x310 [ 26.920494] kasan_atomics+0x1dc/0x310 [ 26.920518] ? __pfx_kasan_atomics+0x10/0x10 [ 26.920541] ? trace_hardirqs_on+0x37/0xe0 [ 26.920565] ? __pfx_read_tsc+0x10/0x10 [ 26.920587] ? ktime_get_ts64+0x86/0x230 [ 26.920613] kunit_try_run_case+0x1a5/0x480 [ 26.920639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.920665] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.920689] ? __kthread_parkme+0x82/0x180 [ 26.920712] ? preempt_count_sub+0x50/0x80 [ 26.920737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.920763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.920789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.920815] kthread+0x337/0x6f0 [ 26.920836] ? trace_preempt_on+0x20/0xc0 [ 26.920859] ? __pfx_kthread+0x10/0x10 [ 26.920881] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.920907] ? calculate_sigpending+0x7b/0xa0 [ 26.920932] ? __pfx_kthread+0x10/0x10 [ 26.920955] ret_from_fork+0x116/0x1d0 [ 26.920976] ? __pfx_kthread+0x10/0x10 [ 26.920998] ret_from_fork_asm+0x1a/0x30 [ 26.921030] </TASK> [ 26.921041] [ 26.928742] Allocated by task 314: [ 26.928912] kasan_save_stack+0x45/0x70 [ 26.929105] kasan_save_track+0x18/0x40 [ 26.929323] kasan_save_alloc_info+0x3b/0x50 [ 26.929545] __kasan_kmalloc+0xb7/0xc0 [ 26.929734] __kmalloc_cache_noprof+0x189/0x420 [ 26.929940] kasan_atomics+0x95/0x310 [ 26.930125] kunit_try_run_case+0x1a5/0x480 [ 26.930342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.930528] kthread+0x337/0x6f0 [ 26.930698] ret_from_fork+0x116/0x1d0 [ 26.930888] ret_from_fork_asm+0x1a/0x30 [ 26.931083] [ 26.931208] The buggy address belongs to the object at ffff888106195400 [ 26.931208] which belongs to the cache kmalloc-64 of size 64 [ 26.931709] The buggy address is located 0 bytes to the right of [ 26.931709] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.932113] [ 26.932231] The buggy address belongs to the physical page: [ 26.932509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.932817] flags: 0x200000000000000(node=0|zone=2) [ 26.932974] page_type: f5(slab) [ 26.933092] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.934141] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.935080] page dumped because: kasan: bad access detected [ 26.935403] [ 26.935550] Memory state around the buggy address: [ 26.935952] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.936189] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.936923] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.937855] ^ [ 26.938020] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.938262] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.938864] ================================================================== [ 25.730938] ================================================================== [ 25.731446] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 25.731771] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.732066] [ 25.732546] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.732781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.732797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.732820] Call Trace: [ 25.732837] <TASK> [ 25.732855] dump_stack_lvl+0x73/0xb0 [ 25.732885] print_report+0xd1/0x650 [ 25.732910] ? __virt_addr_valid+0x1db/0x2d0 [ 25.732935] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.732960] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.732988] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.733014] kasan_report+0x141/0x180 [ 25.733037] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.733069] __asan_report_store4_noabort+0x1b/0x30 [ 25.733096] kasan_atomics_helper+0x4b3a/0x5450 [ 25.733123] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.733752] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.733801] ? kasan_atomics+0x152/0x310 [ 25.733832] kasan_atomics+0x1dc/0x310 [ 25.733863] ? __pfx_kasan_atomics+0x10/0x10 [ 25.733889] ? trace_hardirqs_on+0x37/0xe0 [ 25.733913] ? __pfx_read_tsc+0x10/0x10 [ 25.733935] ? ktime_get_ts64+0x86/0x230 [ 25.733962] kunit_try_run_case+0x1a5/0x480 [ 25.733988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.734017] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.734041] ? __kthread_parkme+0x82/0x180 [ 25.734063] ? preempt_count_sub+0x50/0x80 [ 25.734087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.734112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.734146] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.734172] kthread+0x337/0x6f0 [ 25.734193] ? trace_preempt_on+0x20/0xc0 [ 25.734217] ? __pfx_kthread+0x10/0x10 [ 25.734239] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.734264] ? calculate_sigpending+0x7b/0xa0 [ 25.734289] ? __pfx_kthread+0x10/0x10 [ 25.734313] ret_from_fork+0x116/0x1d0 [ 25.734332] ? __pfx_kthread+0x10/0x10 [ 25.734355] ret_from_fork_asm+0x1a/0x30 [ 25.734387] </TASK> [ 25.734400] [ 25.747632] Allocated by task 314: [ 25.748016] kasan_save_stack+0x45/0x70 [ 25.748483] kasan_save_track+0x18/0x40 [ 25.748836] kasan_save_alloc_info+0x3b/0x50 [ 25.749269] __kasan_kmalloc+0xb7/0xc0 [ 25.749616] __kmalloc_cache_noprof+0x189/0x420 [ 25.749784] kasan_atomics+0x95/0x310 [ 25.749922] kunit_try_run_case+0x1a5/0x480 [ 25.750067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.750246] kthread+0x337/0x6f0 [ 25.750429] ret_from_fork+0x116/0x1d0 [ 25.750648] ret_from_fork_asm+0x1a/0x30 [ 25.750850] [ 25.750942] The buggy address belongs to the object at ffff888106195400 [ 25.750942] which belongs to the cache kmalloc-64 of size 64 [ 25.751434] The buggy address is located 0 bytes to the right of [ 25.751434] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.752019] [ 25.752085] The buggy address belongs to the physical page: [ 25.752363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.752739] flags: 0x200000000000000(node=0|zone=2) [ 25.752978] page_type: f5(slab) [ 25.753140] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.753632] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.753942] page dumped because: kasan: bad access detected [ 25.754159] [ 25.754235] Memory state around the buggy address: [ 25.754625] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.754893] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.755167] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.755495] ^ [ 25.755689] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.755970] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.756303] ================================================================== [ 25.661892] ================================================================== [ 25.662557] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 25.662881] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.663185] [ 25.663275] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.663323] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.663338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.663361] Call Trace: [ 25.663380] <TASK> [ 25.663398] dump_stack_lvl+0x73/0xb0 [ 25.663427] print_report+0xd1/0x650 [ 25.663450] ? __virt_addr_valid+0x1db/0x2d0 [ 25.663879] ? kasan_atomics_helper+0x3df/0x5450 [ 25.663908] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.663936] ? kasan_atomics_helper+0x3df/0x5450 [ 25.663962] kasan_report+0x141/0x180 [ 25.663987] ? kasan_atomics_helper+0x3df/0x5450 [ 25.664019] kasan_check_range+0x10c/0x1c0 [ 25.664044] __kasan_check_read+0x15/0x20 [ 25.664068] kasan_atomics_helper+0x3df/0x5450 [ 25.664096] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.664123] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.664290] ? kasan_atomics+0x152/0x310 [ 25.664324] kasan_atomics+0x1dc/0x310 [ 25.664349] ? __pfx_kasan_atomics+0x10/0x10 [ 25.664373] ? trace_hardirqs_on+0x37/0xe0 [ 25.664397] ? __pfx_read_tsc+0x10/0x10 [ 25.664420] ? ktime_get_ts64+0x86/0x230 [ 25.664446] kunit_try_run_case+0x1a5/0x480 [ 25.664490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.664518] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.664543] ? __kthread_parkme+0x82/0x180 [ 25.664566] ? preempt_count_sub+0x50/0x80 [ 25.664591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.664617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.664643] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.664669] kthread+0x337/0x6f0 [ 25.664691] ? trace_preempt_on+0x20/0xc0 [ 25.664715] ? __pfx_kthread+0x10/0x10 [ 25.664738] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.664764] ? calculate_sigpending+0x7b/0xa0 [ 25.664791] ? __pfx_kthread+0x10/0x10 [ 25.664814] ret_from_fork+0x116/0x1d0 [ 25.664835] ? __pfx_kthread+0x10/0x10 [ 25.664857] ret_from_fork_asm+0x1a/0x30 [ 25.664891] </TASK> [ 25.664904] [ 25.676846] Allocated by task 314: [ 25.677025] kasan_save_stack+0x45/0x70 [ 25.677405] kasan_save_track+0x18/0x40 [ 25.677606] kasan_save_alloc_info+0x3b/0x50 [ 25.677792] __kasan_kmalloc+0xb7/0xc0 [ 25.677942] __kmalloc_cache_noprof+0x189/0x420 [ 25.678359] kasan_atomics+0x95/0x310 [ 25.678672] kunit_try_run_case+0x1a5/0x480 [ 25.678937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.679186] kthread+0x337/0x6f0 [ 25.679584] ret_from_fork+0x116/0x1d0 [ 25.679787] ret_from_fork_asm+0x1a/0x30 [ 25.679968] [ 25.680043] The buggy address belongs to the object at ffff888106195400 [ 25.680043] which belongs to the cache kmalloc-64 of size 64 [ 25.680906] The buggy address is located 0 bytes to the right of [ 25.680906] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.681693] [ 25.681793] The buggy address belongs to the physical page: [ 25.682314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.682647] flags: 0x200000000000000(node=0|zone=2) [ 25.683021] page_type: f5(slab) [ 25.683291] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.683636] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.683967] page dumped because: kasan: bad access detected [ 25.684196] [ 25.684427] Memory state around the buggy address: [ 25.684591] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.684900] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.685229] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.685795] ^ [ 25.685963] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.686473] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.686779] ================================================================== [ 25.797355] ================================================================== [ 25.798530] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 25.799138] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.800150] [ 25.800452] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.800518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.800534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.800557] Call Trace: [ 25.800573] <TASK> [ 25.800592] dump_stack_lvl+0x73/0xb0 [ 25.800622] print_report+0xd1/0x650 [ 25.800647] ? __virt_addr_valid+0x1db/0x2d0 [ 25.800671] ? kasan_atomics_helper+0x697/0x5450 [ 25.800697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.800723] ? kasan_atomics_helper+0x697/0x5450 [ 25.800750] kasan_report+0x141/0x180 [ 25.800772] ? kasan_atomics_helper+0x697/0x5450 [ 25.800803] kasan_check_range+0x10c/0x1c0 [ 25.800827] __kasan_check_write+0x18/0x20 [ 25.800852] kasan_atomics_helper+0x697/0x5450 [ 25.800878] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.800905] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.800930] ? kasan_atomics+0x152/0x310 [ 25.800957] kasan_atomics+0x1dc/0x310 [ 25.800980] ? __pfx_kasan_atomics+0x10/0x10 [ 25.801002] ? trace_hardirqs_on+0x37/0xe0 [ 25.801026] ? __pfx_read_tsc+0x10/0x10 [ 25.801049] ? ktime_get_ts64+0x86/0x230 [ 25.801073] kunit_try_run_case+0x1a5/0x480 [ 25.801099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.801124] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.801148] ? __kthread_parkme+0x82/0x180 [ 25.801319] ? preempt_count_sub+0x50/0x80 [ 25.801347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.801414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.801440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.801476] kthread+0x337/0x6f0 [ 25.801498] ? trace_preempt_on+0x20/0xc0 [ 25.801522] ? __pfx_kthread+0x10/0x10 [ 25.801544] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.801571] ? calculate_sigpending+0x7b/0xa0 [ 25.801596] ? __pfx_kthread+0x10/0x10 [ 25.801618] ret_from_fork+0x116/0x1d0 [ 25.801639] ? __pfx_kthread+0x10/0x10 [ 25.801661] ret_from_fork_asm+0x1a/0x30 [ 25.801694] </TASK> [ 25.801706] [ 25.819486] Allocated by task 314: [ 25.819629] kasan_save_stack+0x45/0x70 [ 25.819780] kasan_save_track+0x18/0x40 [ 25.819913] kasan_save_alloc_info+0x3b/0x50 [ 25.820058] __kasan_kmalloc+0xb7/0xc0 [ 25.820575] __kmalloc_cache_noprof+0x189/0x420 [ 25.821349] kasan_atomics+0x95/0x310 [ 25.821830] kunit_try_run_case+0x1a5/0x480 [ 25.822421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.822666] kthread+0x337/0x6f0 [ 25.822790] ret_from_fork+0x116/0x1d0 [ 25.822919] ret_from_fork_asm+0x1a/0x30 [ 25.823055] [ 25.823123] The buggy address belongs to the object at ffff888106195400 [ 25.823123] which belongs to the cache kmalloc-64 of size 64 [ 25.824001] The buggy address is located 0 bytes to the right of [ 25.824001] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.825039] [ 25.825297] The buggy address belongs to the physical page: [ 25.825551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.825889] flags: 0x200000000000000(node=0|zone=2) [ 25.826117] page_type: f5(slab) [ 25.826588] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.827018] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.827662] page dumped because: kasan: bad access detected [ 25.827910] [ 25.828003] Memory state around the buggy address: [ 25.828716] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.829623] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.829928] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.830535] ^ [ 25.830810] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.831518] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.832001] ================================================================== [ 25.985311] ================================================================== [ 25.985929] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 25.986539] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.987169] [ 25.987419] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.987580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.987596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.987620] Call Trace: [ 25.987640] <TASK> [ 25.987657] dump_stack_lvl+0x73/0xb0 [ 25.987724] print_report+0xd1/0x650 [ 25.987749] ? __virt_addr_valid+0x1db/0x2d0 [ 25.987774] ? kasan_atomics_helper+0xac7/0x5450 [ 25.987800] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.987827] ? kasan_atomics_helper+0xac7/0x5450 [ 25.987855] kasan_report+0x141/0x180 [ 25.987879] ? kasan_atomics_helper+0xac7/0x5450 [ 25.987909] kasan_check_range+0x10c/0x1c0 [ 25.987934] __kasan_check_write+0x18/0x20 [ 25.987958] kasan_atomics_helper+0xac7/0x5450 [ 25.987985] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.988012] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.988038] ? kasan_atomics+0x152/0x310 [ 25.988065] kasan_atomics+0x1dc/0x310 [ 25.988088] ? __pfx_kasan_atomics+0x10/0x10 [ 25.988111] ? trace_hardirqs_on+0x37/0xe0 [ 25.988136] ? __pfx_read_tsc+0x10/0x10 [ 25.988236] ? ktime_get_ts64+0x86/0x230 [ 25.988263] kunit_try_run_case+0x1a5/0x480 [ 25.988291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.988317] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.988342] ? __kthread_parkme+0x82/0x180 [ 25.988365] ? preempt_count_sub+0x50/0x80 [ 25.988389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.988416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.988441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.988480] kthread+0x337/0x6f0 [ 25.988501] ? trace_preempt_on+0x20/0xc0 [ 25.988525] ? __pfx_kthread+0x10/0x10 [ 25.988547] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.988573] ? calculate_sigpending+0x7b/0xa0 [ 25.988599] ? __pfx_kthread+0x10/0x10 [ 25.988622] ret_from_fork+0x116/0x1d0 [ 25.988643] ? __pfx_kthread+0x10/0x10 [ 25.988666] ret_from_fork_asm+0x1a/0x30 [ 25.988699] </TASK> [ 25.988711] [ 26.000518] Allocated by task 314: [ 26.000704] kasan_save_stack+0x45/0x70 [ 26.000909] kasan_save_track+0x18/0x40 [ 26.001093] kasan_save_alloc_info+0x3b/0x50 [ 26.001549] __kasan_kmalloc+0xb7/0xc0 [ 26.001749] __kmalloc_cache_noprof+0x189/0x420 [ 26.001950] kasan_atomics+0x95/0x310 [ 26.002080] kunit_try_run_case+0x1a5/0x480 [ 26.002450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.002795] kthread+0x337/0x6f0 [ 26.002941] ret_from_fork+0x116/0x1d0 [ 26.003069] ret_from_fork_asm+0x1a/0x30 [ 26.003244] [ 26.003336] The buggy address belongs to the object at ffff888106195400 [ 26.003336] which belongs to the cache kmalloc-64 of size 64 [ 26.003979] The buggy address is located 0 bytes to the right of [ 26.003979] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.004611] [ 26.004695] The buggy address belongs to the physical page: [ 26.004959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.005189] flags: 0x200000000000000(node=0|zone=2) [ 26.005634] page_type: f5(slab) [ 26.005803] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.006143] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.006517] page dumped because: kasan: bad access detected [ 26.006736] [ 26.006808] Memory state around the buggy address: [ 26.006981] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.007550] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.007815] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.008122] ^ [ 26.008389] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.008677] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.008906] ================================================================== [ 26.063953] ================================================================== [ 26.064432] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 26.064679] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.064899] [ 26.064976] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.065021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.065035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.065056] Call Trace: [ 26.065070] <TASK> [ 26.065084] dump_stack_lvl+0x73/0xb0 [ 26.065110] print_report+0xd1/0x650 [ 26.065132] ? __virt_addr_valid+0x1db/0x2d0 [ 26.065155] ? kasan_atomics_helper+0xd47/0x5450 [ 26.065181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.065208] ? kasan_atomics_helper+0xd47/0x5450 [ 26.065234] kasan_report+0x141/0x180 [ 26.065256] ? kasan_atomics_helper+0xd47/0x5450 [ 26.065287] kasan_check_range+0x10c/0x1c0 [ 26.065312] __kasan_check_write+0x18/0x20 [ 26.065336] kasan_atomics_helper+0xd47/0x5450 [ 26.065364] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.065392] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.065417] ? kasan_atomics+0x152/0x310 [ 26.065443] kasan_atomics+0x1dc/0x310 [ 26.065478] ? __pfx_kasan_atomics+0x10/0x10 [ 26.065501] ? trace_hardirqs_on+0x37/0xe0 [ 26.065525] ? __pfx_read_tsc+0x10/0x10 [ 26.065547] ? ktime_get_ts64+0x86/0x230 [ 26.065571] kunit_try_run_case+0x1a5/0x480 [ 26.065597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.065624] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.065646] ? __kthread_parkme+0x82/0x180 [ 26.065669] ? preempt_count_sub+0x50/0x80 [ 26.065694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.065720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.065746] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.065772] kthread+0x337/0x6f0 [ 26.065793] ? trace_preempt_on+0x20/0xc0 [ 26.065828] ? __pfx_kthread+0x10/0x10 [ 26.065856] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.065882] ? calculate_sigpending+0x7b/0xa0 [ 26.065907] ? __pfx_kthread+0x10/0x10 [ 26.065931] ret_from_fork+0x116/0x1d0 [ 26.065952] ? __pfx_kthread+0x10/0x10 [ 26.065975] ret_from_fork_asm+0x1a/0x30 [ 26.066007] </TASK> [ 26.066019] [ 26.073294] Allocated by task 314: [ 26.073488] kasan_save_stack+0x45/0x70 [ 26.073708] kasan_save_track+0x18/0x40 [ 26.073900] kasan_save_alloc_info+0x3b/0x50 [ 26.074107] __kasan_kmalloc+0xb7/0xc0 [ 26.074400] __kmalloc_cache_noprof+0x189/0x420 [ 26.074629] kasan_atomics+0x95/0x310 [ 26.074784] kunit_try_run_case+0x1a5/0x480 [ 26.074925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.075148] kthread+0x337/0x6f0 [ 26.075464] ret_from_fork+0x116/0x1d0 [ 26.075648] ret_from_fork_asm+0x1a/0x30 [ 26.075846] [ 26.075917] The buggy address belongs to the object at ffff888106195400 [ 26.075917] which belongs to the cache kmalloc-64 of size 64 [ 26.076403] The buggy address is located 0 bytes to the right of [ 26.076403] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.076900] [ 26.076985] The buggy address belongs to the physical page: [ 26.077196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.077487] flags: 0x200000000000000(node=0|zone=2) [ 26.077690] page_type: f5(slab) [ 26.077850] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.078157] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.078486] page dumped because: kasan: bad access detected [ 26.078712] [ 26.078799] Memory state around the buggy address: [ 26.078960] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.079274] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.079555] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.079857] ^ [ 26.080026] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.080236] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.080444] ================================================================== [ 26.640690] ================================================================== [ 26.641027] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 26.641388] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.641682] [ 26.641780] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.641824] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.641838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.641867] Call Trace: [ 26.641882] <TASK> [ 26.641899] dump_stack_lvl+0x73/0xb0 [ 26.641926] print_report+0xd1/0x650 [ 26.641949] ? __virt_addr_valid+0x1db/0x2d0 [ 26.641973] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.641998] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.642025] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.642051] kasan_report+0x141/0x180 [ 26.642074] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.642104] __asan_report_load8_noabort+0x18/0x20 [ 26.642130] kasan_atomics_helper+0x4f30/0x5450 [ 26.642157] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.642203] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.642230] ? kasan_atomics+0x152/0x310 [ 26.642257] kasan_atomics+0x1dc/0x310 [ 26.642280] ? __pfx_kasan_atomics+0x10/0x10 [ 26.642304] ? trace_hardirqs_on+0x37/0xe0 [ 26.642327] ? __pfx_read_tsc+0x10/0x10 [ 26.642349] ? ktime_get_ts64+0x86/0x230 [ 26.642375] kunit_try_run_case+0x1a5/0x480 [ 26.642401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.642428] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.642450] ? __kthread_parkme+0x82/0x180 [ 26.642480] ? preempt_count_sub+0x50/0x80 [ 26.642504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.642531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.642555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.642580] kthread+0x337/0x6f0 [ 26.642602] ? trace_preempt_on+0x20/0xc0 [ 26.642626] ? __pfx_kthread+0x10/0x10 [ 26.642648] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.642674] ? calculate_sigpending+0x7b/0xa0 [ 26.642699] ? __pfx_kthread+0x10/0x10 [ 26.642723] ret_from_fork+0x116/0x1d0 [ 26.642743] ? __pfx_kthread+0x10/0x10 [ 26.642765] ret_from_fork_asm+0x1a/0x30 [ 26.642796] </TASK> [ 26.642809] [ 26.649627] Allocated by task 314: [ 26.649748] kasan_save_stack+0x45/0x70 [ 26.649894] kasan_save_track+0x18/0x40 [ 26.650023] kasan_save_alloc_info+0x3b/0x50 [ 26.650164] __kasan_kmalloc+0xb7/0xc0 [ 26.650327] __kmalloc_cache_noprof+0x189/0x420 [ 26.650595] kasan_atomics+0x95/0x310 [ 26.650783] kunit_try_run_case+0x1a5/0x480 [ 26.650983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.651255] kthread+0x337/0x6f0 [ 26.651419] ret_from_fork+0x116/0x1d0 [ 26.651606] ret_from_fork_asm+0x1a/0x30 [ 26.651796] [ 26.651886] The buggy address belongs to the object at ffff888106195400 [ 26.651886] which belongs to the cache kmalloc-64 of size 64 [ 26.652430] The buggy address is located 0 bytes to the right of [ 26.652430] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.652970] [ 26.653036] The buggy address belongs to the physical page: [ 26.653228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.653469] flags: 0x200000000000000(node=0|zone=2) [ 26.653626] page_type: f5(slab) [ 26.653739] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.653969] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.654213] page dumped because: kasan: bad access detected [ 26.654380] [ 26.654446] Memory state around the buggy address: [ 26.654675] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.655017] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.655425] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.655800] ^ [ 26.656024] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.656423] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.656785] ================================================================== [ 26.813887] ================================================================== [ 26.814320] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 26.814619] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.814926] [ 26.815011] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.815056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.815070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.815092] Call Trace: [ 26.815107] <TASK> [ 26.815122] dump_stack_lvl+0x73/0xb0 [ 26.815148] print_report+0xd1/0x650 [ 26.815172] ? __virt_addr_valid+0x1db/0x2d0 [ 26.815195] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.815223] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.815250] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.815276] kasan_report+0x141/0x180 [ 26.815299] ? kasan_atomics_helper+0x20c8/0x5450 [ 26.815330] kasan_check_range+0x10c/0x1c0 [ 26.815354] __kasan_check_write+0x18/0x20 [ 26.815378] kasan_atomics_helper+0x20c8/0x5450 [ 26.815406] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.815433] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.815467] ? kasan_atomics+0x152/0x310 [ 26.815494] kasan_atomics+0x1dc/0x310 [ 26.815518] ? __pfx_kasan_atomics+0x10/0x10 [ 26.815541] ? trace_hardirqs_on+0x37/0xe0 [ 26.815566] ? __pfx_read_tsc+0x10/0x10 [ 26.815588] ? ktime_get_ts64+0x86/0x230 [ 26.815613] kunit_try_run_case+0x1a5/0x480 [ 26.815639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.815665] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.815689] ? __kthread_parkme+0x82/0x180 [ 26.815711] ? preempt_count_sub+0x50/0x80 [ 26.815735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.815761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.815786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.815812] kthread+0x337/0x6f0 [ 26.815833] ? trace_preempt_on+0x20/0xc0 [ 26.815855] ? __pfx_kthread+0x10/0x10 [ 26.815877] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.815902] ? calculate_sigpending+0x7b/0xa0 [ 26.815927] ? __pfx_kthread+0x10/0x10 [ 26.815949] ret_from_fork+0x116/0x1d0 [ 26.815970] ? __pfx_kthread+0x10/0x10 [ 26.815992] ret_from_fork_asm+0x1a/0x30 [ 26.816024] </TASK> [ 26.816036] [ 26.823145] Allocated by task 314: [ 26.823319] kasan_save_stack+0x45/0x70 [ 26.823713] kasan_save_track+0x18/0x40 [ 26.823904] kasan_save_alloc_info+0x3b/0x50 [ 26.824148] __kasan_kmalloc+0xb7/0xc0 [ 26.824372] __kmalloc_cache_noprof+0x189/0x420 [ 26.824538] kasan_atomics+0x95/0x310 [ 26.824665] kunit_try_run_case+0x1a5/0x480 [ 26.824805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.824986] kthread+0x337/0x6f0 [ 26.825154] ret_from_fork+0x116/0x1d0 [ 26.825336] ret_from_fork_asm+0x1a/0x30 [ 26.825591] [ 26.825688] The buggy address belongs to the object at ffff888106195400 [ 26.825688] which belongs to the cache kmalloc-64 of size 64 [ 26.826251] The buggy address is located 0 bytes to the right of [ 26.826251] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.826746] [ 26.826831] The buggy address belongs to the physical page: [ 26.827030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.827337] flags: 0x200000000000000(node=0|zone=2) [ 26.827576] page_type: f5(slab) [ 26.827726] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.827973] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.828194] page dumped because: kasan: bad access detected [ 26.828558] [ 26.828646] Memory state around the buggy address: [ 26.828962] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.829170] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.829376] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.830014] ^ [ 26.830260] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.830554] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.830761] ================================================================== [ 26.859312] ================================================================== [ 26.859560] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 26.859793] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.860012] [ 26.860092] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.860138] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.860152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.860173] Call Trace: [ 26.860189] <TASK> [ 26.860205] dump_stack_lvl+0x73/0xb0 [ 26.860233] print_report+0xd1/0x650 [ 26.860256] ? __virt_addr_valid+0x1db/0x2d0 [ 26.860280] ? kasan_atomics_helper+0x218a/0x5450 [ 26.860306] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.860333] ? kasan_atomics_helper+0x218a/0x5450 [ 26.860359] kasan_report+0x141/0x180 [ 26.860382] ? kasan_atomics_helper+0x218a/0x5450 [ 26.860412] kasan_check_range+0x10c/0x1c0 [ 26.860437] __kasan_check_write+0x18/0x20 [ 26.860471] kasan_atomics_helper+0x218a/0x5450 [ 26.860498] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.860524] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.860914] ? kasan_atomics+0x152/0x310 [ 26.860947] kasan_atomics+0x1dc/0x310 [ 26.860972] ? __pfx_kasan_atomics+0x10/0x10 [ 26.860997] ? trace_hardirqs_on+0x37/0xe0 [ 26.861020] ? __pfx_read_tsc+0x10/0x10 [ 26.861051] ? ktime_get_ts64+0x86/0x230 [ 26.861077] kunit_try_run_case+0x1a5/0x480 [ 26.861102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.861128] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.861152] ? __kthread_parkme+0x82/0x180 [ 26.861175] ? preempt_count_sub+0x50/0x80 [ 26.861201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.861227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.861253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.861279] kthread+0x337/0x6f0 [ 26.861300] ? trace_preempt_on+0x20/0xc0 [ 26.861323] ? __pfx_kthread+0x10/0x10 [ 26.861345] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.861371] ? calculate_sigpending+0x7b/0xa0 [ 26.861396] ? __pfx_kthread+0x10/0x10 [ 26.861419] ret_from_fork+0x116/0x1d0 [ 26.861440] ? __pfx_kthread+0x10/0x10 [ 26.861472] ret_from_fork_asm+0x1a/0x30 [ 26.861504] </TASK> [ 26.861517] [ 26.868989] Allocated by task 314: [ 26.869115] kasan_save_stack+0x45/0x70 [ 26.869256] kasan_save_track+0x18/0x40 [ 26.869384] kasan_save_alloc_info+0x3b/0x50 [ 26.869609] __kasan_kmalloc+0xb7/0xc0 [ 26.869797] __kmalloc_cache_noprof+0x189/0x420 [ 26.870014] kasan_atomics+0x95/0x310 [ 26.870194] kunit_try_run_case+0x1a5/0x480 [ 26.870402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.870597] kthread+0x337/0x6f0 [ 26.870713] ret_from_fork+0x116/0x1d0 [ 26.870838] ret_from_fork_asm+0x1a/0x30 [ 26.870971] [ 26.871036] The buggy address belongs to the object at ffff888106195400 [ 26.871036] which belongs to the cache kmalloc-64 of size 64 [ 26.871493] The buggy address is located 0 bytes to the right of [ 26.871493] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.872041] [ 26.872132] The buggy address belongs to the physical page: [ 26.872464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.872816] flags: 0x200000000000000(node=0|zone=2) [ 26.873039] page_type: f5(slab) [ 26.873174] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.873490] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.873758] page dumped because: kasan: bad access detected [ 26.873930] [ 26.873995] Memory state around the buggy address: [ 26.874197] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.874528] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.874812] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.875113] ^ [ 26.875261] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.875480] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.875687] ================================================================== [ 26.180329] ================================================================== [ 26.180658] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 26.180921] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.181142] [ 26.181428] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.181491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.181505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.181528] Call Trace: [ 26.181542] <TASK> [ 26.181558] dump_stack_lvl+0x73/0xb0 [ 26.181586] print_report+0xd1/0x650 [ 26.181609] ? __virt_addr_valid+0x1db/0x2d0 [ 26.181634] ? kasan_atomics_helper+0x1079/0x5450 [ 26.181660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.181686] ? kasan_atomics_helper+0x1079/0x5450 [ 26.181713] kasan_report+0x141/0x180 [ 26.181737] ? kasan_atomics_helper+0x1079/0x5450 [ 26.181768] kasan_check_range+0x10c/0x1c0 [ 26.181793] __kasan_check_write+0x18/0x20 [ 26.181817] kasan_atomics_helper+0x1079/0x5450 [ 26.181851] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.181878] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.181904] ? kasan_atomics+0x152/0x310 [ 26.181931] kasan_atomics+0x1dc/0x310 [ 26.181955] ? __pfx_kasan_atomics+0x10/0x10 [ 26.181978] ? trace_hardirqs_on+0x37/0xe0 [ 26.182001] ? __pfx_read_tsc+0x10/0x10 [ 26.182024] ? ktime_get_ts64+0x86/0x230 [ 26.182050] kunit_try_run_case+0x1a5/0x480 [ 26.182075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.182103] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.182127] ? __kthread_parkme+0x82/0x180 [ 26.182163] ? preempt_count_sub+0x50/0x80 [ 26.182189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.182227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.182252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.182278] kthread+0x337/0x6f0 [ 26.182300] ? trace_preempt_on+0x20/0xc0 [ 26.182323] ? __pfx_kthread+0x10/0x10 [ 26.182346] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.182372] ? calculate_sigpending+0x7b/0xa0 [ 26.182397] ? __pfx_kthread+0x10/0x10 [ 26.182421] ret_from_fork+0x116/0x1d0 [ 26.182442] ? __pfx_kthread+0x10/0x10 [ 26.182475] ret_from_fork_asm+0x1a/0x30 [ 26.182508] </TASK> [ 26.182520] [ 26.189567] Allocated by task 314: [ 26.189738] kasan_save_stack+0x45/0x70 [ 26.189936] kasan_save_track+0x18/0x40 [ 26.190118] kasan_save_alloc_info+0x3b/0x50 [ 26.190260] __kasan_kmalloc+0xb7/0xc0 [ 26.190391] __kmalloc_cache_noprof+0x189/0x420 [ 26.190778] kasan_atomics+0x95/0x310 [ 26.190964] kunit_try_run_case+0x1a5/0x480 [ 26.191176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.191426] kthread+0x337/0x6f0 [ 26.191606] ret_from_fork+0x116/0x1d0 [ 26.191770] ret_from_fork_asm+0x1a/0x30 [ 26.191935] [ 26.192008] The buggy address belongs to the object at ffff888106195400 [ 26.192008] which belongs to the cache kmalloc-64 of size 64 [ 26.192500] The buggy address is located 0 bytes to the right of [ 26.192500] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.192943] [ 26.193010] The buggy address belongs to the physical page: [ 26.193177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.193422] flags: 0x200000000000000(node=0|zone=2) [ 26.193794] page_type: f5(slab) [ 26.193960] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.194299] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.194640] page dumped because: kasan: bad access detected [ 26.194854] [ 26.194928] Memory state around the buggy address: [ 26.195141] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.195404] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.195641] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.195957] ^ [ 26.196181] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.196482] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.196732] ================================================================== [ 26.237331] ================================================================== [ 26.237886] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 26.238235] Read of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.238536] [ 26.238644] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.238691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.238705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.238727] Call Trace: [ 26.238744] <TASK> [ 26.238761] dump_stack_lvl+0x73/0xb0 [ 26.238790] print_report+0xd1/0x650 [ 26.238814] ? __virt_addr_valid+0x1db/0x2d0 [ 26.238838] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.238865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.238891] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.238917] kasan_report+0x141/0x180 [ 26.238941] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.238971] __asan_report_load4_noabort+0x18/0x20 [ 26.238997] kasan_atomics_helper+0x4a02/0x5450 [ 26.239026] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.239053] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.239078] ? kasan_atomics+0x152/0x310 [ 26.239105] kasan_atomics+0x1dc/0x310 [ 26.239129] ? __pfx_kasan_atomics+0x10/0x10 [ 26.239152] ? trace_hardirqs_on+0x37/0xe0 [ 26.239175] ? __pfx_read_tsc+0x10/0x10 [ 26.239209] ? ktime_get_ts64+0x86/0x230 [ 26.239235] kunit_try_run_case+0x1a5/0x480 [ 26.239261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.239288] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.239312] ? __kthread_parkme+0x82/0x180 [ 26.239334] ? preempt_count_sub+0x50/0x80 [ 26.239358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.239384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.239409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.239434] kthread+0x337/0x6f0 [ 26.239467] ? trace_preempt_on+0x20/0xc0 [ 26.239491] ? __pfx_kthread+0x10/0x10 [ 26.239513] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.239539] ? calculate_sigpending+0x7b/0xa0 [ 26.239564] ? __pfx_kthread+0x10/0x10 [ 26.239587] ret_from_fork+0x116/0x1d0 [ 26.239608] ? __pfx_kthread+0x10/0x10 [ 26.239630] ret_from_fork_asm+0x1a/0x30 [ 26.239664] </TASK> [ 26.239676] [ 26.246810] Allocated by task 314: [ 26.246979] kasan_save_stack+0x45/0x70 [ 26.247121] kasan_save_track+0x18/0x40 [ 26.247252] kasan_save_alloc_info+0x3b/0x50 [ 26.247395] __kasan_kmalloc+0xb7/0xc0 [ 26.247613] __kmalloc_cache_noprof+0x189/0x420 [ 26.247829] kasan_atomics+0x95/0x310 [ 26.248011] kunit_try_run_case+0x1a5/0x480 [ 26.248209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.248478] kthread+0x337/0x6f0 [ 26.248728] ret_from_fork+0x116/0x1d0 [ 26.248873] ret_from_fork_asm+0x1a/0x30 [ 26.249067] [ 26.249150] The buggy address belongs to the object at ffff888106195400 [ 26.249150] which belongs to the cache kmalloc-64 of size 64 [ 26.249592] The buggy address is located 0 bytes to the right of [ 26.249592] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.250014] [ 26.250105] The buggy address belongs to the physical page: [ 26.250431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.250864] flags: 0x200000000000000(node=0|zone=2) [ 26.251057] page_type: f5(slab) [ 26.251187] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.251529] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.251813] page dumped because: kasan: bad access detected [ 26.252032] [ 26.252119] Memory state around the buggy address: [ 26.252345] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.252647] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.252911] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.253168] ^ [ 26.253385] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.253641] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.253853] ================================================================== [ 26.339742] ================================================================== [ 26.340076] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 26.340775] Read of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.341062] [ 26.341140] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.341185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.341208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.341229] Call Trace: [ 26.341245] <TASK> [ 26.341263] dump_stack_lvl+0x73/0xb0 [ 26.341289] print_report+0xd1/0x650 [ 26.341312] ? __virt_addr_valid+0x1db/0x2d0 [ 26.341335] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.341362] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.341388] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.341414] kasan_report+0x141/0x180 [ 26.341437] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.341481] __asan_report_load8_noabort+0x18/0x20 [ 26.341506] kasan_atomics_helper+0x4eae/0x5450 [ 26.341534] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.341562] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.341587] ? kasan_atomics+0x152/0x310 [ 26.341614] kasan_atomics+0x1dc/0x310 [ 26.341638] ? __pfx_kasan_atomics+0x10/0x10 [ 26.341662] ? trace_hardirqs_on+0x37/0xe0 [ 26.341684] ? __pfx_read_tsc+0x10/0x10 [ 26.341706] ? ktime_get_ts64+0x86/0x230 [ 26.341732] kunit_try_run_case+0x1a5/0x480 [ 26.341757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.341784] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.341807] ? __kthread_parkme+0x82/0x180 [ 26.341830] ? preempt_count_sub+0x50/0x80 [ 26.341859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.341885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.341910] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.341936] kthread+0x337/0x6f0 [ 26.341957] ? trace_preempt_on+0x20/0xc0 [ 26.341980] ? __pfx_kthread+0x10/0x10 [ 26.342003] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.342028] ? calculate_sigpending+0x7b/0xa0 [ 26.342053] ? __pfx_kthread+0x10/0x10 [ 26.342076] ret_from_fork+0x116/0x1d0 [ 26.342097] ? __pfx_kthread+0x10/0x10 [ 26.342119] ret_from_fork_asm+0x1a/0x30 [ 26.342152] </TASK> [ 26.342165] [ 26.349192] Allocated by task 314: [ 26.349346] kasan_save_stack+0x45/0x70 [ 26.349517] kasan_save_track+0x18/0x40 [ 26.349661] kasan_save_alloc_info+0x3b/0x50 [ 26.349804] __kasan_kmalloc+0xb7/0xc0 [ 26.349939] __kmalloc_cache_noprof+0x189/0x420 [ 26.350108] kasan_atomics+0x95/0x310 [ 26.350406] kunit_try_run_case+0x1a5/0x480 [ 26.350621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.350870] kthread+0x337/0x6f0 [ 26.351033] ret_from_fork+0x116/0x1d0 [ 26.351249] ret_from_fork_asm+0x1a/0x30 [ 26.351405] [ 26.351507] The buggy address belongs to the object at ffff888106195400 [ 26.351507] which belongs to the cache kmalloc-64 of size 64 [ 26.351958] The buggy address is located 0 bytes to the right of [ 26.351958] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.352489] [ 26.352577] The buggy address belongs to the physical page: [ 26.352798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.353095] flags: 0x200000000000000(node=0|zone=2) [ 26.353311] page_type: f5(slab) [ 26.353465] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.353752] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.354055] page dumped because: kasan: bad access detected [ 26.354315] [ 26.354404] Memory state around the buggy address: [ 26.354588] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.354800] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.355008] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.355372] ^ [ 26.355602] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.355916] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.356262] ================================================================== [ 25.775448] ================================================================== [ 25.775749] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 25.776047] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.776521] [ 25.776619] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.776667] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.776682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.776704] Call Trace: [ 25.776718] <TASK> [ 25.776734] dump_stack_lvl+0x73/0xb0 [ 25.776762] print_report+0xd1/0x650 [ 25.776785] ? __virt_addr_valid+0x1db/0x2d0 [ 25.776809] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.776835] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.776862] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.776888] kasan_report+0x141/0x180 [ 25.776911] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.776941] kasan_check_range+0x10c/0x1c0 [ 25.776966] __kasan_check_write+0x18/0x20 [ 25.776990] kasan_atomics_helper+0x5fe/0x5450 [ 25.777018] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.777044] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.777069] ? kasan_atomics+0x152/0x310 [ 25.777095] kasan_atomics+0x1dc/0x310 [ 25.777118] ? __pfx_kasan_atomics+0x10/0x10 [ 25.777141] ? trace_hardirqs_on+0x37/0xe0 [ 25.777164] ? __pfx_read_tsc+0x10/0x10 [ 25.777186] ? ktime_get_ts64+0x86/0x230 [ 25.777212] kunit_try_run_case+0x1a5/0x480 [ 25.777237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.777263] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.777287] ? __kthread_parkme+0x82/0x180 [ 25.777311] ? preempt_count_sub+0x50/0x80 [ 25.777335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.777361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.777385] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.777426] kthread+0x337/0x6f0 [ 25.777448] ? trace_preempt_on+0x20/0xc0 [ 25.777481] ? __pfx_kthread+0x10/0x10 [ 25.777503] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.777528] ? calculate_sigpending+0x7b/0xa0 [ 25.777554] ? __pfx_kthread+0x10/0x10 [ 25.777577] ret_from_fork+0x116/0x1d0 [ 25.777597] ? __pfx_kthread+0x10/0x10 [ 25.777619] ret_from_fork_asm+0x1a/0x30 [ 25.777651] </TASK> [ 25.777664] [ 25.785311] Allocated by task 314: [ 25.785500] kasan_save_stack+0x45/0x70 [ 25.785699] kasan_save_track+0x18/0x40 [ 25.786072] kasan_save_alloc_info+0x3b/0x50 [ 25.786279] __kasan_kmalloc+0xb7/0xc0 [ 25.786563] __kmalloc_cache_noprof+0x189/0x420 [ 25.786750] kasan_atomics+0x95/0x310 [ 25.786878] kunit_try_run_case+0x1a5/0x480 [ 25.787019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.787426] kthread+0x337/0x6f0 [ 25.787610] ret_from_fork+0x116/0x1d0 [ 25.787796] ret_from_fork_asm+0x1a/0x30 [ 25.787987] [ 25.788067] The buggy address belongs to the object at ffff888106195400 [ 25.788067] which belongs to the cache kmalloc-64 of size 64 [ 25.788724] The buggy address is located 0 bytes to the right of [ 25.788724] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.789237] [ 25.789472] The buggy address belongs to the physical page: [ 25.789752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.790029] flags: 0x200000000000000(node=0|zone=2) [ 25.790215] page_type: f5(slab) [ 25.790379] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.790872] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.791104] page dumped because: kasan: bad access detected [ 25.791522] [ 25.791615] Memory state around the buggy address: [ 25.791796] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.792006] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.792217] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.792427] ^ [ 25.793792] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.794908] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.796042] ================================================================== [ 26.607318] ================================================================== [ 26.607676] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 26.608010] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.608366] [ 26.608480] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.608528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.608542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.608564] Call Trace: [ 26.608579] <TASK> [ 26.608594] dump_stack_lvl+0x73/0xb0 [ 26.608621] print_report+0xd1/0x650 [ 26.608644] ? __virt_addr_valid+0x1db/0x2d0 [ 26.608669] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.608694] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.608721] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.608747] kasan_report+0x141/0x180 [ 26.608769] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.608800] kasan_check_range+0x10c/0x1c0 [ 26.608825] __kasan_check_write+0x18/0x20 [ 26.608848] kasan_atomics_helper+0x1b22/0x5450 [ 26.608875] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.608902] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.608927] ? kasan_atomics+0x152/0x310 [ 26.608954] kasan_atomics+0x1dc/0x310 [ 26.608977] ? __pfx_kasan_atomics+0x10/0x10 [ 26.609000] ? trace_hardirqs_on+0x37/0xe0 [ 26.609022] ? __pfx_read_tsc+0x10/0x10 [ 26.609045] ? ktime_get_ts64+0x86/0x230 [ 26.609070] kunit_try_run_case+0x1a5/0x480 [ 26.609095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.609121] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.609144] ? __kthread_parkme+0x82/0x180 [ 26.609166] ? preempt_count_sub+0x50/0x80 [ 26.609213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.609239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.609265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.609290] kthread+0x337/0x6f0 [ 26.609312] ? trace_preempt_on+0x20/0xc0 [ 26.609335] ? __pfx_kthread+0x10/0x10 [ 26.609357] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.609382] ? calculate_sigpending+0x7b/0xa0 [ 26.609408] ? __pfx_kthread+0x10/0x10 [ 26.609430] ret_from_fork+0x116/0x1d0 [ 26.609451] ? __pfx_kthread+0x10/0x10 [ 26.609482] ret_from_fork_asm+0x1a/0x30 [ 26.609514] </TASK> [ 26.609525] [ 26.616541] Allocated by task 314: [ 26.616701] kasan_save_stack+0x45/0x70 [ 26.616894] kasan_save_track+0x18/0x40 [ 26.617024] kasan_save_alloc_info+0x3b/0x50 [ 26.617165] __kasan_kmalloc+0xb7/0xc0 [ 26.617314] __kmalloc_cache_noprof+0x189/0x420 [ 26.617471] kasan_atomics+0x95/0x310 [ 26.617651] kunit_try_run_case+0x1a5/0x480 [ 26.617860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.618108] kthread+0x337/0x6f0 [ 26.618300] ret_from_fork+0x116/0x1d0 [ 26.618490] ret_from_fork_asm+0x1a/0x30 [ 26.618689] [ 26.618779] The buggy address belongs to the object at ffff888106195400 [ 26.618779] which belongs to the cache kmalloc-64 of size 64 [ 26.619272] The buggy address is located 0 bytes to the right of [ 26.619272] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.619768] [ 26.619856] The buggy address belongs to the physical page: [ 26.620077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.620348] flags: 0x200000000000000(node=0|zone=2) [ 26.620544] page_type: f5(slab) [ 26.620710] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.621050] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.621386] page dumped because: kasan: bad access detected [ 26.621620] [ 26.621712] Memory state around the buggy address: [ 26.621895] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.622137] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.622372] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.622590] ^ [ 26.622813] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.623129] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.623471] ================================================================== [ 26.897859] ================================================================== [ 26.898100] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 26.898332] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.898566] [ 26.898671] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.898720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.898735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.898758] Call Trace: [ 26.898773] <TASK> [ 26.898790] dump_stack_lvl+0x73/0xb0 [ 26.898818] print_report+0xd1/0x650 [ 26.898841] ? __virt_addr_valid+0x1db/0x2d0 [ 26.898865] ? kasan_atomics_helper+0x224c/0x5450 [ 26.898890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.898918] ? kasan_atomics_helper+0x224c/0x5450 [ 26.898944] kasan_report+0x141/0x180 [ 26.898967] ? kasan_atomics_helper+0x224c/0x5450 [ 26.898998] kasan_check_range+0x10c/0x1c0 [ 26.899022] __kasan_check_write+0x18/0x20 [ 26.899047] kasan_atomics_helper+0x224c/0x5450 [ 26.899074] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.899101] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.899126] ? kasan_atomics+0x152/0x310 [ 26.899153] kasan_atomics+0x1dc/0x310 [ 26.899177] ? __pfx_kasan_atomics+0x10/0x10 [ 26.899516] ? trace_hardirqs_on+0x37/0xe0 [ 26.899545] ? __pfx_read_tsc+0x10/0x10 [ 26.899569] ? ktime_get_ts64+0x86/0x230 [ 26.899796] kunit_try_run_case+0x1a5/0x480 [ 26.899827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.899854] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.899879] ? __kthread_parkme+0x82/0x180 [ 26.899902] ? preempt_count_sub+0x50/0x80 [ 26.899927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.899953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.899978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.900004] kthread+0x337/0x6f0 [ 26.900025] ? trace_preempt_on+0x20/0xc0 [ 26.900049] ? __pfx_kthread+0x10/0x10 [ 26.900071] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.900097] ? calculate_sigpending+0x7b/0xa0 [ 26.900122] ? __pfx_kthread+0x10/0x10 [ 26.900146] ret_from_fork+0x116/0x1d0 [ 26.900167] ? __pfx_kthread+0x10/0x10 [ 26.900203] ret_from_fork_asm+0x1a/0x30 [ 26.900235] </TASK> [ 26.900247] [ 26.908818] Allocated by task 314: [ 26.909000] kasan_save_stack+0x45/0x70 [ 26.909152] kasan_save_track+0x18/0x40 [ 26.909671] kasan_save_alloc_info+0x3b/0x50 [ 26.909939] __kasan_kmalloc+0xb7/0xc0 [ 26.910099] __kmalloc_cache_noprof+0x189/0x420 [ 26.910365] kasan_atomics+0x95/0x310 [ 26.910669] kunit_try_run_case+0x1a5/0x480 [ 26.910845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.911080] kthread+0x337/0x6f0 [ 26.911237] ret_from_fork+0x116/0x1d0 [ 26.911666] ret_from_fork_asm+0x1a/0x30 [ 26.911840] [ 26.912044] The buggy address belongs to the object at ffff888106195400 [ 26.912044] which belongs to the cache kmalloc-64 of size 64 [ 26.912403] The buggy address is located 0 bytes to the right of [ 26.912403] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.912778] [ 26.912850] The buggy address belongs to the physical page: [ 26.913026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.913808] flags: 0x200000000000000(node=0|zone=2) [ 26.914111] page_type: f5(slab) [ 26.914317] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.914615] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.914933] page dumped because: kasan: bad access detected [ 26.915160] [ 26.915237] Memory state around the buggy address: [ 26.915789] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.916009] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.916229] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.916754] ^ [ 26.917079] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.917546] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.917818] ================================================================== [ 26.780260] ================================================================== [ 26.780610] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 26.780987] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.781447] [ 26.781538] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.781585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.781599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.781621] Call Trace: [ 26.781635] <TASK> [ 26.781651] dump_stack_lvl+0x73/0xb0 [ 26.781677] print_report+0xd1/0x650 [ 26.781701] ? __virt_addr_valid+0x1db/0x2d0 [ 26.781725] ? kasan_atomics_helper+0x2006/0x5450 [ 26.781751] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.781778] ? kasan_atomics_helper+0x2006/0x5450 [ 26.781805] kasan_report+0x141/0x180 [ 26.781828] ? kasan_atomics_helper+0x2006/0x5450 [ 26.781865] kasan_check_range+0x10c/0x1c0 [ 26.781889] __kasan_check_write+0x18/0x20 [ 26.781914] kasan_atomics_helper+0x2006/0x5450 [ 26.781941] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.781968] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.781994] ? kasan_atomics+0x152/0x310 [ 26.782020] kasan_atomics+0x1dc/0x310 [ 26.782044] ? __pfx_kasan_atomics+0x10/0x10 [ 26.782067] ? trace_hardirqs_on+0x37/0xe0 [ 26.782090] ? __pfx_read_tsc+0x10/0x10 [ 26.782112] ? ktime_get_ts64+0x86/0x230 [ 26.782137] kunit_try_run_case+0x1a5/0x480 [ 26.782163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.782189] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.782221] ? __kthread_parkme+0x82/0x180 [ 26.782242] ? preempt_count_sub+0x50/0x80 [ 26.782266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.782293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.782318] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.782344] kthread+0x337/0x6f0 [ 26.782364] ? trace_preempt_on+0x20/0xc0 [ 26.782388] ? __pfx_kthread+0x10/0x10 [ 26.782409] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.782434] ? calculate_sigpending+0x7b/0xa0 [ 26.782469] ? __pfx_kthread+0x10/0x10 [ 26.782492] ret_from_fork+0x116/0x1d0 [ 26.782512] ? __pfx_kthread+0x10/0x10 [ 26.782535] ret_from_fork_asm+0x1a/0x30 [ 26.782567] </TASK> [ 26.782580] [ 26.789837] Allocated by task 314: [ 26.790012] kasan_save_stack+0x45/0x70 [ 26.790163] kasan_save_track+0x18/0x40 [ 26.790361] kasan_save_alloc_info+0x3b/0x50 [ 26.790520] __kasan_kmalloc+0xb7/0xc0 [ 26.790650] __kmalloc_cache_noprof+0x189/0x420 [ 26.790799] kasan_atomics+0x95/0x310 [ 26.790982] kunit_try_run_case+0x1a5/0x480 [ 26.791179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.791435] kthread+0x337/0x6f0 [ 26.791605] ret_from_fork+0x116/0x1d0 [ 26.791763] ret_from_fork_asm+0x1a/0x30 [ 26.791944] [ 26.792035] The buggy address belongs to the object at ffff888106195400 [ 26.792035] which belongs to the cache kmalloc-64 of size 64 [ 26.792383] The buggy address is located 0 bytes to the right of [ 26.792383] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.792938] [ 26.793032] The buggy address belongs to the physical page: [ 26.793293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.793622] flags: 0x200000000000000(node=0|zone=2) [ 26.793784] page_type: f5(slab) [ 26.793920] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.794339] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.794621] page dumped because: kasan: bad access detected [ 26.794848] [ 26.794922] Memory state around the buggy address: [ 26.795099] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.795424] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.795705] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.795966] ^ [ 26.796152] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.796556] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.796828] ================================================================== [ 25.832850] ================================================================== [ 25.833555] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 25.833858] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 25.834152] [ 25.834414] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.834682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.834701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.834724] Call Trace: [ 25.834742] <TASK> [ 25.834759] dump_stack_lvl+0x73/0xb0 [ 25.834799] print_report+0xd1/0x650 [ 25.834823] ? __virt_addr_valid+0x1db/0x2d0 [ 25.834848] ? kasan_atomics_helper+0x72f/0x5450 [ 25.834874] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.834900] ? kasan_atomics_helper+0x72f/0x5450 [ 25.834926] kasan_report+0x141/0x180 [ 25.834949] ? kasan_atomics_helper+0x72f/0x5450 [ 25.834980] kasan_check_range+0x10c/0x1c0 [ 25.835004] __kasan_check_write+0x18/0x20 [ 25.835028] kasan_atomics_helper+0x72f/0x5450 [ 25.835056] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.835083] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.835107] ? kasan_atomics+0x152/0x310 [ 25.835134] kasan_atomics+0x1dc/0x310 [ 25.835188] ? __pfx_kasan_atomics+0x10/0x10 [ 25.835211] ? trace_hardirqs_on+0x37/0xe0 [ 25.835246] ? __pfx_read_tsc+0x10/0x10 [ 25.835269] ? ktime_get_ts64+0x86/0x230 [ 25.835294] kunit_try_run_case+0x1a5/0x480 [ 25.835320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.835347] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.835370] ? __kthread_parkme+0x82/0x180 [ 25.835392] ? preempt_count_sub+0x50/0x80 [ 25.835417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.835443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.835478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.835505] kthread+0x337/0x6f0 [ 25.835527] ? trace_preempt_on+0x20/0xc0 [ 25.835551] ? __pfx_kthread+0x10/0x10 [ 25.835573] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.835599] ? calculate_sigpending+0x7b/0xa0 [ 25.835624] ? __pfx_kthread+0x10/0x10 [ 25.835648] ret_from_fork+0x116/0x1d0 [ 25.835669] ? __pfx_kthread+0x10/0x10 [ 25.835692] ret_from_fork_asm+0x1a/0x30 [ 25.835724] </TASK> [ 25.835737] [ 25.848090] Allocated by task 314: [ 25.848370] kasan_save_stack+0x45/0x70 [ 25.848787] kasan_save_track+0x18/0x40 [ 25.849078] kasan_save_alloc_info+0x3b/0x50 [ 25.849528] __kasan_kmalloc+0xb7/0xc0 [ 25.849734] __kmalloc_cache_noprof+0x189/0x420 [ 25.849937] kasan_atomics+0x95/0x310 [ 25.850106] kunit_try_run_case+0x1a5/0x480 [ 25.850558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.850902] kthread+0x337/0x6f0 [ 25.851290] ret_from_fork+0x116/0x1d0 [ 25.851537] ret_from_fork_asm+0x1a/0x30 [ 25.851935] [ 25.852025] The buggy address belongs to the object at ffff888106195400 [ 25.852025] which belongs to the cache kmalloc-64 of size 64 [ 25.853031] The buggy address is located 0 bytes to the right of [ 25.853031] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 25.854357] [ 25.854452] The buggy address belongs to the physical page: [ 25.854877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 25.855695] flags: 0x200000000000000(node=0|zone=2) [ 25.856038] page_type: f5(slab) [ 25.856486] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.856994] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.857644] page dumped because: kasan: bad access detected [ 25.858087] [ 25.858312] Memory state around the buggy address: [ 25.858645] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.858940] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.859439] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.859928] ^ [ 25.860504] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.860813] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.861088] ================================================================== [ 26.730092] ================================================================== [ 26.730643] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 26.731010] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.731534] [ 26.731659] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.731721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.731736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.731759] Call Trace: [ 26.731793] <TASK> [ 26.731809] dump_stack_lvl+0x73/0xb0 [ 26.731836] print_report+0xd1/0x650 [ 26.731859] ? __virt_addr_valid+0x1db/0x2d0 [ 26.731883] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.731909] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.731935] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.731961] kasan_report+0x141/0x180 [ 26.731985] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.732016] kasan_check_range+0x10c/0x1c0 [ 26.732040] __kasan_check_write+0x18/0x20 [ 26.732065] kasan_atomics_helper+0x1f43/0x5450 [ 26.732091] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.732136] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.732162] ? kasan_atomics+0x152/0x310 [ 26.732188] kasan_atomics+0x1dc/0x310 [ 26.732220] ? __pfx_kasan_atomics+0x10/0x10 [ 26.732244] ? trace_hardirqs_on+0x37/0xe0 [ 26.732268] ? __pfx_read_tsc+0x10/0x10 [ 26.732290] ? ktime_get_ts64+0x86/0x230 [ 26.732315] kunit_try_run_case+0x1a5/0x480 [ 26.732341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.732387] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.732410] ? __kthread_parkme+0x82/0x180 [ 26.732432] ? preempt_count_sub+0x50/0x80 [ 26.732466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.732492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.732517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.732561] kthread+0x337/0x6f0 [ 26.732582] ? trace_preempt_on+0x20/0xc0 [ 26.732604] ? __pfx_kthread+0x10/0x10 [ 26.732627] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.732652] ? calculate_sigpending+0x7b/0xa0 [ 26.732677] ? __pfx_kthread+0x10/0x10 [ 26.732717] ret_from_fork+0x116/0x1d0 [ 26.732737] ? __pfx_kthread+0x10/0x10 [ 26.732759] ret_from_fork_asm+0x1a/0x30 [ 26.732792] </TASK> [ 26.732804] [ 26.740676] Allocated by task 314: [ 26.740880] kasan_save_stack+0x45/0x70 [ 26.741100] kasan_save_track+0x18/0x40 [ 26.741419] kasan_save_alloc_info+0x3b/0x50 [ 26.741636] __kasan_kmalloc+0xb7/0xc0 [ 26.741857] __kmalloc_cache_noprof+0x189/0x420 [ 26.742083] kasan_atomics+0x95/0x310 [ 26.742238] kunit_try_run_case+0x1a5/0x480 [ 26.742479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.742922] kthread+0x337/0x6f0 [ 26.743255] ret_from_fork+0x116/0x1d0 [ 26.743431] ret_from_fork_asm+0x1a/0x30 [ 26.744062] [ 26.744140] The buggy address belongs to the object at ffff888106195400 [ 26.744140] which belongs to the cache kmalloc-64 of size 64 [ 26.744638] The buggy address is located 0 bytes to the right of [ 26.744638] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.744983] [ 26.745048] The buggy address belongs to the physical page: [ 26.745210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.746181] flags: 0x200000000000000(node=0|zone=2) [ 26.746884] page_type: f5(slab) [ 26.747336] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.748210] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.749064] page dumped because: kasan: bad access detected [ 26.749886] [ 26.750057] Memory state around the buggy address: [ 26.750827] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.751656] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.752520] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.753402] ^ [ 26.753988] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.754513] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.754735] ================================================================== [ 26.099266] ================================================================== [ 26.099991] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 26.100339] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.100692] [ 26.100778] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.100837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.100852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.100875] Call Trace: [ 26.100893] <TASK> [ 26.100909] dump_stack_lvl+0x73/0xb0 [ 26.100937] print_report+0xd1/0x650 [ 26.100960] ? __virt_addr_valid+0x1db/0x2d0 [ 26.100985] ? kasan_atomics_helper+0xe78/0x5450 [ 26.101011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.101039] ? kasan_atomics_helper+0xe78/0x5450 [ 26.101066] kasan_report+0x141/0x180 [ 26.101089] ? kasan_atomics_helper+0xe78/0x5450 [ 26.101120] kasan_check_range+0x10c/0x1c0 [ 26.101145] __kasan_check_write+0x18/0x20 [ 26.101169] kasan_atomics_helper+0xe78/0x5450 [ 26.101197] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.101225] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.101251] ? kasan_atomics+0x152/0x310 [ 26.101278] kasan_atomics+0x1dc/0x310 [ 26.101302] ? __pfx_kasan_atomics+0x10/0x10 [ 26.101326] ? trace_hardirqs_on+0x37/0xe0 [ 26.101349] ? __pfx_read_tsc+0x10/0x10 [ 26.101372] ? ktime_get_ts64+0x86/0x230 [ 26.101399] kunit_try_run_case+0x1a5/0x480 [ 26.101424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.101450] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.101488] ? __kthread_parkme+0x82/0x180 [ 26.101511] ? preempt_count_sub+0x50/0x80 [ 26.101539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.101566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.101592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.101619] kthread+0x337/0x6f0 [ 26.101641] ? trace_preempt_on+0x20/0xc0 [ 26.101666] ? __pfx_kthread+0x10/0x10 [ 26.101689] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.101716] ? calculate_sigpending+0x7b/0xa0 [ 26.101741] ? __pfx_kthread+0x10/0x10 [ 26.101766] ret_from_fork+0x116/0x1d0 [ 26.101788] ? __pfx_kthread+0x10/0x10 [ 26.101812] ret_from_fork_asm+0x1a/0x30 [ 26.101867] </TASK> [ 26.101880] [ 26.108968] Allocated by task 314: [ 26.109143] kasan_save_stack+0x45/0x70 [ 26.109362] kasan_save_track+0x18/0x40 [ 26.109506] kasan_save_alloc_info+0x3b/0x50 [ 26.109652] __kasan_kmalloc+0xb7/0xc0 [ 26.109785] __kmalloc_cache_noprof+0x189/0x420 [ 26.110014] kasan_atomics+0x95/0x310 [ 26.110200] kunit_try_run_case+0x1a5/0x480 [ 26.110414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.110677] kthread+0x337/0x6f0 [ 26.110823] ret_from_fork+0x116/0x1d0 [ 26.110990] ret_from_fork_asm+0x1a/0x30 [ 26.111174] [ 26.111278] The buggy address belongs to the object at ffff888106195400 [ 26.111278] which belongs to the cache kmalloc-64 of size 64 [ 26.111768] The buggy address is located 0 bytes to the right of [ 26.111768] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.112349] [ 26.112427] The buggy address belongs to the physical page: [ 26.112665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.112972] flags: 0x200000000000000(node=0|zone=2) [ 26.113187] page_type: f5(slab) [ 26.113338] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.113644] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.113949] page dumped because: kasan: bad access detected [ 26.114151] [ 26.114270] Memory state around the buggy address: [ 26.114475] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.114756] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.115025] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.115311] ^ [ 26.115517] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.115731] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.115941] ================================================================== [ 26.675483] ================================================================== [ 26.675861] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 26.676302] Write of size 8 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.676695] [ 26.676821] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.676907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.676935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.676970] Call Trace: [ 26.676999] <TASK> [ 26.677028] dump_stack_lvl+0x73/0xb0 [ 26.677069] print_report+0xd1/0x650 [ 26.677092] ? __virt_addr_valid+0x1db/0x2d0 [ 26.677142] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.677213] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.677241] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.677267] kasan_report+0x141/0x180 [ 26.677290] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.677321] kasan_check_range+0x10c/0x1c0 [ 26.677346] __kasan_check_write+0x18/0x20 [ 26.677370] kasan_atomics_helper+0x1d7a/0x5450 [ 26.677397] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.677423] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.677476] ? kasan_atomics+0x152/0x310 [ 26.677503] kasan_atomics+0x1dc/0x310 [ 26.677527] ? __pfx_kasan_atomics+0x10/0x10 [ 26.677567] ? trace_hardirqs_on+0x37/0xe0 [ 26.677591] ? __pfx_read_tsc+0x10/0x10 [ 26.677630] ? ktime_get_ts64+0x86/0x230 [ 26.677655] kunit_try_run_case+0x1a5/0x480 [ 26.677681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.677708] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.677731] ? __kthread_parkme+0x82/0x180 [ 26.677755] ? preempt_count_sub+0x50/0x80 [ 26.677799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.677825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.677854] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.677881] kthread+0x337/0x6f0 [ 26.677903] ? trace_preempt_on+0x20/0xc0 [ 26.677926] ? __pfx_kthread+0x10/0x10 [ 26.677948] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.677989] ? calculate_sigpending+0x7b/0xa0 [ 26.678028] ? __pfx_kthread+0x10/0x10 [ 26.678050] ret_from_fork+0x116/0x1d0 [ 26.678070] ? __pfx_kthread+0x10/0x10 [ 26.678093] ret_from_fork_asm+0x1a/0x30 [ 26.678125] </TASK> [ 26.678136] [ 26.685722] Allocated by task 314: [ 26.685865] kasan_save_stack+0x45/0x70 [ 26.686081] kasan_save_track+0x18/0x40 [ 26.686252] kasan_save_alloc_info+0x3b/0x50 [ 26.686397] __kasan_kmalloc+0xb7/0xc0 [ 26.686536] __kmalloc_cache_noprof+0x189/0x420 [ 26.686685] kasan_atomics+0x95/0x310 [ 26.686811] kunit_try_run_case+0x1a5/0x480 [ 26.686952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.687122] kthread+0x337/0x6f0 [ 26.687261] ret_from_fork+0x116/0x1d0 [ 26.687445] ret_from_fork_asm+0x1a/0x30 [ 26.687669] [ 26.687778] The buggy address belongs to the object at ffff888106195400 [ 26.687778] which belongs to the cache kmalloc-64 of size 64 [ 26.688358] The buggy address is located 0 bytes to the right of [ 26.688358] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.688932] [ 26.689023] The buggy address belongs to the physical page: [ 26.689348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.689762] flags: 0x200000000000000(node=0|zone=2) [ 26.690050] page_type: f5(slab) [ 26.690261] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.690603] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.690932] page dumped because: kasan: bad access detected [ 26.691176] [ 26.691283] Memory state around the buggy address: [ 26.691504] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.691738] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.691946] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.692152] ^ [ 26.692325] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.692647] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.692979] ================================================================== [ 26.289368] ================================================================== [ 26.289694] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 26.289943] Write of size 4 at addr ffff888106195430 by task kunit_try_catch/314 [ 26.290213] [ 26.290315] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 26.290361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.290375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.290397] Call Trace: [ 26.290412] <TASK> [ 26.290429] dump_stack_lvl+0x73/0xb0 [ 26.290466] print_report+0xd1/0x650 [ 26.290490] ? __virt_addr_valid+0x1db/0x2d0 [ 26.290515] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.290541] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.290567] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.290594] kasan_report+0x141/0x180 [ 26.290620] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.290652] kasan_check_range+0x10c/0x1c0 [ 26.290677] __kasan_check_write+0x18/0x20 [ 26.290701] kasan_atomics_helper+0x12e6/0x5450 [ 26.290729] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.290755] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.290781] ? kasan_atomics+0x152/0x310 [ 26.290808] kasan_atomics+0x1dc/0x310 [ 26.290832] ? __pfx_kasan_atomics+0x10/0x10 [ 26.290855] ? trace_hardirqs_on+0x37/0xe0 [ 26.290879] ? __pfx_read_tsc+0x10/0x10 [ 26.290901] ? ktime_get_ts64+0x86/0x230 [ 26.290926] kunit_try_run_case+0x1a5/0x480 [ 26.290951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.290977] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.291000] ? __kthread_parkme+0x82/0x180 [ 26.291022] ? preempt_count_sub+0x50/0x80 [ 26.291047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.291073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.291098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.291124] kthread+0x337/0x6f0 [ 26.291145] ? trace_preempt_on+0x20/0xc0 [ 26.291168] ? __pfx_kthread+0x10/0x10 [ 26.291191] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.291216] ? calculate_sigpending+0x7b/0xa0 [ 26.291241] ? __pfx_kthread+0x10/0x10 [ 26.291264] ret_from_fork+0x116/0x1d0 [ 26.291285] ? __pfx_kthread+0x10/0x10 [ 26.291307] ret_from_fork_asm+0x1a/0x30 [ 26.291339] </TASK> [ 26.291351] [ 26.298273] Allocated by task 314: [ 26.298465] kasan_save_stack+0x45/0x70 [ 26.298663] kasan_save_track+0x18/0x40 [ 26.298849] kasan_save_alloc_info+0x3b/0x50 [ 26.299062] __kasan_kmalloc+0xb7/0xc0 [ 26.299326] __kmalloc_cache_noprof+0x189/0x420 [ 26.299558] kasan_atomics+0x95/0x310 [ 26.299744] kunit_try_run_case+0x1a5/0x480 [ 26.299942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.300182] kthread+0x337/0x6f0 [ 26.300344] ret_from_fork+0x116/0x1d0 [ 26.300528] ret_from_fork_asm+0x1a/0x30 [ 26.300712] [ 26.300786] The buggy address belongs to the object at ffff888106195400 [ 26.300786] which belongs to the cache kmalloc-64 of size 64 [ 26.301262] The buggy address is located 0 bytes to the right of [ 26.301262] allocated 48-byte region [ffff888106195400, ffff888106195430) [ 26.301740] [ 26.301831] The buggy address belongs to the physical page: [ 26.302055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106195 [ 26.302387] flags: 0x200000000000000(node=0|zone=2) [ 26.302607] page_type: f5(slab) [ 26.302751] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.303043] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.303371] page dumped because: kasan: bad access detected [ 26.303598] [ 26.303691] Memory state around the buggy address: [ 26.303841] ffff888106195300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.304054] ffff888106195380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.304264] >ffff888106195400: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.304487] ^ [ 26.304704] ffff888106195480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.305270] ffff888106195500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.305585] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 25.433334] ================================================================== [ 25.433772] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434245] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.434496] [ 25.434576] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.434621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.434634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.434655] Call Trace: [ 25.434666] <TASK> [ 25.434680] dump_stack_lvl+0x73/0xb0 [ 25.434707] print_report+0xd1/0x650 [ 25.434728] ? __virt_addr_valid+0x1db/0x2d0 [ 25.434751] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434777] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.434802] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434829] kasan_report+0x141/0x180 [ 25.434850] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434881] kasan_check_range+0x10c/0x1c0 [ 25.434905] __kasan_check_write+0x18/0x20 [ 25.434927] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.434954] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.434982] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.435005] ? trace_hardirqs_on+0x37/0xe0 [ 25.435026] ? kasan_bitops_generic+0x92/0x1c0 [ 25.435052] kasan_bitops_generic+0x121/0x1c0 [ 25.435076] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.435100] ? __pfx_read_tsc+0x10/0x10 [ 25.435121] ? ktime_get_ts64+0x86/0x230 [ 25.435145] kunit_try_run_case+0x1a5/0x480 [ 25.435302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.435326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.435347] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.435374] ? __kthread_parkme+0x82/0x180 [ 25.435395] ? preempt_count_sub+0x50/0x80 [ 25.435419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.435444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.435483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.435507] kthread+0x337/0x6f0 [ 25.435527] ? trace_preempt_on+0x20/0xc0 [ 