Date
July 4, 2025, 11:10 a.m.
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 26.915382] ================================================================== [ 26.917010] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 26.917748] Read of size 1 at addr ffff88810612fd02 by task kunit_try_catch/298 [ 26.918487] [ 26.918684] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.918746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.918761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.918788] Call Trace: [ 26.918804] <TASK> [ 26.918825] dump_stack_lvl+0x73/0xb0 [ 26.918857] print_report+0xd1/0x650 [ 26.918882] ? __virt_addr_valid+0x1db/0x2d0 [ 26.918910] ? kasan_stack_oob+0x2b5/0x300 [ 26.918936] ? kasan_addr_to_slab+0x11/0xa0 [ 26.918964] ? kasan_stack_oob+0x2b5/0x300 [ 26.918990] kasan_report+0x141/0x180 [ 26.919014] ? kasan_stack_oob+0x2b5/0x300 [ 26.919044] __asan_report_load1_noabort+0x18/0x20 [ 26.919071] kasan_stack_oob+0x2b5/0x300 [ 26.919097] ? __pfx_kasan_stack_oob+0x10/0x10 [ 26.919122] ? finish_task_switch.isra.0+0x153/0x700 [ 26.919148] ? __switch_to+0x47/0xf50 [ 26.919178] ? __schedule+0x10cc/0x2b60 [ 26.919204] ? __pfx_read_tsc+0x10/0x10 [ 26.919229] ? ktime_get_ts64+0x86/0x230 [ 26.919257] kunit_try_run_case+0x1a5/0x480 [ 26.919304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.919329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.919355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.919383] ? __kthread_parkme+0x82/0x180 [ 26.919418] ? preempt_count_sub+0x50/0x80 [ 26.919443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.919470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.919498] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.919525] kthread+0x337/0x6f0 [ 26.919547] ? trace_preempt_on+0x20/0xc0 [ 26.919574] ? __pfx_kthread+0x10/0x10 [ 26.919597] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.919623] ? calculate_sigpending+0x7b/0xa0 [ 26.919649] ? __pfx_kthread+0x10/0x10 [ 26.919673] ret_from_fork+0x116/0x1d0 [ 26.919694] ? __pfx_kthread+0x10/0x10 [ 26.919717] ret_from_fork_asm+0x1a/0x30 [ 26.919750] </TASK> [ 26.919765] [ 26.934685] The buggy address belongs to stack of task kunit_try_catch/298 [ 26.935120] and is located at offset 138 in frame: [ 26.935288] kasan_stack_oob+0x0/0x300 [ 26.935695] [ 26.935788] This frame has 4 objects: [ 26.936092] [48, 49) '__assertion' [ 26.936117] [64, 72) 'array' [ 26.936362] [96, 112) '__assertion' [ 26.936592] [128, 138) 'stack_array' [ 26.936891] [ 26.937197] The buggy address belongs to the physical page: [ 26.937461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612f [ 26.937724] flags: 0x200000000000000(node=0|zone=2) [ 26.937907] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.939027] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.939829] page dumped because: kasan: bad access detected [ 26.940681] [ 26.940978] Memory state around the buggy address: [ 26.941501] ffff88810612fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.942014] ffff88810612fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 26.942235] >ffff88810612fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.942453] ^ [ 26.942849] ffff88810612fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 26.943574] ffff88810612fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.944405] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 62.486341] ================================================================== [ 62.487190] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 62.487190] [ 62.488006] Use-after-free read at 0x(____ptrval____) (in kfence-#163): [ 62.489078] test_krealloc+0x6fc/0xbe0 [ 62.489247] kunit_try_run_case+0x1a5/0x480 [ 62.489420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.489601] kthread+0x337/0x6f0 [ 62.489728] ret_from_fork+0x116/0x1d0 [ 62.489896] ret_from_fork_asm+0x1a/0x30 [ 62.490255] [ 62.490435] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 62.490435] [ 62.491273] allocated by task 386 on cpu 1 at 62.485585s (0.005686s ago): [ 62.491907] test_alloc+0x364/0x10f0 [ 62.492251] test_krealloc+0xad/0xbe0 [ 62.492487] kunit_try_run_case+0x1a5/0x480 [ 62.492642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.492823] kthread+0x337/0x6f0 [ 62.493133] ret_from_fork+0x116/0x1d0 [ 62.493484] ret_from_fork_asm+0x1a/0x30 [ 62.493819] [ 62.493954] freed by task 386 on cpu 1 at 62.485861s (0.008090s ago): [ 62.494282] krealloc_noprof+0x108/0x340 [ 62.494486] test_krealloc+0x226/0xbe0 [ 62.494829] kunit_try_run_case+0x1a5/0x480 [ 62.495226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.495524] kthread+0x337/0x6f0 [ 62.495649] ret_from_fork+0x116/0x1d0 [ 62.495784] ret_from_fork_asm+0x1a/0x30 [ 62.496059] [ 62.496255] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 62.497312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.497651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 62.498088] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 62.400899] ================================================================== [ 62.401386] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 62.401386] [ 62.401862] Use-after-free read at 0x(____ptrval____) (in kfence-#162): [ 62.402338] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 62.402571] kunit_try_run_case+0x1a5/0x480 [ 62.402804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.403643] kthread+0x337/0x6f0 [ 62.403808] ret_from_fork+0x116/0x1d0 [ 62.404319] ret_from_fork_asm+0x1a/0x30 [ 62.404560] [ 62.404663] kfence-#162: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 62.404663] [ 62.405381] allocated by task 384 on cpu 0 at 62.381824s (0.023554s ago): [ 62.405815] test_alloc+0x2a6/0x10f0 [ 62.406299] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 62.406551] kunit_try_run_case+0x1a5/0x480 [ 62.406776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.406983] kthread+0x337/0x6f0 [ 62.407228] ret_from_fork+0x116/0x1d0 [ 62.407438] ret_from_fork_asm+0x1a/0x30 [ 62.407650] [ 62.407744] freed by task 384 on cpu 0 at 62.381961s (0.025780s ago): [ 62.408001] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 62.408280] kunit_try_run_case+0x1a5/0x480 [ 62.408477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.408757] kthread+0x337/0x6f0 [ 62.408984] ret_from_fork+0x116/0x1d0 [ 62.409147] ret_from_fork_asm+0x1a/0x30 [ 62.409352] [ 62.409471] CPU: 0 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 62.410016] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.410228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 62.410590] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 36.915502] ================================================================== [ 36.916045] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 36.916045] [ 36.916470] Invalid read at 0x(____ptrval____): [ 36.916683] test_invalid_access+0xf0/0x210 [ 36.917336] kunit_try_run_case+0x1a5/0x480 [ 36.917986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.918384] kthread+0x337/0x6f0 [ 36.918676] ret_from_fork+0x116/0x1d0 [ 36.919066] ret_from_fork_asm+0x1a/0x30 [ 36.919430] [ 36.919657] CPU: 1 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 36.920386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.920647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.921189] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 36.693831] ================================================================== [ 36.694280] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.694280] [ 36.694681] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#157): [ 36.695324] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.695533] kunit_try_run_case+0x1a5/0x480 [ 36.696408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.696732] kthread+0x337/0x6f0 [ 36.696952] ret_from_fork+0x116/0x1d0 [ 36.697148] ret_from_fork_asm+0x1a/0x30 [ 36.697356] [ 36.697471] kfence-#157: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 36.697471] [ 36.697937] allocated by task 374 on cpu 1 at 36.693561s (0.004374s ago): [ 