25.435549] ? __pfx_kthread+0x10/0x10 [ 25.435571] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.435593] ? calculate_sigpending+0x7b/0xa0 [ 25.435618] ? __pfx_kthread+0x10/0x10 [ 25.435640] ret_from_fork+0x116/0x1d0 [ 25.435659] ? __pfx_kthread+0x10/0x10 [ 25.435681] ret_from_fork_asm+0x1a/0x30 [ 25.435711] </TASK> [ 25.435722] [ 25.444100] Allocated by task 310: [ 25.444223] kasan_save_stack+0x45/0x70 [ 25.444364] kasan_save_track+0x18/0x40 [ 25.444685] kasan_save_alloc_info+0x3b/0x50 [ 25.444891] __kasan_kmalloc+0xb7/0xc0 [ 25.445074] __kmalloc_cache_noprof+0x189/0x420 [ 25.445285] kasan_bitops_generic+0x92/0x1c0 [ 25.445512] kunit_try_run_case+0x1a5/0x480 [ 25.445719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.445979] kthread+0x337/0x6f0 [ 25.446145] ret_from_fork+0x116/0x1d0 [ 25.446328] ret_from_fork_asm+0x1a/0x30 [ 25.447737] [ 25.448142] The buggy address belongs to the object at ffff888104b06e60 [ 25.448142] which belongs to the cache kmalloc-16 of size 16 [ 25.449575] The buggy address is located 8 bytes inside of [ 25.449575] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.450911] [ 25.451220] The buggy address belongs to the physical page: [ 25.451832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.452630] flags: 0x200000000000000(node=0|zone=2) [ 25.452811] page_type: f5(slab) [ 25.452930] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.453162] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.453386] page dumped because: kasan: bad access detected [ 25.453708] [ 25.453879] Memory state around the buggy address: [ 25.454092] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.455010] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.455502] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.456104] ^ [ 25.456511] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.456731] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.456940] ================================================================== [ 25.373361] ================================================================== [ 25.373747] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.374033] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.374686] [ 25.374807] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.374853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.374866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.374886] Call Trace: [ 25.374900] <TASK> [ 25.374916] dump_stack_lvl+0x73/0xb0 [ 25.374943] print_report+0xd1/0x650 [ 25.374965] ? __virt_addr_valid+0x1db/0x2d0 [ 25.374989] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375015] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.375041] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375068] kasan_report+0x141/0x180 [ 25.375089] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375121] kasan_check_range+0x10c/0x1c0 [ 25.375144] __kasan_check_write+0x18/0x20 [ 25.375167] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.375194] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.375222] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.375245] ? trace_hardirqs_on+0x37/0xe0 [ 25.375265] ? kasan_bitops_generic+0x92/0x1c0 [ 25.375293] kasan_bitops_generic+0x121/0x1c0 [ 25.375316] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.375340] ? __pfx_read_tsc+0x10/0x10 [ 25.375362] ? ktime_get_ts64+0x86/0x230 [ 25.375385] kunit_try_run_case+0x1a5/0x480 [ 25.375410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.375434] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.375469] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.375496] ? __kthread_parkme+0x82/0x180 [ 25.375516] ? preempt_count_sub+0x50/0x80 [ 25.375539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.375564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.375588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.375677] kthread+0x337/0x6f0 [ 25.375703] ? trace_preempt_on+0x20/0xc0 [ 25.375726] ? __pfx_kthread+0x10/0x10 [ 25.375747] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.375771] ? calculate_sigpending+0x7b/0xa0 [ 25.375795] ? __pfx_kthread+0x10/0x10 [ 25.375817] ret_from_fork+0x116/0x1d0 [ 25.375836] ? __pfx_kthread+0x10/0x10 [ 25.375857] ret_from_fork_asm+0x1a/0x30 [ 25.375887] </TASK> [ 25.375899] [ 25.385729] Allocated by task 310: [ 25.385913] kasan_save_stack+0x45/0x70 [ 25.386074] kasan_save_track+0x18/0x40 [ 25.386300] kasan_save_alloc_info+0x3b/0x50 [ 25.386514] __kasan_kmalloc+0xb7/0xc0 [ 25.386685] __kmalloc_cache_noprof+0x189/0x420 [ 25.386885] kasan_bitops_generic+0x92/0x1c0 [ 25.387065] kunit_try_run_case+0x1a5/0x480 [ 25.387266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.387502] kthread+0x337/0x6f0 [ 25.387641] ret_from_fork+0x116/0x1d0 [ 25.387803] ret_from_fork_asm+0x1a/0x30 [ 25.387970] [ 25.388050] The buggy address belongs to the object at ffff888104b06e60 [ 25.388050] which belongs to the cache kmalloc-16 of size 16 [ 25.388487] The buggy address is located 8 bytes inside of [ 25.388487] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.388881] [ 25.388968] The buggy address belongs to the physical page: [ 25.389207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.389560] flags: 0x200000000000000(node=0|zone=2) [ 25.390067] page_type: f5(slab) [ 25.390426] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.390720] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.390999] page dumped because: kasan: bad access detected [ 25.391390] [ 25.391484] Memory state around the buggy address: [ 25.391687] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.391955] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.392261] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.392520] ^ [ 25.392785] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.393047] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.393353] ================================================================== [ 25.354357] ================================================================== [ 25.354702] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355003] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.355414] [ 25.355505] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.355549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.355561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.355582] Call Trace: [ 25.355595] <TASK> [ 25.355610] dump_stack_lvl+0x73/0xb0 [ 25.355636] print_report+0xd1/0x650 [ 25.355657] ? __virt_addr_valid+0x1db/0x2d0 [ 25.355679] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355705] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.355730] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355757] kasan_report+0x141/0x180 [ 25.355778] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355809] kasan_check_range+0x10c/0x1c0 [ 25.355832] __kasan_check_write+0x18/0x20 [ 25.355854] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.355882] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.355909] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.355932] ? trace_hardirqs_on+0x37/0xe0 [ 25.355952] ? kasan_bitops_generic+0x92/0x1c0 [ 25.355979] kasan_bitops_generic+0x121/0x1c0 [ 25.356001] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.356026] ? __pfx_read_tsc+0x10/0x10 [ 25.356047] ? ktime_get_ts64+0x86/0x230 [ 25.356070] kunit_try_run_case+0x1a5/0x480 [ 25.356095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.356139] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.356164] ? __kthread_parkme+0x82/0x180 [ 25.356185] ? preempt_count_sub+0x50/0x80 [ 25.356208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.356256] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.356280] kthread+0x337/0x6f0 [ 25.356299] ? trace_preempt_on+0x20/0xc0 [ 25.356321] ? __pfx_kthread+0x10/0x10 [ 25.356342] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.356365] ? calculate_sigpending+0x7b/0xa0 [ 25.356389] ? __pfx_kthread+0x10/0x10 [ 25.356411] ret_from_fork+0x116/0x1d0 [ 25.356430] ? __pfx_kthread+0x10/0x10 [ 25.356450] ret_from_fork_asm+0x1a/0x30 [ 25.356491] </TASK> [ 25.356502] [ 25.364982] Allocated by task 310: [ 25.365156] kasan_save_stack+0x45/0x70 [ 25.365352] kasan_save_track+0x18/0x40 [ 25.365544] kasan_save_alloc_info+0x3b/0x50 [ 25.365746] __kasan_kmalloc+0xb7/0xc0 [ 25.366254] __kmalloc_cache_noprof+0x189/0x420 [ 25.366496] kasan_bitops_generic+0x92/0x1c0 [ 25.366643] kunit_try_run_case+0x1a5/0x480 [ 25.366784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.366951] kthread+0x337/0x6f0 [ 25.367108] ret_from_fork+0x116/0x1d0 [ 25.367554] ret_from_fork_asm+0x1a/0x30 [ 25.367763] [ 25.367853] The buggy address belongs to the object at ffff888104b06e60 [ 25.367853] which belongs to the cache kmalloc-16 of size 16 [ 25.368623] The buggy address is located 8 bytes inside of [ 25.368623] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.369080] [ 25.369156] The buggy address belongs to the physical page: [ 25.369474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.369782] flags: 0x200000000000000(node=0|zone=2) [ 25.369982] page_type: f5(slab) [ 25.370148] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.370620] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.370902] page dumped because: kasan: bad access detected [ 25.371066] [ 25.371215] Memory state around the buggy address: [ 25.371443] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.371736] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.371945] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.372151] ^ [ 25.372344] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.372617] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.372924] ================================================================== [ 25.488530] ================================================================== [ 25.488892] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.489490] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.489795] [ 25.489907] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.489963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.489975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.489996] Call Trace: [ 25.490014] <TASK> [ 25.490040] dump_stack_lvl+0x73/0xb0 [ 25.490069] print_report+0xd1/0x650 [ 25.490091] ? __virt_addr_valid+0x1db/0x2d0 [ 25.490114] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.490178] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490219] kasan_report+0x141/0x180 [ 25.490245] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490279] kasan_check_range+0x10c/0x1c0 [ 25.490303] __kasan_check_write+0x18/0x20 [ 25.490327] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.490354] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.490382] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.490494] ? trace_hardirqs_on+0x37/0xe0 [ 25.490517] ? kasan_bitops_generic+0x92/0x1c0 [ 25.490546] kasan_bitops_generic+0x121/0x1c0 [ 25.490570] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.490594] ? __pfx_read_tsc+0x10/0x10 [ 25.490616] ? ktime_get_ts64+0x86/0x230 [ 25.490641] kunit_try_run_case+0x1a5/0x480 [ 25.490667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.490690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.490712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.490738] ? __kthread_parkme+0x82/0x180 [ 25.490759] ? preempt_count_sub+0x50/0x80 [ 25.490782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.490807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.490831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.490855] kthread+0x337/0x6f0 [ 25.490885] ? trace_preempt_on+0x20/0xc0 [ 25.490907] ? __pfx_kthread+0x10/0x10 [ 25.490928] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.490962] ? calculate_sigpending+0x7b/0xa0 [ 25.490987] ? __pfx_kthread+0x10/0x10 [ 25.491009] ret_from_fork+0x116/0x1d0 [ 25.491028] ? __pfx_kthread+0x10/0x10 [ 25.491050] ret_from_fork_asm+0x1a/0x30 [ 25.491082] </TASK> [ 25.491093] [ 25.506207] Allocated by task 310: [ 25.506344] kasan_save_stack+0x45/0x70 [ 25.506614] kasan_save_track+0x18/0x40 [ 25.506891] kasan_save_alloc_info+0x3b/0x50 [ 25.507100] __kasan_kmalloc+0xb7/0xc0 [ 25.507287] __kmalloc_cache_noprof+0x189/0x420 [ 25.507470] kasan_bitops_generic+0x92/0x1c0 [ 25.507778] kunit_try_run_case+0x1a5/0x480 [ 25.508013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.508471] kthread+0x337/0x6f0 [ 25.508684] ret_from_fork+0x116/0x1d0 [ 25.508838] ret_from_fork_asm+0x1a/0x30 [ 25.508971] [ 25.509038] The buggy address belongs to the object at ffff888104b06e60 [ 25.509038] which belongs to the cache kmalloc-16 of size 16 [ 25.509632] The buggy address is located 8 bytes inside of [ 25.509632] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.510152] [ 25.510243] The buggy address belongs to the physical page: [ 25.510477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.510781] flags: 0x200000000000000(node=0|zone=2) [ 25.511000] page_type: f5(slab) [ 25.511143] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.511443] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.511913] page dumped because: kasan: bad access detected [ 25.512087] [ 25.512379] Memory state around the buggy address: [ 25.512620] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.512935] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.513341] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.513676] ^ [ 25.513955] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.514366] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.514672] ================================================================== [ 25.414228] ================================================================== [ 25.414586] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.414939] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.415482] [ 25.415572] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.415618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.415630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.415650] Call Trace: [ 25.415666] <TASK> [ 25.415681] dump_stack_lvl+0x73/0xb0 [ 25.415710] print_report+0xd1/0x650 [ 25.415732] ? __virt_addr_valid+0x1db/0x2d0 [ 25.415754] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.415806] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415833] kasan_report+0x141/0x180 [ 25.415855] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415887] kasan_check_range+0x10c/0x1c0 [ 25.415910] __kasan_check_write+0x18/0x20 [ 25.415933] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.415960] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.415987] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.416011] ? trace_hardirqs_on+0x37/0xe0 [ 25.416032] ? kasan_bitops_generic+0x92/0x1c0 [ 25.416059] kasan_bitops_generic+0x121/0x1c0 [ 25.416082] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.416107] ? __pfx_read_tsc+0x10/0x10 [ 25.416128] ? ktime_get_ts64+0x86/0x230 [ 25.416420] kunit_try_run_case+0x1a5/0x480 [ 25.416448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416486] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.416508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.416534] ? __kthread_parkme+0x82/0x180 [ 25.416555] ? preempt_count_sub+0x50/0x80 [ 25.416580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.416629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.416653] kthread+0x337/0x6f0 [ 25.416673] ? trace_preempt_on+0x20/0xc0 [ 25.416695] ? __pfx_kthread+0x10/0x10 [ 25.416716] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.416740] ? calculate_sigpending+0x7b/0xa0 [ 25.416765] ? __pfx_kthread+0x10/0x10 [ 25.416787] ret_from_fork+0x116/0x1d0 [ 25.416806] ? __pfx_kthread+0x10/0x10 [ 25.416827] ret_from_fork_asm+0x1a/0x30 [ 25.416857] </TASK> [ 25.416869] [ 25.425098] Allocated by task 310: [ 25.425335] kasan_save_stack+0x45/0x70 [ 25.425516] kasan_save_track+0x18/0x40 [ 25.425694] kasan_save_alloc_info+0x3b/0x50 [ 25.425899] __kasan_kmalloc+0xb7/0xc0 [ 25.426074] __kmalloc_cache_noprof+0x189/0x420 [ 25.426394] kasan_bitops_generic+0x92/0x1c0 [ 25.426573] kunit_try_run_case+0x1a5/0x480 [ 25.426752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.426920] kthread+0x337/0x6f0 [ 25.427040] ret_from_fork+0x116/0x1d0 [ 25.427263] ret_from_fork_asm+0x1a/0x30 [ 25.427728] [ 25.427834] The buggy address belongs to the object at ffff888104b06e60 [ 25.427834] which belongs to the cache kmalloc-16 of size 16 [ 25.428272] The buggy address is located 8 bytes inside of [ 25.428272] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.428623] [ 25.428688] The buggy address belongs to the physical page: [ 25.428872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.429213] flags: 0x200000000000000(node=0|zone=2) [ 25.429430] page_type: f5(slab) [ 25.429690] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.430042] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.430309] page dumped because: kasan: bad access detected [ 25.430484] [ 25.430547] Memory state around the buggy address: [ 25.430692] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.430898] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.431103] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.431920] ^ [ 25.432227] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.432561] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.432876] ================================================================== [ 25.393758] ================================================================== [ 25.394056] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.394493] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.395372] [ 25.395642] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.395692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.395705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.395727] Call Trace: [ 25.395740] <TASK> [ 25.395754] dump_stack_lvl+0x73/0xb0 [ 25.395782] print_report+0xd1/0x650 [ 25.395804] ? __virt_addr_valid+0x1db/0x2d0 [ 25.395826] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.395853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.395878] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.395905] kasan_report+0x141/0x180 [ 25.395928] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.396346] kasan_check_range+0x10c/0x1c0 [ 25.396379] __kasan_check_write+0x18/0x20 [ 25.396403] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.396430] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.396537] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.396562] ? trace_hardirqs_on+0x37/0xe0 [ 25.396638] ? kasan_bitops_generic+0x92/0x1c0 [ 25.396713] kasan_bitops_generic+0x121/0x1c0 [ 25.396739] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.396765] ? __pfx_read_tsc+0x10/0x10 [ 25.396836] ? ktime_get_ts64+0x86/0x230 [ 25.396861] kunit_try_run_case+0x1a5/0x480 [ 25.396886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.396910] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.396931] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.396958] ? __kthread_parkme+0x82/0x180 [ 25.396979] ? preempt_count_sub+0x50/0x80 [ 25.397002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.397027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.397051] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.397076] kthread+0x337/0x6f0 [ 25.397099] ? trace_preempt_on+0x20/0xc0 [ 25.397125] ? __pfx_kthread+0x10/0x10 [ 25.397151] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.397177] ? calculate_sigpending+0x7b/0xa0 [ 25.397201] ? __pfx_kthread+0x10/0x10 [ 25.397247] ret_from_fork+0x116/0x1d0 [ 25.397275] ? __pfx_kthread+0x10/0x10 [ 25.397297] ret_from_fork_asm+0x1a/0x30 [ 25.397328] </TASK> [ 25.397340] [ 25.406124] Allocated by task 310: [ 25.406300] kasan_save_stack+0x45/0x70 [ 25.406517] kasan_save_track+0x18/0x40 [ 25.406697] kasan_save_alloc_info+0x3b/0x50 [ 25.406865] __kasan_kmalloc+0xb7/0xc0 [ 25.406994] __kmalloc_cache_noprof+0x189/0x420 [ 25.407221] kasan_bitops_generic+0x92/0x1c0 [ 25.407427] kunit_try_run_case+0x1a5/0x480 [ 25.407632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.407829] kthread+0x337/0x6f0 [ 25.407989] ret_from_fork+0x116/0x1d0 [ 25.408141] ret_from_fork_asm+0x1a/0x30 [ 25.408407] [ 25.408500] The buggy address belongs to the object at ffff888104b06e60 [ 25.408500] which belongs to the cache kmalloc-16 of size 16 [ 25.409084] The buggy address is located 8 bytes inside of [ 25.409084] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.409516] [ 25.409585] The buggy address belongs to the physical page: [ 25.409750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.409989] flags: 0x200000000000000(node=0|zone=2) [ 25.410207] page_type: f5(slab) [ 25.410367] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.410871] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.411147] page dumped because: kasan: bad access detected [ 25.411308] [ 25.411370] Memory state around the buggy address: [ 25.411806] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.412133] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.412521] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.412805] ^ [ 25.412999] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.413330] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.413665] ================================================================== [ 25.537556] ================================================================== [ 25.537885] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.538390] Read of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.538717] [ 25.538816] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.538863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.538876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.538897] Call Trace: [ 25.538910] <TASK> [ 25.538925] dump_stack_lvl+0x73/0xb0 [ 25.538962] print_report+0xd1/0x650 [ 25.538985] ? __virt_addr_valid+0x1db/0x2d0 [ 25.539007] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539045] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.539072] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539099] kasan_report+0x141/0x180 [ 25.539121] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539265] __asan_report_load8_noabort+0x18/0x20 [ 25.539302] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.539330] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.539370] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.539394] ? trace_hardirqs_on+0x37/0xe0 [ 25.539415] ? kasan_bitops_generic+0x92/0x1c0 [ 25.539443] kasan_bitops_generic+0x121/0x1c0 [ 25.539483] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.539508] ? __pfx_read_tsc+0x10/0x10 [ 25.539540] ? ktime_get_ts64+0x86/0x230 [ 25.539564] kunit_try_run_case+0x1a5/0x480 [ 25.539589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.539612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.539642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.539669] ? __kthread_parkme+0x82/0x180 [ 25.539690] ? preempt_count_sub+0x50/0x80 [ 25.539724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.539748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.539773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.539798] kthread+0x337/0x6f0 [ 25.539818] ? trace_preempt_on+0x20/0xc0 [ 25.539840] ? __pfx_kthread+0x10/0x10 [ 25.539862] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.539885] ? calculate_sigpending+0x7b/0xa0 [ 25.539909] ? __pfx_kthread+0x10/0x10 [ 25.539940] ret_from_fork+0x116/0x1d0 [ 25.539960] ? __pfx_kthread+0x10/0x10 [ 25.539981] ret_from_fork_asm+0x1a/0x30 [ 25.540023] </TASK> [ 25.540035] [ 25.548635] Allocated by task 310: [ 25.548839] kasan_save_stack+0x45/0x70 [ 25.549024] kasan_save_track+0x18/0x40 [ 25.549308] kasan_save_alloc_info+0x3b/0x50 [ 25.549508] __kasan_kmalloc+0xb7/0xc0 [ 25.549703] __kmalloc_cache_noprof+0x189/0x420 [ 25.549926] kasan_bitops_generic+0x92/0x1c0 [ 25.550120] kunit_try_run_case+0x1a5/0x480 [ 25.550476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.550756] kthread+0x337/0x6f0 [ 25.550920] ret_from_fork+0x116/0x1d0 [ 25.551099] ret_from_fork_asm+0x1a/0x30 [ 25.551406] [ 25.551523] The buggy address belongs to the object at ffff888104b06e60 [ 25.551523] which belongs to the cache kmalloc-16 of size 16 [ 25.552056] The buggy address is located 8 bytes inside of [ 25.552056] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.552583] [ 25.552686] The buggy address belongs to the physical page: [ 25.552963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.553383] flags: 0x200000000000000(node=0|zone=2) [ 25.553557] page_type: f5(slab) [ 25.553720] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.554079] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.554592] page dumped because: kasan: bad access detected [ 25.554833] [ 25.554900] Memory state around the buggy address: [ 25.555097] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.555528] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.555834] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.556252] ^ [ 25.556550] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.556847] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.557231] ================================================================== [ 25.516261] ================================================================== [ 25.516576] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.517470] Read of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.517764] [ 25.517872] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.517918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.517930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.517951] Call Trace: [ 25.517963] <TASK> [ 25.517988] dump_stack_lvl+0x73/0xb0 [ 25.518016] print_report+0xd1/0x650 [ 25.518038] ? __virt_addr_valid+0x1db/0x2d0 [ 25.518075] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518102] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.518216] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518249] kasan_report+0x141/0x180 [ 25.518272] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518304] kasan_check_range+0x10c/0x1c0 [ 25.518327] __kasan_check_read+0x15/0x20 [ 25.518351] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.518378] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.518406] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.518429] ? trace_hardirqs_on+0x37/0xe0 [ 25.518450] ? kasan_bitops_generic+0x92/0x1c0 [ 25.518488] kasan_bitops_generic+0x121/0x1c0 [ 25.518511] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.518536] ? __pfx_read_tsc+0x10/0x10 [ 25.518557] ? ktime_get_ts64+0x86/0x230 [ 25.518581] kunit_try_run_case+0x1a5/0x480 [ 25.518605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.518628] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.518651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.518678] ? __kthread_parkme+0x82/0x180 [ 25.518698] ? preempt_count_sub+0x50/0x80 [ 25.518722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.518746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.518771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.518796] kthread+0x337/0x6f0 [ 25.518816] ? trace_preempt_on+0x20/0xc0 [ 25.518838] ? __pfx_kthread+0x10/0x10 [ 25.518859] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.518884] ? calculate_sigpending+0x7b/0xa0 [ 25.518908] ? __pfx_kthread+0x10/0x10 [ 25.518931] ret_from_fork+0x116/0x1d0 [ 25.518950] ? __pfx_kthread+0x10/0x10 [ 25.518971] ret_from_fork_asm+0x1a/0x30 [ 25.519002] </TASK> [ 25.519013] [ 25.527998] Allocated by task 310: [ 25.528419] kasan_save_stack+0x45/0x70 [ 25.528635] kasan_save_track+0x18/0x40 [ 25.528823] kasan_save_alloc_info+0x3b/0x50 [ 25.529028] __kasan_kmalloc+0xb7/0xc0 [ 25.529369] __kmalloc_cache_noprof+0x189/0x420 [ 25.529595] kasan_bitops_generic+0x92/0x1c0 [ 25.529806] kunit_try_run_case+0x1a5/0x480 [ 25.530025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.530363] kthread+0x337/0x6f0 [ 25.530500] ret_from_fork+0x116/0x1d0 [ 25.530627] ret_from_fork_asm+0x1a/0x30 [ 25.530803] [ 25.530890] The buggy address belongs to the object at ffff888104b06e60 [ 25.530890] which belongs to the cache kmalloc-16 of size 16 [ 25.531538] The buggy address is located 8 bytes inside of [ 25.531538] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.531956] [ 25.532047] The buggy address belongs to the physical page: [ 25.532524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.532877] flags: 0x200000000000000(node=0|zone=2) [ 25.533091] page_type: f5(slab) [ 25.533406] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.533751] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.534067] page dumped because: kasan: bad access detected [ 25.534412] [ 25.534520] Memory state around the buggy address: [ 25.534751] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.534998] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.535393] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.535773] ^ [ 25.536065] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.536591] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.536933] ================================================================== [ 25.457353] ================================================================== [ 25.458020] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.459163] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.459952] [ 25.460127] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.460261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.460276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.460297] Call Trace: [ 25.460311] <TASK> [ 25.460327] dump_stack_lvl+0x73/0xb0 [ 25.460355] print_report+0xd1/0x650 [ 25.460378] ? __virt_addr_valid+0x1db/0x2d0 [ 25.460412] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.460486] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460512] kasan_report+0x141/0x180 [ 25.460534] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460567] kasan_check_range+0x10c/0x1c0 [ 25.460589] __kasan_check_write+0x18/0x20 [ 25.460613] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.460640] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.460668] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.460691] ? trace_hardirqs_on+0x37/0xe0 [ 25.460713] ? kasan_bitops_generic+0x92/0x1c0 [ 25.460739] kasan_bitops_generic+0x121/0x1c0 [ 25.460762] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.460786] ? __pfx_read_tsc+0x10/0x10 [ 25.460808] ? ktime_get_ts64+0x86/0x230 [ 25.460832] kunit_try_run_case+0x1a5/0x480 [ 25.460856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.460901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.460927] ? __kthread_parkme+0x82/0x180 [ 25.460947] ? preempt_count_sub+0x50/0x80 [ 25.460970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.461018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.461042] kthread+0x337/0x6f0 [ 25.461061] ? trace_preempt_on+0x20/0xc0 [ 25.461083] ? __pfx_kthread+0x10/0x10 [ 25.461104] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.461128] ? calculate_sigpending+0x7b/0xa0 [ 25.461152] ? __pfx_kthread+0x10/0x10 [ 25.461233] ret_from_fork+0x116/0x1d0 [ 25.461253] ? __pfx_kthread+0x10/0x10 [ 25.461274] ret_from_fork_asm+0x1a/0x30 [ 25.461308] </TASK> [ 25.461319] [ 25.476723] Allocated by task 310: [ 25.476848] kasan_save_stack+0x45/0x70 [ 25.476993] kasan_save_track+0x18/0x40 [ 25.477122] kasan_save_alloc_info+0x3b/0x50 [ 25.477477] __kasan_kmalloc+0xb7/0xc0 [ 25.477941] __kmalloc_cache_noprof+0x189/0x420 [ 25.478374] kasan_bitops_generic+0x92/0x1c0 [ 25.478909] kunit_try_run_case+0x1a5/0x480 [ 25.479363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.480015] kthread+0x337/0x6f0 [ 25.480377] ret_from_fork+0x116/0x1d0 [ 25.480838] ret_from_fork_asm+0x1a/0x30 [ 25.481275] [ 25.481555] The buggy address belongs to the object at ffff888104b06e60 [ 25.481555] which belongs to the cache kmalloc-16 of size 16 [ 25.482729] The buggy address is located 8 bytes inside of [ 25.482729] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.483639] [ 25.483719] The buggy address belongs to the physical page: [ 25.483890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.484127] flags: 0x200000000000000(node=0|zone=2) [ 25.484289] page_type: f5(slab) [ 25.484543] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.484897] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.485150] page dumped because: kasan: bad access detected [ 25.485538] [ 25.485627] Memory state around the buggy address: [ 25.485779] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.486088] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.486537] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.486899] ^ [ 25.487104] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.487381] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.487690] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 25.181267] ================================================================== [ 25.182156] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183221] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.183497] [ 25.183585] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.183636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.183650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.183672] Call Trace: [ 25.183685] <TASK> [ 25.183703] dump_stack_lvl+0x73/0xb0 [ 25.183733] print_report+0xd1/0x650 [ 25.183755] ? __virt_addr_valid+0x1db/0x2d0 [ 25.183780] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.183829] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183854] kasan_report+0x141/0x180 [ 25.183875] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183904] kasan_check_range+0x10c/0x1c0 [ 25.183927] __kasan_check_write+0x18/0x20 [ 25.183950] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.183974] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.184000] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.184024] ? trace_hardirqs_on+0x37/0xe0 [ 25.184045] ? kasan_bitops_generic+0x92/0x1c0 [ 25.184072] kasan_bitops_generic+0x116/0x1c0 [ 25.184094] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.184118] ? __pfx_read_tsc+0x10/0x10 [ 25.184250] ? ktime_get_ts64+0x86/0x230 [ 25.184323] kunit_try_run_case+0x1a5/0x480 [ 25.184350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184373] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.184395] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.184421] ? __kthread_parkme+0x82/0x180 [ 25.184442] ? preempt_count_sub+0x50/0x80 [ 25.184476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.184523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.184547] kthread+0x337/0x6f0 [ 25.184567] ? trace_preempt_on+0x20/0xc0 [ 25.184588] ? __pfx_kthread+0x10/0x10 [ 25.184609] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.184632] ? calculate_sigpending+0x7b/0xa0 [ 25.184655] ? __pfx_kthread+0x10/0x10 [ 25.184677] ret_from_fork+0x116/0x1d0 [ 25.184696] ? __pfx_kthread+0x10/0x10 [ 25.184717] ret_from_fork_asm+0x1a/0x30 [ 25.184747] </TASK> [ 25.184759] [ 25.199910] Allocated by task 310: [ 25.200104] kasan_save_stack+0x45/0x70 [ 25.200681] kasan_save_track+0x18/0x40 [ 25.200827] kasan_save_alloc_info+0x3b/0x50 [ 25.200972] __kasan_kmalloc+0xb7/0xc0 [ 25.201103] __kmalloc_cache_noprof+0x189/0x420 [ 25.201261] kasan_bitops_generic+0x92/0x1c0 [ 25.201402] kunit_try_run_case+0x1a5/0x480 [ 25.201745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.202220] kthread+0x337/0x6f0 [ 25.202658] ret_from_fork+0x116/0x1d0 [ 25.203017] ret_from_fork_asm+0x1a/0x30 [ 25.203491] [ 25.203688] The buggy address belongs to the object at ffff888104b06e60 [ 25.203688] which belongs to the cache kmalloc-16 of size 16 [ 25.205043] The buggy address is located 8 bytes inside of [ 25.205043] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.206038] [ 25.206118] The buggy address belongs to the physical page: [ 25.206579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.207328] flags: 0x200000000000000(node=0|zone=2) [ 25.207788] page_type: f5(slab) [ 25.207987] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.208281] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.209040] page dumped because: kasan: bad access detected [ 25.209586] [ 25.209742] Memory state around the buggy address: [ 25.210205] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.210434] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.210662] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.210869] ^ [ 25.211062] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.211582] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.212228] ================================================================== [ 25.291637] ================================================================== [ 25.291975] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.292355] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.292663] [ 25.292761] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.292808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.292821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.292842] Call Trace: [ 25.292856] <TASK> [ 25.292872] dump_stack_lvl+0x73/0xb0 [ 25.292898] print_report+0xd1/0x650 [ 25.292920] ? __virt_addr_valid+0x1db/0x2d0 [ 25.292943] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.292968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.292992] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.293018] kasan_report+0x141/0x180 [ 25.293040] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.293069] kasan_check_range+0x10c/0x1c0 [ 25.293093] __kasan_check_write+0x18/0x20 [ 25.293116] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.293141] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.293167] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.293189] ? trace_hardirqs_on+0x37/0xe0 [ 25.293212] ? kasan_bitops_generic+0x92/0x1c0 [ 25.293238] kasan_bitops_generic+0x116/0x1c0 [ 25.293261] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.293286] ? __pfx_read_tsc+0x10/0x10 [ 25.293306] ? ktime_get_ts64+0x86/0x230 [ 25.293330] kunit_try_run_case+0x1a5/0x480 [ 25.293354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293378] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.293399] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.293424] ? __kthread_parkme+0x82/0x180 [ 25.293445] ? preempt_count_sub+0x50/0x80 [ 25.293479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.293527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.293551] kthread+0x337/0x6f0 [ 25.293570] ? trace_preempt_on+0x20/0xc0 [ 25.293592] ? __pfx_kthread+0x10/0x10 [ 25.293613] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.293636] ? calculate_sigpending+0x7b/0xa0 [ 25.293660] ? __pfx_kthread+0x10/0x10 [ 25.293682] ret_from_fork+0x116/0x1d0 [ 25.293701] ? __pfx_kthread+0x10/0x10 [ 25.293722] ret_from_fork_asm+0x1a/0x30 [ 25.293753] </TASK> [ 25.293764] [ 25.302260] Allocated by task 310: [ 25.302438] kasan_save_stack+0x45/0x70 [ 25.302709] kasan_save_track+0x18/0x40 [ 25.302904] kasan_save_alloc_info+0x3b/0x50 [ 25.303117] __kasan_kmalloc+0xb7/0xc0 [ 25.303402] __kmalloc_cache_noprof+0x189/0x420 [ 25.303637] kasan_bitops_generic+0x92/0x1c0 [ 25.303810] kunit_try_run_case+0x1a5/0x480 [ 25.303986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.304157] kthread+0x337/0x6f0 [ 25.304271] ret_from_fork+0x116/0x1d0 [ 25.304398] ret_from_fork_asm+0x1a/0x30 [ 25.304541] [ 25.304606] The buggy address belongs to the object at ffff888104b06e60 [ 25.304606] which belongs to the cache kmalloc-16 of size 16 [ 25.305427] The buggy address is located 8 bytes inside of [ 25.305427] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.305966] [ 25.306052] The buggy address belongs to the physical page: [ 25.306310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.306598] flags: 0x200000000000000(node=0|zone=2) [ 25.306755] page_type: f5(slab) [ 25.306869] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.307094] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.307662] page dumped because: kasan: bad access detected [ 25.307918] [ 25.308006] Memory state around the buggy address: [ 25.308352] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.308692] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.308971] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.309176] ^ [ 25.309368] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.309588] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.309793] ================================================================== [ 25.329339] ================================================================== [ 25.329689] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330067] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.330586] [ 25.330677] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.330721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.330733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.330754] Call Trace: [ 25.330771] <TASK> [ 25.330786] dump_stack_lvl+0x73/0xb0 [ 25.330813] print_report+0xd1/0x650 [ 25.330834] ? __virt_addr_valid+0x1db/0x2d0 [ 25.330858] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330882] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.330907] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330932] kasan_report+0x141/0x180 [ 25.330954] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.330984] kasan_check_range+0x10c/0x1c0 [ 25.331007] __kasan_check_write+0x18/0x20 [ 25.331030] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.331056] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.331084] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.331108] ? trace_hardirqs_on+0x37/0xe0 [ 25.331141] ? kasan_bitops_generic+0x92/0x1c0 [ 25.331169] kasan_bitops_generic+0x116/0x1c0 [ 25.331192] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.331218] ? __pfx_read_tsc+0x10/0x10 [ 25.331238] ? ktime_get_ts64+0x86/0x230 [ 25.331262] kunit_try_run_case+0x1a5/0x480 [ 25.331286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.331309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.331331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.331357] ? __kthread_parkme+0x82/0x180 [ 25.331378] ? preempt_count_sub+0x50/0x80 [ 25.331401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.331426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.331449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.331485] kthread+0x337/0x6f0 [ 25.331504] ? trace_preempt_on+0x20/0xc0 [ 25.331526] ? __pfx_kthread+0x10/0x10 [ 25.331547] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.331571] ? calculate_sigpending+0x7b/0xa0 [ 25.331595] ? __pfx_kthread+0x10/0x10 [ 25.331616] ret_from_fork+0x116/0x1d0 [ 25.331636] ? __pfx_kthread+0x10/0x10 [ 25.331657] ret_from_fork_asm+0x1a/0x30 [ 25.331688] </TASK> [ 25.331700] [ 25.346003] Allocated by task 310: [ 25.346239] kasan_save_stack+0x45/0x70 [ 25.346405] kasan_save_track+0x18/0x40 [ 25.346599] kasan_save_alloc_info+0x3b/0x50 [ 25.346741] __kasan_kmalloc+0xb7/0xc0 [ 25.346871] __kmalloc_cache_noprof+0x189/0x420 [ 25.347033] kasan_bitops_generic+0x92/0x1c0 [ 25.347236] kunit_try_run_case+0x1a5/0x480 [ 25.347434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.347664] kthread+0x337/0x6f0 [ 25.347974] ret_from_fork+0x116/0x1d0 [ 25.348129] ret_from_fork_asm+0x1a/0x30 [ 25.348448] [ 25.348532] The buggy address belongs to the object at ffff888104b06e60 [ 25.348532] which belongs to the cache kmalloc-16 of size 16 [ 25.348962] The buggy address is located 8 bytes inside of [ 25.348962] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.349807] [ 25.349899] The buggy address belongs to the physical page: [ 25.350092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.350435] flags: 0x200000000000000(node=0|zone=2) [ 25.350680] page_type: f5(slab) [ 25.350827] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.351134] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.351614] page dumped because: kasan: bad access detected [ 25.351837] [ 25.351918] Memory state around the buggy address: [ 25.352090] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.352491] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.352780] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.353011] ^ [ 25.353298] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.353620] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.353923] ================================================================== [ 25.310385] ================================================================== [ 25.310731] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.311100] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.311833] [ 25.311937] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.311981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.311994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.312015] Call Trace: [ 25.312027] <TASK> [ 25.312041] dump_stack_lvl+0x73/0xb0 [ 25.312067] print_report+0xd1/0x650 [ 25.312088] ? __virt_addr_valid+0x1db/0x2d0 [ 25.312111] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312136] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.312163] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312188] kasan_report+0x141/0x180 [ 25.312378] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312409] kasan_check_range+0x10c/0x1c0 [ 25.312433] __kasan_check_write+0x18/0x20 [ 25.312471] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.312497] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.312523] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.312546] ? trace_hardirqs_on+0x37/0xe0 [ 25.312567] ? kasan_bitops_generic+0x92/0x1c0 [ 25.312594] kasan_bitops_generic+0x116/0x1c0 [ 25.312616] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.312641] ? __pfx_read_tsc+0x10/0x10 [ 25.312662] ? ktime_get_ts64+0x86/0x230 [ 25.312685] kunit_try_run_case+0x1a5/0x480 [ 25.312710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.312733] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.312754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.312781] ? __kthread_parkme+0x82/0x180 [ 25.312802] ? preempt_count_sub+0x50/0x80 [ 25.312824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.312849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.312874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.312898] kthread+0x337/0x6f0 [ 25.312918] ? trace_preempt_on+0x20/0xc0 [ 25.312941] ? __pfx_kthread+0x10/0x10 [ 25.312961] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.312985] ? calculate_sigpending+0x7b/0xa0 [ 25.313008] ? __pfx_kthread+0x10/0x10 [ 25.313031] ret_from_fork+0x116/0x1d0 [ 25.313050] ? __pfx_kthread+0x10/0x10 [ 25.313071] ret_from_fork_asm+0x1a/0x30 [ 25.313102] </TASK> [ 25.313113] [ 25.321064] Allocated by task 310: [ 25.321188] kasan_save_stack+0x45/0x70 [ 25.321390] kasan_save_track+0x18/0x40 [ 25.321814] kasan_save_alloc_info+0x3b/0x50 [ 25.322024] __kasan_kmalloc+0xb7/0xc0 [ 25.322342] __kmalloc_cache_noprof+0x189/0x420 [ 25.322585] kasan_bitops_generic+0x92/0x1c0 [ 25.322782] kunit_try_run_case+0x1a5/0x480 [ 25.322922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.323090] kthread+0x337/0x6f0 [ 25.323413] ret_from_fork+0x116/0x1d0 [ 25.323631] ret_from_fork_asm+0x1a/0x30 [ 25.323829] [ 25.323984] The buggy address belongs to the object at ffff888104b06e60 [ 25.323984] which belongs to the cache kmalloc-16 of size 16 [ 25.324547] The buggy address is located 8 bytes inside of [ 25.324547] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.324993] [ 25.325060] The buggy address belongs to the physical page: [ 25.325224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.325466] flags: 0x200000000000000(node=0|zone=2) [ 25.325622] page_type: f5(slab) [ 25.325734] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.326061] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.326386] page dumped because: kasan: bad access detected [ 25.326638] [ 25.326963] Memory state around the buggy address: [ 25.327269] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.327598] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.327909] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.328204] ^ [ 25.328396] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.328616] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.328821] ================================================================== [ 25.234762] ================================================================== [ 25.235059] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.235441] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.235682] [ 25.235760] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.235805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.235817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.235839] Call Trace: [ 25.235855] <TASK> [ 25.235871] dump_stack_lvl+0x73/0xb0 [ 25.235897] print_report+0xd1/0x650 [ 25.235919] ? __virt_addr_valid+0x1db/0x2d0 [ 25.235942] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.235967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.235993] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.236018] kasan_report+0x141/0x180 [ 25.236040] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.236069] kasan_check_range+0x10c/0x1c0 [ 25.236093] __kasan_check_write+0x18/0x20 [ 25.236116] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.236141] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.236166] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.236189] ? trace_hardirqs_on+0x37/0xe0 [ 25.236209] ? kasan_bitops_generic+0x92/0x1c0 [ 25.236235] kasan_bitops_generic+0x116/0x1c0 [ 25.236259] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.236283] ? __pfx_read_tsc+0x10/0x10 [ 25.236305] ? ktime_get_ts64+0x86/0x230 [ 25.236329] kunit_try_run_case+0x1a5/0x480 [ 25.236353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.236376] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.236399] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.236424] ? __kthread_parkme+0x82/0x180 [ 25.236444] ? preempt_count_sub+0x50/0x80 [ 25.236481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.236506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.236529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.236554] kthread+0x337/0x6f0 [ 25.236574] ? trace_preempt_on+0x20/0xc0 [ 25.236596] ? __pfx_kthread+0x10/0x10 [ 25.236616] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.236639] ? calculate_sigpending+0x7b/0xa0 [ 25.236664] ? __pfx_kthread+0x10/0x10 [ 25.236685] ret_from_fork+0x116/0x1d0 [ 25.236705] ? __pfx_kthread+0x10/0x10 [ 25.236726] ret_from_fork_asm+0x1a/0x30 [ 25.236757] </TASK> [ 25.236768] [ 25.245779] Allocated by task 310: [ 25.245951] kasan_save_stack+0x45/0x70 [ 25.246147] kasan_save_track+0x18/0x40 [ 25.246398] kasan_save_alloc_info+0x3b/0x50 [ 25.246600] __kasan_kmalloc+0xb7/0xc0 [ 25.246762] __kmalloc_cache_noprof+0x189/0x420 [ 25.246938] kasan_bitops_generic+0x92/0x1c0 [ 25.247147] kunit_try_run_case+0x1a5/0x480 [ 25.247403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.247602] kthread+0x337/0x6f0 [ 25.247725] ret_from_fork+0x116/0x1d0 [ 25.247853] ret_from_fork_asm+0x1a/0x30 [ 25.247995] [ 25.248085] The buggy address belongs to the object at ffff888104b06e60 [ 25.248085] which belongs to the cache kmalloc-16 of size 16 [ 25.248604] The buggy address is located 8 bytes inside of [ 25.248604] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.249368] [ 25.249490] The buggy address belongs to the physical page: [ 25.249739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.250084] flags: 0x200000000000000(node=0|zone=2) [ 25.250425] page_type: f5(slab) [ 25.250559] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.250789] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.251010] page dumped because: kasan: bad access detected [ 25.251177] [ 25.251266] Memory state around the buggy address: [ 25.251494] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.251841] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.252151] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.252448] ^ [ 25.252648] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.252858] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.253061] ================================================================== [ 25.213488] ================================================================== [ 25.214102] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.215051] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.215893] [ 25.216068] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.216116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.216129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.216150] Call Trace: [ 25.216181] <TASK> [ 25.216197] dump_stack_lvl+0x73/0xb0 [ 25.216225] print_report+0xd1/0x650 [ 25.216248] ? __virt_addr_valid+0x1db/0x2d0 [ 25.216271] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.216322] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216347] kasan_report+0x141/0x180 [ 25.216368] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216398] kasan_check_range+0x10c/0x1c0 [ 25.216421] __kasan_check_write+0x18/0x20 [ 25.216443] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.216483] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.216509] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.216532] ? trace_hardirqs_on+0x37/0xe0 [ 25.216553] ? kasan_bitops_generic+0x92/0x1c0 [ 25.216580] kasan_bitops_generic+0x116/0x1c0 [ 25.216603] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.216627] ? __pfx_read_tsc+0x10/0x10 [ 25.216648] ? ktime_get_ts64+0x86/0x230 [ 25.216672] kunit_try_run_case+0x1a5/0x480 [ 25.216696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.216719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.216740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.216766] ? __kthread_parkme+0x82/0x180 [ 25.216787] ? preempt_count_sub+0x50/0x80 [ 25.216810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.216834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.216858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.216882] kthread+0x337/0x6f0 [ 25.216901] ? trace_preempt_on+0x20/0xc0 [ 25.216923] ? __pfx_kthread+0x10/0x10 [ 25.216944] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.216967] ? calculate_sigpending+0x7b/0xa0 [ 25.216991] ? __pfx_kthread+0x10/0x10 [ 25.217013] ret_from_fork+0x116/0x1d0 [ 25.217033] ? __pfx_kthread+0x10/0x10 [ 25.217054] ret_from_fork_asm+0x1a/0x30 [ 25.217085] </TASK> [ 25.217096] [ 25.225812] Allocated by task 310: [ 25.225974] kasan_save_stack+0x45/0x70 [ 25.226172] kasan_save_track+0x18/0x40 [ 25.226362] kasan_save_alloc_info+0x3b/0x50 [ 25.226652] __kasan_kmalloc+0xb7/0xc0 [ 25.226853] __kmalloc_cache_noprof+0x189/0x420 [ 25.227072] kasan_bitops_generic+0x92/0x1c0 [ 25.227281] kunit_try_run_case+0x1a5/0x480 [ 25.227563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.227846] kthread+0x337/0x6f0 [ 25.227980] ret_from_fork+0x116/0x1d0 [ 25.228282] ret_from_fork_asm+0x1a/0x30 [ 25.228517] [ 25.228586] The buggy address belongs to the object at ffff888104b06e60 [ 25.228586] which belongs to the cache kmalloc-16 of size 16 [ 25.229070] The buggy address is located 8 bytes inside of [ 25.229070] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.229631] [ 25.229724] The buggy address belongs to the physical page: [ 25.229940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.230262] flags: 0x200000000000000(node=0|zone=2) [ 25.230607] page_type: f5(slab) [ 25.230768] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.231048] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.231268] page dumped because: kasan: bad access detected [ 25.231433] [ 25.231508] Memory state around the buggy address: [ 25.231656] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.232030] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.232719] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.233040] ^ [ 25.233563] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.233899] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.234340] ================================================================== [ 25.253429] ================================================================== [ 25.253775] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.254312] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.254668] [ 25.254773] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.254818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.254830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.254852] Call Trace: [ 25.254868] <TASK> [ 25.254883] dump_stack_lvl+0x73/0xb0 [ 25.254912] print_report+0xd1/0x650 [ 25.254933] ? __virt_addr_valid+0x1db/0x2d0 [ 25.254957] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.254982] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.255008] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.255034] kasan_report+0x141/0x180 [ 25.255055] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.255085] kasan_check_range+0x10c/0x1c0 [ 25.255108] __kasan_check_write+0x18/0x20 [ 25.255132] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.255221] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.255249] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.255273] ? trace_hardirqs_on+0x37/0xe0 [ 25.255295] ? kasan_bitops_generic+0x92/0x1c0 [ 25.255322] kasan_bitops_generic+0x116/0x1c0 [ 25.255345] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.255369] ? __pfx_read_tsc+0x10/0x10 [ 25.255391] ? ktime_get_ts64+0x86/0x230 [ 25.255416] kunit_try_run_case+0x1a5/0x480 [ 25.255440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.255476] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.255500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.255526] ? __kthread_parkme+0x82/0x180 [ 25.255546] ? preempt_count_sub+0x50/0x80 [ 25.255570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.255594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.255618] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.255643] kthread+0x337/0x6f0 [ 25.255662] ? trace_preempt_on+0x20/0xc0 [ 25.255684] ? __pfx_kthread+0x10/0x10 [ 25.255705] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.255728] ? calculate_sigpending+0x7b/0xa0 [ 25.255753] ? __pfx_kthread+0x10/0x10 [ 25.255776] ret_from_fork+0x116/0x1d0 [ 25.255795] ? __pfx_kthread+0x10/0x10 [ 25.255817] ret_from_fork_asm+0x1a/0x30 [ 25.255847] </TASK> [ 25.255858] [ 25.264123] Allocated by task 310: [ 25.264348] kasan_save_stack+0x45/0x70 [ 25.264553] kasan_save_track+0x18/0x40 [ 25.264704] kasan_save_alloc_info+0x3b/0x50 [ 25.264848] __kasan_kmalloc+0xb7/0xc0 [ 25.264984] __kmalloc_cache_noprof+0x189/0x420 [ 25.265414] kasan_bitops_generic+0x92/0x1c0 [ 25.265665] kunit_try_run_case+0x1a5/0x480 [ 25.265878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.266093] kthread+0x337/0x6f0 [ 25.266347] ret_from_fork+0x116/0x1d0 [ 25.266495] ret_from_fork_asm+0x1a/0x30 [ 25.266677] [ 25.266766] The buggy address belongs to the object at ffff888104b06e60 [ 25.266766] which belongs to the cache kmalloc-16 of size 16 [ 25.267308] The buggy address is located 8 bytes inside of [ 25.267308] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.267806] [ 25.267899] The buggy address belongs to the physical page: [ 25.268109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.268489] flags: 0x200000000000000(node=0|zone=2) [ 25.268713] page_type: f5(slab) [ 25.268850] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.269113] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.269333] page dumped because: kasan: bad access detected [ 25.269507] [ 25.269570] Memory state around the buggy address: [ 25.269717] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.270036] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.270547] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.270854] ^ [ 25.271129] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.271338] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.271555] ================================================================== [ 25.271894] ================================================================== [ 25.272115] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.272837] Write of size 8 at addr ffff888104b06e68 by task kunit_try_catch/310 [ 25.273177] [ 25.273281] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.273392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.273407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.273428] Call Trace: [ 25.273441] <TASK> [ 25.273466] dump_stack_lvl+0x73/0xb0 [ 25.273494] print_report+0xd1/0x650 [ 25.273516] ? __virt_addr_valid+0x1db/0x2d0 [ 25.273538] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273563] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.273588] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273613] kasan_report+0x141/0x180 [ 25.273635] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273664] kasan_check_range+0x10c/0x1c0 [ 25.273688] __kasan_check_write+0x18/0x20 [ 25.273711] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.273736] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.273763] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.273786] ? trace_hardirqs_on+0x37/0xe0 [ 25.273807] ? kasan_bitops_generic+0x92/0x1c0 [ 25.273834] kasan_bitops_generic+0x116/0x1c0 [ 25.273864] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.273889] ? __pfx_read_tsc+0x10/0x10 [ 25.273910] ? ktime_get_ts64+0x86/0x230 [ 25.273934] kunit_try_run_case+0x1a5/0x480 [ 25.273958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.273984] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.274005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.274032] ? __kthread_parkme+0x82/0x180 [ 25.274053] ? preempt_count_sub+0x50/0x80 [ 25.274075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.274100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.274124] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.274148] kthread+0x337/0x6f0 [ 25.274168] ? trace_preempt_on+0x20/0xc0 [ 25.274190] ? __pfx_kthread+0x10/0x10 [ 25.274211] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.274235] ? calculate_sigpending+0x7b/0xa0 [ 25.274315] ? __pfx_kthread+0x10/0x10 [ 25.274339] ret_from_fork+0x116/0x1d0 [ 25.274358] ? __pfx_kthread+0x10/0x10 [ 25.274380] ret_from_fork_asm+0x1a/0x30 [ 25.274410] </TASK> [ 25.274422] [ 25.282778] Allocated by task 310: [ 25.282903] kasan_save_stack+0x45/0x70 [ 25.283044] kasan_save_track+0x18/0x40 [ 25.283274] kasan_save_alloc_info+0x3b/0x50 [ 25.283670] __kasan_kmalloc+0xb7/0xc0 [ 25.283854] __kmalloc_cache_noprof+0x189/0x420 [ 25.284067] kasan_bitops_generic+0x92/0x1c0 [ 25.284302] kunit_try_run_case+0x1a5/0x480 [ 25.284509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.284862] kthread+0x337/0x6f0 [ 25.285178] ret_from_fork+0x116/0x1d0 [ 25.285541] ret_from_fork_asm+0x1a/0x30 [ 25.285678] [ 25.285743] The buggy address belongs to the object at ffff888104b06e60 [ 25.285743] which belongs to the cache kmalloc-16 of size 16 [ 25.286258] The buggy address is located 8 bytes inside of [ 25.286258] allocated 9-byte region [ffff888104b06e60, ffff888104b06e69) [ 25.286799] [ 25.286891] The buggy address belongs to the physical page: [ 25.287137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 25.287532] flags: 0x200000000000000(node=0|zone=2) [ 25.287716] page_type: f5(slab) [ 25.287833] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.288208] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.288506] page dumped because: kasan: bad access detected [ 25.288673] [ 25.288736] Memory state around the buggy address: [ 25.288885] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.289097] ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 25.289468] >ffff888104b06e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.289985] ^ [ 25.290269] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.290767] ffff888104b06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.291001] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 25.151086] ================================================================== [ 25.151405] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 25.151619] Read of size 1 at addr ffff888105ec6450 by task kunit_try_catch/308 [ 25.151969] [ 25.152073] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.152119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.152132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.152154] Call Trace: [ 25.152170] <TASK> [ 25.152186] dump_stack_lvl+0x73/0xb0 [ 25.152649] print_report+0xd1/0x650 [ 25.152676] ? __virt_addr_valid+0x1db/0x2d0 [ 25.152699] ? strnlen+0x73/0x80 [ 25.152719] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.152745] ? strnlen+0x73/0x80 [ 25.152765] kasan_report+0x141/0x180 [ 25.152789] ? strnlen+0x73/0x80 [ 25.152815] __asan_report_load1_noabort+0x18/0x20 [ 25.152840] strnlen+0x73/0x80 [ 25.152861] kasan_strings+0x615/0xe80 [ 25.152880] ? trace_hardirqs_on+0x37/0xe0 [ 25.152903] ? __pfx_kasan_strings+0x10/0x10 [ 25.152923] ? finish_task_switch.isra.0+0x153/0x700 [ 25.152944] ? __switch_to+0x47/0xf50 [ 25.152970] ? __schedule+0x10cc/0x2b60 [ 25.152995] ? __pfx_read_tsc+0x10/0x10 [ 25.153016] ? ktime_get_ts64+0x86/0x230 [ 25.153041] kunit_try_run_case+0x1a5/0x480 [ 25.153066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.153088] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.153109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.153134] ? __kthread_parkme+0x82/0x180 [ 25.153193] ? preempt_count_sub+0x50/0x80 [ 25.153215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.153241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.153265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.153290] kthread+0x337/0x6f0 [ 25.153309] ? trace_preempt_on+0x20/0xc0 [ 25.153331] ? __pfx_kthread+0x10/0x10 [ 25.153352] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.153374] ? calculate_sigpending+0x7b/0xa0 [ 25.153399] ? __pfx_kthread+0x10/0x10 [ 25.153420] ret_from_fork+0x116/0x1d0 [ 25.153439] ? __pfx_kthread+0x10/0x10 [ 25.153473] ret_from_fork_asm+0x1a/0x30 [ 25.153505] </TASK> [ 25.153515] [ 25.164962] Allocated by task 308: [ 25.165367] kasan_save_stack+0x45/0x70 [ 25.165565] kasan_save_track+0x18/0x40 [ 25.165744] kasan_save_alloc_info+0x3b/0x50 [ 25.165944] __kasan_kmalloc+0xb7/0xc0 [ 25.166116] __kmalloc_cache_noprof+0x189/0x420 [ 25.166705] kasan_strings+0xc0/0xe80 [ 25.166978] kunit_try_run_case+0x1a5/0x480 [ 25.167128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.167620] kthread+0x337/0x6f0 [ 25.167855] ret_from_fork+0x116/0x1d0 [ 25.168009] ret_from_fork_asm+0x1a/0x30 [ 25.168205] [ 25.168646] Freed by task 308: [ 25.168786] kasan_save_stack+0x45/0x70 [ 25.168974] kasan_save_track+0x18/0x40 [ 25.169240] kasan_save_free_info+0x3f/0x60 [ 25.169704] __kasan_slab_free+0x56/0x70 [ 25.169907] kfree+0x222/0x3f0 [ 25.170043] kasan_strings+0x2aa/0xe80 [ 25.170270] kunit_try_run_case+0x1a5/0x480 [ 25.170470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.170702] kthread+0x337/0x6f0 [ 25.170853] ret_from_fork+0x116/0x1d0 [ 25.171014] ret_from_fork_asm+0x1a/0x30 [ 25.171192] [ 25.171725] The buggy address belongs to the object at ffff888105ec6440 [ 25.171725] which belongs to the cache kmalloc-32 of size 32 [ 25.172340] The buggy address is located 16 bytes inside of [ 25.172340] freed 32-byte region [ffff888105ec6440, ffff888105ec6460) [ 25.172844] [ 25.172929] The buggy address belongs to the physical page: [ 25.173149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec6 [ 25.173858] flags: 0x200000000000000(node=0|zone=2) [ 25.174044] page_type: f5(slab) [ 25.174531] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.174908] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.175364] page dumped because: kasan: bad access detected [ 25.175590] [ 25.175686] Memory state around the buggy address: [ 25.176124] ffff888105ec6300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.176617] ffff888105ec6380: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.176998] >ffff888105ec6400: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.177278] ^ [ 25.177626] ffff888105ec6480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.177917] ffff888105ec6500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.178209] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 25.120027] ================================================================== [ 25.120828] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 25.121117] Read of size 1 at addr ffff888105ec6450 by task kunit_try_catch/308 [ 25.121741] [ 25.121864] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.121914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.122109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.122135] Call Trace: [ 25.122186] <TASK> [ 25.122215] dump_stack_lvl+0x73/0xb0 [ 25.122244] print_report+0xd1/0x650 [ 25.122267] ? __virt_addr_valid+0x1db/0x2d0 [ 25.122290] ? strlen+0x8f/0xb0 [ 25.122309] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.122335] ? strlen+0x8f/0xb0 [ 25.122355] kasan_report+0x141/0x180 [ 25.122377] ? strlen+0x8f/0xb0 [ 25.122401] __asan_report_load1_noabort+0x18/0x20 [ 25.122425] strlen+0x8f/0xb0 [ 25.122446] kasan_strings+0x57b/0xe80 [ 25.122478] ? trace_hardirqs_on+0x37/0xe0 [ 25.122500] ? __pfx_kasan_strings+0x10/0x10 [ 25.122520] ? finish_task_switch.isra.0+0x153/0x700 [ 25.122542] ? __switch_to+0x47/0xf50 [ 25.122567] ? __schedule+0x10cc/0x2b60 [ 25.122591] ? __pfx_read_tsc+0x10/0x10 [ 25.122613] ? ktime_get_ts64+0x86/0x230 [ 25.122637] kunit_try_run_case+0x1a5/0x480 [ 25.122660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.122683] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.122704] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.122729] ? __kthread_parkme+0x82/0x180 [ 25.122749] ? preempt_count_sub+0x50/0x80 [ 25.122771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.122796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.122820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.122844] kthread+0x337/0x6f0 [ 25.122863] ? trace_preempt_on+0x20/0xc0 [ 25.122886] ? __pfx_kthread+0x10/0x10 [ 25.122907] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.122929] ? calculate_sigpending+0x7b/0xa0 [ 25.122954] ? __pfx_kthread+0x10/0x10 [ 25.122975] ret_from_fork+0x116/0x1d0 [ 25.122995] ? __pfx_kthread+0x10/0x10 [ 25.123015] ret_from_fork_asm+0x1a/0x30 [ 25.123047] </TASK> [ 25.123057] [ 25.134579] Allocated by task 308: [ 25.134780] kasan_save_stack+0x45/0x70 [ 25.135062] kasan_save_track+0x18/0x40 [ 25.135686] kasan_save_alloc_info+0x3b/0x50 [ 25.135890] __kasan_kmalloc+0xb7/0xc0 [ 25.136141] __kmalloc_cache_noprof+0x189/0x420 [ 25.136438] kasan_strings+0xc0/0xe80 [ 25.136933] kunit_try_run_case+0x1a5/0x480 [ 25.137282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.137699] kthread+0x337/0x6f0 [ 25.137953] ret_from_fork+0x116/0x1d0 [ 25.138143] ret_from_fork_asm+0x1a/0x30 [ 25.138600] [ 25.138675] Freed by task 308: [ 25.138983] kasan_save_stack+0x45/0x70 [ 25.139401] kasan_save_track+0x18/0x40 [ 25.139605] kasan_save_free_info+0x3f/0x60 [ 25.139874] __kasan_slab_free+0x56/0x70 [ 25.140073] kfree+0x222/0x3f0 [ 25.140204] kasan_strings+0x2aa/0xe80 [ 25.140947] kunit_try_run_case+0x1a5/0x480 [ 25.141142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.141667] kthread+0x337/0x6f0 [ 25.141935] ret_from_fork+0x116/0x1d0 [ 25.142253] ret_from_fork_asm+0x1a/0x30 [ 25.142622] [ 25.142726] The buggy address belongs to the object at ffff888105ec6440 [ 25.142726] which belongs to the cache kmalloc-32 of size 32 [ 25.143678] The buggy address is located 16 bytes inside of [ 25.143678] freed 32-byte region [ffff888105ec6440, ffff888105ec6460) [ 25.144316] [ 25.144502] The buggy address belongs to the physical page: [ 25.144947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec6 [ 25.145628] flags: 0x200000000000000(node=0|zone=2) [ 25.145940] page_type: f5(slab) [ 25.146085] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.146681] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.147064] page dumped because: kasan: bad access detected [ 25.147535] [ 25.147706] Memory state around the buggy address: [ 25.148087] ffff888105ec6300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.148714] ffff888105ec6380: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.149411] >ffff888105ec6400: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.149638] ^ [ 25.149809] ffff888105ec6480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.150018] ffff888105ec6500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.150231] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 25.088601] ================================================================== [ 25.089075] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 25.090130] Read of size 1 at addr ffff888105ec6450 by task kunit_try_catch/308 [ 25.091080] [ 25.091278] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.091329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.091342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.091525] Call Trace: [ 25.091546] <TASK> [ 25.091561] dump_stack_lvl+0x73/0xb0 [ 25.091590] print_report+0xd1/0x650 [ 25.091613] ? __virt_addr_valid+0x1db/0x2d0 [ 25.091636] ? kasan_strings+0xcbc/0xe80 [ 25.091657] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.091683] ? kasan_strings+0xcbc/0xe80 [ 25.091703] kasan_report+0x141/0x180 [ 25.091725] ? kasan_strings+0xcbc/0xe80 [ 25.091749] __asan_report_load1_noabort+0x18/0x20 [ 25.091774] kasan_strings+0xcbc/0xe80 [ 25.091792] ? trace_hardirqs_on+0x37/0xe0 [ 25.091814] ? __pfx_kasan_strings+0x10/0x10 [ 25.091834] ? finish_task_switch.isra.0+0x153/0x700 [ 25.091857] ? __switch_to+0x47/0xf50 [ 25.091881] ? __schedule+0x10cc/0x2b60 [ 25.091907] ? __pfx_read_tsc+0x10/0x10 [ 25.091928] ? ktime_get_ts64+0x86/0x230 [ 25.091952] kunit_try_run_case+0x1a5/0x480 [ 25.091976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.091999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.092020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.092045] ? __kthread_parkme+0x82/0x180 [ 25.092065] ? preempt_count_sub+0x50/0x80 [ 25.092088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.092112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.092136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.092216] kthread+0x337/0x6f0 [ 25.092236] ? trace_preempt_on+0x20/0xc0 [ 25.092259] ? __pfx_kthread+0x10/0x10 [ 25.092279] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.092303] ? calculate_sigpending+0x7b/0xa0 [ 25.092327] ? __pfx_kthread+0x10/0x10 [ 25.092349] ret_from_fork+0x116/0x1d0 [ 25.092368] ? __pfx_kthread+0x10/0x10 [ 25.092388] ret_from_fork_asm+0x1a/0x30 [ 25.092420] </TASK> [ 25.092431] [ 25.103612] Allocated by task 308: [ 25.103781] kasan_save_stack+0x45/0x70 [ 25.104103] kasan_save_track+0x18/0x40 [ 25.104293] kasan_save_alloc_info+0x3b/0x50 [ 25.104585] __kasan_kmalloc+0xb7/0xc0 [ 25.105075] __kmalloc_cache_noprof+0x189/0x420 [ 25.105257] kasan_strings+0xc0/0xe80 [ 25.105658] kunit_try_run_case+0x1a5/0x480 [ 25.105871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.106100] kthread+0x337/0x6f0 [ 25.106435] ret_from_fork+0x116/0x1d0 [ 25.107052] ret_from_fork_asm+0x1a/0x30 [ 25.107226] [ 25.107935] Freed by task 308: [ 25.108317] kasan_save_stack+0x45/0x70 [ 25.108706] kasan_save_track+0x18/0x40 [ 25.108851] kasan_save_free_info+0x3f/0x60 [ 25.108993] __kasan_slab_free+0x56/0x70 [ 25.109125] kfree+0x222/0x3f0 [ 25.109246] kasan_strings+0x2aa/0xe80 [ 25.109374] kunit_try_run_case+0x1a5/0x480 [ 25.109524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.109695] kthread+0x337/0x6f0 [ 25.109809] ret_from_fork+0x116/0x1d0 [ 25.109940] ret_from_fork_asm+0x1a/0x30 [ 25.110072] [ 25.110138] The buggy address belongs to the object at ffff888105ec6440 [ 25.110138] which belongs to the cache kmalloc-32 of size 32 [ 25.112035] The buggy address is located 16 bytes inside of [ 25.112035] freed 32-byte region [ffff888105ec6440, ffff888105ec6460) [ 25.113002] [ 25.113388] The buggy address belongs to the physical page: [ 25.113863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec6 [ 25.114250] flags: 0x200000000000000(node=0|zone=2) [ 25.114605] page_type: f5(slab) [ 25.114891] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.115327] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.115828] page dumped because: kasan: bad access detected [ 25.116365] [ 25.116449] Memory state around the buggy address: [ 25.116842] ffff888105ec6300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.117184] ffff888105ec6380: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.117575] >ffff888105ec6400: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.118087] ^ [ 25.118510] ffff888105ec6480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.118971] ffff888105ec6500: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.119408] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 25.026537] ================================================================== [ 25.027078] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 25.027485] Read of size 1 at addr ffff8881061ffc4a by task kunit_try_catch/302 [ 25.027821] [ 25.027913] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.027961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.027974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.027996] Call Trace: [ 25.028009] <TASK> [ 25.028024] dump_stack_lvl+0x73/0xb0 [ 25.028055] print_report+0xd1/0x650 [ 25.028077] ? __virt_addr_valid+0x1db/0x2d0 [ 25.028101] ? kasan_alloca_oob_right+0x329/0x390 [ 25.028124] ? kasan_addr_to_slab+0x11/0xa0 [ 25.028157] ? kasan_alloca_oob_right+0x329/0x390 [ 25.028180] kasan_report+0x141/0x180 [ 25.028202] ? kasan_alloca_oob_right+0x329/0x390 [ 25.028229] __asan_report_load1_noabort+0x18/0x20 [ 25.028254] kasan_alloca_oob_right+0x329/0x390 [ 25.028275] ? __kasan_check_write+0x18/0x20 [ 25.028299] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.028320] ? finish_task_switch.isra.0+0x153/0x700 [ 25.028343] ? rwsem_down_read_slowpath+0x58e/0xb90 [ 25.028369] ? trace_hardirqs_on+0x37/0xe0 [ 25.028393] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.028420] ? trace_hardirqs_on+0x37/0xe0 [ 25.028441] ? __pfx_read_tsc+0x10/0x10 [ 25.028472] ? ktime_get_ts64+0x86/0x230 [ 25.028497] kunit_try_run_case+0x1a5/0x480 [ 25.028524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.028550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.028573] ? __kthread_parkme+0x82/0x180 [ 25.028595] ? preempt_count_sub+0x50/0x80 [ 25.028618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.028643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.028667] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.028691] kthread+0x337/0x6f0 [ 25.028711] ? trace_preempt_on+0x20/0xc0 [ 25.028732] ? __pfx_kthread+0x10/0x10 [ 25.028753] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.028779] ? calculate_sigpending+0x7b/0xa0 [ 25.028803] ? __pfx_kthread+0x10/0x10 [ 25.028825] ret_from_fork+0x116/0x1d0 [ 25.028845] ? __pfx_kthread+0x10/0x10 [ 25.028866] ret_from_fork_asm+0x1a/0x30 [ 25.028897] </TASK> [ 25.028908] [ 25.039326] The buggy address belongs to stack of task kunit_try_catch/302 [ 25.039802] [ 25.040027] The buggy address belongs to the physical page: [ 25.040361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061ff [ 25.040813] flags: 0x200000000000000(node=0|zone=2) [ 25.041122] raw: 0200000000000000 ffffea0004187fc8 ffffea0004187fc8 0000000000000000 [ 25.041737] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.042125] page dumped because: kasan: bad access detected [ 25.042614] [ 25.042712] Memory state around the buggy address: [ 25.043000] ffff8881061ffb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.043569] ffff8881061ffb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.043828] >ffff8881061ffc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.044373] ^ [ 25.044574] ffff8881061ffc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.044895] ffff8881061ffd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.045562] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 25.004412] ================================================================== [ 25.005088] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 25.005608] Read of size 1 at addr ffff8881060c7c3f by task kunit_try_catch/300 [ 25.005913] [ 25.006014] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 25.006061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.006074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.006097] Call Trace: [ 25.006109] <TASK> [ 25.006126] dump_stack_lvl+0x73/0xb0 [ 25.006388] print_report+0xd1/0x650 [ 25.006413] ? __virt_addr_valid+0x1db/0x2d0 [ 25.006438] ? kasan_alloca_oob_left+0x320/0x380 [ 