36.698265] test_alloc+0x364/0x10f0 [ 36.698466] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 36.698715] kunit_try_run_case+0x1a5/0x480 [ 36.699371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.699835] kthread+0x337/0x6f0 [ 36.700282] ret_from_fork+0x116/0x1d0 [ 36.700557] ret_from_fork_asm+0x1a/0x30 [ 36.700727] [ 36.700838] freed by task 374 on cpu 1 at 36.693697s (0.007139s ago): [ 36.701168] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.701449] kunit_try_run_case+0x1a5/0x480 [ 36.701632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.701906] kthread+0x337/0x6f0 [ 36.702080] ret_from_fork+0x116/0x1d0 [ 36.702256] ret_from_fork_asm+0x1a/0x30 [ 36.702430] [ 36.702564] CPU: 1 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 36.703079] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.703277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.703829] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 36.589711] ================================================================== [ 36.590348] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 36.590348] [ 36.590817] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#156): [ 36.591242] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 36.591548] kunit_try_run_case+0x1a5/0x480 [ 36.591723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.592058] kthread+0x337/0x6f0 [ 36.592188] ret_from_fork+0x116/0x1d0 [ 36.592543] ret_from_fork_asm+0x1a/0x30 [ 36.592754] [ 36.592975] kfence-#156: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 36.592975] [ 36.593857] allocated by task 372 on cpu 0 at 36.589472s (0.004383s ago): [ 36.594622] test_alloc+0x364/0x10f0 [ 36.594781] test_kmalloc_aligned_oob_read+0x105/0x560 [ 36.595169] kunit_try_run_case+0x1a5/0x480 [ 36.595340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.595630] kthread+0x337/0x6f0 [ 36.595794] ret_from_fork+0x116/0x1d0 [ 36.596033] ret_from_fork_asm+0x1a/0x30 [ 36.596249] [ 36.596412] CPU: 0 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 36.596889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.597214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.597806] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 32.533564] ================================================================== [ 32.534067] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 32.534067] [ 32.534506] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#117): [ 32.535285] test_corruption+0x131/0x3e0 [ 32.535451] kunit_try_run_case+0x1a5/0x480 [ 32.535664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.535964] kthread+0x337/0x6f0 [ 32.536138] ret_from_fork+0x116/0x1d0 [ 32.536303] ret_from_fork_asm+0x1a/0x30 [ 32.536550] [ 32.536646] kfence-#117: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.536646] [ 32.537019] allocated by task 362 on cpu 1 at 32.533426s (0.003591s ago): [ 32.537370] test_alloc+0x2a6/0x10f0 [ 32.537563] test_corruption+0xe6/0x3e0 [ 32.537802] kunit_try_run_case+0x1a5/0x480 [ 32.538079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.538327] kthread+0x337/0x6f0 [ 32.538497] ret_from_fork+0x116/0x1d0 [ 32.538625] ret_from_fork_asm+0x1a/0x30 [ 32.538787] [ 32.538892] freed by task 362 on cpu 1 at 32.533474s (0.005406s ago): [ 32.539220] test_corruption+0x131/0x3e0 [ 32.539373] kunit_try_run_case+0x1a5/0x480 [ 32.539527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.539746] kthread+0x337/0x6f0 [ 32.539908] ret_from_fork+0x116/0x1d0 [ 32.540119] ret_from_fork_asm+0x1a/0x30 [ 32.540324] [ 32.540462] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 32.540966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.541169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.541695] ================================================================== [ 32.325803] ================================================================== [ 32.326210] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 32.326210] [ 32.326555] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#115): [ 32.327057] test_corruption+0x2df/0x3e0 [ 32.327213] kunit_try_run_case+0x1a5/0x480 [ 32.327450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.327758] kthread+0x337/0x6f0 [ 32.327952] ret_from_fork+0x116/0x1d0 [ 32.328149] ret_from_fork_asm+0x1a/0x30 [ 32.328490] [ 32.328585] kfence-#115: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.328585] [ 32.328884] allocated by task 360 on cpu 0 at 32.325549s (0.003332s ago): [ 32.329222] test_alloc+0x364/0x10f0 [ 32.329520] test_corruption+0x1cb/0x3e0 [ 32.329797] kunit_try_run_case+0x1a5/0x480 [ 32.330045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.330247] kthread+0x337/0x6f0 [ 32.330372] ret_from_fork+0x116/0x1d0 [ 32.330531] ret_from_fork_asm+0x1a/0x30 [ 32.330791] [ 32.330890] freed by task 360 on cpu 0 at 32.325632s (0.005255s ago): [ 32.331175] test_corruption+0x2df/0x3e0 [ 32.331480] kunit_try_run_case+0x1a5/0x480 [ 32.331745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.332126] kthread+0x337/0x6f0 [ 32.332254] ret_from_fork+0x116/0x1d0 [ 32.332417] ret_from_fork_asm+0x1a/0x30 [ 32.332621] [ 32.332749] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 32.333403] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.333547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.333872] ================================================================== [ 32.637884] ================================================================== [ 32.638382] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 32.638382] [ 32.638785] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#118): [ 32.639225] test_corruption+0x216/0x3e0 [ 32.639424] kunit_try_run_case+0x1a5/0x480 [ 32.639600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.639898] kthread+0x337/0x6f0 [ 32.640071] ret_from_fork+0x116/0x1d0 [ 32.640212] ret_from_fork_asm+0x1a/0x30 [ 32.640465] [ 32.640568] kfence-#118: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.640568] [ 32.641022] allocated by task 362 on cpu 1 at 32.637746s (0.003274s ago): [ 32.641373] test_alloc+0x2a6/0x10f0 [ 32.641590] test_corruption+0x1cb/0x3e0 [ 32.641824] kunit_try_run_case+0x1a5/0x480 [ 32.642057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.642318] kthread+0x337/0x6f0 [ 32.642536] ret_from_fork+0x116/0x1d0 [ 32.642735] ret_from_fork_asm+0x1a/0x30 [ 32.643038] [ 32.643111] freed by task 362 on cpu 1 at 32.637800s (0.005309s ago): [ 32.643332] test_corruption+0x216/0x3e0 [ 32.643535] kunit_try_run_case+0x1a5/0x480 [ 32.643765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.644061] kthread+0x337/0x6f0 [ 32.644280] ret_from_fork+0x116/0x1d0 [ 32.644472] ret_from_fork_asm+0x1a/0x30 [ 32.644618] [ 32.644725] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 32.645494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.645699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.646135] ================================================================== [ 32.221807] ================================================================== [ 32.222899] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 32.222899] [ 32.224019] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#114): [ 32.225062] test_corruption+0x2d2/0x3e0 [ 32.225225] kunit_try_run_case+0x1a5/0x480 [ 32.225382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.225577] kthread+0x337/0x6f0 [ 32.225705] ret_from_fork+0x116/0x1d0 [ 32.225844] ret_from_fork_asm+0x1a/0x30 [ 32.226223] [ 32.226385] kfence-#114: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.226385] [ 32.227332] allocated by task 360 on cpu 0 at 32.221542s (0.005788s ago): [ 32.227890] test_alloc+0x364/0x10f0 [ 32.228032] test_corruption+0xe6/0x3e0 [ 32.228170] kunit_try_run_case+0x1a5/0x480 [ 32.228330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.228547] kthread+0x337/0x6f0 [ 32.228757] ret_from_fork+0x116/0x1d0 [ 32.228949] ret_from_fork_asm+0x1a/0x30 [ 32.229211] [ 32.229291] freed by task 360 on cpu 0 at 32.221633s (0.007656s ago): [ 32.229618] test_corruption+0x2d2/0x3e0 [ 32.229816] kunit_try_run_case+0x1a5/0x480 [ 32.230075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.230283] kthread+0x337/0x6f0 [ 32.230416] ret_from_fork+0x116/0x1d0 [ 32.230609] ret_from_fork_asm+0x1a/0x30 [ 32.230976] [ 32.231092] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 32.231610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.231802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.232190] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 32.013671] ================================================================== [ 32.014250] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 32.014250] [ 32.014692] Invalid free of 0x(____ptrval____) (in kfence-#112): [ 32.015053] test_invalid_addr_free+0x1e1/0x260 [ 32.015327] kunit_try_run_case+0x1a5/0x480 [ 32.015633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.015871] kthread+0x337/0x6f0 [ 32.016093] ret_from_fork+0x116/0x1d0 [ 32.016500] ret_from_fork_asm+0x1a/0x30 [ 32.016715] [ 32.016791] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.016791] [ 32.017558] allocated by task 356 on cpu 0 at 32.013515s (0.004024s ago): [ 32.017941] test_alloc+0x364/0x10f0 [ 32.018086] test_invalid_addr_free+0xdb/0x260 [ 32.018565] kunit_try_run_case+0x1a5/0x480 [ 32.018876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.019111] kthread+0x337/0x6f0 [ 32.019240] ret_from_fork+0x116/0x1d0 [ 32.019464] ret_from_fork_asm+0x1a/0x30 [ 32.019686] [ 32.019820] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 32.020486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.020774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.021253] ================================================================== [ 32.118353] ================================================================== [ 32.118768] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 32.118768] [ 32.119077] Invalid free of 0x(____ptrval____) (in kfence-#113): [ 32.119298] test_invalid_addr_free+0xfb/0x260 [ 32.120090] kunit_try_run_case+0x1a5/0x480 [ 32.120412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.120708] kthread+0x337/0x6f0 [ 32.120904] ret_from_fork+0x116/0x1d0 [ 32.121114] ret_from_fork_asm+0x1a/0x30 [ 32.121343] [ 32.121461] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.121461] [ 32.121926] allocated by task 358 on cpu 1 at 32.118213s (0.003711s ago): [ 32.122185] test_alloc+0x2a6/0x10f0 [ 32.122370] test_invalid_addr_free+0xdb/0x260 [ 32.122796] kunit_try_run_case+0x1a5/0x480 [ 32.123098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.123421] kthread+0x337/0x6f0 [ 32.123611] ret_from_fork+0x116/0x1d0 [ 32.123823] ret_from_fork_asm+0x1a/0x30 [ 32.124089] [ 32.124251] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 32.124834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.125012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.125299] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 31.805823] ================================================================== [ 31.806325] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 31.806325] [ 31.806688] Invalid free of 0x(____ptrval____) (in kfence-#110): [ 31.807157] test_double_free+0x1d3/0x260 [ 31.807402] kunit_try_run_case+0x1a5/0x480 [ 31.807607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.807782] kthread+0x337/0x6f0 [ 31.808056] ret_from_fork+0x116/0x1d0 [ 31.808254] ret_from_fork_asm+0x1a/0x30 [ 31.808506] [ 31.808601] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.808601] [ 31.809114] allocated by task 352 on cpu 1 at 31.805544s (0.003568s ago): [ 31.809369] test_alloc+0x364/0x10f0 [ 31.809572] test_double_free+0xdb/0x260 [ 31.809790] kunit_try_run_case+0x1a5/0x480 [ 31.810005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.810278] kthread+0x337/0x6f0 [ 31.810455] ret_from_fork+0x116/0x1d0 [ 31.810648] ret_from_fork_asm+0x1a/0x30 [ 31.810814] [ 31.810903] freed by task 352 on cpu 1 at 31.805619s (0.005281s ago): [ 31.811241] test_double_free+0x1e0/0x260 [ 31.811461] kunit_try_run_case+0x1a5/0x480 [ 31.811619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.811790] kthread+0x337/0x6f0 [ 31.811906] ret_from_fork+0x116/0x1d0 [ 31.812078] ret_from_fork_asm+0x1a/0x30 [ 31.812283] [ 31.812446] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 31.813493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.813712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.814584] ================================================================== [ 31.909894] ================================================================== [ 31.910505] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 31.910505] [ 31.910961] Invalid free of 0x(____ptrval____) (in kfence-#111): [ 31.911242] test_double_free+0x112/0x260 [ 31.911478] kunit_try_run_case+0x1a5/0x480 [ 31.911653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.911906] kthread+0x337/0x6f0 [ 31.912214] ret_from_fork+0x116/0x1d0 [ 31.912367] ret_from_fork_asm+0x1a/0x30 [ 31.912628] [ 31.912758] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.912758] [ 31.913618] allocated by task 354 on cpu 0 at 31.909543s (0.004072s ago): [ 31.914661] test_alloc+0x2a6/0x10f0 [ 31.914849] test_double_free+0xdb/0x260 [ 31.915254] kunit_try_run_case+0x1a5/0x480 [ 31.915623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.915928] kthread+0x337/0x6f0 [ 31.916125] ret_from_fork+0x116/0x1d0 [ 31.916339] ret_from_fork_asm+0x1a/0x30 [ 31.916581] [ 31.916697] freed by task 354 on cpu 0 at 31.909612s (0.007082s ago): [ 31.916932] test_double_free+0xfa/0x260 [ 31.917170] kunit_try_run_case+0x1a5/0x480 [ 31.917622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.918156] kthread+0x337/0x6f0 [ 31.918362] ret_from_fork+0x116/0x1d0 [ 31.918527] ret_from_fork_asm+0x1a/0x30 [ 31.918762] [ 31.918930] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 31.919588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.919779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.920304] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 31.493710] ================================================================== [ 31.494158] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 31.494158] [ 31.494561] Use-after-free read at 0x(____ptrval____) (in kfence-#107): [ 31.494935] test_use_after_free_read+0x129/0x270 [ 31.495203] kunit_try_run_case+0x1a5/0x480 [ 31.495364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.495560] kthread+0x337/0x6f0 [ 31.495769] ret_from_fork+0x116/0x1d0 [ 31.495974] ret_from_fork_asm+0x1a/0x30 [ 31.496339] [ 31.496666] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.496666] [ 31.497351] allocated by task 346 on cpu 1 at 31.493558s (0.003790s ago): [ 31.497709] test_alloc+0x2a6/0x10f0 [ 31.497855] test_use_after_free_read+0xdc/0x270 [ 31.498117] kunit_try_run_case+0x1a5/0x480 [ 31.498309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.498618] kthread+0x337/0x6f0 [ 31.498775] ret_from_fork+0x116/0x1d0 [ 31.498957] ret_from_fork_asm+0x1a/0x30 [ 31.499173] [ 31.499271] freed by task 346 on cpu 1 at 31.493615s (0.005654s ago): [ 31.499592] test_use_after_free_read+0xfb/0x270 [ 31.499757] kunit_try_run_case+0x1a5/0x480 [ 31.500051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.500324] kthread+0x337/0x6f0 [ 31.500539] ret_from_fork+0x116/0x1d0 [ 31.500763] ret_from_fork_asm+0x1a/0x30 [ 31.500968] [ 31.501106] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 31.501692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.501891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.502240] ================================================================== [ 31.389902] ================================================================== [ 31.390588] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 31.390588] [ 31.391167] Use-after-free read at 0x(____ptrval____) (in kfence-#106): [ 31.391457] test_use_after_free_read+0x129/0x270 [ 31.391666] kunit_try_run_case+0x1a5/0x480 [ 31.391884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.392117] kthread+0x337/0x6f0 [ 31.392331] ret_from_fork+0x116/0x1d0 [ 31.392485] ret_from_fork_asm+0x1a/0x30 [ 31.392687] [ 31.392815] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.392815] [ 31.393179] allocated by task 344 on cpu 0 at 31.389522s (0.003655s ago): [ 31.394013] test_alloc+0x364/0x10f0 [ 31.394195] test_use_after_free_read+0xdc/0x270 [ 31.394438] kunit_try_run_case+0x1a5/0x480 [ 31.394639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.395361] kthread+0x337/0x6f0 [ 31.395562] ret_from_fork+0x116/0x1d0 [ 31.395720] ret_from_fork_asm+0x1a/0x30 [ 31.396168] [ 31.396579] freed by task 344 on cpu 0 at 31.389579s (0.006734s ago): [ 31.396939] test_use_after_free_read+0x1e7/0x270 [ 31.397274] kunit_try_run_case+0x1a5/0x480 [ 31.397581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.397952] kthread+0x337/0x6f0 [ 31.398130] ret_from_fork+0x116/0x1d0 [ 31.398411] ret_from_fork_asm+0x1a/0x30 [ 31.398711] [ 31.398830] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 31.399578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.399876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.400442] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 31.181674] ================================================================== [ 31.182158] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 31.182158] [ 31.182628] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#104): [ 31.182967] test_out_of_bounds_write+0x10d/0x260 [ 31.183146] kunit_try_run_case+0x1a5/0x480 [ 31.183569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.183874] kthread+0x337/0x6f0 [ 31.184045] ret_from_fork+0x116/0x1d0 [ 31.184264] ret_from_fork_asm+0x1a/0x30 [ 31.184557] [ 31.184708] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.184708] [ 31.186195] allocated by task 340 on cpu 1 at 31.181528s (0.004664s ago): [ 31.186646] test_alloc+0x364/0x10f0 [ 31.186799] test_out_of_bounds_write+0xd4/0x260 [ 31.187008] kunit_try_run_case+0x1a5/0x480 [ 31.187240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.187589] kthread+0x337/0x6f0 [ 31.187753] ret_from_fork+0x116/0x1d0 [ 31.187995] ret_from_fork_asm+0x1a/0x30 [ 31.188218] [ 31.188346] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 31.188922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.189151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.189605] ================================================================== [ 31.285606] ================================================================== [ 31.286120] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 31.286120] [ 31.286557] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#105): [ 31.286910] test_out_of_bounds_write+0x10d/0x260 [ 31.287601] kunit_try_run_case+0x1a5/0x480 [ 31.287816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.288088] kthread+0x337/0x6f0 [ 31.288594] ret_from_fork+0x116/0x1d0 [ 31.288863] ret_from_fork_asm+0x1a/0x30 [ 31.289061] [ 31.289171] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.289171] [ 31.289568] allocated by task 342 on cpu 0 at 31.285535s (0.004030s ago): [ 31.289884] test_alloc+0x2a6/0x10f0 [ 31.290441] test_out_of_bounds_write+0xd4/0x260 [ 31.290654] kunit_try_run_case+0x1a5/0x480 [ 31.290969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.291272] kthread+0x337/0x6f0 [ 31.291614] ret_from_fork+0x116/0x1d0 [ 31.291788] ret_from_fork_asm+0x1a/0x30 [ 31.292131] [ 31.292271] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 31.292929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.293148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.293536] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 29.725779] ================================================================== [ 29.726230] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 29.726230] [ 29.726746] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#90): [ 29.727524] test_out_of_bounds_read+0x216/0x4e0 [ 29.727762] kunit_try_run_case+0x1a5/0x480 [ 29.728031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.728257] kthread+0x337/0x6f0 [ 29.728453] ret_from_fork+0x116/0x1d0 [ 29.728642] ret_from_fork_asm+0x1a/0x30 [ 29.728851] [ 29.729419] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.729419] [ 29.729826] allocated by task 336 on cpu 0 at 29.725564s (0.004259s ago): [ 29.730541] test_alloc+0x364/0x10f0 [ 29.730818] test_out_of_bounds_read+0x1e2/0x4e0 [ 29.731067] kunit_try_run_case+0x1a5/0x480 [ 29.731426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.731777] kthread+0x337/0x6f0 [ 29.731993] ret_from_fork+0x116/0x1d0 [ 29.732157] ret_from_fork_asm+0x1a/0x30 [ 29.732375] [ 29.732507] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.733340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.733531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.734150] ================================================================== [ 30.141625] ================================================================== [ 30.142219] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 30.142219] [ 30.142737] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#94): [ 30.143020] test_out_of_bounds_read+0x126/0x4e0 [ 30.143253] kunit_try_run_case+0x1a5/0x480 [ 30.143525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.143840] kthread+0x337/0x6f0 [ 30.144039] ret_from_fork+0x116/0x1d0 [ 30.144266] ret_from_fork_asm+0x1a/0x30 [ 30.144501] [ 30.144581] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.144581] [ 30.145095] allocated by task 338 on cpu 1 at 30.141552s (0.003540s ago): [ 30.145569] test_alloc+0x2a6/0x10f0 [ 30.145841] test_out_of_bounds_read+0xed/0x4e0 [ 30.146074] kunit_try_run_case+0x1a5/0x480 [ 30.146300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.146574] kthread+0x337/0x6f0 [ 30.146706] ret_from_fork+0x116/0x1d0 [ 30.146933] ret_from_fork_asm+0x1a/0x30 [ 30.147160] [ 30.147328] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 30.147931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.148130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.148591] ================================================================== [ 29.622606] ================================================================== [ 29.623329] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.623329] [ 29.624372] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#89): [ 29.625367] test_out_of_bounds_read+0x126/0x4e0 [ 29.625724] kunit_try_run_case+0x1a5/0x480 [ 29.625890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.626435] kthread+0x337/0x6f0 [ 29.626753] ret_from_fork+0x116/0x1d0 [ 29.627172] ret_from_fork_asm+0x1a/0x30 [ 29.627472] [ 29.627828] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.627828] [ 29.628606] allocated by task 336 on cpu 0 at 29.621455s (0.007093s ago): [ 29.629685] test_alloc+0x364/0x10f0 [ 29.629850] test_out_of_bounds_read+0xed/0x4e0 [ 29.630303] kunit_try_run_case+0x1a5/0x480 [ 29.630712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.631210] kthread+0x337/0x6f0 [ 29.631548] ret_from_fork+0x116/0x1d0 [ 29.631911] ret_from_fork_asm+0x1a/0x30 [ 29.632428] [ 29.632688] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.633934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.634206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.634987] ================================================================== [ 30.973595] ================================================================== [ 30.974108] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 30.974108] [ 30.974503] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#102): [ 30.974883] test_out_of_bounds_read+0x216/0x4e0 [ 30.975090] kunit_try_run_case+0x1a5/0x480 [ 30.975277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.975580] kthread+0x337/0x6f0 [ 30.975774] ret_from_fork+0x116/0x1d0 [ 30.975975] ret_from_fork_asm+0x1a/0x30 [ 30.976141] [ 30.976265] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.976265] [ 30.976720] allocated by task 338 on cpu 1 at 30.973525s (0.003192s ago): [ 30.977036] test_alloc+0x2a6/0x10f0 [ 30.977273] test_out_of_bounds_read+0x1e2/0x4e0 [ 30.977500] kunit_try_run_case+0x1a5/0x480 [ 