25.006636] ? kasan_addr_to_slab+0x11/0xa0 [ 25.006671] ? kasan_alloca_oob_left+0x320/0x380 [ 25.006694] kasan_report+0x141/0x180 [ 25.006716] ? kasan_alloca_oob_left+0x320/0x380 [ 25.006742] __asan_report_load1_noabort+0x18/0x20 [ 25.006767] kasan_alloca_oob_left+0x320/0x380 [ 25.006788] ? __kasan_check_write+0x18/0x20 [ 25.006811] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.006833] ? irqentry_exit+0x2a/0x60 [ 25.006854] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.006877] ? trace_hardirqs_on+0x37/0xe0 [ 25.006901] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.006927] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.006953] kunit_try_run_case+0x1a5/0x480 [ 25.006979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.007002] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.007023] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.007047] ? __kthread_parkme+0x82/0x180 [ 25.007069] ? preempt_count_sub+0x50/0x80 [ 25.007093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.007117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.007165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.007207] kthread+0x337/0x6f0 [ 25.007227] ? trace_preempt_on+0x20/0xc0 [ 25.007249] ? __pfx_kthread+0x10/0x10 [ 25.007270] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.007293] ? calculate_sigpending+0x7b/0xa0 [ 25.007317] ? __pfx_kthread+0x10/0x10 [ 25.007338] ret_from_fork+0x116/0x1d0 [ 25.007358] ? __pfx_kthread+0x10/0x10 [ 25.007378] ret_from_fork_asm+0x1a/0x30 [ 25.007410] </TASK> [ 25.007421] [ 25.017373] The buggy address belongs to stack of task kunit_try_catch/300 [ 25.017651] [ 25.017732] The buggy address belongs to the physical page: [ 25.017983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c7 [ 25.018565] flags: 0x200000000000000(node=0|zone=2) [ 25.018816] raw: 0200000000000000 ffffea00041831c8 ffffea00041831c8 0000000000000000 [ 25.019116] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.019450] page dumped because: kasan: bad access detected [ 25.019657] [ 25.019745] Memory state around the buggy address: [ 25.019961] ffff8881060c7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.020296] ffff8881060c7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.020602] >ffff8881060c7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.020865] ^ [ 25.021049] ffff8881060c7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.021433] ffff8881060c7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.021730] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 24.970959] ================================================================== [ 24.972129] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 24.972376] Read of size 1 at addr ffff8881061efd02 by task kunit_try_catch/298 [ 24.972610] [ 24.972694] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.972745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.972759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.972783] Call Trace: [ 24.972796] <TASK> [ 24.972812] dump_stack_lvl+0x73/0xb0 [ 24.972841] print_report+0xd1/0x650 [ 24.972864] ? __virt_addr_valid+0x1db/0x2d0 [ 24.972888] ? kasan_stack_oob+0x2b5/0x300 [ 24.972911] ? kasan_addr_to_slab+0x11/0xa0 [ 24.972935] ? kasan_stack_oob+0x2b5/0x300 [ 24.972959] kasan_report+0x141/0x180 [ 24.972981] ? kasan_stack_oob+0x2b5/0x300 [ 24.973009] __asan_report_load1_noabort+0x18/0x20 [ 24.973033] kasan_stack_oob+0x2b5/0x300 [ 24.973057] ? __pfx_kasan_stack_oob+0x10/0x10 [ 24.973080] ? finish_task_switch.isra.0+0x153/0x700 [ 24.973102] ? __switch_to+0x47/0xf50 [ 24.973130] ? __schedule+0x10cc/0x2b60 [ 24.973157] ? __pfx_read_tsc+0x10/0x10 [ 24.973180] ? ktime_get_ts64+0x86/0x230 [ 24.973204] kunit_try_run_case+0x1a5/0x480 [ 24.973231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.973254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.973277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.973303] ? __kthread_parkme+0x82/0x180 [ 24.973324] ? preempt_count_sub+0x50/0x80 [ 24.973346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.973371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.973396] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.973420] kthread+0x337/0x6f0 [ 24.973440] ? trace_preempt_on+0x20/0xc0 [ 24.973486] ? __pfx_kthread+0x10/0x10 [ 24.973508] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.973533] ? calculate_sigpending+0x7b/0xa0 [ 24.973557] ? __pfx_kthread+0x10/0x10 [ 24.973580] ret_from_fork+0x116/0x1d0 [ 24.973599] ? __pfx_kthread+0x10/0x10 [ 24.973620] ret_from_fork_asm+0x1a/0x30 [ 24.973651] </TASK> [ 24.973664] [ 24.989957] The buggy address belongs to stack of task kunit_try_catch/298 [ 24.990859] and is located at offset 138 in frame: [ 24.991390] kasan_stack_oob+0x0/0x300 [ 24.991983] [ 24.992123] This frame has 4 objects: [ 24.992503] [48, 49) '__assertion' [ 24.992532] [64, 72) 'array' [ 24.992742] [96, 112) '__assertion' [ 24.992870] [128, 138) 'stack_array' [ 24.993005] [ 24.993301] The buggy address belongs to the physical page: [ 24.993961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061ef [ 24.994703] flags: 0x200000000000000(node=0|zone=2) [ 24.995216] raw: 0200000000000000 ffffea0004187bc8 ffffea0004187bc8 0000000000000000 [ 24.995928] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.996677] page dumped because: kasan: bad access detected [ 24.997138] [ 24.997360] Memory state around the buggy address: [ 24.997678] ffff8881061efc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.998046] ffff8881061efc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 24.998490] >ffff8881061efd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 24.999257] ^ [ 24.999568] ffff8881061efd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.000317] ffff8881061efe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.000827] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 24.952389] ================================================================== [ 24.952940] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 24.953275] Read of size 1 at addr ffffffffb9caaecd by task kunit_try_catch/294 [ 24.953610] [ 24.953745] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.953816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.953829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.953859] Call Trace: [ 24.953873] <TASK> [ 24.953890] dump_stack_lvl+0x73/0xb0 [ 24.953920] print_report+0xd1/0x650 [ 24.953942] ? __virt_addr_valid+0x1db/0x2d0 [ 24.953967] ? kasan_global_oob_right+0x286/0x2d0 [ 24.953993] ? kasan_addr_to_slab+0x11/0xa0 [ 24.954018] ? kasan_global_oob_right+0x286/0x2d0 [ 24.954043] kasan_report+0x141/0x180 [ 24.954078] ? kasan_global_oob_right+0x286/0x2d0 [ 24.954110] __asan_report_load1_noabort+0x18/0x20 [ 24.954145] kasan_global_oob_right+0x286/0x2d0 [ 24.954171] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 24.954214] ? __schedule+0x10cc/0x2b60 [ 24.954241] ? __pfx_read_tsc+0x10/0x10 [ 24.954264] ? ktime_get_ts64+0x86/0x230 [ 24.954299] kunit_try_run_case+0x1a5/0x480 [ 24.954327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.954350] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.954383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.954410] ? __kthread_parkme+0x82/0x180 [ 24.954431] ? preempt_count_sub+0x50/0x80 [ 24.954463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.954488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.954512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.954535] kthread+0x337/0x6f0 [ 24.954555] ? trace_preempt_on+0x20/0xc0 [ 24.954579] ? __pfx_kthread+0x10/0x10 [ 24.954600] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.954623] ? calculate_sigpending+0x7b/0xa0 [ 24.954657] ? __pfx_kthread+0x10/0x10 [ 24.954678] ret_from_fork+0x116/0x1d0 [ 24.954698] ? __pfx_kthread+0x10/0x10 [ 24.954729] ret_from_fork_asm+0x1a/0x30 [ 24.954761] </TASK> [ 24.954772] [ 24.961450] The buggy address belongs to the variable: [ 24.961712] global_array+0xd/0x40 [ 24.961912] [ 24.962016] The buggy address belongs to the physical page: [ 24.962263] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78aaa [ 24.962509] flags: 0x100000000002000(reserved|node=0|zone=1) [ 24.962803] raw: 0100000000002000 ffffea0001e2aa88 ffffea0001e2aa88 0000000000000000 [ 24.963132] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.963398] page dumped because: kasan: bad access detected [ 24.963843] [ 24.963915] Memory state around the buggy address: [ 24.964063] ffffffffb9caad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.964512] ffffffffb9caae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.964830] >ffffffffb9caae80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 24.965092] ^ [ 24.965451] ffffffffb9caaf00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 24.965723] ffffffffb9caaf80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 24.966017] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 24.927831] ================================================================== [ 24.929267] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.930059] Free of addr ffff88810607c001 by task kunit_try_catch/292 [ 24.930413] [ 24.930631] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.930682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.930695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.930717] Call Trace: [ 24.930738] <TASK> [ 24.930755] dump_stack_lvl+0x73/0xb0 [ 24.930785] print_report+0xd1/0x650 [ 24.930818] ? __virt_addr_valid+0x1db/0x2d0 [ 24.930844] ? kasan_addr_to_slab+0x11/0xa0 [ 24.930867] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.930893] kasan_report_invalid_free+0x10a/0x130 [ 24.930917] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.930945] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.930970] __kasan_mempool_poison_object+0x102/0x1d0 [ 24.930994] mempool_free+0x2ec/0x380 [ 24.931020] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.931044] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 24.931068] ? update_load_avg+0x1be/0x21b0 [ 24.931094] ? finish_task_switch.isra.0+0x153/0x700 [ 24.931121] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 24.931145] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 24.931228] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.931251] ? __pfx_mempool_kfree+0x10/0x10 [ 24.931274] ? __pfx_read_tsc+0x10/0x10 [ 24.931296] ? ktime_get_ts64+0x86/0x230 [ 24.931320] kunit_try_run_case+0x1a5/0x480 [ 24.931345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.931367] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.931390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.931415] ? __kthread_parkme+0x82/0x180 [ 24.931436] ? preempt_count_sub+0x50/0x80 [ 24.931470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.931495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.931518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.931543] kthread+0x337/0x6f0 [ 24.931562] ? trace_preempt_on+0x20/0xc0 [ 24.931585] ? __pfx_kthread+0x10/0x10 [ 24.931606] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.931629] ? calculate_sigpending+0x7b/0xa0 [ 24.931653] ? __pfx_kthread+0x10/0x10 [ 24.931674] ret_from_fork+0x116/0x1d0 [ 24.931693] ? __pfx_kthread+0x10/0x10 [ 24.931713] ret_from_fork_asm+0x1a/0x30 [ 24.931744] </TASK> [ 24.931755] [ 24.940710] The buggy address belongs to the physical page: [ 24.940993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10607c [ 24.941573] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.941953] flags: 0x200000000000040(head|node=0|zone=2) [ 24.942383] page_type: f8(unknown) [ 24.942582] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.942893] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.943120] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.943598] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.944121] head: 0200000000000002 ffffea0004181f01 00000000ffffffff 00000000ffffffff [ 24.944354] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.944583] page dumped because: kasan: bad access detected [ 24.945117] [ 24.945288] Memory state around the buggy address: [ 24.945519] ffff88810607bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.945799] ffff88810607bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.946014] >ffff88810607c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.946350] ^ [ 24.946551] ffff88810607c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.946928] ffff88810607c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.947540] ================================================================== [ 24.887073] ================================================================== [ 24.887495] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.887746] Free of addr ffff888105ab1a01 by task kunit_try_catch/290 [ 24.887937] [ 24.888016] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.888064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.888077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.888100] Call Trace: [ 24.888112] <TASK> [ 24.888127] dump_stack_lvl+0x73/0xb0 [ 24.888156] print_report+0xd1/0x650 [ 24.888179] ? __virt_addr_valid+0x1db/0x2d0 [ 24.888203] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.888228] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.888253] kasan_report_invalid_free+0x10a/0x130 [ 24.888276] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.888303] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.888326] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.888349] check_slab_allocation+0x11f/0x130 [ 24.888375] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.888398] mempool_free+0x2ec/0x380 [ 24.888423] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 24.888448] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 24.888851] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.889082] ? finish_task_switch.isra.0+0x153/0x700 [ 24.889123] mempool_kmalloc_invalid_free+0xed/0x140 [ 24.889193] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 24.889221] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.889243] ? __pfx_mempool_kfree+0x10/0x10 [ 24.889267] ? __pfx_read_tsc+0x10/0x10 [ 24.889289] ? ktime_get_ts64+0x86/0x230 [ 24.889313] kunit_try_run_case+0x1a5/0x480 [ 24.889340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.889365] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.889387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.889415] ? __kthread_parkme+0x82/0x180 [ 24.889435] ? preempt_count_sub+0x50/0x80 [ 24.889476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.889501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.889526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.889552] kthread+0x337/0x6f0 [ 24.889572] ? trace_preempt_on+0x20/0xc0 [ 24.889597] ? __pfx_kthread+0x10/0x10 [ 24.889617] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.889642] ? calculate_sigpending+0x7b/0xa0 [ 24.889665] ? __pfx_kthread+0x10/0x10 [ 24.889687] ret_from_fork+0x116/0x1d0 [ 24.889707] ? __pfx_kthread+0x10/0x10 [ 24.889728] ret_from_fork_asm+0x1a/0x30 [ 24.889758] </TASK> [ 24.889769] [ 24.908364] Allocated by task 290: [ 24.908607] kasan_save_stack+0x45/0x70 [ 24.909024] kasan_save_track+0x18/0x40 [ 24.909476] kasan_save_alloc_info+0x3b/0x50 [ 24.909912] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.910077] remove_element+0x11e/0x190 [ 24.910507] mempool_alloc_preallocated+0x4d/0x90 [ 24.911003] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 24.911512] mempool_kmalloc_invalid_free+0xed/0x140 [ 24.911857] kunit_try_run_case+0x1a5/0x480 [ 24.912298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.913010] kthread+0x337/0x6f0 [ 24.913242] ret_from_fork+0x116/0x1d0 [ 24.913672] ret_from_fork_asm+0x1a/0x30 [ 24.913853] [ 24.913923] The buggy address belongs to the object at ffff888105ab1a00 [ 24.913923] which belongs to the cache kmalloc-128 of size 128 [ 24.914356] The buggy address is located 1 bytes inside of [ 24.914356] 128-byte region [ffff888105ab1a00, ffff888105ab1a80) [ 24.915551] [ 24.915714] The buggy address belongs to the physical page: [ 24.916244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 24.917032] flags: 0x200000000000000(node=0|zone=2) [ 24.917557] page_type: f5(slab) [ 24.917852] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.918515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.918733] page dumped because: kasan: bad access detected [ 24.918893] [ 24.918956] Memory state around the buggy address: [ 24.919100] ffff888105ab1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.919689] ffff888105ab1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.920438] >ffff888105ab1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.921107] ^ [ 24.921608] ffff888105ab1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.922286] ffff888105ab1b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.922841] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 24.863935] ================================================================== [ 24.864341] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.864642] Free of addr ffff888106164000 by task kunit_try_catch/288 [ 24.865738] [ 24.866045] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.866101] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.866218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.866248] Call Trace: [ 24.866262] <TASK> [ 24.866279] dump_stack_lvl+0x73/0xb0 [ 24.866312] print_report+0xd1/0x650 [ 24.866335] ? __virt_addr_valid+0x1db/0x2d0 [ 24.866361] ? kasan_addr_to_slab+0x11/0xa0 [ 24.866386] ? mempool_double_free_helper+0x184/0x370 [ 24.866431] kasan_report_invalid_free+0x10a/0x130 [ 24.866482] ? mempool_double_free_helper+0x184/0x370 [ 24.866509] ? mempool_double_free_helper+0x184/0x370 [ 24.866532] __kasan_mempool_poison_pages+0x115/0x130 [ 24.866557] mempool_free+0x290/0x380 [ 24.866584] mempool_double_free_helper+0x184/0x370 [ 24.866609] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.866633] ? __kasan_check_write+0x18/0x20 [ 24.866656] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.866679] ? finish_task_switch.isra.0+0x153/0x700 [ 24.866705] mempool_page_alloc_double_free+0xe8/0x140 [ 24.866731] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 24.866758] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 24.866781] ? __pfx_mempool_free_pages+0x10/0x10 [ 24.866806] ? __pfx_read_tsc+0x10/0x10 [ 24.866828] ? ktime_get_ts64+0x86/0x230 [ 24.866852] kunit_try_run_case+0x1a5/0x480 [ 24.866879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.866903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.866926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.866952] ? __kthread_parkme+0x82/0x180 [ 24.866973] ? preempt_count_sub+0x50/0x80 [ 24.866996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.867021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.867045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.867069] kthread+0x337/0x6f0 [ 24.867089] ? trace_preempt_on+0x20/0xc0 [ 24.867112] ? __pfx_kthread+0x10/0x10 [ 24.867152] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.867191] ? calculate_sigpending+0x7b/0xa0 [ 24.867216] ? __pfx_kthread+0x10/0x10 [ 24.867239] ret_from_fork+0x116/0x1d0 [ 24.867258] ? __pfx_kthread+0x10/0x10 [ 24.867279] ret_from_fork_asm+0x1a/0x30 [ 24.867310] </TASK> [ 24.867322] [ 24.878961] The buggy address belongs to the physical page: [ 24.879422] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106164 [ 24.879846] flags: 0x200000000000000(node=0|zone=2) [ 24.880074] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 24.880685] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.880977] page dumped because: kasan: bad access detected [ 24.881206] [ 24.881391] Memory state around the buggy address: [ 24.881609] ffff888106163f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.881915] ffff888106163f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.882193] >ffff888106164000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.882893] ^ [ 24.883054] ffff888106164080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.883476] ffff888106164100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.883766] ================================================================== [ 24.793079] ================================================================== [ 24.793664] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.793901] Free of addr ffff888105540800 by task kunit_try_catch/284 [ 24.794096] [ 24.794182] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.794233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.794246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.794269] Call Trace: [ 24.794281] <TASK> [ 24.794298] dump_stack_lvl+0x73/0xb0 [ 24.794324] print_report+0xd1/0x650 [ 24.794347] ? __virt_addr_valid+0x1db/0x2d0 [ 24.794370] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.794395] ? mempool_double_free_helper+0x184/0x370 [ 24.794419] kasan_report_invalid_free+0x10a/0x130 [ 24.794442] ? mempool_double_free_helper+0x184/0x370 [ 24.794477] ? mempool_double_free_helper+0x184/0x370 [ 24.794500] ? mempool_double_free_helper+0x184/0x370 [ 24.794522] check_slab_allocation+0x101/0x130 [ 24.794548] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.794572] mempool_free+0x2ec/0x380 [ 24.794597] mempool_double_free_helper+0x184/0x370 [ 24.794621] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.794648] ? finish_task_switch.isra.0+0x153/0x700 [ 24.794673] mempool_kmalloc_double_free+0xed/0x140 [ 24.794695] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 24.794721] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.794743] ? __pfx_mempool_kfree+0x10/0x10 [ 24.794767] ? __pfx_read_tsc+0x10/0x10 [ 24.794789] ? ktime_get_ts64+0x86/0x230 [ 24.794812] kunit_try_run_case+0x1a5/0x480 [ 24.794839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.794862] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.794884] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.794909] ? __kthread_parkme+0x82/0x180 [ 24.794929] ? preempt_count_sub+0x50/0x80 [ 24.794951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.794975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.794999] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.795023] kthread+0x337/0x6f0 [ 24.795042] ? trace_preempt_on+0x20/0xc0 [ 24.795064] ? __pfx_kthread+0x10/0x10 [ 24.795084] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.795108] ? calculate_sigpending+0x7b/0xa0 [ 24.795130] ? __pfx_kthread+0x10/0x10 [ 24.795152] ret_from_fork+0x116/0x1d0 [ 24.795170] ? __pfx_kthread+0x10/0x10 [ 24.795190] ret_from_fork_asm+0x1a/0x30 [ 24.795221] </TASK> [ 24.795232] [ 24.813423] Allocated by task 284: [ 24.813967] kasan_save_stack+0x45/0x70 [ 24.814208] kasan_save_track+0x18/0x40 [ 24.814340] kasan_save_alloc_info+0x3b/0x50 [ 24.814493] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.814934] remove_element+0x11e/0x190 [ 24.815089] mempool_alloc_preallocated+0x4d/0x90 [ 24.815833] mempool_double_free_helper+0x8a/0x370 [ 24.816388] mempool_kmalloc_double_free+0xed/0x140 [ 24.816817] kunit_try_run_case+0x1a5/0x480 [ 24.817327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.817684] kthread+0x337/0x6f0 [ 24.818005] ret_from_fork+0x116/0x1d0 [ 24.818550] ret_from_fork_asm+0x1a/0x30 [ 24.818921] [ 24.819082] Freed by task 284: [ 24.819465] kasan_save_stack+0x45/0x70 [ 24.819623] kasan_save_track+0x18/0x40 [ 24.819752] kasan_save_free_info+0x3f/0x60 [ 24.819891] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.820052] mempool_free+0x2ec/0x380 [ 24.820228] mempool_double_free_helper+0x109/0x370 [ 24.821009] mempool_kmalloc_double_free+0xed/0x140 [ 24.821369] kunit_try_run_case+0x1a5/0x480 [ 24.821559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.822248] kthread+0x337/0x6f0 [ 24.822836] ret_from_fork+0x116/0x1d0 [ 24.823368] ret_from_fork_asm+0x1a/0x30 [ 24.823626] [ 24.823695] The buggy address belongs to the object at ffff888105540800 [ 24.823695] which belongs to the cache kmalloc-128 of size 128 [ 24.824049] The buggy address is located 0 bytes inside of [ 24.824049] 128-byte region [ffff888105540800, ffff888105540880) [ 24.825480] [ 24.825854] The buggy address belongs to the physical page: [ 24.826786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 24.827522] flags: 0x200000000000000(node=0|zone=2) [ 24.827889] page_type: f5(slab) [ 24.828018] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.828361] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.829300] page dumped because: kasan: bad access detected [ 24.830030] [ 24.830305] Memory state around the buggy address: [ 24.830886] ffff888105540700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.831110] ffff888105540780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.831942] >ffff888105540800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.832696] ^ [ 24.832824] ffff888105540880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833039] ffff888105540900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.833271] ================================================================== [ 24.837542] ================================================================== [ 24.838046] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.838338] Free of addr ffff88810607c000 by task kunit_try_catch/286 [ 24.838856] [ 24.838975] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.839028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.839042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.839065] Call Trace: [ 24.839077] <TASK> [ 24.839094] dump_stack_lvl+0x73/0xb0 [ 24.839124] print_report+0xd1/0x650 [ 24.839147] ? __virt_addr_valid+0x1db/0x2d0 [ 24.839290] ? kasan_addr_to_slab+0x11/0xa0 [ 24.839315] ? mempool_double_free_helper+0x184/0x370 [ 24.839339] kasan_report_invalid_free+0x10a/0x130 [ 24.839363] ? mempool_double_free_helper+0x184/0x370 [ 24.839389] ? mempool_double_free_helper+0x184/0x370 [ 24.839412] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 24.839436] mempool_free+0x2ec/0x380 [ 24.839509] mempool_double_free_helper+0x184/0x370 [ 24.839559] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.839581] ? update_load_avg+0x1be/0x21b0 [ 24.839605] ? dequeue_entities+0x27e/0x1740 [ 24.839630] ? finish_task_switch.isra.0+0x153/0x700 [ 24.839656] mempool_kmalloc_large_double_free+0xed/0x140 [ 24.839681] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 24.839708] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.839729] ? __pfx_mempool_kfree+0x10/0x10 [ 24.839753] ? __pfx_read_tsc+0x10/0x10 [ 24.839776] ? ktime_get_ts64+0x86/0x230 [ 24.839801] kunit_try_run_case+0x1a5/0x480 [ 24.839827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.839849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.839871] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.839897] ? __kthread_parkme+0x82/0x180 [ 24.839918] ? preempt_count_sub+0x50/0x80 [ 24.839941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.839965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.839988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.840012] kthread+0x337/0x6f0 [ 24.840032] ? trace_preempt_on+0x20/0xc0 [ 24.840055] ? __pfx_kthread+0x10/0x10 [ 24.840076] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.840099] ? calculate_sigpending+0x7b/0xa0 [ 24.840123] ? __pfx_kthread+0x10/0x10 [ 24.840145] ret_from_fork+0x116/0x1d0 [ 24.840163] ? __pfx_kthread+0x10/0x10 [ 24.840238] ret_from_fork_asm+0x1a/0x30 [ 24.840270] </TASK> [ 24.840280] [ 24.851780] The buggy address belongs to the physical page: [ 24.852142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10607c [ 24.852862] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.853482] flags: 0x200000000000040(head|node=0|zone=2) [ 24.853853] page_type: f8(unknown) [ 24.854030] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.854653] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.855145] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.855783] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.856322] head: 0200000000000002 ffffea0004181f01 00000000ffffffff 00000000ffffffff [ 24.856640] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.856944] page dumped because: kasan: bad access detected [ 24.857392] [ 24.857515] Memory state around the buggy address: [ 24.857901] ffff88810607bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.858566] ffff88810607bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.858983] >ffff88810607c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.859512] ^ [ 24.859804] ffff88810607c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.860496] ffff88810607c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.860942] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 24.705697] ================================================================== [ 24.706892] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.707732] Read of size 1 at addr ffff88810607c000 by task kunit_try_catch/278 [ 24.708574] [ 24.708806] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.708871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.708893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.708917] Call Trace: [ 24.708931] <TASK> [ 24.708949] dump_stack_lvl+0x73/0xb0 [ 24.708993] print_report+0xd1/0x650 [ 24.709016] ? __virt_addr_valid+0x1db/0x2d0 [ 24.709041] ? mempool_uaf_helper+0x392/0x400 [ 24.709062] ? kasan_addr_to_slab+0x11/0xa0 [ 24.709086] ? mempool_uaf_helper+0x392/0x400 [ 24.709109] kasan_report+0x141/0x180 [ 24.709131] ? mempool_uaf_helper+0x392/0x400 [ 24.709157] __asan_report_load1_noabort+0x18/0x20 [ 24.709181] mempool_uaf_helper+0x392/0x400 [ 24.709243] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.709267] ? __call_rcu_common.constprop.0+0x455/0x9e0 [ 24.709293] ? __pfx_task_dead_fair+0x10/0x10 [ 24.709323] mempool_kmalloc_large_uaf+0xef/0x140 [ 24.709346] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 24.709372] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.709395] ? __pfx_mempool_kfree+0x10/0x10 [ 24.709420] ? __pfx_read_tsc+0x10/0x10 [ 24.709443] ? ktime_get_ts64+0x86/0x230 [ 24.709478] kunit_try_run_case+0x1a5/0x480 [ 24.709504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.709527] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.709550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.709576] ? __kthread_parkme+0x82/0x180 [ 24.709597] ? preempt_count_sub+0x50/0x80 [ 24.709620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.709645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.709669] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.709693] kthread+0x337/0x6f0 [ 24.709713] ? trace_preempt_on+0x20/0xc0 [ 24.709736] ? __pfx_kthread+0x10/0x10 [ 24.709757] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.709783] ? calculate_sigpending+0x7b/0xa0 [ 24.709807] ? __pfx_kthread+0x10/0x10 [ 24.709829] ret_from_fork+0x116/0x1d0 [ 24.709853] ? __pfx_kthread+0x10/0x10 [ 24.709873] ret_from_fork_asm+0x1a/0x30 [ 24.709905] </TASK> [ 24.709916] [ 24.721167] The buggy address belongs to the physical page: [ 24.721941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10607c [ 24.722516] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.722851] flags: 0x200000000000040(head|node=0|zone=2) [ 24.723171] page_type: f8(unknown) [ 24.723401] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.723909] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.724408] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.724828] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.725272] head: 0200000000000002 ffffea0004181f01 00000000ffffffff 00000000ffffffff [ 24.725742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.726183] page dumped because: kasan: bad access detected [ 24.726683] [ 24.726778] Memory state around the buggy address: [ 24.726986] ffff88810607bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.727679] ffff88810607bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.727941] >ffff88810607c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.728590] ^ [ 24.728758] ffff88810607c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.729201] ffff88810607c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.729610] ================================================================== [ 24.768672] ================================================================== [ 24.770154] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.771494] Read of size 1 at addr ffff88810607c000 by task kunit_try_catch/282 [ 24.772281] [ 24.772381] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.772434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.772448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.772482] Call Trace: [ 24.772495] <TASK> [ 24.772512] dump_stack_lvl+0x73/0xb0 [ 24.772542] print_report+0xd1/0x650 [ 24.772564] ? __virt_addr_valid+0x1db/0x2d0 [ 24.772588] ? mempool_uaf_helper+0x392/0x400 [ 24.772610] ? kasan_addr_to_slab+0x11/0xa0 [ 24.772634] ? mempool_uaf_helper+0x392/0x400 [ 24.772656] kasan_report+0x141/0x180 [ 24.772678] ? mempool_uaf_helper+0x392/0x400 [ 24.772704] __asan_report_load1_noabort+0x18/0x20 [ 24.772728] mempool_uaf_helper+0x392/0x400 [ 24.772750] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.772773] ? __kasan_check_write+0x18/0x20 [ 24.772796] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.772818] ? finish_task_switch.isra.0+0x153/0x700 [ 24.772844] mempool_page_alloc_uaf+0xed/0x140 [ 24.772868] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 24.772893] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 24.772916] ? __pfx_mempool_free_pages+0x10/0x10 [ 24.772942] ? __pfx_read_tsc+0x10/0x10 [ 24.772963] ? ktime_get_ts64+0x86/0x230 [ 24.772987] kunit_try_run_case+0x1a5/0x480 [ 24.773012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.773036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.773056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.773082] ? __kthread_parkme+0x82/0x180 [ 24.773103] ? preempt_count_sub+0x50/0x80 [ 24.773125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.773193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.773219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.773244] kthread+0x337/0x6f0 [ 24.773264] ? trace_preempt_on+0x20/0xc0 [ 24.773286] ? __pfx_kthread+0x10/0x10 [ 24.773307] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.773331] ? calculate_sigpending+0x7b/0xa0 [ 24.773354] ? __pfx_kthread+0x10/0x10 [ 24.773376] ret_from_fork+0x116/0x1d0 [ 24.773394] ? __pfx_kthread+0x10/0x10 [ 24.773415] ret_from_fork_asm+0x1a/0x30 [ 24.773445] </TASK> [ 24.773469] [ 24.784003] The buggy address belongs to the physical page: [ 24.784513] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10607c [ 24.784853] flags: 0x200000000000000(node=0|zone=2) [ 24.785073] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 24.785803] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.786404] page dumped because: kasan: bad access detected [ 24.786772] [ 24.786999] Memory state around the buggy address: [ 24.787407] ffff88810607bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788005] ffff88810607bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.788549] >ffff88810607c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.789056] ^ [ 24.789249] ffff88810607c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.789545] ffff88810607c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.789862] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 24.676834] ================================================================== [ 24.677220] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.677468] Read of size 1 at addr ffff888105ab1600 by task kunit_try_catch/276 [ 24.677689] [ 24.678234] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.678309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.678324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.678347] Call Trace: [ 24.678360] <TASK> [ 24.678378] dump_stack_lvl+0x73/0xb0 [ 24.678698] print_report+0xd1/0x650 [ 24.678724] ? __virt_addr_valid+0x1db/0x2d0 [ 24.678750] ? mempool_uaf_helper+0x392/0x400 [ 24.678772] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.678798] ? mempool_uaf_helper+0x392/0x400 [ 24.678820] kasan_report+0x141/0x180 [ 24.678842] ? mempool_uaf_helper+0x392/0x400 [ 24.678869] __asan_report_load1_noabort+0x18/0x20 [ 24.678893] mempool_uaf_helper+0x392/0x400 [ 24.678915] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.678938] ? __kasan_check_write+0x18/0x20 [ 24.678961] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.678984] ? finish_task_switch.isra.0+0x153/0x700 [ 24.679010] mempool_kmalloc_uaf+0xef/0x140 [ 24.679032] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 24.679057] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.679081] ? __pfx_mempool_kfree+0x10/0x10 [ 24.679105] ? __pfx_read_tsc+0x10/0x10 [ 24.679127] ? ktime_get_ts64+0x86/0x230 [ 24.679151] kunit_try_run_case+0x1a5/0x480 [ 24.679178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.679202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.679224] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.679251] ? __kthread_parkme+0x82/0x180 [ 24.679272] ? preempt_count_sub+0x50/0x80 [ 24.679296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.679321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.679345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.679369] kthread+0x337/0x6f0 [ 24.679389] ? trace_preempt_on+0x20/0xc0 [ 24.679413] ? __pfx_kthread+0x10/0x10 [ 24.679434] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.679470] ? calculate_sigpending+0x7b/0xa0 [ 24.679496] ? __pfx_kthread+0x10/0x10 [ 24.679518] ret_from_fork+0x116/0x1d0 [ 24.679539] ? __pfx_kthread+0x10/0x10 [ 24.679559] ret_from_fork_asm+0x1a/0x30 [ 24.679592] </TASK> [ 24.679603] [ 24.689040] Allocated by task 276: [ 24.689318] kasan_save_stack+0x45/0x70 [ 24.689533] kasan_save_track+0x18/0x40 [ 24.689768] kasan_save_alloc_info+0x3b/0x50 [ 24.689983] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.690226] remove_element+0x11e/0x190 [ 24.690437] mempool_alloc_preallocated+0x4d/0x90 [ 24.690775] mempool_uaf_helper+0x96/0x400 [ 24.691205] mempool_kmalloc_uaf+0xef/0x140 [ 24.691406] kunit_try_run_case+0x1a5/0x480 [ 24.691561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.691739] kthread+0x337/0x6f0 [ 24.691901] ret_from_fork+0x116/0x1d0 [ 24.692083] ret_from_fork_asm+0x1a/0x30 [ 24.692493] [ 24.692723] Freed by task 276: [ 24.692882] kasan_save_stack+0x45/0x70 [ 24.693225] kasan_save_track+0x18/0x40 [ 24.693509] kasan_save_free_info+0x3f/0x60 [ 24.693712] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.693984] mempool_free+0x2ec/0x380 [ 24.694115] mempool_uaf_helper+0x11a/0x400 [ 24.694252] mempool_kmalloc_uaf+0xef/0x140 [ 24.694452] kunit_try_run_case+0x1a5/0x480 [ 24.694967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.695291] kthread+0x337/0x6f0 [ 24.695518] ret_from_fork+0x116/0x1d0 [ 24.695660] ret_from_fork_asm+0x1a/0x30 [ 24.695841] [ 24.695931] The buggy address belongs to the object at ffff888105ab1600 [ 24.695931] which belongs to the cache kmalloc-128 of size 128 [ 24.697164] The buggy address is located 0 bytes inside of [ 24.697164] freed 128-byte region [ffff888105ab1600, ffff888105ab1680) [ 24.697849] [ 24.697973] The buggy address belongs to the physical page: [ 24.698412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 24.698891] flags: 0x200000000000000(node=0|zone=2) [ 24.699122] page_type: f5(slab) [ 24.699345] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.699650] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.699972] page dumped because: kasan: bad access detected [ 24.700293] [ 24.700392] Memory state around the buggy address: [ 24.700556] ffff888105ab1500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.700870] ffff888105ab1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.701099] >ffff888105ab1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.701476] ^ [ 24.701700] ffff888105ab1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.702047] ffff888105ab1700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.702586] ================================================================== [ 24.735230] ================================================================== [ 24.735714] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.735980] Read of size 1 at addr ffff888106194240 by task kunit_try_catch/280 [ 24.736512] [ 24.736616] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.736667] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.736680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.736703] Call Trace: [ 24.736715] <TASK> [ 24.736732] dump_stack_lvl+0x73/0xb0 [ 24.736764] print_report+0xd1/0x650 [ 24.736788] ? __virt_addr_valid+0x1db/0x2d0 [ 24.736812] ? mempool_uaf_helper+0x392/0x400 [ 24.736834] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.736860] ? mempool_uaf_helper+0x392/0x400 [ 24.736882] kasan_report+0x141/0x180 [ 24.736905] ? mempool_uaf_helper+0x392/0x400 [ 24.736931] __asan_report_load1_noabort+0x18/0x20 [ 24.736955] mempool_uaf_helper+0x392/0x400 [ 24.736978] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.737000] ? update_load_avg+0x1be/0x21b0 [ 24.737025] ? irqentry_exit+0x2a/0x60 [ 24.737048] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.737074] mempool_slab_uaf+0xea/0x140 [ 24.737097] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.737123] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.737147] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.737174] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.737199] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.737223] kunit_try_run_case+0x1a5/0x480 [ 24.737249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.737273] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.737298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.737325] ? __kthread_parkme+0x82/0x180 [ 24.737347] ? preempt_count_sub+0x50/0x80 [ 24.737373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.737399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.737424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.737449] kthread+0x337/0x6f0 [ 24.737479] ? trace_preempt_on+0x20/0xc0 [ 24.737503] ? __pfx_kthread+0x10/0x10 [ 24.737524] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.737569] ? calculate_sigpending+0x7b/0xa0 [ 24.737604] ? __pfx_kthread+0x10/0x10 [ 24.737626] ret_from_fork+0x116/0x1d0 [ 24.737646] ? __pfx_kthread+0x10/0x10 [ 24.737667] ret_from_fork_asm+0x1a/0x30 [ 24.737699] </TASK> [ 24.737710] [ 24.745820] Allocated by task 280: [ 24.745980] kasan_save_stack+0x45/0x70 [ 24.746142] kasan_save_track+0x18/0x40 [ 24.746500] kasan_save_alloc_info+0x3b/0x50 [ 24.746711] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.746880] remove_element+0x11e/0x190 [ 24.747012] mempool_alloc_preallocated+0x4d/0x90 [ 24.747249] mempool_uaf_helper+0x96/0x400 [ 24.747480] mempool_slab_uaf+0xea/0x140 [ 24.747684] kunit_try_run_case+0x1a5/0x480 [ 24.747848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.748016] kthread+0x337/0x6f0 [ 24.748177] ret_from_fork+0x116/0x1d0 [ 24.748357] ret_from_fork_asm+0x1a/0x30 [ 24.748563] [ 24.748655] Freed by task 280: [ 24.748807] kasan_save_stack+0x45/0x70 [ 24.748956] kasan_save_track+0x18/0x40 [ 24.749083] kasan_save_free_info+0x3f/0x60 [ 24.749223] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.749387] mempool_free+0x2ec/0x380 [ 24.749624] mempool_uaf_helper+0x11a/0x400 [ 24.749923] mempool_slab_uaf+0xea/0x140 [ 24.750114] kunit_try_run_case+0x1a5/0x480 [ 24.750309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.750485] kthread+0x337/0x6f0 [ 24.750597] ret_from_fork+0x116/0x1d0 [ 24.750721] ret_from_fork_asm+0x1a/0x30 [ 24.750852] [ 24.750916] The buggy address belongs to the object at ffff888106194240 [ 24.750916] which belongs to the cache test_cache of size 123 [ 24.751846] The buggy address is located 0 bytes inside of [ 24.751846] freed 123-byte region [ffff888106194240, ffff8881061942bb) [ 24.752376] [ 24.752485] The buggy address belongs to the physical page: [ 24.752741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106194 [ 24.753097] flags: 0x200000000000000(node=0|zone=2) [ 24.753327] page_type: f5(slab) [ 24.753443] raw: 0200000000000000 ffff888105acb000 dead000000000122 0000000000000000 [ 24.753781] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.754119] page dumped because: kasan: bad access detected [ 24.754360] [ 24.754424] Memory state around the buggy address: [ 24.754584] ffff888106194100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.754795] ffff888106194180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.755103] >ffff888106194200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.755969] ^ [ 24.756227] ffff888106194280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.756570] ffff888106194300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.756828] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 24.615347] ================================================================== [ 24.615826] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.616135] Read of size 1 at addr ffff888106076001 by task kunit_try_catch/272 [ 24.616441] [ 24.616560] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.616609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.616622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.616644] Call Trace: [ 24.616658] <TASK> [ 24.616675] dump_stack_lvl+0x73/0xb0 [ 24.616706] print_report+0xd1/0x650 [ 24.616730] ? __virt_addr_valid+0x1db/0x2d0 [ 24.616753] ? mempool_oob_right_helper+0x318/0x380 [ 24.616777] ? kasan_addr_to_slab+0x11/0xa0 [ 24.617099] ? mempool_oob_right_helper+0x318/0x380 [ 24.617129] kasan_report+0x141/0x180 [ 24.617164] ? mempool_oob_right_helper+0x318/0x380 [ 24.617192] __asan_report_load1_noabort+0x18/0x20 [ 24.617230] mempool_oob_right_helper+0x318/0x380 [ 24.617255] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.617279] ? __kasan_check_write+0x18/0x20 [ 24.617317] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.617342] ? finish_task_switch.isra.0+0x153/0x700 [ 24.617368] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.617392] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.617419] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.617441] ? __pfx_mempool_kfree+0x10/0x10 [ 24.617477] ? __pfx_read_tsc+0x10/0x10 [ 24.617500] ? ktime_get_ts64+0x86/0x230 [ 24.617524] kunit_try_run_case+0x1a5/0x480 [ 24.617551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.617573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.617595] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.617620] ? __kthread_parkme+0x82/0x180 [ 24.617641] ? preempt_count_sub+0x50/0x80 [ 24.617663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.617691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.617716] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.617741] kthread+0x337/0x6f0 [ 24.617760] ? trace_preempt_on+0x20/0xc0 [ 24.617783] ? __pfx_kthread+0x10/0x10 [ 24.617804] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.617827] ? calculate_sigpending+0x7b/0xa0 [ 24.617859] ? __pfx_kthread+0x10/0x10 [ 24.617880] ret_from_fork+0x116/0x1d0 [ 24.617900] ? __pfx_kthread+0x10/0x10 [ 24.617921] ret_from_fork_asm+0x1a/0x30 [ 24.617951] </TASK> [ 24.617964] [ 24.627865] The buggy address belongs to the physical page: [ 24.628112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106074 [ 24.628677] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.628986] flags: 0x200000000000040(head|node=0|zone=2) [ 24.629192] page_type: f8(unknown) [ 24.629432] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.629747] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.630028] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.630426] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.630735] head: 0200000000000002 ffffea0004181d01 00000000ffffffff 00000000ffffffff [ 24.631076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.631380] page dumped because: kasan: bad access detected [ 24.631610] [ 24.631677] Memory state around the buggy address: [ 24.631868] ffff888106075f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.632179] ffff888106075f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.632631] >ffff888106076000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.632904] ^ [ 24.633050] ffff888106076080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.633466] ffff888106076100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.633730] ================================================================== [ 24.639443] ================================================================== [ 24.639944] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.640236] Read of size 1 at addr ffff888105ec12bb by task kunit_try_catch/274 [ 24.640530] [ 24.640635] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.640682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.640695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.640719] Call Trace: [ 24.640731] <TASK> [ 24.640746] dump_stack_lvl+0x73/0xb0 [ 24.640773] print_report+0xd1/0x650 [ 24.640797] ? __virt_addr_valid+0x1db/0x2d0 [ 24.640922] ? mempool_oob_right_helper+0x318/0x380 [ 24.640945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.640970] ? mempool_oob_right_helper+0x318/0x380 [ 24.640994] kasan_report+0x141/0x180 [ 24.641016] ? mempool_oob_right_helper+0x318/0x380 [ 24.641044] __asan_report_load1_noabort+0x18/0x20 [ 24.641067] mempool_oob_right_helper+0x318/0x380 [ 24.641092] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.641116] ? update_load_avg+0x1be/0x21b0 [ 24.641143] ? finish_task_switch.isra.0+0x153/0x700 [ 24.641180] mempool_slab_oob_right+0xed/0x140 [ 24.641203] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.641230] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.641254] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.641278] ? __pfx_read_tsc+0x10/0x10 [ 24.641299] ? ktime_get_ts64+0x86/0x230 [ 24.641322] kunit_try_run_case+0x1a5/0x480 [ 24.641348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.641371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.641392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.641417] ? __kthread_parkme+0x82/0x180 [ 24.641438] ? preempt_count_sub+0x50/0x80 [ 24.641470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.641495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.641518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.641542] kthread+0x337/0x6f0 [ 24.641562] ? trace_preempt_on+0x20/0xc0 [ 24.641584] ? __pfx_kthread+0x10/0x10 [ 24.641605] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.641629] ? calculate_sigpending+0x7b/0xa0 [ 24.641653] ? __pfx_kthread+0x10/0x10 [ 24.641674] ret_from_fork+0x116/0x1d0 [ 24.641692] ? __pfx_kthread+0x10/0x10 [ 24.641713] ret_from_fork_asm+0x1a/0x30 [ 24.641744] </TASK> [ 24.641755] [ 24.652545] Allocated by task 274: [ 24.652751] kasan_save_stack+0x45/0x70 [ 24.652924] kasan_save_track+0x18/0x40 [ 24.653094] kasan_save_alloc_info+0x3b/0x50 [ 24.653590] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.653947] remove_element+0x11e/0x190 [ 24.654410] mempool_alloc_preallocated+0x4d/0x90 [ 24.654648] mempool_oob_right_helper+0x8a/0x380 [ 24.654835] mempool_slab_oob_right+0xed/0x140 [ 24.655033] kunit_try_run_case+0x1a5/0x480 [ 24.655563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.655861] kthread+0x337/0x6f0 [ 24.656126] ret_from_fork+0x116/0x1d0 [ 24.656507] ret_from_fork_asm+0x1a/0x30 [ 24.656813] [ 24.657022] The buggy address belongs to the object at ffff888105ec1240 [ 24.657022] which belongs to the cache test_cache of size 123 [ 24.657855] The buggy address is located 0 bytes to the right of [ 24.657855] allocated 123-byte region [ffff888105ec1240, ffff888105ec12bb) [ 24.658804] [ 24.658903] The buggy address belongs to the physical page: [ 24.659135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ec1 [ 24.659728] flags: 0x200000000000000(node=0|zone=2) [ 24.659948] page_type: f5(slab) [ 24.660100] raw: 0200000000000000 ffff8881055053c0 dead000000000122 0000000000000000 [ 24.660861] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.661537] page dumped because: kasan: bad access detected [ 24.661845] [ 24.662063] Memory state around the buggy address: [ 24.662808] ffff888105ec1180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.663094] ffff888105ec1200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.663926] >ffff888105ec1280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.664428] ^ [ 24.664865] ffff888105ec1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.665409] ffff888105ec1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.665710] ================================================================== [ 24.591489] ================================================================== [ 24.591957] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.592277] Read of size 1 at addr ffff888105540473 by task kunit_try_catch/270 [ 24.592602] [ 24.592722] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.592778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.592790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.592814] Call Trace: [ 24.592829] <TASK> [ 24.592849] dump_stack_lvl+0x73/0xb0 [ 24.592882] print_report+0xd1/0x650 [ 24.592905] ? __virt_addr_valid+0x1db/0x2d0 [ 24.592931] ? mempool_oob_right_helper+0x318/0x380 [ 24.592952] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.592978] ? mempool_oob_right_helper+0x318/0x380 [ 24.593001] kasan_report+0x141/0x180 [ 24.593024] ? mempool_oob_right_helper+0x318/0x380 [ 24.593050] __asan_report_load1_noabort+0x18/0x20 [ 24.593074] mempool_oob_right_helper+0x318/0x380 [ 24.593098] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.593124] ? finish_task_switch.isra.0+0x153/0x700 [ 24.593151] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.593174] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.593199] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.593225] ? __pfx_mempool_kfree+0x10/0x10 [ 24.593249] ? __pfx_read_tsc+0x10/0x10 [ 24.593272] ? ktime_get_ts64+0x86/0x230 [ 24.593297] kunit_try_run_case+0x1a5/0x480 [ 24.593324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.593348] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.593369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.593395] ? __kthread_parkme+0x82/0x180 [ 24.593416] ? preempt_count_sub+0x50/0x80 [ 24.593439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.593475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.593499] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.593523] kthread+0x337/0x6f0 [ 24.593542] ? trace_preempt_on+0x20/0xc0 [ 24.593566] ? __pfx_kthread+0x10/0x10 [ 24.593586] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.593610] ? calculate_sigpending+0x7b/0xa0 [ 24.593635] ? __pfx_kthread+0x10/0x10 [ 24.593656] ret_from_fork+0x116/0x1d0 [ 24.593676] ? __pfx_kthread+0x10/0x10 [ 24.593697] ret_from_fork_asm+0x1a/0x30 [ 24.593728] </TASK> [ 24.593741] [ 24.602192] Allocated by task 270: [ 24.602719] kasan_save_stack+0x45/0x70 [ 24.602915] kasan_save_track+0x18/0x40 [ 24.603049] kasan_save_alloc_info+0x3b/0x50 [ 24.603543] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.603865] remove_element+0x11e/0x190 [ 24.604063] mempool_alloc_preallocated+0x4d/0x90 [ 24.604575] mempool_oob_right_helper+0x8a/0x380 [ 24.604844] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.605022] kunit_try_run_case+0x1a5/0x480 [ 24.605228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.605481] kthread+0x337/0x6f0 [ 24.605636] ret_from_fork+0x116/0x1d0 [ 24.605763] ret_from_fork_asm+0x1a/0x30 [ 24.605962] [ 24.606039] The buggy address belongs to the object at ffff888105540400 [ 24.606039] which belongs to the cache kmalloc-128 of size 128 [ 24.606583] The buggy address is located 0 bytes to the right of [ 24.606583] allocated 115-byte region [ffff888105540400, ffff888105540473) [ 24.607037] [ 24.607128] The buggy address belongs to the physical page: [ 24.607344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105540 [ 24.607688] flags: 0x200000000000000(node=0|zone=2) [ 24.607960] page_type: f5(slab) [ 24.608119] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.608415] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.608722] page dumped because: kasan: bad access detected [ 24.608924] [ 24.609008] Memory state around the buggy address: [ 24.609190] ffff888105540300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.609467] ffff888105540380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.609705] >ffff888105540400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.610006] ^ [ 24.610327] ffff888105540480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.610549] ffff888105540500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.610860] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 24.023282] ================================================================== [ 24.023731] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 24.024098] Read of size 1 at addr ffff888105505140 by task kunit_try_catch/264 [ 24.024381] [ 24.024728] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 24.024788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.024802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.024826] Call Trace: [ 24.024841] <TASK> [ 24.024861] dump_stack_lvl+0x73/0xb0 [ 24.024894] print_report+0xd1/0x650 [ 24.024915] ? __virt_addr_valid+0x1db/0x2d0 [ 24.024941] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.024965] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.024990] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.025014] kasan_report+0x141/0x180 [ 24.025035] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.025062] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.025120] __kasan_check_byte+0x3d/0x50 [ 24.025141] kmem_cache_destroy+0x25/0x1d0 [ 24.025169] kmem_cache_double_destroy+0x1bf/0x380 [ 24.025193] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 24.025247] ? finish_task_switch.isra.0+0x153/0x700 [ 24.025271] ? __switch_to+0x47/0xf50 [ 24.025300] ? __pfx_read_tsc+0x10/0x10 [ 24.025322] ? ktime_get_ts64+0x86/0x230 [ 24.025348] kunit_try_run_case+0x1a5/0x480 [ 24.025375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.025399] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.025440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.025488] ? __kthread_parkme+0x82/0x180 [ 24.025510] ? preempt_count_sub+0x50/0x80 [ 24.025533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.025557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.025580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.025605] kthread+0x337/0x6f0 [ 24.025624] ? trace_preempt_on+0x20/0xc0 [ 24.025649] ? __pfx_kthread+0x10/0x10 [ 24.025670] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.025696] ? calculate_sigpending+0x7b/0xa0 [ 24.025721] ? __pfx_kthread+0x10/0x10 [ 24.025743] ret_from_fork+0x116/0x1d0 [ 24.025762] ? __pfx_kthread+0x10/0x10 [ 24.025783] ret_from_fork_asm+0x1a/0x30 [ 24.025814] </TASK> [ 24.025825] [ 24.033882] Allocated by task 264: [ 24.034063] kasan_save_stack+0x45/0x70 [ 24.034547] kasan_save_track+0x18/0x40 [ 24.034760] kasan_save_alloc_info+0x3b/0x50 [ 24.034920] __kasan_slab_alloc+0x91/0xa0 [ 24.035110] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.035283] __kmem_cache_create_args+0x169/0x240 [ 24.035429] kmem_cache_double_destroy+0xd5/0x380 [ 24.035585] kunit_try_run_case+0x1a5/0x480 [ 24.035719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.035880] kthread+0x337/0x6f0 [ 24.036151] ret_from_fork+0x116/0x1d0 [ 24.036345] ret_from_fork_asm+0x1a/0x30 [ 24.036729] [ 24.036900] Freed by task 264: [ 24.037105] kasan_save_stack+0x45/0x70 [ 24.037402] kasan_save_track+0x18/0x40 [ 24.037604] kasan_save_free_info+0x3f/0x60 [ 24.037806] __kasan_slab_free+0x56/0x70 [ 24.038029] kmem_cache_free+0x249/0x420 [ 24.038337] slab_kmem_cache_release+0x2e/0x40 [ 24.038537] kmem_cache_release+0x16/0x20 [ 24.038667] kobject_put+0x181/0x450 [ 24.038840] sysfs_slab_release+0x16/0x20 [ 24.039023] kmem_cache_destroy+0xf0/0x1d0 [ 24.039167] kmem_cache_double_destroy+0x14e/0x380 [ 24.039631] kunit_try_run_case+0x1a5/0x480 [ 24.039799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.040009] kthread+0x337/0x6f0 [ 24.040165] ret_from_fork+0x116/0x1d0 [ 24.040386] ret_from_fork_asm+0x1a/0x30 [ 24.040534] [ 24.040599] The buggy address belongs to the object at ffff888105505140 [ 24.040599] which belongs to the cache kmem_cache of size 208 [ 24.040983] The buggy address is located 0 bytes inside of [ 24.040983] freed 208-byte region [ffff888105505140, ffff888105505210) [ 24.041733] [ 24.041899] The buggy address belongs to the physical page: [ 24.042186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105505 [ 24.042485] flags: 0x200000000000000(node=0|zone=2) [ 24.042745] page_type: f5(slab) [ 24.042918] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 24.043496] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 24.043756] page dumped because: kasan: bad access detected [ 24.044023] [ 24.044144] Memory state around the buggy address: [ 24.044467] ffff888105505000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.044805] ffff888105505080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 24.045137] >ffff888105505100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.045524] ^ [ 24.045783] ffff888105505180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.046106] ffff888105505200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.046403] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 23.953443] ================================================================== [ 23.953871] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.954115] Read of size 1 at addr ffff888105ac6000 by task kunit_try_catch/262 [ 23.955429] [ 23.955707] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.955765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.955778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.955802] Call Trace: [ 23.955816] <TASK> [ 23.956016] dump_stack_lvl+0x73/0xb0 [ 23.956055] print_report+0xd1/0x650 [ 23.956080] ? __virt_addr_valid+0x1db/0x2d0 [ 23.956106] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.956129] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.956175] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.956222] kasan_report+0x141/0x180 [ 23.956245] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.956271] __asan_report_load1_noabort+0x18/0x20 [ 23.956296] kmem_cache_rcu_uaf+0x3e3/0x510 [ 23.956318] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 23.956340] ? irqentry_exit+0x2a/0x60 [ 23.956364] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.956392] ? __pfx_read_tsc+0x10/0x10 [ 23.956416] ? ktime_get_ts64+0x86/0x230 [ 23.956442] kunit_try_run_case+0x1a5/0x480 [ 23.956480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.956504] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.956526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.956551] ? __kthread_parkme+0x82/0x180 [ 23.956573] ? preempt_count_sub+0x50/0x80 [ 23.956597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.956622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.956645] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.956670] kthread+0x337/0x6f0 [ 23.956690] ? trace_preempt_on+0x20/0xc0 [ 23.956713] ? __pfx_kthread+0x10/0x10 [ 23.956734] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.956757] ? calculate_sigpending+0x7b/0xa0 [ 23.956782] ? __pfx_kthread+0x10/0x10 [ 23.956804] ret_from_fork+0x116/0x1d0 [ 23.956822] ? __pfx_kthread+0x10/0x10 [ 23.956843] ret_from_fork_asm+0x1a/0x30 [ 23.956875] </TASK> [ 23.956888] [ 23.971313] Allocated by task 262: [ 23.971669] kasan_save_stack+0x45/0x70 [ 23.971842] kasan_save_track+0x18/0x40 [ 23.972076] kasan_save_alloc_info+0x3b/0x50 [ 23.972310] __kasan_slab_alloc+0x91/0xa0 [ 23.972491] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.972712] kmem_cache_rcu_uaf+0x155/0x510 [ 23.972854] kunit_try_run_case+0x1a5/0x480 [ 23.973062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.973624] kthread+0x337/0x6f0 [ 23.973793] ret_from_fork+0x116/0x1d0 [ 23.974011] ret_from_fork_asm+0x1a/0x30 [ 23.974329] [ 23.974452] Freed by task 0: [ 23.974616] kasan_save_stack+0x45/0x70 [ 23.974757] kasan_save_track+0x18/0x40 [ 23.974919] kasan_save_free_info+0x3f/0x60 [ 23.975156] __kasan_slab_free+0x56/0x70 [ 23.975513] slab_free_after_rcu_debug+0xe4/0x310 [ 23.975777] rcu_core+0x66f/0x1c40 [ 23.975970] rcu_core_si+0x12/0x20 [ 23.976140] handle_softirqs+0x209/0x730 [ 23.976328] __irq_exit_rcu+0xc9/0x110 [ 23.976517] irq_exit_rcu+0x12/0x20 [ 23.976728] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.976900] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.977142] [ 23.977440] Last potentially related work creation: [ 23.977701] kasan_save_stack+0x45/0x70 [ 23.977961] kasan_record_aux_stack+0xb2/0xc0 [ 23.978239] kmem_cache_free+0x131/0x420 [ 23.978467] kmem_cache_rcu_uaf+0x194/0x510 [ 23.978652] kunit_try_run_case+0x1a5/0x480 [ 23.978800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.979052] kthread+0x337/0x6f0 [ 23.979354] ret_from_fork+0x116/0x1d0 [ 23.979588] ret_from_fork_asm+0x1a/0x30 [ 23.979875] [ 23.979941] The buggy address belongs to the object at ffff888105ac6000 [ 23.979941] which belongs to the cache test_cache of size 200 [ 23.980376] The buggy address is located 0 bytes inside of [ 23.980376] freed 200-byte region [ffff888105ac6000, ffff888105ac60c8) [ 23.981442] [ 23.981548] The buggy address belongs to the physical page: [ 23.981820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ac6 [ 23.982635] flags: 0x200000000000000(node=0|zone=2) [ 23.982828] page_type: f5(slab) [ 23.983177] raw: 0200000000000000 ffff888101248c80 dead000000000122 0000000000000000 [ 23.983753] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.983989] page dumped because: kasan: bad access detected [ 23.984162] [ 23.984585] Memory state around the buggy address: [ 23.984839] ffff888105ac5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.985103] ffff888105ac5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.985680] >ffff888105ac6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.986292] ^ [ 23.986574] ffff888105ac6080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 23.986990] ffff888105ac6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.987475] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 23.883072] ================================================================== [ 23.883785] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 23.884103] Free of addr ffff888105507001 by task kunit_try_catch/260 [ 23.884591] [ 23.884698] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.884747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.884760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.884781] Call Trace: [ 23.884795] <TASK> [ 23.884813] dump_stack_lvl+0x73/0xb0 [ 23.884843] print_report+0xd1/0x650 [ 23.884866] ? __virt_addr_valid+0x1db/0x2d0 [ 23.884890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.884915] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.884939] kasan_report_invalid_free+0x10a/0x130 [ 23.884962] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.885103] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.885132] check_slab_allocation+0x11f/0x130 [ 23.885174] __kasan_slab_pre_free+0x28/0x40 [ 23.885194] kmem_cache_free+0xed/0x420 [ 23.885218] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.885358] ? kmem_cache_invalid_free+0x1d8/0x460 [ 23.885385] kmem_cache_invalid_free+0x1d8/0x460 [ 23.885409] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 23.885433] ? __kasan_check_write+0x18/0x20 [ 23.885467] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.885489] ? irqentry_exit+0x2a/0x60 [ 23.885513] ? trace_hardirqs_on+0x37/0xe0 [ 23.885537] ? __pfx_read_tsc+0x10/0x10 [ 23.885559] ? ktime_get_ts64+0x86/0x230 [ 23.885583] kunit_try_run_case+0x1a5/0x480 [ 23.885609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.885633] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.885654] ? __kthread_parkme+0x82/0x180 [ 23.885674] ? preempt_count_sub+0x50/0x80 [ 23.885697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.885721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.885744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.885768] kthread+0x337/0x6f0 [ 23.885787] ? trace_preempt_on+0x20/0xc0 [ 23.885809] ? __pfx_kthread+0x10/0x10 [ 23.885829] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.885856] ? calculate_sigpending+0x7b/0xa0 [ 23.885883] ? __pfx_kthread+0x10/0x10 [ 23.885905] ret_from_fork+0x116/0x1d0 [ 23.885924] ? __pfx_kthread+0x10/0x10 [ 23.885945] ret_from_fork_asm+0x1a/0x30 [ 23.885977] </TASK> [ 23.885988] [ 23.897504] Allocated by task 260: [ 23.897686] kasan_save_stack+0x45/0x70 [ 23.897881] kasan_save_track+0x18/0x40 [ 23.898057] kasan_save_alloc_info+0x3b/0x50 [ 23.898755] __kasan_slab_alloc+0x91/0xa0 [ 23.899137] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.899594] kmem_cache_invalid_free+0x157/0x460 [ 23.899931] kunit_try_run_case+0x1a5/0x480 [ 23.900231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.900734] kthread+0x337/0x6f0 [ 23.901122] ret_from_fork+0x116/0x1d0 [ 23.901727] ret_from_fork_asm+0x1a/0x30 [ 23.901978] [ 23.902233] The buggy address belongs to the object at ffff888105507000 [ 23.902233] which belongs to the cache test_cache of size 200 [ 23.903022] The buggy address is located 1 bytes inside of [ 23.903022] 200-byte region [ffff888105507000, ffff8881055070c8) [ 23.903930] [ 23.904033] The buggy address belongs to the physical page: [ 23.904655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105507 [ 23.905112] flags: 0x200000000000000(node=0|zone=2) [ 23.905537] page_type: f5(slab) [ 23.905703] raw: 0200000000000000 ffff888105505000 dead000000000122 0000000000000000 [ 23.906019] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.907057] page dumped because: kasan: bad access detected [ 23.907452] [ 23.907685] Memory state around the buggy address: [ 23.908133] ffff888105506f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.908818] ffff888105506f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.909118] >ffff888105507000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.909651] ^ [ 23.909807] ffff888105507080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 23.910097] ffff888105507100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.910726] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 23.841631] ================================================================== [ 23.842077] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 23.842400] Free of addr ffff888105ac5000 by task kunit_try_catch/258 [ 23.843117] [ 23.843298] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.843348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.843360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.843382] Call Trace: [ 23.843393] <TASK> [ 23.843410] dump_stack_lvl+0x73/0xb0 [ 23.843540] print_report+0xd1/0x650 [ 23.843564] ? __virt_addr_valid+0x1db/0x2d0 [ 23.843588] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.843613] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843637] kasan_report_invalid_free+0x10a/0x130 [ 23.843660] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843685] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843709] check_slab_allocation+0x101/0x130 [ 23.843734] __kasan_slab_pre_free+0x28/0x40 [ 23.843754] kmem_cache_free+0xed/0x420 [ 23.843778] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.843801] ? kmem_cache_double_free+0x1e5/0x480 [ 23.843827] kmem_cache_double_free+0x1e5/0x480 [ 23.843851] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 23.843874] ? finish_task_switch.isra.0+0x153/0x700 [ 23.843896] ? __switch_to+0x47/0xf50 [ 23.843930] ? __pfx_read_tsc+0x10/0x10 [ 23.843956] ? ktime_get_ts64+0x86/0x230 [ 23.843980] kunit_try_run_case+0x1a5/0x480 [ 23.844005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.844028] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.844049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.844075] ? __kthread_parkme+0x82/0x180 [ 23.844095] ? preempt_count_sub+0x50/0x80 [ 23.844117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.844159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.844193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.844217] kthread+0x337/0x6f0 [ 23.844237] ? trace_preempt_on+0x20/0xc0 [ 23.844259] ? __pfx_kthread+0x10/0x10 [ 23.844280] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.844303] ? calculate_sigpending+0x7b/0xa0 [ 23.844327] ? __pfx_kthread+0x10/0x10 [ 23.844348] ret_from_fork+0x116/0x1d0 [ 23.844368] ? __pfx_kthread+0x10/0x10 [ 23.844389] ret_from_fork_asm+0x1a/0x30 [ 23.844419] </TASK> [ 23.844431] [ 23.853747] Allocated by task 258: [ 23.853924] kasan_save_stack+0x45/0x70 [ 23.854109] kasan_save_track+0x18/0x40 [ 23.855371] kasan_save_alloc_info+0x3b/0x50 [ 23.855643] __kasan_slab_alloc+0x91/0xa0 [ 23.855804] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.856007] kmem_cache_double_free+0x14f/0x480 [ 23.856532] kunit_try_run_case+0x1a5/0x480 [ 23.856815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.857036] kthread+0x337/0x6f0 [ 23.857194] ret_from_fork+0x116/0x1d0 [ 23.857536] ret_from_fork_asm+0x1a/0x30 [ 23.857864] [ 23.857959] Freed by task 258: [ 23.858097] kasan_save_stack+0x45/0x70 [ 23.858560] kasan_save_track+0x18/0x40 [ 23.858933] kasan_save_free_info+0x3f/0x60 [ 23.859089] __kasan_slab_free+0x56/0x70 [ 23.859306] kmem_cache_free+0x249/0x420 [ 23.859724] kmem_cache_double_free+0x16a/0x480 [ 23.859925] kunit_try_run_case+0x1a5/0x480 [ 23.860134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.860343] kthread+0x337/0x6f0 [ 23.860807] ret_from_fork+0x116/0x1d0 [ 23.860979] ret_from_fork_asm+0x1a/0x30 [ 23.861386] [ 23.861494] The buggy address belongs to the object at ffff888105ac5000 [ 23.861494] which belongs to the cache test_cache of size 200 [ 23.862085] The buggy address is located 0 bytes inside of [ 23.862085] 200-byte region [ffff888105ac5000, ffff888105ac50c8) [ 23.862785] [ 23.862892] The buggy address belongs to the physical page: [ 23.863092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ac5 [ 23.863416] flags: 0x200000000000000(node=0|zone=2) [ 23.863839] page_type: f5(slab) [ 23.863993] raw: 0200000000000000 ffff888101248b40 dead000000000122 0000000000000000 [ 23.864373] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.864785] page dumped because: kasan: bad access detected [ 23.864963] [ 23.865056] Memory state around the buggy address: [ 23.865267] ffff888105ac4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.865589] ffff888105ac4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.865914] >ffff888105ac5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.866180] ^ [ 23.866315] ffff888105ac5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 23.866588] ffff888105ac5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.867144] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 23.798195] ================================================================== [ 23.798820] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 23.799054] Read of size 1 at addr ffff888105ac30c8 by task kunit_try_catch/256 [ 23.799599] [ 23.799707] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.799755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.799767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.799789] Call Trace: [ 23.799802] <TASK> [ 23.799819] dump_stack_lvl+0x73/0xb0 [ 23.799850] print_report+0xd1/0x650 [ 23.799874] ? __virt_addr_valid+0x1db/0x2d0 [ 23.799898] ? kmem_cache_oob+0x402/0x530 [ 23.799919] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.799944] ? kmem_cache_oob+0x402/0x530 [ 23.799966] kasan_report+0x141/0x180 [ 23.799987] ? kmem_cache_oob+0x402/0x530 [ 23.800014] __asan_report_load1_noabort+0x18/0x20 [ 23.800037] kmem_cache_oob+0x402/0x530 [ 23.800058] ? trace_hardirqs_on+0x37/0xe0 [ 23.800082] ? __pfx_kmem_cache_oob+0x10/0x10 [ 23.800103] ? finish_task_switch.isra.0+0x153/0x700 [ 23.800125] ? __switch_to+0x47/0xf50 [ 23.800466] ? __pfx_read_tsc+0x10/0x10 [ 23.800500] ? ktime_get_ts64+0x86/0x230 [ 23.800526] kunit_try_run_case+0x1a5/0x480 [ 23.800553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.800576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.800598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.800623] ? __kthread_parkme+0x82/0x180 [ 23.800644] ? preempt_count_sub+0x50/0x80 [ 23.800666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.800690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.800713] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.800737] kthread+0x337/0x6f0 [ 23.800757] ? trace_preempt_on+0x20/0xc0 [ 23.800778] ? __pfx_kthread+0x10/0x10 [ 23.800799] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.800822] ? calculate_sigpending+0x7b/0xa0 [ 23.800845] ? __pfx_kthread+0x10/0x10 [ 23.800866] ret_from_fork+0x116/0x1d0 [ 23.800885] ? __pfx_kthread+0x10/0x10 [ 23.800906] ret_from_fork_asm+0x1a/0x30 [ 23.800936] </TASK> [ 23.800948] [ 23.808807] Allocated by task 256: [ 23.808961] kasan_save_stack+0x45/0x70 [ 23.809158] kasan_save_track+0x18/0x40 [ 23.809385] kasan_save_alloc_info+0x3b/0x50 [ 23.809939] __kasan_slab_alloc+0x91/0xa0 [ 23.810371] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.811468] kmem_cache_oob+0x157/0x530 [ 23.811702] kunit_try_run_case+0x1a5/0x480 [ 23.811905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.812123] kthread+0x337/0x6f0 [ 23.812493] ret_from_fork+0x116/0x1d0 [ 23.812696] ret_from_fork_asm+0x1a/0x30 [ 23.813004] [ 23.813093] The buggy address belongs to the object at ffff888105ac3000 [ 23.813093] which belongs to the cache test_cache of size 200 [ 23.813662] The buggy address is located 0 bytes to the right of [ 23.813662] allocated 200-byte region [ffff888105ac3000, ffff888105ac30c8) [ 23.814182] [ 23.814269] The buggy address belongs to the physical page: [ 23.814920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ac3 [ 23.815233] flags: 0x200000000000000(node=0|zone=2) [ 23.815541] page_type: f5(slab) [ 23.815811] raw: 0200000000000000 ffff8881010c2dc0 dead000000000122 0000000000000000 [ 23.816400] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.816780] page dumped because: kasan: bad access detected [ 23.816998] [ 23.817090] Memory state around the buggy address: [ 23.817275] ffff888105ac2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.817584] ffff888105ac3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.817878] >ffff888105ac3080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 23.818173] ^ [ 23.818392] ffff888105ac3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.819154] ffff888105ac3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.819654] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 23.756855] ================================================================== [ 23.757706] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 23.758421] Read of size 8 at addr ffff888104bbbc00 by task kunit_try_catch/249 [ 23.759026] [ 23.759118] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.759166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.759233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.759256] Call Trace: [ 23.759269] <TASK> [ 23.759298] dump_stack_lvl+0x73/0xb0 [ 23.759329] print_report+0xd1/0x650 [ 23.759350] ? __virt_addr_valid+0x1db/0x2d0 [ 23.759374] ? workqueue_uaf+0x4d6/0x560 [ 23.759440] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.759482] ? workqueue_uaf+0x4d6/0x560 [ 23.759503] kasan_report+0x141/0x180 [ 23.759525] ? workqueue_uaf+0x4d6/0x560 [ 23.759550] __asan_report_load8_noabort+0x18/0x20 [ 23.759573] workqueue_uaf+0x4d6/0x560 [ 23.759594] ? __pfx_workqueue_uaf+0x10/0x10 [ 23.759615] ? __schedule+0x10cc/0x2b60 [ 23.759640] ? __pfx_read_tsc+0x10/0x10 [ 23.759663] ? ktime_get_ts64+0x86/0x230 [ 23.759688] kunit_try_run_case+0x1a5/0x480 [ 23.759714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.759753] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.759774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.759799] ? __kthread_parkme+0x82/0x180 [ 23.759819] ? preempt_count_sub+0x50/0x80 [ 23.759843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.759866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.759889] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.759912] kthread+0x337/0x6f0 [ 23.759931] ? trace_preempt_on+0x20/0xc0 [ 23.759954] ? __pfx_kthread+0x10/0x10 [ 23.759974] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.759997] ? calculate_sigpending+0x7b/0xa0 [ 23.760021] ? __pfx_kthread+0x10/0x10 [ 