30.977703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.977898] kthread+0x337/0x6f0 [ 30.978113] ret_from_fork+0x116/0x1d0 [ 30.978320] ret_from_fork_asm+0x1a/0x30 [ 30.978598] [ 30.978768] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 30.979232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.979465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.979922] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 29.580076] ================================================================== [ 29.580469] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 29.580823] Write of size 1 at addr ffff888106258978 by task kunit_try_catch/334 [ 29.581178] [ 29.581327] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.581382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.581408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.581434] Call Trace: [ 29.581456] <TASK> [ 29.581477] dump_stack_lvl+0x73/0xb0 [ 29.581507] print_report+0xd1/0x650 [ 29.581531] ? __virt_addr_valid+0x1db/0x2d0 [ 29.581557] ? strncpy_from_user+0x1a5/0x1d0 [ 29.581581] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.581609] ? strncpy_from_user+0x1a5/0x1d0 [ 29.581632] kasan_report+0x141/0x180 [ 29.581655] ? strncpy_from_user+0x1a5/0x1d0 [ 29.581683] __asan_report_store1_noabort+0x1b/0x30 [ 29.581710] strncpy_from_user+0x1a5/0x1d0 [ 29.581734] copy_user_test_oob+0x760/0x10f0 [ 29.581761] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.581784] ? finish_task_switch.isra.0+0x153/0x700 [ 29.581808] ? __switch_to+0x47/0xf50 [ 29.581836] ? __schedule+0x10cc/0x2b60 [ 29.581869] ? __pfx_read_tsc+0x10/0x10 [ 29.581893] ? ktime_get_ts64+0x86/0x230 [ 29.581919] kunit_try_run_case+0x1a5/0x480 [ 29.581947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.581973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.581998] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.582026] ? __kthread_parkme+0x82/0x180 [ 29.582048] ? preempt_count_sub+0x50/0x80 [ 29.582073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.582100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.582127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.582154] kthread+0x337/0x6f0 [ 29.582176] ? trace_preempt_on+0x20/0xc0 [ 29.582226] ? __pfx_kthread+0x10/0x10 [ 29.582250] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.582277] ? calculate_sigpending+0x7b/0xa0 [ 29.582304] ? __pfx_kthread+0x10/0x10 [ 29.582327] ret_from_fork+0x116/0x1d0 [ 29.582349] ? __pfx_kthread+0x10/0x10 [ 29.582371] ret_from_fork_asm+0x1a/0x30 [ 29.582414] </TASK> [ 29.582428] [ 29.589401] Allocated by task 334: [ 29.589586] kasan_save_stack+0x45/0x70 [ 29.589786] kasan_save_track+0x18/0x40 [ 29.590022] kasan_save_alloc_info+0x3b/0x50 [ 29.590170] __kasan_kmalloc+0xb7/0xc0 [ 29.590366] __kmalloc_noprof+0x1c9/0x500 [ 29.590579] kunit_kmalloc_array+0x25/0x60 [ 29.590726] copy_user_test_oob+0xab/0x10f0 [ 29.590864] kunit_try_run_case+0x1a5/0x480 [ 29.591061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.591321] kthread+0x337/0x6f0 [ 29.591481] ret_from_fork+0x116/0x1d0 [ 29.591608] ret_from_fork_asm+0x1a/0x30 [ 29.591740] [ 29.591831] The buggy address belongs to the object at ffff888106258900 [ 29.591831] which belongs to the cache kmalloc-128 of size 128 [ 29.592521] The buggy address is located 0 bytes to the right of [ 29.592521] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.592871] [ 29.592938] The buggy address belongs to the physical page: [ 29.593103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.593814] flags: 0x200000000000000(node=0|zone=2) [ 29.594292] page_type: f5(slab) [ 29.594475] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.594820] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.595044] page dumped because: kasan: bad access detected [ 29.595309] [ 29.595435] Memory state around the buggy address: [ 29.595656] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.596006] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.596288] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.596591] ^ [ 29.596796] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.597002] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.597205] ================================================================== [ 29.560349] ================================================================== [ 29.560897] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 29.561267] Write of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.561641] [ 29.561759] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.561847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.561862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.561889] Call Trace: [ 29.561912] <TASK> [ 29.561933] dump_stack_lvl+0x73/0xb0 [ 29.561995] print_report+0xd1/0x650 [ 29.562021] ? __virt_addr_valid+0x1db/0x2d0 [ 29.562048] ? strncpy_from_user+0x2e/0x1d0 [ 29.562071] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.562129] ? strncpy_from_user+0x2e/0x1d0 [ 29.562154] kasan_report+0x141/0x180 [ 29.562177] ? strncpy_from_user+0x2e/0x1d0 [ 29.562204] kasan_check_range+0x10c/0x1c0 [ 29.562230] __kasan_check_write+0x18/0x20 [ 29.562254] strncpy_from_user+0x2e/0x1d0 [ 29.562277] ? __kasan_check_read+0x15/0x20 [ 29.562303] copy_user_test_oob+0x760/0x10f0 [ 29.562329] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.562355] ? finish_task_switch.isra.0+0x153/0x700 [ 29.562378] ? __switch_to+0x47/0xf50 [ 29.562417] ? __schedule+0x10cc/0x2b60 [ 29.562444] ? __pfx_read_tsc+0x10/0x10 [ 29.562467] ? ktime_get_ts64+0x86/0x230 [ 29.562494] kunit_try_run_case+0x1a5/0x480 [ 29.562521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.562547] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.562572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.562598] ? __kthread_parkme+0x82/0x180 [ 29.562621] ? preempt_count_sub+0x50/0x80 [ 29.562646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.562672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.562698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.562724] kthread+0x337/0x6f0 [ 29.562746] ? trace_preempt_on+0x20/0xc0 [ 29.562771] ? __pfx_kthread+0x10/0x10 [ 29.562794] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.562818] ? calculate_sigpending+0x7b/0xa0 [ 29.562844] ? __pfx_kthread+0x10/0x10 [ 29.562868] ret_from_fork+0x116/0x1d0 [ 29.562900] ? __pfx_kthread+0x10/0x10 [ 29.562923] ret_from_fork_asm+0x1a/0x30 [ 29.562991] </TASK> [ 29.563006] [ 29.570762] Allocated by task 334: [ 29.570933] kasan_save_stack+0x45/0x70 [ 29.571161] kasan_save_track+0x18/0x40 [ 29.571332] kasan_save_alloc_info+0x3b/0x50 [ 29.571571] __kasan_kmalloc+0xb7/0xc0 [ 29.571785] __kmalloc_noprof+0x1c9/0x500 [ 29.572060] kunit_kmalloc_array+0x25/0x60 [ 29.572269] copy_user_test_oob+0xab/0x10f0 [ 29.572505] kunit_try_run_case+0x1a5/0x480 [ 29.572716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.573008] kthread+0x337/0x6f0 [ 29.573208] ret_from_fork+0x116/0x1d0 [ 29.573419] ret_from_fork_asm+0x1a/0x30 [ 29.573616] [ 29.573712] The buggy address belongs to the object at ffff888106258900 [ 29.573712] which belongs to the cache kmalloc-128 of size 128 [ 29.574242] The buggy address is located 0 bytes inside of [ 29.574242] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.574707] [ 29.574780] The buggy address belongs to the physical page: [ 29.575139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.575518] flags: 0x200000000000000(node=0|zone=2) [ 29.575761] page_type: f5(slab) [ 29.575880] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.576138] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.576602] page dumped because: kasan: bad access detected [ 29.576963] [ 29.577059] Memory state around the buggy address: [ 29.577310] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.577673] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.577912] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.578260] ^ [ 29.578631] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.578972] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.579304] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 29.490353] ================================================================== [ 29.490663] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.490962] Read of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.491265] [ 29.491404] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.491466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.491483] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.491511] Call Trace: [ 29.491537] <TASK> [ 29.491561] dump_stack_lvl+0x73/0xb0 [ 29.491596] print_report+0xd1/0x650 [ 29.491623] ? __virt_addr_valid+0x1db/0x2d0 [ 29.491652] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.491679] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.491746] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.491776] kasan_report+0x141/0x180 [ 29.491803] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.491849] kasan_check_range+0x10c/0x1c0 [ 29.491899] __kasan_check_read+0x15/0x20 [ 29.491928] copy_user_test_oob+0x4aa/0x10f0 [ 29.491958] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.491985] ? finish_task_switch.isra.0+0x153/0x700 [ 29.492011] ? __switch_to+0x47/0xf50 [ 29.492043] ? __schedule+0x10cc/0x2b60 [ 29.492072] ? __pfx_read_tsc+0x10/0x10 [ 29.492125] ? ktime_get_ts64+0x86/0x230 [ 29.492162] kunit_try_run_case+0x1a5/0x480 [ 29.492192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.492221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.492254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.492283] ? __kthread_parkme+0x82/0x180 [ 29.492307] ? preempt_count_sub+0x50/0x80 [ 29.492335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.492363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.492428] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.492461] kthread+0x337/0x6f0 [ 29.492498] ? trace_preempt_on+0x20/0xc0 [ 29.492528] ? __pfx_kthread+0x10/0x10 [ 29.492553] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.492580] ? calculate_sigpending+0x7b/0xa0 [ 29.492609] ? __pfx_kthread+0x10/0x10 [ 29.492634] ret_from_fork+0x116/0x1d0 [ 29.492657] ? __pfx_kthread+0x10/0x10 [ 29.492681] ret_from_fork_asm+0x1a/0x30 [ 29.492718] </TASK> [ 29.492733] [ 29.502835] Allocated by task 334: [ 29.503026] kasan_save_stack+0x45/0x70 [ 29.503233] kasan_save_track+0x18/0x40 [ 29.503892] kasan_save_alloc_info+0x3b/0x50 [ 29.504189] __kasan_kmalloc+0xb7/0xc0 [ 29.504715] __kmalloc_noprof+0x1c9/0x500 [ 29.504977] kunit_kmalloc_array+0x25/0x60 [ 29.505198] copy_user_test_oob+0xab/0x10f0 [ 29.505438] kunit_try_run_case+0x1a5/0x480 [ 29.505644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.505862] kthread+0x337/0x6f0 [ 29.506024] ret_from_fork+0x116/0x1d0 [ 29.506165] ret_from_fork_asm+0x1a/0x30 [ 29.506371] [ 29.506486] The buggy address belongs to the object at ffff888106258900 [ 29.506486] which belongs to the cache kmalloc-128 of size 128 [ 29.507056] The buggy address is located 0 bytes inside of [ 29.507056] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.507653] [ 29.507746] The buggy address belongs to the physical page: [ 29.508071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.508387] flags: 0x200000000000000(node=0|zone=2) [ 29.508659] page_type: f5(slab) [ 29.508828] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.509262] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.509562] page dumped because: kasan: bad access detected [ 29.509824] [ 29.509945] Memory state around the buggy address: [ 29.510412] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.510706] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.511509] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.512046] ^ [ 29.512585] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.512876] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.513201] ================================================================== [ 29.540217] ================================================================== [ 29.540623] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.540901] Read of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.541264] [ 29.541411] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.541487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.541503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.541529] Call Trace: [ 29.541552] <TASK> [ 29.541575] dump_stack_lvl+0x73/0xb0 [ 29.541606] print_report+0xd1/0x650 [ 29.541649] ? __virt_addr_valid+0x1db/0x2d0 [ 29.541675] ? copy_user_test_oob+0x604/0x10f0 [ 29.541700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.541729] ? copy_user_test_oob+0x604/0x10f0 [ 29.541756] kasan_report+0x141/0x180 [ 29.541781] ? copy_user_test_oob+0x604/0x10f0 [ 29.541811] kasan_check_range+0x10c/0x1c0 [ 29.541837] __kasan_check_read+0x15/0x20 [ 29.541863] copy_user_test_oob+0x604/0x10f0 [ 29.541890] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.541915] ? finish_task_switch.isra.0+0x153/0x700 [ 29.541939] ? __switch_to+0x47/0xf50 [ 29.541968] ? __schedule+0x10cc/0x2b60 [ 29.541994] ? __pfx_read_tsc+0x10/0x10 [ 29.542018] ? ktime_get_ts64+0x86/0x230 [ 29.542063] kunit_try_run_case+0x1a5/0x480 [ 29.542105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.542131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.542171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.542211] ? __kthread_parkme+0x82/0x180 [ 29.542235] ? preempt_count_sub+0x50/0x80 [ 29.542260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.542301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.542342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.542369] kthread+0x337/0x6f0 [ 29.542401] ? trace_preempt_on+0x20/0xc0 [ 29.542428] ? __pfx_kthread+0x10/0x10 [ 29.542450] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.542475] ? calculate_sigpending+0x7b/0xa0 [ 29.542502] ? __pfx_kthread+0x10/0x10 [ 29.542526] ret_from_fork+0x116/0x1d0 [ 29.542547] ? __pfx_kthread+0x10/0x10 [ 29.542571] ret_from_fork_asm+0x1a/0x30 [ 29.542604] </TASK> [ 29.542618] [ 29.550728] Allocated by task 334: [ 29.550948] kasan_save_stack+0x45/0x70 [ 29.551199] kasan_save_track+0x18/0x40 [ 29.551371] kasan_save_alloc_info+0x3b/0x50 [ 29.551610] __kasan_kmalloc+0xb7/0xc0 [ 29.551804] __kmalloc_noprof+0x1c9/0x500 [ 29.552016] kunit_kmalloc_array+0x25/0x60 [ 29.552275] copy_user_test_oob+0xab/0x10f0 [ 29.552532] kunit_try_run_case+0x1a5/0x480 [ 29.552758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.553009] kthread+0x337/0x6f0 [ 29.553192] ret_from_fork+0x116/0x1d0 [ 29.553402] ret_from_fork_asm+0x1a/0x30 [ 29.553640] [ 29.553745] The buggy address belongs to the object at ffff888106258900 [ 29.553745] which belongs to the cache kmalloc-128 of size 128 [ 29.554411] The buggy address is located 0 bytes inside of [ 29.554411] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.554986] [ 29.555109] The buggy address belongs to the physical page: [ 29.555381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.555744] flags: 0x200000000000000(node=0|zone=2) [ 29.556014] page_type: f5(slab) [ 29.556219] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.556601] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.556986] page dumped because: kasan: bad access detected [ 29.557238] [ 29.557363] Memory state around the buggy address: [ 29.557571] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.557785] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.558178] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.558576] ^ [ 29.558782] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.559242] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.559549] ================================================================== [ 29.513998] ================================================================== [ 29.514290] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.515445] Write of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.515781] [ 29.515905] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.515962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.515978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.516005] Call Trace: [ 29.516028] <TASK> [ 29.516051] dump_stack_lvl+0x73/0xb0 [ 29.516085] print_report+0xd1/0x650 [ 29.516111] ? __virt_addr_valid+0x1db/0x2d0 [ 29.516139] ? copy_user_test_oob+0x557/0x10f0 [ 29.516166] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.516196] ? copy_user_test_oob+0x557/0x10f0 [ 29.516241] kasan_report+0x141/0x180 [ 29.516266] ? copy_user_test_oob+0x557/0x10f0 [ 29.516297] kasan_check_range+0x10c/0x1c0 [ 29.516324] __kasan_check_write+0x18/0x20 [ 29.516350] copy_user_test_oob+0x557/0x10f0 [ 29.516378] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.516416] ? finish_task_switch.isra.0+0x153/0x700 [ 29.516441] ? __switch_to+0x47/0xf50 [ 29.516470] ? __schedule+0x10cc/0x2b60 [ 29.516498] ? __pfx_read_tsc+0x10/0x10 [ 29.516522] ? ktime_get_ts64+0x86/0x230 [ 29.516550] kunit_try_run_case+0x1a5/0x480 [ 29.516582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.516609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.516635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.516663] ? __kthread_parkme+0x82/0x180 [ 29.516687] ? preempt_count_sub+0x50/0x80 [ 29.516713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.516741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.516768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.516796] kthread+0x337/0x6f0 [ 29.516821] ? trace_preempt_on+0x20/0xc0 [ 29.516849] ? __pfx_kthread+0x10/0x10 [ 29.516873] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.516898] ? calculate_sigpending+0x7b/0xa0 [ 29.516925] ? __pfx_kthread+0x10/0x10 [ 29.516950] ret_from_fork+0x116/0x1d0 [ 29.516972] ? __pfx_kthread+0x10/0x10 [ 29.516996] ret_from_fork_asm+0x1a/0x30 [ 29.517030] </TASK> [ 29.517045] [ 29.527158] Allocated by task 334: [ 29.527347] kasan_save_stack+0x45/0x70 [ 29.527557] kasan_save_track+0x18/0x40 [ 29.527744] kasan_save_alloc_info+0x3b/0x50 [ 29.528353] __kasan_kmalloc+0xb7/0xc0 [ 29.528611] __kmalloc_noprof+0x1c9/0x500 [ 29.528948] kunit_kmalloc_array+0x25/0x60 [ 29.529331] copy_user_test_oob+0xab/0x10f0 [ 29.529651] kunit_try_run_case+0x1a5/0x480 [ 29.530052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.530309] kthread+0x337/0x6f0 [ 29.530488] ret_from_fork+0x116/0x1d0 [ 29.530673] ret_from_fork_asm+0x1a/0x30 [ 29.530866] [ 29.530959] The buggy address belongs to the object at ffff888106258900 [ 29.530959] which belongs to the cache kmalloc-128 of size 128 [ 29.531802] The buggy address is located 0 bytes inside of [ 29.531802] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.532758] [ 29.533011] The buggy address belongs to the physical page: [ 29.533447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.534140] flags: 0x200000000000000(node=0|zone=2) [ 29.534549] page_type: f5(slab) [ 29.534719] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.535345] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.535844] page dumped because: kasan: bad access detected [ 29.536319] [ 29.536427] Memory state around the buggy address: [ 29.536787] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.537540] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.538029] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.538474] ^ [ 29.538910] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.539205] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.539499] ================================================================== [ 29.463405] ================================================================== [ 29.463762] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.464192] Write of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.464502] [ 29.464632] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.464706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.464723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.464763] Call Trace: [ 29.464781] <TASK> [ 29.464805] dump_stack_lvl+0x73/0xb0 [ 29.464837] print_report+0xd1/0x650 [ 29.464865] ? __virt_addr_valid+0x1db/0x2d0 [ 29.464896] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.464924] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.464956] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.464983] kasan_report+0x141/0x180 [ 29.465021] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.465054] kasan_check_range+0x10c/0x1c0 [ 29.465095] __kasan_check_write+0x18/0x20 [ 29.465122] copy_user_test_oob+0x3fd/0x10f0 [ 29.465163] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.465190] ? finish_task_switch.isra.0+0x153/0x700 [ 29.465217] ? __switch_to+0x47/0xf50 [ 29.465247] ? __schedule+0x10cc/0x2b60 [ 29.465275] ? __pfx_read_tsc+0x10/0x10 [ 29.465302] ? ktime_get_ts64+0x86/0x230 [ 29.465331] kunit_try_run_case+0x1a5/0x480 [ 29.465360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.465398] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.465428] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.465456] ? __kthread_parkme+0x82/0x180 [ 29.465481] ? preempt_count_sub+0x50/0x80 [ 29.465508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.465538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.465567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.465597] kthread+0x337/0x6f0 [ 29.465620] ? trace_preempt_on+0x20/0xc0 [ 29.465649] ? __pfx_kthread+0x10/0x10 [ 29.465674] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.465701] ? calculate_sigpending+0x7b/0xa0 [ 29.465730] ? __pfx_kthread+0x10/0x10 [ 29.465755] ret_from_fork+0x116/0x1d0 [ 29.465779] ? __pfx_kthread+0x10/0x10 [ 29.465803] ret_from_fork_asm+0x1a/0x30 [ 29.465840] </TASK> [ 29.465855] [ 29.475033] Allocated by task 334: [ 29.475237] kasan_save_stack+0x45/0x70 [ 29.475715] kasan_save_track+0x18/0x40 [ 29.476432] kasan_save_alloc_info+0x3b/0x50 [ 29.476823] __kasan_kmalloc+0xb7/0xc0 [ 29.477187] __kmalloc_noprof+0x1c9/0x500 [ 29.477630] kunit_kmalloc_array+0x25/0x60 [ 29.478053] copy_user_test_oob+0xab/0x10f0 [ 29.478276] kunit_try_run_case+0x1a5/0x480 [ 29.478500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.478758] kthread+0x337/0x6f0 [ 29.479000] ret_from_fork+0x116/0x1d0 [ 29.479190] ret_from_fork_asm+0x1a/0x30 [ 29.479399] [ 29.479481] The buggy address belongs to the object at ffff888106258900 [ 29.479481] which belongs to the cache kmalloc-128 of size 128 [ 29.480045] The buggy address is located 0 bytes inside of [ 29.480045] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.480483] [ 29.480564] The buggy address belongs to the physical page: [ 29.480755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.482515] flags: 0x200000000000000(node=0|zone=2) [ 29.483591] page_type: f5(slab) [ 29.483749] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.484594] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.484988] page dumped because: kasan: bad access detected [ 29.485270] [ 29.485349] Memory state around the buggy address: [ 29.485541] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.485835] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.486073] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.486383] ^ [ 29.487130] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.487384] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.487695] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 29.423807] ================================================================== [ 29.424460] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 29.424722] Read of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.425104] [ 29.425277] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.425335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.425352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.425379] Call Trace: [ 29.425407] <TASK> [ 29.425429] dump_stack_lvl+0x73/0xb0 [ 29.425461] print_report+0xd1/0x650 [ 29.425487] ? __virt_addr_valid+0x1db/0x2d0 [ 29.425517] ? _copy_to_user+0x3c/0x70 [ 29.425553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.425584] ? _copy_to_user+0x3c/0x70 [ 29.425620] kasan_report+0x141/0x180 [ 29.425646] ? _copy_to_user+0x3c/0x70 [ 29.425675] kasan_check_range+0x10c/0x1c0 [ 29.425702] __kasan_check_read+0x15/0x20 [ 29.425729] _copy_to_user+0x3c/0x70 [ 29.425754] copy_user_test_oob+0x364/0x10f0 [ 29.425783] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.425810] ? finish_task_switch.isra.0+0x153/0x700 [ 29.425836] ? __switch_to+0x47/0xf50 [ 29.425888] ? __schedule+0x10cc/0x2b60 [ 29.425920] ? __pfx_read_tsc+0x10/0x10 [ 29.425949] ? ktime_get_ts64+0x86/0x230 [ 29.425989] kunit_try_run_case+0x1a5/0x480 [ 29.426018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.426047] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.426075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.426114] ? __kthread_parkme+0x82/0x180 [ 29.426139] ? preempt_count_sub+0x50/0x80 [ 29.426176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.426206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.426235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.426263] kthread+0x337/0x6f0 [ 29.426287] ? trace_preempt_on+0x20/0xc0 [ 29.426314] ? __pfx_kthread+0x10/0x10 [ 29.426340] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.426367] ? calculate_sigpending+0x7b/0xa0 [ 29.426403] ? __pfx_kthread+0x10/0x10 [ 29.426428] ret_from_fork+0x116/0x1d0 [ 29.426451] ? __pfx_kthread+0x10/0x10 [ 29.426476] ret_from_fork_asm+0x1a/0x30 [ 29.426511] </TASK> [ 29.426526] [ 29.443271] Allocated by task 334: [ 29.443749] kasan_save_stack+0x45/0x70 [ 29.444297] kasan_save_track+0x18/0x40 [ 29.444735] kasan_save_alloc_info+0x3b/0x50 [ 29.445058] __kasan_kmalloc+0xb7/0xc0 [ 29.445432] __kmalloc_noprof+0x1c9/0x500 [ 29.445863] kunit_kmalloc_array+0x25/0x60 [ 29.446440] copy_user_test_oob+0xab/0x10f0 [ 29.446927] kunit_try_run_case+0x1a5/0x480 [ 29.447092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.447628] kthread+0x337/0x6f0 [ 29.448044] ret_from_fork+0x116/0x1d0 [ 29.448426] ret_from_fork_asm+0x1a/0x30 [ 29.448740] [ 29.448819] The buggy address belongs to the object at ffff888106258900 [ 29.448819] which belongs to the cache kmalloc-128 of size 128 [ 29.449724] The buggy address is located 0 bytes inside of [ 29.449724] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.451338] [ 29.451558] The buggy address belongs to the physical page: [ 29.451958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.452748] flags: 0x200000000000000(node=0|zone=2) [ 29.453052] page_type: f5(slab) [ 29.453502] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.454000] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.454768] page dumped because: kasan: bad access detected [ 29.455070] [ 29.455270] Memory state around the buggy address: [ 29.455987] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.456610] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.456852] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.457083] ^ [ 29.457374] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.457722] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.458134] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 29.394488] ================================================================== [ 29.395029] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 29.395415] Write of size 121 at addr ffff888106258900 by task kunit_try_catch/334 [ 29.395774] [ 29.395882] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.395947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.395964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.395993] Call Trace: [ 29.396011] <TASK> [ 29.396037] dump_stack_lvl+0x73/0xb0 [ 29.396073] print_report+0xd1/0x650 [ 29.396103] ? __virt_addr_valid+0x1db/0x2d0 [ 29.396134] ? _copy_from_user+0x32/0x90 [ 29.396160] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.396191] ? _copy_from_user+0x32/0x90 [ 29.396216] kasan_report+0x141/0x180 [ 29.396248] ? _copy_from_user+0x32/0x90 [ 29.396278] kasan_check_range+0x10c/0x1c0 [ 29.396306] __kasan_check_write+0x18/0x20 [ 29.396334] _copy_from_user+0x32/0x90 [ 29.396361] copy_user_test_oob+0x2be/0x10f0 [ 29.396402] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.396430] ? finish_task_switch.isra.0+0x153/0x700 [ 29.396457] ? __switch_to+0x47/0xf50 [ 29.396490] ? __schedule+0x10cc/0x2b60 [ 29.396519] ? __pfx_read_tsc+0x10/0x10 [ 29.396546] ? ktime_get_ts64+0x86/0x230 [ 29.396577] kunit_try_run_case+0x1a5/0x480 [ 29.396606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.396634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.396663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.396691] ? __kthread_parkme+0x82/0x180 [ 29.396716] ? preempt_count_sub+0x50/0x80 [ 29.396743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.396774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.396803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.396832] kthread+0x337/0x6f0 [ 29.396855] ? trace_preempt_on+0x20/0xc0 [ 29.396902] ? __pfx_kthread+0x10/0x10 [ 29.396927] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.397577] ? calculate_sigpending+0x7b/0xa0 [ 29.397615] ? __pfx_kthread+0x10/0x10 [ 29.397643] ret_from_fork+0x116/0x1d0 [ 29.397669] ? __pfx_kthread+0x10/0x10 [ 29.397694] ret_from_fork_asm+0x1a/0x30 [ 29.397732] </TASK> [ 29.397749] [ 29.409343] Allocated by task 334: [ 29.409550] kasan_save_stack+0x45/0x70 [ 29.409786] kasan_save_track+0x18/0x40 [ 29.410112] kasan_save_alloc_info+0x3b/0x50 [ 29.410428] __kasan_kmalloc+0xb7/0xc0 [ 29.410661] __kmalloc_noprof+0x1c9/0x500 [ 29.410857] kunit_kmalloc_array+0x25/0x60 [ 29.411118] copy_user_test_oob+0xab/0x10f0 [ 29.411370] kunit_try_run_case+0x1a5/0x480 [ 29.411622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.411880] kthread+0x337/0x6f0 [ 29.412047] ret_from_fork+0x116/0x1d0 [ 29.412350] ret_from_fork_asm+0x1a/0x30 [ 29.412521] [ 29.412602] The buggy address belongs to the object at ffff888106258900 [ 29.412602] which belongs to the cache kmalloc-128 of size 128 [ 29.413216] The buggy address is located 0 bytes inside of [ 29.413216] allocated 120-byte region [ffff888106258900, ffff888106258978) [ 29.414120] [ 29.414270] The buggy address belongs to the physical page: [ 29.414827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 29.415137] flags: 0x200000000000000(node=0|zone=2) [ 29.415541] page_type: f5(slab) [ 29.415724] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.416293] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.416665] page dumped because: kasan: bad access detected [ 29.416924] [ 29.417027] Memory state around the buggy address: [ 29.417355] ffff888106258800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.417706] ffff888106258880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.418057] >ffff888106258900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.418450] ^ [ 29.418675] ffff888106258980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.419242] ffff888106258a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.419665] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 29.328485] ================================================================== [ 29.329319] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.329750] Read of size 8 at addr ffff888105aacd78 by task kunit_try_catch/330 [ 29.330241] [ 29.330372] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.330493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.330511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.330540] Call Trace: [ 29.330559] <TASK> [ 29.330584] dump_stack_lvl+0x73/0xb0 [ 29.330659] print_report+0xd1/0x650 [ 29.330691] ? __virt_addr_valid+0x1db/0x2d0 [ 29.330721] ? copy_to_kernel_nofault+0x225/0x260 [ 29.330750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.330782] ? copy_to_kernel_nofault+0x225/0x260 [ 29.330810] kasan_report+0x141/0x180 [ 29.330835] ? copy_to_kernel_nofault+0x225/0x260 [ 29.330868] __asan_report_load8_noabort+0x18/0x20 [ 29.330909] copy_to_kernel_nofault+0x225/0x260 [ 29.330938] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.330966] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.330993] ? finish_task_switch.isra.0+0x153/0x700 [ 29.331021] ? __schedule+0x10cc/0x2b60 