23.760042] ret_from_fork+0x116/0x1d0 [ 23.760060] ? __pfx_kthread+0x10/0x10 [ 23.760080] ret_from_fork_asm+0x1a/0x30 [ 23.760110] </TASK> [ 23.760121] [ 23.770861] Allocated by task 249: [ 23.771039] kasan_save_stack+0x45/0x70 [ 23.771426] kasan_save_track+0x18/0x40 [ 23.771630] kasan_save_alloc_info+0x3b/0x50 [ 23.771776] __kasan_kmalloc+0xb7/0xc0 [ 23.771950] __kmalloc_cache_noprof+0x189/0x420 [ 23.772210] workqueue_uaf+0x152/0x560 [ 23.772399] kunit_try_run_case+0x1a5/0x480 [ 23.772860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.773886] kthread+0x337/0x6f0 [ 23.774022] ret_from_fork+0x116/0x1d0 [ 23.774376] ret_from_fork_asm+0x1a/0x30 [ 23.774868] [ 23.774967] Freed by task 44: [ 23.775409] kasan_save_stack+0x45/0x70 [ 23.775574] kasan_save_track+0x18/0x40 [ 23.775969] kasan_save_free_info+0x3f/0x60 [ 23.776163] __kasan_slab_free+0x56/0x70 [ 23.776650] kfree+0x222/0x3f0 [ 23.776779] workqueue_uaf_work+0x12/0x20 [ 23.777120] process_one_work+0x5ee/0xf60 [ 23.777435] worker_thread+0x758/0x1220 [ 23.777909] kthread+0x337/0x6f0 [ 23.778031] ret_from_fork+0x116/0x1d0 [ 23.778512] ret_from_fork_asm+0x1a/0x30 [ 23.778869] [ 23.778948] Last potentially related work creation: [ 23.779376] kasan_save_stack+0x45/0x70 [ 23.779599] kasan_record_aux_stack+0xb2/0xc0 [ 23.780014] __queue_work+0x61a/0xe70 [ 23.780223] queue_work_on+0xb6/0xc0 [ 23.780361] workqueue_uaf+0x26d/0x560 [ 23.780562] kunit_try_run_case+0x1a5/0x480 [ 23.780767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.780987] kthread+0x337/0x6f0 [ 23.781151] ret_from_fork+0x116/0x1d0 [ 23.781735] ret_from_fork_asm+0x1a/0x30 [ 23.781905] [ 23.782279] The buggy address belongs to the object at ffff888104bbbc00 [ 23.782279] which belongs to the cache kmalloc-32 of size 32 [ 23.782915] The buggy address is located 0 bytes inside of [ 23.782915] freed 32-byte region [ffff888104bbbc00, ffff888104bbbc20) [ 23.783706] [ 23.783811] The buggy address belongs to the physical page: [ 23.784045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104bbb [ 23.784720] flags: 0x200000000000000(node=0|zone=2) [ 23.785038] page_type: f5(slab) [ 23.785166] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.785790] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.786204] page dumped because: kasan: bad access detected [ 23.786712] [ 23.786793] Memory state around the buggy address: [ 23.787189] ffff888104bbbb00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.787732] ffff888104bbbb80: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.788073] >ffff888104bbbc00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 23.788694] ^ [ 23.788853] ffff888104bbbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789357] ffff888104bbbd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789667] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 23.710369] ================================================================== [ 23.710848] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 23.711071] Read of size 4 at addr ffff888105ac1580 by task swapper/0/0 [ 23.712377] [ 23.712625] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 23.712678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.712690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.712720] Call Trace: [ 23.712750] <IRQ> [ 23.712767] dump_stack_lvl+0x73/0xb0 [ 23.712799] print_report+0xd1/0x650 [ 23.712821] ? __virt_addr_valid+0x1db/0x2d0 [ 23.712845] ? rcu_uaf_reclaim+0x50/0x60 [ 23.712864] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.712889] ? rcu_uaf_reclaim+0x50/0x60 [ 23.712909] kasan_report+0x141/0x180 [ 23.712930] ? rcu_uaf_reclaim+0x50/0x60 [ 23.712955] __asan_report_load4_noabort+0x18/0x20 [ 23.712979] rcu_uaf_reclaim+0x50/0x60 [ 23.713000] rcu_core+0x66f/0x1c40 [ 23.713030] ? __pfx_rcu_core+0x10/0x10 [ 23.713051] ? ktime_get+0x6b/0x150 [ 23.713073] ? handle_softirqs+0x18e/0x730 [ 23.713097] rcu_core_si+0x12/0x20 [ 23.713117] handle_softirqs+0x209/0x730 [ 23.713312] ? hrtimer_interrupt+0x2fe/0x780 [ 23.713351] ? __pfx_handle_softirqs+0x10/0x10 [ 23.713378] __irq_exit_rcu+0xc9/0x110 [ 23.713441] irq_exit_rcu+0x12/0x20 [ 23.713471] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.713496] </IRQ> [ 23.713530] <TASK> [ 23.713541] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.713634] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 23.713849] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 df 19 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 23.713929] RSP: 0000:ffffffffb8807dd8 EFLAGS: 00010202 [ 23.714017] RAX: ffff8881a142d000 RBX: ffffffffb881cac0 RCX: ffffffffb76ed225 [ 23.714061] RDX: ffffed102b606193 RSI: 0000000000000004 RDI: 0000000000140f14 [ 23.714104] RBP: ffffffffb8807de0 R08: 0000000000000001 R09: ffffed102b606192 [ 23.714175] R10: ffff88815b030c93 R11: ffffffffb9c08700 R12: 0000000000000000 [ 23.714255] R13: fffffbfff7103958 R14: ffffffffb93e77d0 R15: 0000000000000000 [ 23.714314] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 23.714372] ? default_idle+0xd/0x20 [ 23.714394] arch_cpu_idle+0xd/0x20 [ 23.714416] default_idle_call+0x48/0x80 [ 23.714437] do_idle+0x379/0x4f0 [ 23.714474] ? __pfx_do_idle+0x10/0x10 [ 23.714502] cpu_startup_entry+0x5c/0x70 [ 23.714525] rest_init+0x11a/0x140 [ 23.714545] ? acpi_subsystem_init+0x5d/0x150 [ 23.714570] start_kernel+0x352/0x400 [ 23.714595] x86_64_start_reservations+0x1c/0x30 [ 23.714619] x86_64_start_kernel+0x10d/0x120 [ 23.714642] common_startup_64+0x13e/0x148 [ 23.714679] </TASK> [ 23.714691] [ 23.732900] Allocated by task 247: [ 23.733063] kasan_save_stack+0x45/0x70 [ 23.733681] kasan_save_track+0x18/0x40 [ 23.733873] kasan_save_alloc_info+0x3b/0x50 [ 23.734135] __kasan_kmalloc+0xb7/0xc0 [ 23.734608] __kmalloc_cache_noprof+0x189/0x420 [ 23.734898] rcu_uaf+0xb0/0x330 [ 23.735218] kunit_try_run_case+0x1a5/0x480 [ 23.735544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.735880] kthread+0x337/0x6f0 [ 23.736064] ret_from_fork+0x116/0x1d0 [ 23.736492] ret_from_fork_asm+0x1a/0x30 [ 23.736689] [ 23.736757] Freed by task 0: [ 23.737106] kasan_save_stack+0x45/0x70 [ 23.737576] kasan_save_track+0x18/0x40 [ 23.737874] kasan_save_free_info+0x3f/0x60 [ 23.738182] __kasan_slab_free+0x56/0x70 [ 23.738550] kfree+0x222/0x3f0 [ 23.738708] rcu_uaf_reclaim+0x1f/0x60 [ 23.738886] rcu_core+0x66f/0x1c40 [ 23.739016] rcu_core_si+0x12/0x20 [ 23.739190] handle_softirqs+0x209/0x730 [ 23.739835] __irq_exit_rcu+0xc9/0x110 [ 23.740141] irq_exit_rcu+0x12/0x20 [ 23.740380] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.740681] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.740983] [ 23.741228] Last potentially related work creation: [ 23.741464] kasan_save_stack+0x45/0x70 [ 23.741645] kasan_record_aux_stack+0xb2/0xc0 [ 23.742089] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 23.742502] call_rcu+0x12/0x20 [ 23.742776] rcu_uaf+0x168/0x330 [ 23.743115] kunit_try_run_case+0x1a5/0x480 [ 23.743511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.743765] kthread+0x337/0x6f0 [ 23.743885] ret_from_fork+0x116/0x1d0 [ 23.744074] ret_from_fork_asm+0x1a/0x30 [ 23.744611] [ 23.744720] The buggy address belongs to the object at ffff888105ac1580 [ 23.744720] which belongs to the cache kmalloc-32 of size 32 [ 23.745593] The buggy address is located 0 bytes inside of [ 23.745593] freed 32-byte region [ffff888105ac1580, ffff888105ac15a0) [ 23.746571] [ 23.746679] The buggy address belongs to the physical page: [ 23.747082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ac1 [ 23.747792] flags: 0x200000000000000(node=0|zone=2) [ 23.748110] page_type: f5(slab) [ 23.748378] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.748703] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.749027] page dumped because: kasan: bad access detected [ 23.749259] [ 23.749689] Memory state around the buggy address: [ 23.749875] ffff888105ac1480: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 23.750507] ffff888105ac1500: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 23.750882] >ffff888105ac1580: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 23.751433] ^ [ 23.751617] ffff888105ac1600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.752107] ffff888105ac1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.752666] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 22.712391] ================================================================== [ 22.712988] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 22.713247] Read of size 1 at addr ffff888106120000 by task kunit_try_catch/203 [ 22.713547] [ 22.713644] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.713689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.713701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.713721] Call Trace: [ 22.713735] <TASK> [ 22.713751] dump_stack_lvl+0x73/0xb0 [ 22.713778] print_report+0xd1/0x650 [ 22.713799] ? __virt_addr_valid+0x1db/0x2d0 [ 22.713821] ? page_alloc_uaf+0x356/0x3d0 [ 22.713849] ? kasan_addr_to_slab+0x11/0xa0 [ 22.713876] ? page_alloc_uaf+0x356/0x3d0 [ 22.713897] kasan_report+0x141/0x180 [ 22.713918] ? page_alloc_uaf+0x356/0x3d0 [ 22.713944] __asan_report_load1_noabort+0x18/0x20 [ 22.713967] page_alloc_uaf+0x356/0x3d0 [ 22.713988] ? __pfx_page_alloc_uaf+0x10/0x10 [ 22.714009] ? __schedule+0x10cc/0x2b60 [ 22.714036] ? __pfx_read_tsc+0x10/0x10 [ 22.714057] ? ktime_get_ts64+0x86/0x230 [ 22.714080] kunit_try_run_case+0x1a5/0x480 [ 22.714105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.714128] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.714149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.714176] ? __kthread_parkme+0x82/0x180 [ 22.714195] ? preempt_count_sub+0x50/0x80 [ 22.714217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.714241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.714264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.714287] kthread+0x337/0x6f0 [ 22.714306] ? trace_preempt_on+0x20/0xc0 [ 22.714328] ? __pfx_kthread+0x10/0x10 [ 22.714349] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.714374] ? calculate_sigpending+0x7b/0xa0 [ 22.714397] ? __pfx_kthread+0x10/0x10 [ 22.714420] ret_from_fork+0x116/0x1d0 [ 22.714438] ? __pfx_kthread+0x10/0x10 [ 22.714499] ret_from_fork_asm+0x1a/0x30 [ 22.714531] </TASK> [ 22.714543] [ 22.721378] The buggy address belongs to the physical page: [ 22.721640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106120 [ 22.721996] flags: 0x200000000000000(node=0|zone=2) [ 22.722434] page_type: f0(buddy) [ 22.722624] raw: 0200000000000000 ffff88817fffb4a8 ffff88817fffb4a8 0000000000000000 [ 22.722869] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 22.723121] page dumped because: kasan: bad access detected [ 22.723446] [ 22.723545] Memory state around the buggy address: [ 22.723764] ffff88810611ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.724073] ffff88810611ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.724363] >ffff888106120000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.724658] ^ [ 22.724814] ffff888106120080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.725122] ffff888106120100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.725507] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 22.691082] ================================================================== [ 22.691792] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 22.692044] Free of addr ffff888105740001 by task kunit_try_catch/199 [ 22.692301] [ 22.692636] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.692686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.692699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.692719] Call Trace: [ 22.692730] <TASK> [ 22.692746] dump_stack_lvl+0x73/0xb0 [ 22.692774] print_report+0xd1/0x650 [ 22.692797] ? __virt_addr_valid+0x1db/0x2d0 [ 22.692820] ? kasan_addr_to_slab+0x11/0xa0 [ 22.692843] ? kfree+0x274/0x3f0 [ 22.692865] kasan_report_invalid_free+0x10a/0x130 [ 22.692888] ? kfree+0x274/0x3f0 [ 22.692910] ? kfree+0x274/0x3f0 [ 22.692930] __kasan_kfree_large+0x86/0xd0 [ 22.692951] free_large_kmalloc+0x52/0x110 [ 22.692974] kfree+0x274/0x3f0 [ 22.692999] kmalloc_large_invalid_free+0x120/0x2b0 [ 22.693021] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.693044] ? __schedule+0x10cc/0x2b60 [ 22.693069] ? __pfx_read_tsc+0x10/0x10 [ 22.693089] ? ktime_get_ts64+0x86/0x230 [ 22.693113] kunit_try_run_case+0x1a5/0x480 [ 22.693138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.693160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.693182] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.693219] ? __kthread_parkme+0x82/0x180 [ 22.693239] ? preempt_count_sub+0x50/0x80 [ 22.693261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.693286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.693310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.693334] kthread+0x337/0x6f0 [ 22.693353] ? trace_preempt_on+0x20/0xc0 [ 22.693376] ? __pfx_kthread+0x10/0x10 [ 22.693396] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.693419] ? calculate_sigpending+0x7b/0xa0 [ 22.693443] ? __pfx_kthread+0x10/0x10 [ 22.693478] ret_from_fork+0x116/0x1d0 [ 22.693497] ? __pfx_kthread+0x10/0x10 [ 22.693517] ret_from_fork_asm+0x1a/0x30 [ 22.693548] </TASK> [ 22.693559] [ 22.701095] The buggy address belongs to the physical page: [ 22.701356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105740 [ 22.701684] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.701988] flags: 0x200000000000040(head|node=0|zone=2) [ 22.702223] page_type: f8(unknown) [ 22.702422] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.702682] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.702904] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.703190] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.703550] head: 0200000000000002 ffffea000415d001 00000000ffffffff 00000000ffffffff [ 22.703849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.704071] page dumped because: kasan: bad access detected [ 22.704235] [ 22.704300] Memory state around the buggy address: [ 22.704528] ffff88810573ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.704875] ffff88810573ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.705362] >ffff888105740000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.705742] ^ [ 22.705989] ffff888105740080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.706332] ffff888105740100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.706622] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 22.670827] ================================================================== [ 22.671416] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 22.671775] Read of size 1 at addr ffff888105740000 by task kunit_try_catch/197 [ 22.672071] [ 22.672427] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.672501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.672514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.672535] Call Trace: [ 22.672559] <TASK> [ 22.672575] dump_stack_lvl+0x73/0xb0 [ 22.672605] print_report+0xd1/0x650 [ 22.672627] ? __virt_addr_valid+0x1db/0x2d0 [ 22.672651] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.672670] ? kasan_addr_to_slab+0x11/0xa0 [ 22.672696] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.672717] kasan_report+0x141/0x180 [ 22.672739] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.672764] __asan_report_load1_noabort+0x18/0x20 [ 22.672799] kmalloc_large_uaf+0x2f1/0x340 [ 22.672819] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 22.672840] ? __schedule+0x10cc/0x2b60 [ 22.672876] ? __pfx_read_tsc+0x10/0x10 [ 22.672898] ? ktime_get_ts64+0x86/0x230 [ 22.672923] kunit_try_run_case+0x1a5/0x480 [ 22.672949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.672980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.673001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.673026] ? __kthread_parkme+0x82/0x180 [ 22.673057] ? preempt_count_sub+0x50/0x80 [ 22.673081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.673105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.673128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.673152] kthread+0x337/0x6f0 [ 22.673172] ? trace_preempt_on+0x20/0xc0 [ 22.673206] ? __pfx_kthread+0x10/0x10 [ 22.673226] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.673263] ? calculate_sigpending+0x7b/0xa0 [ 22.673287] ? __pfx_kthread+0x10/0x10 [ 22.673308] ret_from_fork+0x116/0x1d0 [ 22.673327] ? __pfx_kthread+0x10/0x10 [ 22.673348] ret_from_fork_asm+0x1a/0x30 [ 22.673379] </TASK> [ 22.673390] [ 22.681846] The buggy address belongs to the physical page: [ 22.682111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105740 [ 22.682416] flags: 0x200000000000000(node=0|zone=2) [ 22.682657] raw: 0200000000000000 ffffea000415d108 ffff88815b039fc0 0000000000000000 [ 22.682974] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 22.683580] page dumped because: kasan: bad access detected [ 22.683786] [ 22.683853] Memory state around the buggy address: [ 22.684005] ffff88810573ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.684443] ffff88810573ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.684760] >ffff888105740000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.685013] ^ [ 22.685157] ffff888105740080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.685452] ffff888105740100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.685714] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 22.646542] ================================================================== [ 22.647011] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 22.647698] Write of size 1 at addr ffff888105eae00a by task kunit_try_catch/195 [ 22.648010] [ 22.648117] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.648163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.648185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.648207] Call Trace: [ 22.648219] <TASK> [ 22.648237] dump_stack_lvl+0x73/0xb0 [ 22.648279] print_report+0xd1/0x650 [ 22.648300] ? __virt_addr_valid+0x1db/0x2d0 [ 22.648366] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.648387] ? kasan_addr_to_slab+0x11/0xa0 [ 22.648472] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.648499] kasan_report+0x141/0x180 [ 22.648520] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.648546] __asan_report_store1_noabort+0x1b/0x30 [ 22.648570] kmalloc_large_oob_right+0x2e9/0x330 [ 22.648591] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 22.648612] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.648636] ? trace_hardirqs_on+0x37/0xe0 [ 22.648668] ? __pfx_read_tsc+0x10/0x10 [ 22.648689] ? ktime_get_ts64+0x86/0x230 [ 22.648713] kunit_try_run_case+0x1a5/0x480 [ 22.648750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.648774] ? queued_spin_lock_slowpath+0x116/0xb40 [ 22.648797] ? __kthread_parkme+0x82/0x180 [ 22.648816] ? preempt_count_sub+0x50/0x80 [ 22.648839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.648863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.648886] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.648909] kthread+0x337/0x6f0 [ 22.648937] ? trace_preempt_on+0x20/0xc0 [ 22.648959] ? __pfx_kthread+0x10/0x10 [ 22.648979] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.649015] ? calculate_sigpending+0x7b/0xa0 [ 22.649039] ? __pfx_kthread+0x10/0x10 [ 22.649060] ret_from_fork+0x116/0x1d0 [ 22.649079] ? __pfx_kthread+0x10/0x10 [ 22.649099] ret_from_fork_asm+0x1a/0x30 [ 22.649130] </TASK> [ 22.649142] [ 22.659545] The buggy address belongs to the physical page: [ 22.659818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eac [ 22.660154] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.660591] flags: 0x200000000000040(head|node=0|zone=2) [ 22.660855] page_type: f8(unknown) [ 22.661026] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.661250] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.661487] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.662716] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.663012] head: 0200000000000002 ffffea000417ab01 00000000ffffffff 00000000ffffffff [ 22.663577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.663871] page dumped because: kasan: bad access detected [ 22.664117] [ 22.664294] Memory state around the buggy address: [ 22.664486] ffff888105eadf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.664825] ffff888105eadf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.665060] >ffff888105eae000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.665583] ^ [ 22.665760] ffff888105eae080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.666064] ffff888105eae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.666466] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 22.613261] ================================================================== [ 22.614354] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 22.614657] Write of size 1 at addr ffff888102aadf00 by task kunit_try_catch/193 [ 22.614878] [ 22.614960] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.615008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.615021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.615043] Call Trace: [ 22.615056] <TASK> [ 22.615073] dump_stack_lvl+0x73/0xb0 [ 22.615100] print_report+0xd1/0x650 [ 22.615122] ? __virt_addr_valid+0x1db/0x2d0 [ 22.615154] ? kmalloc_big_oob_right+0x316/0x370 [ 22.615175] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.615199] ? kmalloc_big_oob_right+0x316/0x370 [ 22.615221] kasan_report+0x141/0x180 [ 22.615242] ? kmalloc_big_oob_right+0x316/0x370 [ 22.615268] __asan_report_store1_noabort+0x1b/0x30 [ 22.615291] kmalloc_big_oob_right+0x316/0x370 [ 22.615313] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 22.615334] ? __schedule+0x10cc/0x2b60 [ 22.615359] ? __pfx_read_tsc+0x10/0x10 [ 22.615380] ? ktime_get_ts64+0x86/0x230 [ 22.615404] kunit_try_run_case+0x1a5/0x480 [ 22.615428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.615451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.615480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.615505] ? __kthread_parkme+0x82/0x180 [ 22.615524] ? preempt_count_sub+0x50/0x80 [ 22.615547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.615571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.615594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.615617] kthread+0x337/0x6f0 [ 22.615637] ? trace_preempt_on+0x20/0xc0 [ 22.615659] ? __pfx_kthread+0x10/0x10 [ 22.615679] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.615702] ? calculate_sigpending+0x7b/0xa0 [ 22.615726] ? __pfx_kthread+0x10/0x10 [ 22.615747] ret_from_fork+0x116/0x1d0 [ 22.615765] ? __pfx_kthread+0x10/0x10 [ 22.615786] ret_from_fork_asm+0x1a/0x30 [ 22.615816] </TASK> [ 22.615829] [ 22.627591] Allocated by task 193: [ 22.627889] kasan_save_stack+0x45/0x70 [ 22.628370] kasan_save_track+0x18/0x40 [ 22.628528] kasan_save_alloc_info+0x3b/0x50 [ 22.628673] __kasan_kmalloc+0xb7/0xc0 [ 22.628804] __kmalloc_cache_noprof+0x189/0x420 [ 22.628956] kmalloc_big_oob_right+0xa9/0x370 [ 22.629101] kunit_try_run_case+0x1a5/0x480 [ 22.629601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.630094] kthread+0x337/0x6f0 [ 22.630522] ret_from_fork+0x116/0x1d0 [ 22.630871] ret_from_fork_asm+0x1a/0x30 [ 22.631343] [ 22.631511] The buggy address belongs to the object at ffff888102aac000 [ 22.631511] which belongs to the cache kmalloc-8k of size 8192 [ 22.632772] The buggy address is located 0 bytes to the right of [ 22.632772] allocated 7936-byte region [ffff888102aac000, ffff888102aadf00) [ 22.633672] [ 22.633748] The buggy address belongs to the physical page: [ 22.633924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa8 [ 22.634293] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.635063] flags: 0x200000000000040(head|node=0|zone=2) [ 22.635691] page_type: f5(slab) [ 22.635999] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.636978] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.637738] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.638620] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.638860] head: 0200000000000003 ffffea00040aaa01 00000000ffffffff 00000000ffffffff [ 22.639086] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.639337] page dumped because: kasan: bad access detected [ 22.639699] [ 22.639793] Memory state around the buggy address: [ 22.640002] ffff888102aade00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.640433] ffff888102aade80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.640824] >ffff888102aadf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.641215] ^ [ 22.641378] ffff888102aadf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.641677] ffff888102aae000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.641948] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 22.561997] ================================================================== [ 22.562776] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.563044] Write of size 1 at addr ffff888105ab1178 by task kunit_try_catch/191 [ 22.563272] [ 22.563360] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.563410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.563423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.563446] Call Trace: [ 22.563468] <TASK> [ 22.563487] dump_stack_lvl+0x73/0xb0 [ 22.563518] print_report+0xd1/0x650 [ 22.563540] ? __virt_addr_valid+0x1db/0x2d0 [ 22.563564] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.563587] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.563612] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.563636] kasan_report+0x141/0x180 [ 22.563656] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.563684] __asan_report_store1_noabort+0x1b/0x30 [ 22.563708] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.563732] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.563756] ? __schedule+0x10cc/0x2b60 [ 22.563782] ? __pfx_read_tsc+0x10/0x10 [ 22.563803] ? ktime_get_ts64+0x86/0x230 [ 22.563829] kunit_try_run_case+0x1a5/0x480 [ 22.563856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.563878] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.563900] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.563925] ? __kthread_parkme+0x82/0x180 [ 22.563946] ? preempt_count_sub+0x50/0x80 [ 22.564251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.564276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.564359] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.564384] kthread+0x337/0x6f0 [ 22.564478] ? trace_preempt_on+0x20/0xc0 [ 22.564506] ? __pfx_kthread+0x10/0x10 [ 22.564528] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.564552] ? calculate_sigpending+0x7b/0xa0 [ 22.564576] ? __pfx_kthread+0x10/0x10 [ 22.564598] ret_from_fork+0x116/0x1d0 [ 22.564617] ? __pfx_kthread+0x10/0x10 [ 22.564637] ret_from_fork_asm+0x1a/0x30 [ 22.564668] </TASK> [ 22.564680] [ 22.574924] Allocated by task 191: [ 22.575116] kasan_save_stack+0x45/0x70 [ 22.575415] kasan_save_track+0x18/0x40 [ 22.575602] kasan_save_alloc_info+0x3b/0x50 [ 22.575808] __kasan_kmalloc+0xb7/0xc0 [ 22.575977] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.576212] kmalloc_track_caller_oob_right+0x99/0x520 [ 22.576983] kunit_try_run_case+0x1a5/0x480 [ 22.577171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.577528] kthread+0x337/0x6f0 [ 22.577690] ret_from_fork+0x116/0x1d0 [ 22.577859] ret_from_fork_asm+0x1a/0x30 [ 22.578031] [ 22.578112] The buggy address belongs to the object at ffff888105ab1100 [ 22.578112] which belongs to the cache kmalloc-128 of size 128 [ 22.579106] The buggy address is located 0 bytes to the right of [ 22.579106] allocated 120-byte region [ffff888105ab1100, ffff888105ab1178) [ 22.579728] [ 22.579803] The buggy address belongs to the physical page: [ 22.580030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 22.580374] flags: 0x200000000000000(node=0|zone=2) [ 22.580590] page_type: f5(slab) [ 22.580761] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.581063] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.581898] page dumped because: kasan: bad access detected [ 22.582086] [ 22.582173] Memory state around the buggy address: [ 22.582819] ffff888105ab1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.583262] ffff888105ab1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.583723] >ffff888105ab1100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.584086] ^ [ 22.584571] ffff888105ab1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.584970] ffff888105ab1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.585360] ================================================================== [ 22.587336] ================================================================== [ 22.587666] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.588006] Write of size 1 at addr ffff888105ab1278 by task kunit_try_catch/191 [ 22.588814] [ 22.588921] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.588971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.588984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.589006] Call Trace: [ 22.589020] <TASK> [ 22.589037] dump_stack_lvl+0x73/0xb0 [ 22.589066] print_report+0xd1/0x650 [ 22.589088] ? __virt_addr_valid+0x1db/0x2d0 [ 22.589111] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.589134] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.589395] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.589421] kasan_report+0x141/0x180 [ 22.589443] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.589487] __asan_report_store1_noabort+0x1b/0x30 [ 22.589511] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.589534] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.589559] ? __schedule+0x10cc/0x2b60 [ 22.589587] ? __pfx_read_tsc+0x10/0x10 [ 22.589609] ? ktime_get_ts64+0x86/0x230 [ 22.589633] kunit_try_run_case+0x1a5/0x480 [ 22.589658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.589681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.589702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.589727] ? __kthread_parkme+0x82/0x180 [ 22.589747] ? preempt_count_sub+0x50/0x80 [ 22.589771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.589795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.589818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.589848] kthread+0x337/0x6f0 [ 22.589868] ? trace_preempt_on+0x20/0xc0 [ 22.589890] ? __pfx_kthread+0x10/0x10 [ 22.589910] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.589933] ? calculate_sigpending+0x7b/0xa0 [ 22.589958] ? __pfx_kthread+0x10/0x10 [ 22.589979] ret_from_fork+0x116/0x1d0 [ 22.589998] ? __pfx_kthread+0x10/0x10 [ 22.590019] ret_from_fork_asm+0x1a/0x30 [ 22.590050] </TASK> [ 22.590061] [ 22.600003] Allocated by task 191: [ 22.600190] kasan_save_stack+0x45/0x70 [ 22.600714] kasan_save_track+0x18/0x40 [ 22.600888] kasan_save_alloc_info+0x3b/0x50 [ 22.601093] __kasan_kmalloc+0xb7/0xc0 [ 22.601265] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.601893] kmalloc_track_caller_oob_right+0x19a/0x520 [ 22.602119] kunit_try_run_case+0x1a5/0x480 [ 22.602451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.602849] kthread+0x337/0x6f0 [ 22.603023] ret_from_fork+0x116/0x1d0 [ 22.603416] ret_from_fork_asm+0x1a/0x30 [ 22.603691] [ 22.603771] The buggy address belongs to the object at ffff888105ab1200 [ 22.603771] which belongs to the cache kmalloc-128 of size 128 [ 22.604526] The buggy address is located 0 bytes to the right of [ 22.604526] allocated 120-byte region [ffff888105ab1200, ffff888105ab1278) [ 22.605010] [ 22.605107] The buggy address belongs to the physical page: [ 22.605334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab1 [ 22.605657] flags: 0x200000000000000(node=0|zone=2) [ 22.605888] page_type: f5(slab) [ 22.606039] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.606750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.607070] page dumped because: kasan: bad access detected [ 22.607536] [ 22.607629] Memory state around the buggy address: [ 22.607929] ffff888105ab1100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.608292] ffff888105ab1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.608710] >ffff888105ab1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.609066] ^ [ 22.609523] ffff888105ab1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.609794] ffff888105ab1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.610107] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 22.532717] ================================================================== [ 22.533176] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 22.533535] Read of size 1 at addr ffff888106053000 by task kunit_try_catch/189 [ 22.533857] [ 22.533949] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.533996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.534008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.534029] Call Trace: [ 22.534041] <TASK> [ 22.534057] dump_stack_lvl+0x73/0xb0 [ 22.534085] print_report+0xd1/0x650 [ 22.534107] ? __virt_addr_valid+0x1db/0x2d0 [ 22.534128] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.534150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.534174] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.534197] kasan_report+0x141/0x180 [ 22.534218] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.534245] __asan_report_load1_noabort+0x18/0x20 [ 22.534267] kmalloc_node_oob_right+0x369/0x3c0 [ 22.534721] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 22.534748] ? __schedule+0x10cc/0x2b60 [ 22.534777] ? __pfx_read_tsc+0x10/0x10 [ 22.534799] ? ktime_get_ts64+0x86/0x230 [ 22.534823] kunit_try_run_case+0x1a5/0x480 [ 22.534848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.534870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.534891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.534918] ? __kthread_parkme+0x82/0x180 [ 22.534937] ? preempt_count_sub+0x50/0x80 [ 22.534960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.534984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.535007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.535030] kthread+0x337/0x6f0 [ 22.535049] ? trace_preempt_on+0x20/0xc0 [ 22.535071] ? __pfx_kthread+0x10/0x10 [ 22.535091] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.535116] ? calculate_sigpending+0x7b/0xa0 [ 22.535139] ? __pfx_kthread+0x10/0x10 [ 22.535176] ret_from_fork+0x116/0x1d0 [ 22.535196] ? __pfx_kthread+0x10/0x10 [ 22.535216] ret_from_fork_asm+0x1a/0x30 [ 22.535247] </TASK> [ 22.535258] [ 22.546017] Allocated by task 189: [ 22.546393] kasan_save_stack+0x45/0x70 [ 22.546779] kasan_save_track+0x18/0x40 [ 22.547072] kasan_save_alloc_info+0x3b/0x50 [ 22.547589] __kasan_kmalloc+0xb7/0xc0 [ 22.547944] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.548136] kmalloc_node_oob_right+0xab/0x3c0 [ 22.548531] kunit_try_run_case+0x1a5/0x480 [ 22.548703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.548954] kthread+0x337/0x6f0 [ 22.549119] ret_from_fork+0x116/0x1d0 [ 22.549357] ret_from_fork_asm+0x1a/0x30 [ 22.549521] [ 22.549615] The buggy address belongs to the object at ffff888106052000 [ 22.549615] which belongs to the cache kmalloc-4k of size 4096 [ 22.550148] The buggy address is located 0 bytes to the right of [ 22.550148] allocated 4096-byte region [ffff888106052000, ffff888106053000) [ 22.550845] [ 22.550981] The buggy address belongs to the physical page: [ 22.552091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106050 [ 22.552757] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.553072] flags: 0x200000000000040(head|node=0|zone=2) [ 22.553529] page_type: f5(slab) [ 22.553698] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 22.554061] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.554551] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 22.554933] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.555253] head: 0200000000000003 ffffea0004181401 00000000ffffffff 00000000ffffffff [ 22.555818] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.556147] page dumped because: kasan: bad access detected [ 22.556516] [ 22.556660] Memory state around the buggy address: [ 22.556892] ffff888106052f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.557273] ffff888106052f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.557676] >ffff888106053000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.558005] ^ [ 22.558208] ffff888106053080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.558534] ffff888106053100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.558858] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 22.494049] ================================================================== [ 22.494709] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 22.494943] Read of size 1 at addr ffff888104b06dff by task kunit_try_catch/187 [ 22.495159] [ 22.495255] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.495304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.495316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.495338] Call Trace: [ 22.495351] <TASK> [ 22.495368] dump_stack_lvl+0x73/0xb0 [ 22.495396] print_report+0xd1/0x650 [ 22.495418] ? __virt_addr_valid+0x1db/0x2d0 [ 22.495441] ? kmalloc_oob_left+0x361/0x3c0 [ 22.495473] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.495498] ? kmalloc_oob_left+0x361/0x3c0 [ 22.495518] kasan_report+0x141/0x180 [ 22.495539] ? kmalloc_oob_left+0x361/0x3c0 [ 22.495565] __asan_report_load1_noabort+0x18/0x20 [ 22.495588] kmalloc_oob_left+0x361/0x3c0 [ 22.495609] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 22.495630] ? __schedule+0x10cc/0x2b60 [ 22.495654] ? __pfx_read_tsc+0x10/0x10 [ 22.495675] ? ktime_get_ts64+0x86/0x230 [ 22.495700] kunit_try_run_case+0x1a5/0x480 [ 22.495725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.495747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.495768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.495793] ? __kthread_parkme+0x82/0x180 [ 22.495813] ? preempt_count_sub+0x50/0x80 [ 22.495836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.495860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.495882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.495905] kthread+0x337/0x6f0 [ 22.495924] ? trace_preempt_on+0x20/0xc0 [ 22.495947] ? __pfx_kthread+0x10/0x10 [ 22.495967] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.495990] ? calculate_sigpending+0x7b/0xa0 [ 22.496013] ? __pfx_kthread+0x10/0x10 [ 22.496034] ret_from_fork+0x116/0x1d0 [ 22.496501] ? __pfx_kthread+0x10/0x10 [ 22.496532] ret_from_fork_asm+0x1a/0x30 [ 22.496566] </TASK> [ 22.496578] [ 22.511670] Allocated by task 26: [ 22.511821] kasan_save_stack+0x45/0x70 [ 22.511962] kasan_save_track+0x18/0x40 [ 22.512086] kasan_save_alloc_info+0x3b/0x50 [ 22.512571] __kasan_kmalloc+0xb7/0xc0 [ 22.512947] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.513535] kstrdup+0x3e/0xa0 [ 22.513949] devtmpfs_work_loop+0x96d/0xf30 [ 22.514392] devtmpfsd+0x3b/0x40 [ 22.514525] kthread+0x337/0x6f0 [ 22.514636] ret_from_fork+0x116/0x1d0 [ 22.514757] ret_from_fork_asm+0x1a/0x30 [ 22.514885] [ 22.514972] Freed by task 26: [ 22.515092] kasan_save_stack+0x45/0x70 [ 22.515672] kasan_save_track+0x18/0x40 [ 22.516018] kasan_save_free_info+0x3f/0x60 [ 22.516574] __kasan_slab_free+0x56/0x70 [ 22.517088] kfree+0x222/0x3f0 [ 22.517471] devtmpfs_work_loop+0xacb/0xf30 [ 22.517883] devtmpfsd+0x3b/0x40 [ 22.518282] kthread+0x337/0x6f0 [ 22.518624] ret_from_fork+0x116/0x1d0 [ 22.518984] ret_from_fork_asm+0x1a/0x30 [ 22.519419] [ 22.519816] The buggy address belongs to the object at ffff888104b06de0 [ 22.519816] which belongs to the cache kmalloc-16 of size 16 [ 22.520697] The buggy address is located 15 bytes to the right of [ 22.520697] allocated 16-byte region [ffff888104b06de0, ffff888104b06df0) [ 22.521056] [ 22.521124] The buggy address belongs to the physical page: [ 22.521828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b06 [ 22.522608] flags: 0x200000000000000(node=0|zone=2) [ 22.523344] page_type: f5(slab) [ 22.523704] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.524075] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.524579] page dumped because: kasan: bad access detected [ 22.525077] [ 22.525261] Memory state around the buggy address: [ 22.525807] ffff888104b06c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.526083] ffff888104b06d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.526715] >ffff888104b06d80: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 22.527563] ^ [ 22.527915] ffff888104b06e00: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.528121] ffff888104b06e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.528847] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 22.442523] ================================================================== [ 22.443251] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.444205] Write of size 1 at addr ffff888105479b78 by task kunit_try_catch/185 [ 22.445132] [ 22.445348] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.445396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.445409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.445430] Call Trace: [ 22.445444] <TASK> [ 22.445470] dump_stack_lvl+0x73/0xb0 [ 22.445499] print_report+0xd1/0x650 [ 22.445522] ? __virt_addr_valid+0x1db/0x2d0 [ 22.445545] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.445565] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.445590] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.445611] kasan_report+0x141/0x180 [ 22.445632] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.445657] __asan_report_store1_noabort+0x1b/0x30 [ 22.445680] kmalloc_oob_right+0x6bd/0x7f0 [ 22.445701] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.445723] ? __schedule+0x10cc/0x2b60 [ 22.445749] ? __pfx_read_tsc+0x10/0x10 [ 22.445770] ? ktime_get_ts64+0x86/0x230 [ 22.445794] kunit_try_run_case+0x1a5/0x480 [ 22.445818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.445844] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.445864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.445891] ? __kthread_parkme+0x82/0x180 [ 22.445910] ? preempt_count_sub+0x50/0x80 [ 22.445933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.445956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.445979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.446003] kthread+0x337/0x6f0 [ 22.446021] ? trace_preempt_on+0x20/0xc0 [ 22.446044] ? __pfx_kthread+0x10/0x10 [ 22.446064] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.446089] ? calculate_sigpending+0x7b/0xa0 [ 22.446113] ? __pfx_kthread+0x10/0x10 [ 22.446134] ret_from_fork+0x116/0x1d0 [ 22.446153] ? __pfx_kthread+0x10/0x10 [ 22.446173] ret_from_fork_asm+0x1a/0x30 [ 22.446204] </TASK> [ 22.446215] [ 22.454574] Allocated by task 185: [ 22.454905] kasan_save_stack+0x45/0x70 [ 22.455300] kasan_save_track+0x18/0x40 [ 22.455714] kasan_save_alloc_info+0x3b/0x50 [ 22.456128] __kasan_kmalloc+0xb7/0xc0 [ 22.456513] __kmalloc_cache_noprof+0x189/0x420 [ 22.457000] kmalloc_oob_right+0xa9/0x7f0 [ 22.457412] kunit_try_run_case+0x1a5/0x480 [ 22.457792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.458288] kthread+0x337/0x6f0 [ 22.458546] ret_from_fork+0x116/0x1d0 [ 22.458672] ret_from_fork_asm+0x1a/0x30 [ 22.458804] [ 22.458869] The buggy address belongs to the object at ffff888105479b00 [ 22.458869] which belongs to the cache kmalloc-128 of size 128 [ 22.459229] The buggy address is located 5 bytes to the right of [ 22.459229] allocated 115-byte region [ffff888105479b00, ffff888105479b73) [ 22.459626] [ 22.459690] The buggy address belongs to the physical page: [ 22.459856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 22.460088] flags: 0x200000000000000(node=0|zone=2) [ 22.460246] page_type: f5(slab) [ 22.460359] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.460595] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.460813] page dumped because: kasan: bad access detected [ 22.460976] [ 22.461042] Memory state around the buggy address: [ 22.461194] ffff888105479a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.461783] ffff888105479a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.462374] >ffff888105479b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.462593] ^ [ 22.462799] ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.463008] ffff888105479c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.463265] ================================================================== [ 22.464083] ================================================================== [ 22.464807] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.465466] Read of size 1 at addr ffff888105479b80 by task kunit_try_catch/185 [ 22.466085] [ 22.466268] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.466312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.466324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.466344] Call Trace: [ 22.466357] <TASK> [ 22.466371] dump_stack_lvl+0x73/0xb0 [ 22.466397] print_report+0xd1/0x650 [ 22.466418] ? __virt_addr_valid+0x1db/0x2d0 [ 22.466440] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.466471] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.466496] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.466517] kasan_report+0x141/0x180 [ 22.466538] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.466563] __asan_report_load1_noabort+0x18/0x20 [ 22.466587] kmalloc_oob_right+0x68a/0x7f0 [ 22.466608] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.466629] ? __schedule+0x10cc/0x2b60 [ 22.466656] ? __pfx_read_tsc+0x10/0x10 [ 22.466676] ? ktime_get_ts64+0x86/0x230 [ 22.466700] kunit_try_run_case+0x1a5/0x480 [ 22.466725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.466747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.466768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.466795] ? __kthread_parkme+0x82/0x180 [ 22.466814] ? preempt_count_sub+0x50/0x80 [ 22.466836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.466860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.466883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.466906] kthread+0x337/0x6f0 [ 22.466925] ? trace_preempt_on+0x20/0xc0 [ 22.466947] ? __pfx_kthread+0x10/0x10 [ 22.466967] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.466992] ? calculate_sigpending+0x7b/0xa0 [ 22.467016] ? __pfx_kthread+0x10/0x10 [ 22.467037] ret_from_fork+0x116/0x1d0 [ 22.467056] ? __pfx_kthread+0x10/0x10 [ 22.467076] ret_from_fork_asm+0x1a/0x30 [ 22.467106] </TASK> [ 22.467116] [ 22.478857] Allocated by task 185: [ 22.479162] kasan_save_stack+0x45/0x70 [ 22.479575] kasan_save_track+0x18/0x40 [ 22.479880] kasan_save_alloc_info+0x3b/0x50 [ 22.480022] __kasan_kmalloc+0xb7/0xc0 [ 22.480150] __kmalloc_cache_noprof+0x189/0x420 [ 22.480378] kmalloc_oob_right+0xa9/0x7f0 [ 22.480737] kunit_try_run_case+0x1a5/0x480 [ 22.481241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.481703] kthread+0x337/0x6f0 [ 22.481987] ret_from_fork+0x116/0x1d0 [ 22.482365] ret_from_fork_asm+0x1a/0x30 [ 22.482738] [ 22.482890] The buggy address belongs to the object at ffff888105479b00 [ 22.482890] which belongs to the cache kmalloc-128 of size 128 [ 22.483487] The buggy address is located 13 bytes to the right of [ 22.483487] allocated 115-byte region [ffff888105479b00, ffff888105479b73) [ 22.483858] [ 22.483925] The buggy address belongs to the physical page: [ 22.484088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 22.484602] flags: 0x200000000000000(node=0|zone=2) [ 22.485005] page_type: f5(slab) [ 22.485319] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.486020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.486726] page dumped because: kasan: bad access detected [ 22.487194] [ 22.487367] Memory state around the buggy address: [ 22.487787] ffff888105479a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.488416] ffff888105479b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.489010] >ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.489646] ^ [ 22.489994] ffff888105479c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.490298] ffff888105479c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.490513] ================================================================== [ 22.408681] ================================================================== [ 22.409815] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.410760] Write of size 1 at addr ffff888105479b73 by task kunit_try_catch/185 [ 22.411064] [ 22.412083] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 22.412429] Tainted: [N]=TEST [ 22.412473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.412701] Call Trace: [ 22.412770] <TASK> [ 22.412920] dump_stack_lvl+0x73/0xb0 [ 22.413013] print_report+0xd1/0x650 [ 22.413043] ? __virt_addr_valid+0x1db/0x2d0 [ 22.413070] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.413090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.413115] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.413136] kasan_report+0x141/0x180 [ 22.413157] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.413183] __asan_report_store1_noabort+0x1b/0x30 [ 22.413206] kmalloc_oob_right+0x6f0/0x7f0 [ 22.413228] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.413249] ? __schedule+0x10cc/0x2b60 [ 22.413277] ? __pfx_read_tsc+0x10/0x10 [ 22.413300] ? ktime_get_ts64+0x86/0x230 [ 22.413326] kunit_try_run_case+0x1a5/0x480 [ 22.413352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.413375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.413396] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.413424] ? __kthread_parkme+0x82/0x180 [ 22.413446] ? preempt_count_sub+0x50/0x80 [ 22.413482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.413506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.413528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.413552] kthread+0x337/0x6f0 [ 22.413572] ? trace_preempt_on+0x20/0xc0 [ 22.413596] ? __pfx_kthread+0x10/0x10 [ 22.413617] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.413642] ? calculate_sigpending+0x7b/0xa0 [ 22.413666] ? __pfx_kthread+0x10/0x10 [ 22.413688] ret_from_fork+0x116/0x1d0 [ 22.413707] ? __pfx_kthread+0x10/0x10 [ 22.413727] ret_from_fork_asm+0x1a/0x30 [ 22.413780] </TASK> [ 22.413851] [ 22.425526] Allocated by task 185: [ 22.425965] kasan_save_stack+0x45/0x70 [ 22.426338] kasan_save_track+0x18/0x40 [ 22.426485] kasan_save_alloc_info+0x3b/0x50 [ 22.426627] __kasan_kmalloc+0xb7/0xc0 [ 22.426757] __kmalloc_cache_noprof+0x189/0x420 [ 22.426909] kmalloc_oob_right+0xa9/0x7f0 [ 22.427041] kunit_try_run_case+0x1a5/0x480 [ 22.427180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.427639] kthread+0x337/0x6f0 [ 22.427925] ret_from_fork+0x116/0x1d0 [ 22.428243] ret_from_fork_asm+0x1a/0x30 [ 22.428634] [ 22.428841] The buggy address belongs to the object at ffff888105479b00 [ 22.428841] which belongs to the cache kmalloc-128 of size 128 [ 22.430005] The buggy address is located 0 bytes to the right of [ 22.430005] allocated 115-byte region [ffff888105479b00, ffff888105479b73) [ 22.431415] [ 22.431673] The buggy address belongs to the physical page: [ 22.432353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105479 [ 22.433235] flags: 0x200000000000000(node=0|zone=2) [ 22.433775] page_type: f5(slab) [ 22.434227] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.434503] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.434795] page dumped because: kasan: bad access detected [ 22.434970] [ 22.435047] Memory state around the buggy address: [ 22.435435] ffff888105479a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.436075] ffff888105479a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.436847] >ffff888105479b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.437764] ^ [ 22.438619] ffff888105479b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.439440] ffff888105479c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.440283] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 178.310828] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2811 [ 178.311470] Modules linked in: [ 178.311673] CPU: 1 UID: 0 PID: 2811 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 178.312134] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.312317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.312868] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 178.313135] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 178.314087] RSP: 0000:ffff888105437c78 EFLAGS: 00010286 [ 178.314327] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 178.314751] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb7c54bd4 [ 178.315014] RBP: ffff888105437ca0 R08: 0000000000000000 R09: ffffed10207a6ae0 [ 178.315303] R10: ffff888103d35707 R11: 0000000000000000 R12: ffffffffb7c54bc0 [ 178.315826] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888105437d38 [ 178.316125] FS: 0000000000000000(0000) GS:ffff8881a152d000(0000) knlGS:0000000000000000 [ 178.316881] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.317145] CR2: 00007ffff7ffe000 CR3: 00000000776bc000 CR4: 00000000000006f0 [ 178.317697] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99483 [ 178.318078] DR3: ffffffffb9c99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.318557] Call Trace: [ 178.318692] <TASK> [ 178.318999] drm_test_rect_calc_vscale+0x108/0x270 [ 178.319499] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 178.319736] ? __schedule+0x10cc/0x2b60 [ 178.319916] ? __pfx_read_tsc+0x10/0x10 [ 178.320108] ? ktime_get_ts64+0x86/0x230 [ 178.320304] kunit_try_run_case+0x1a5/0x480 [ 178.320493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.320880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.321073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.321376] ? __kthread_parkme+0x82/0x180 [ 178.321590] ? preempt_count_sub+0x50/0x80 [ 178.321839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.322190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.322364] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.322730] kthread+0x337/0x6f0 [ 178.322904] ? trace_preempt_on+0x20/0xc0 [ 178.323050] ? __pfx_kthread+0x10/0x10 [ 178.323199] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.323551] ? calculate_sigpending+0x7b/0xa0 [ 178.323768] ? __pfx_kthread+0x10/0x10 [ 178.324073] ret_from_fork+0x116/0x1d0 [ 178.324205] ? __pfx_kthread+0x10/0x10 [ 178.324507] ret_from_fork_asm+0x1a/0x30 [ 178.324882] </TASK> [ 178.324993] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 178.286748] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2809 [ 178.287755] Modules linked in: [ 178.287900] CPU: 0 UID: 0 PID: 2809 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 178.288680] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.289372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.290406] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 178.291158] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 178.293082] RSP: 0000:ffff888105d8fc78 EFLAGS: 00010286 [ 178.293409] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 178.294033] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb7c54b9c [ 178.294434] RBP: ffff888105d8fca0 R08: 0000000000000000 R09: ffffed10207a6ac0 [ 178.294654] R10: ffff888103d35607 R11: 0000000000000000 R12: ffffffffb7c54b88 [ 178.294855] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888105d8fd38 [ 178.295061] FS: 0000000000000000(0000) GS:ffff8881a142d000(0000) knlGS:0000000000000000 [ 178.295304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.295824] CR2: ffffffffffffffff CR3: 00000000776bc000 CR4: 00000000000006f0 [ 178.296050] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99482 [ 178.296597] DR3: ffffffffb9c99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.297398] Call Trace: [ 178.297547] <TASK> [ 178.297681] drm_test_rect_calc_vscale+0x108/0x270 [ 178.297926] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 178.298174] ? __schedule+0x10cc/0x2b60 [ 178.298957] ? __pfx_read_tsc+0x10/0x10 [ 178.299562] ? ktime_get_ts64+0x86/0x230 [ 178.300040] kunit_try_run_case+0x1a5/0x480 [ 178.300724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.300899] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.301051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.301681] ? __kthread_parkme+0x82/0x180 [ 178.302077] ? preempt_count_sub+0x50/0x80 [ 178.302502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.303065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.303646] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.304282] kthread+0x337/0x6f0 [ 178.304410] ? trace_preempt_on+0x20/0xc0 [ 178.304560] ? __pfx_kthread+0x10/0x10 [ 178.304688] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.304833] ? calculate_sigpending+0x7b/0xa0 [ 178.304976] ? __pfx_kthread+0x10/0x10 [ 178.305104] ret_from_fork+0x116/0x1d0 [ 178.305269] ? __pfx_kthread+0x10/0x10 [ 178.305399] ret_from_fork_asm+0x1a/0x30 [ 178.305644] </TASK> [ 178.305765] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 178.254063] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2799 [ 178.255274] Modules linked in: [ 178.255450] CPU: 0 UID: 0 PID: 2799 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 178.255931] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.256445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.256837] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 178.257083] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 8b de 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 178.258115] RSP: 0000:ffff888105cafc78 EFLAGS: 00010286 [ 178.258490] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 178.258790] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb7c54bd8 [ 178.259113] RBP: ffff888105cafca0 R08: 0000000000000000 R09: ffffed102056b3e0 [ 178.259534] R10: ffff888102b59f07 R11: 0000000000000000 R12: ffffffffb7c54bc0 [ 178.259847] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888105cafd38 [ 178.260279] FS: 0000000000000000(0000) GS:ffff8881a142d000(0000) knlGS:0000000000000000 [ 178.260615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.260869] CR2: ffffffffffffffff CR3: 00000000776bc000 CR4: 00000000000006f0 [ 178.263511] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99482 [ 178.263923] DR3: ffffffffb9c99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.264207] Call Trace: [ 178.264384] <TASK> [ 178.264570] drm_test_rect_calc_hscale+0x108/0x270 [ 178.264796] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 178.265013] ? __schedule+0x10cc/0x2b60 [ 178.265267] ? __pfx_read_tsc+0x10/0x10 [ 178.265437] ? ktime_get_ts64+0x86/0x230 [ 178.265589] kunit_try_run_case+0x1a5/0x480 [ 178.265804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.266326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.266584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.266822] ? __kthread_parkme+0x82/0x180 [ 178.267038] ? preempt_count_sub+0x50/0x80 [ 178.267308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.267541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.267797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.268035] kthread+0x337/0x6f0 [ 178.268275] ? trace_preempt_on+0x20/0xc0 [ 178.268496] ? __pfx_kthread+0x10/0x10 [ 178.268662] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.268853] ? calculate_sigpending+0x7b/0xa0 [ 178.269016] ? __pfx_kthread+0x10/0x10 [ 178.269617] ret_from_fork+0x116/0x1d0 [ 178.269826] ? __pfx_kthread+0x10/0x10 [ 178.270023] ret_from_fork_asm+0x1a/0x30 [ 178.270485] </TASK> [ 178.270628] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 178.235633] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2797 [ 178.236792] Modules linked in: [ 178.237072] CPU: 0 UID: 0 PID: 2797 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 178.238066] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 178.238258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.238545] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 178.238765] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 8b de 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 178.239654] RSP: 0000:ffff888105cefc78 EFLAGS: 00010286 [ 178.239959] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 178.240319] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb7c54ba0 [ 178.240643] RBP: ffff888105cefca0 R08: 0000000000000000 R09: ffffed102056b3a0 [ 178.240885] R10: ffff888102b59d07 R11: 0000000000000000 R12: ffffffffb7c54b88 [ 178.241192] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888105cefd38 [ 178.241569] FS: 0000000000000000(0000) GS:ffff8881a142d000(0000) knlGS:0000000000000000 [ 178.242036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.242269] CR2: ffffffffffffffff CR3: 00000000776bc000 CR4: 00000000000006f0 [ 178.243049] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99482 [ 178.243557] DR3: ffffffffb9c99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 178.243844] Call Trace: [ 178.243976] <TASK> [ 178.244108] drm_test_rect_calc_hscale+0x108/0x270 [ 178.244743] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 178.245059] ? __schedule+0x10cc/0x2b60 [ 178.245410] ? __pfx_read_tsc+0x10/0x10 [ 178.245720] ? ktime_get_ts64+0x86/0x230 [ 178.246000] kunit_try_run_case+0x1a5/0x480 [ 178.246416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.246757] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 178.246937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 178.247434] ? __kthread_parkme+0x82/0x180 [ 178.247613] ? preempt_count_sub+0x50/0x80 [ 178.247918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 178.248096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 178.248668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 178.249062] kthread+0x337/0x6f0 [ 178.249327] ? trace_preempt_on+0x20/0xc0 [ 178.249527] ? __pfx_kthread+0x10/0x10 [ 178.249721] ? _raw_spin_unlock_irq+0x47/0x80 [ 178.249921] ? calculate_sigpending+0x7b/0xa0 [ 178.250513] ? __pfx_kthread+0x10/0x10 [ 178.250717] ret_from_fork+0x116/0x1d0 [ 178.250855] ? __pfx_kthread+0x10/0x10 [ 178.251311] ret_from_fork_asm+0x1a/0x30 [ 178.251510] </TASK> [ 178.251638] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 177.544996] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 177.545105] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2602 [ 177.548004] Modules linked in: [ 177.548620] CPU: 1 UID: 0 PID: 2602 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 177.549097] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.549327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.549689] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 177.549922] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 7d e3 81 00 48 c7 c1 c0 8a c0 b7 4c 89 f2 48 c7 c7 e0 86 c0 b7 48 89 c6 e8 b4 a0 73 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 177.550685] RSP: 0000:ffff88810df17d18 EFLAGS: 00010286 [ 177.550904] RAX: 0000000000000000 RBX: ffff888104902000 RCX: 1ffffffff7124ad4 [ 177.551312] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 177.551591] RBP: ffff88810df17d48 R08: 0000000000000000 R09: fffffbfff7124ad4 [ 177.551887] R10: 0000000000000003 R11: 0000000000039908 R12: ffff88810df26800 [ 177.552392] R13: ffff8881049020f8 R14: ffff888105156b80 R15: ffff8881003c7b48 [ 177.552698] FS: 0000000000000000(0000) GS:ffff8881a152d000(0000) knlGS:0000000000000000 [ 177.552988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.553337] CR2: 00007ffff7ffe000 CR3: 00000000776bc000 CR4: 00000000000006f0 [ 177.553626] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99483 [ 177.553911] DR3: ffffffffb9c99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.554259] Call Trace: [ 177.554399] <TASK> [ 177.554515] ? trace_preempt_on+0x20/0xc0 [ 177.554731] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 177.554940] drm_gem_shmem_free_wrapper+0x12/0x20 [ 177.555243] __kunit_action_free+0x57/0x70 [ 177.555456] kunit_remove_resource+0x133/0x200 [ 177.555686] ? preempt_count_sub+0x50/0x80 [ 177.555852] kunit_cleanup+0x7a/0x120 [ 177.556013] kunit_try_run_case_cleanup+0xbd/0xf0 [ 177.557223] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 177.557469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.557709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.557957] kthread+0x337/0x6f0 [ 177.558124] ? trace_preempt_on+0x20/0xc0 [ 177.558539] ? __pfx_kthread+0x10/0x10 [ 177.558698] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.558908] ? calculate_sigpending+0x7b/0xa0 [ 177.559107] ? __pfx_kthread+0x10/0x10 [ 177.559411] ret_from_fork+0x116/0x1d0 [ 177.559628] ? __pfx_kthread+0x10/0x10 [ 177.559816] ret_from_fork_asm+0x1a/0x30 [ 177.560005] </TASK> [ 177.560126] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 177.407094] WARNING: drivers/gpu/drm/drm_framebuffer.c:867 at drm_framebuffer_init+0x44/0x300, CPU#0: kunit_try_catch/2583 [ 177.408636] Modules linked in: [ 177.409053] CPU: 0 UID: 0 PID: 2583 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 177.410257] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.410452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.410727] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 177.410902] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 177.412344] RSP: 0000:ffff88810df17b30 EFLAGS: 00010246 [ 177.412558] RAX: dffffc0000000000 RBX: ffff88810df17c28 RCX: 0000000000000000 [ 177.412769] RDX: 1ffff11021be2f8e RSI: ffff88810df17c28 RDI: ffff88810df17c70 [ 177.412973] RBP: ffff88810df17b70 R08: ffff88810df31000 R09: ffffffffb7bf8c20 [ 177.413196] R10: 0000000000000003 R11: 000000002fe9dd4b R12: ffff88810df31000 [ 177.414192] R13: ffff8881003c7ae8 R14: ffff88810df17ba8 R15: 0000000000000000 [ 177.414679] FS: 0000000000000000(0000) GS:ffff8881a142d000(0000) knlGS:0000000000000000 [ 177.415133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.415666] CR2: ffffffffffffffff CR3: 00000000776bc000 CR4: 00000000000006f0 [ 177.416109] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99482 [ 177.416944] DR3: ffffffffb9c99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.417314] Call Trace: [ 177.417601] <TASK> [ 177.417843] ? add_dr+0xc1/0x1d0 [ 177.418260] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 177.418817] ? add_dr+0x148/0x1d0 [ 177.418958] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 177.419215] ? __drmm_add_action+0x1a4/0x280 [ 177.419723] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 177.420314] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 177.420850] ? __drmm_add_action_or_reset+0x22/0x50 [ 177.421142] ? __schedule+0x10cc/0x2b60 [ 177.421650] ? __pfx_read_tsc+0x10/0x10 [ 177.421888] ? ktime_get_ts64+0x86/0x230 [ 177.422036] kunit_try_run_case+0x1a5/0x480 [ 177.422408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.422956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.423592] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.424030] ? __kthread_parkme+0x82/0x180 [ 177.424242] ? preempt_count_sub+0x50/0x80 [ 177.424662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.424981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.425260] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.425992] kthread+0x337/0x6f0 [ 177.426422] ? trace_preempt_on+0x20/0xc0 [ 177.426587] ? __pfx_kthread+0x10/0x10 [ 177.426722] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.426871] ? calculate_sigpending+0x7b/0xa0 [ 177.427021] ? __pfx_kthread+0x10/0x10 [ 177.427194] ret_from_fork+0x116/0x1d0 [ 177.427677] ? __pfx_kthread+0x10/0x10 [ 177.428102] ret_from_fork_asm+0x1a/0x30 [ 177.428652] </TASK> [ 177.428887] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 177.371935] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 177.372068] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2579 [ 177.374985] Modules linked in: [ 177.375362] CPU: 0 UID: 0 PID: 2579 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 177.376603] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.377021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.377897] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 177.378800] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 0b 0a 89 00 48 c7 c1 00 3b bf b7 4c 89 fa 48 c7 c7 60 3b bf b7 48 89 c6 e8 42 c7 7a fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 177.379887] RSP: 0000:ffff88810de0fb68 EFLAGS: 00010282 [ 177.380178] RAX: 0000000000000000 RBX: ffff88810de0fc40 RCX: 1ffffffff7124ad4 [ 177.380731] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 177.381216] RBP: ffff88810de0fb90 R08: 0000000000000000 R09: fffffbfff7124ad4 [ 177.381581] R10: 0000000000000003 R11: 0000000000038098 R12: ffff88810de0fc18 [ 177.381882] R13: ffff88810dfec000 R14: ffff88810dfd7000 R15: ffff888104fb7280 [ 177.382384] FS: 0000000000000000(0000) GS:ffff8881a142d000(0000) knlGS:0000000000000000 [ 177.382768] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.383028] CR2: ffffffffffffffff CR3: 00000000776bc000 CR4: 00000000000006f0 [ 177.383445] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99482 [ 177.383871] DR3: ffffffffb9c99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.384171] Call Trace: [ 177.384516] <TASK> [ 177.384621] drm_test_framebuffer_free+0x1ab/0x610 [ 177.384865] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 177.385156] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 177.385734] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 177.386003] ? __drmm_add_action_or_reset+0x22/0x50 [ 177.386427] ? __schedule+0x10cc/0x2b60 [ 177.386637] ? __pfx_read_tsc+0x10/0x10 [ 177.386811] ? ktime_get_ts64+0x86/0x230 [ 177.387008] kunit_try_run_case+0x1a5/0x480 [ 177.387203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.387535] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.387730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.387995] ? __kthread_parkme+0x82/0x180 [ 177.388139] ? preempt_count_sub+0x50/0x80 [ 177.388441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.388725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.388921] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.389314] kthread+0x337/0x6f0 [ 177.389496] ? trace_preempt_on+0x20/0xc0 [ 177.389694] ? __pfx_kthread+0x10/0x10 [ 177.389828] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.390068] ? calculate_sigpending+0x7b/0xa0 [ 177.390461] ? __pfx_kthread+0x10/0x10 [ 177.390633] ret_from_fork+0x116/0x1d0 [ 177.390849] ? __pfx_kthread+0x10/0x10 [ 177.391025] ret_from_fork_asm+0x1a/0x30 [ 177.391307] </TASK> [ 177.391522] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 176.098772] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2019 [ 176.099886] Modules linked in: [ 176.100055] CPU: 0 UID: 0 PID: 2019 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 176.101300] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 176.101929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 176.102954] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 176.103663] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 d2 2b 2a 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 c0 2b 2a 02 48 89 df e8 68 [ 176.105056] RSP: 0000:ffff88810d247c90 EFLAGS: 00010246 [ 176.105395] RAX: dffffc0000000000 RBX: ffff88810d404000 RCX: 0000000000000000 [ 176.106147] RDX: 1ffff11021a80834 RSI: ffffffffb4e01508 RDI: ffff88810d4041a0 [ 176.106989] RBP: ffff88810d247ca0 R08: 1ffff11020078f6a R09: ffffed1021a48f65 [ 176.107427] R10: 0000000000000003 R11: ffffffffb4381ce8 R12: 0000000000000000 [ 176.108013] R13: ffff88810d247d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 176.108300] FS: 0000000000000000(0000) GS:ffff8881a142d000(0000) knlGS:0000000000000000 [ 176.109280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 176.109673] CR2: ffffffffffffffff CR3: 00000000776bc000 CR4: 00000000000006f0 [ 176.109895] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99482 [ 176.110103] DR3: ffffffffb9c99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 176.111039] Call Trace: [ 176.111485] <TASK> [ 176.111771] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 176.112083] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 176.112568] ? __schedule+0x10cc/0x2b60 [ 176.112957] ? __pfx_read_tsc+0x10/0x10 [ 176.113120] ? ktime_get_ts64+0x86/0x230 [ 176.113365] kunit_try_run_case+0x1a5/0x480 [ 176.113889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.114282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 176.114523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 176.114923] ? __kthread_parkme+0x82/0x180 [ 176.115218] ? preempt_count_sub+0x50/0x80 [ 176.115635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.115920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.116160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 176.116605] kthread+0x337/0x6f0 [ 176.116943] ? trace_preempt_on+0x20/0xc0 [ 176.117145] ? __pfx_kthread+0x10/0x10 [ 176.117342] ? _raw_spin_unlock_irq+0x47/0x80 [ 176.117691] ? calculate_sigpending+0x7b/0xa0 [ 176.117922] ? __pfx_kthread+0x10/0x10 [ 176.118103] ret_from_fork+0x116/0x1d0 [ 176.118759] ? __pfx_kthread+0x10/0x10 [ 176.118921] ret_from_fork_asm+0x1a/0x30 [ 176.119246] </TASK> [ 176.119437] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 176.176971] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2027 [ 176.178332] Modules linked in: [ 176.178799] CPU: 1 UID: 0 PID: 2027 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 176.179526] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 176.180104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 176.180713] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 176.181112] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 d2 2b 2a 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 c0 2b 2a 02 48 89 df e8 68 [ 176.182719] RSP: 0000:ffff88810d1efc90 EFLAGS: 00010246 [ 176.182908] RAX: dffffc0000000000 RBX: ffff88810d2c2000 RCX: 0000000000000000 [ 176.183115] RDX: 1ffff11021a58434 RSI: ffffffffb4e01508 RDI: ffff88810d2c21a0 [ 176.183336] RBP: ffff88810d1efca0 R08: 1ffff11020078f6a R09: ffffed1021a3df65 [ 176.183613] R10: 0000000000000003 R11: ffffffffb380496a R12: 0000000000000000 [ 176.183828] R13: ffff88810d1efd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 176.184070] FS: 0000000000000000(0000) GS:ffff8881a152d000(0000) knlGS:0000000000000000 [ 176.184344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 176.184638] CR2: 00007ffff7ffe000 CR3: 00000000776bc000 CR4: 00000000000006f0 [ 176.184906] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99483 [ 176.185669] DR3: ffffffffb9c99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 176.186618] Call Trace: [ 176.186902] <TASK> [ 176.187423] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 176.187684] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 176.187913] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 176.188137] kunit_try_run_case+0x1a5/0x480 [ 176.188405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.188822] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 176.189437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 176.190122] ? __kthread_parkme+0x82/0x180 [ 176.190688] ? preempt_count_sub+0x50/0x80 [ 176.191309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.191912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.192612] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 176.193345] kthread+0x337/0x6f0 [ 176.193768] ? trace_preempt_on+0x20/0xc0 [ 176.193935] ? __pfx_kthread+0x10/0x10 [ 176.194071] ? _raw_spin_unlock_irq+0x47/0x80 [ 176.194494] ? calculate_sigpending+0x7b/0xa0 [ 176.195139] ? __pfx_kthread+0x10/0x10 [ 176.195789] ret_from_fork+0x116/0x1d0 [ 176.196451] ? __pfx_kthread+0x10/0x10 [ 176.196881] ret_from_fork_asm+0x1a/0x30 [ 176.197524] </TASK> [ 176.197952] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 121.948068] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/707 [ 121.948676] Modules linked in: [ 121.948869] CPU: 0 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 121.949451] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 121.949677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 121.950098] RIP: 0010:intlog10+0x2a/0x40 [ 121.950454] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 121.951101] RSP: 0000:ffff88810b2ffcb0 EFLAGS: 00010246 [ 121.951335] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff1102165ffb4 [ 121.951644] RDX: 1ffffffff6f530f4 RSI: 1ffff1102165ffb3 RDI: 0000000000000000 [ 121.951942] RBP: ffff88810b2ffd60 R08: 0000000000000000 R09: ffffed1020528d20 [ 121.952230] R10: ffff888102946907 R11: 0000000000000000 R12: 1ffff1102165ff97 [ 121.952646] R13: ffffffffb7a987a0 R14: 0000000000000000 R15: ffff88810b2ffd38 [ 121.952915] FS: 0000000000000000(0000) GS:ffff8881a142d000(0000) knlGS:0000000000000000 [ 121.953359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.953678] CR2: dffffc0000000000 CR3: 00000000776bc000 CR4: 00000000000006f0 [ 121.953892] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99482 [ 121.954321] DR3: ffffffffb9c99483 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 121.954664] Call Trace: [ 121.954809] <TASK> [ 121.954945] ? intlog10_test+0xf2/0x220 [ 121.955291] ? __pfx_intlog10_test+0x10/0x10 [ 121.955616] ? __schedule+0x10cc/0x2b60 [ 121.955793] ? __pfx_read_tsc+0x10/0x10 [ 121.955991] ? ktime_get_ts64+0x86/0x230 [ 121.956311] kunit_try_run_case+0x1a5/0x480 [ 121.956583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.956750] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 121.957118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 121.957428] ? __kthread_parkme+0x82/0x180 [ 121.957664] ? preempt_count_sub+0x50/0x80 [ 121.958062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.958812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 121.959076] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 121.959685] kthread+0x337/0x6f0 [ 121.960029] ? trace_preempt_on+0x20/0xc0 [ 121.960407] ? __pfx_kthread+0x10/0x10 [ 121.960634] ? _raw_spin_unlock_irq+0x47/0x80 [ 121.961065] ? calculate_sigpending+0x7b/0xa0 [ 121.961508] ? __pfx_kthread+0x10/0x10 [ 121.961661] ret_from_fork+0x116/0x1d0 [ 121.961843] ? __pfx_kthread+0x10/0x10 [ 121.962023] ret_from_fork_asm+0x1a/0x30 [ 121.962354] </TASK> [ 121.962550] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 121.909760] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/689 [ 121.910207] Modules linked in: [ 121.910418] CPU: 1 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250703 #1 PREEMPT(voluntary) [ 121.911661] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 121.912093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 121.912844] RIP: 0010:intlog2+0xdf/0x110 [ 121.913006] Code: a9 b7 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 d7 71 8e 02 89 45 e4 e8 cf e1 55 ff 8b 45 e4 eb [ 121.914562] RSP: 0000:ffff88810b2ffcb0 EFLAGS: 00010246 [ 121.915285] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff1102165ffb4 [ 121.915696] RDX: 1ffffffff6f53148 RSI: 1ffff1102165ffb3 RDI: 0000000000000000 [ 121.915904] RBP: ffff88810b2ffd60 R08: 0000000000000000 R09: ffffed102014dc60 [ 121.916108] R10: ffff888100a6e307 R11: 0000000000000000 R12: 1ffff1102165ff97 [ 121.916508] R13: ffffffffb7a98a40 R14: 0000000000000000 R15: ffff88810b2ffd38 [ 121.917109] FS: 0000000000000000(0000) GS:ffff8881a152d000(0000) knlGS:0000000000000000 [ 121.917711] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.917900] CR2: ffff88815a93a000 CR3: 00000000776bc000 CR4: 00000000000006f0 [ 121.918107] DR0: ffffffffb9c99480 DR1: ffffffffb9c99481 DR2: ffffffffb9c99483 [ 121.918786] DR3: ffffffffb9c99485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 121.919546] Call Trace: [ 121.919881] <TASK> [ 121.920123] ? intlog2_test+0xf2/0x220 [ 121.920689] ? __pfx_intlog2_test+0x10/0x10 [ 121.921118] ? __schedule+0x10cc/0x2b60 [ 121.921630] ? __pfx_read_tsc+0x10/0x10 [ 121.921786] ? ktime_get_ts64+0x86/0x230 [ 121.921941] kunit_try_run_case+0x1a5/0x480 [ 121.922091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.922265] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 121.922597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 121.922796] ? __kthread_parkme+0x82/0x180 [ 121.922979] ? preempt_count_sub+0x50/0x80 [ 121.923291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.923528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 121.923767] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 121.924023] kthread+0x337/0x6f0 [ 121.924168] ? trace_preempt_on+0x20/0xc0 [ 121.924597] ? __pfx_kthread+0x10/0x10 [ 121.924776] ? _raw_spin_unlock_irq+0x47/0x80 [ 121.924957] ? calculate_sigpending+0x7b/0xa0 [ 121.925163] ? __pfx_kthread+0x10/0x10 [ 121.925521] ret_from_fork+0x116/0x1d0 [ 121.925704] ? __pfx_kthread+0x10/0x10 [ 121.925921] ret_from_fork_asm+0x1a/0x30 [ 121.926132] </TASK> [ 121.926370] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 121.332721] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI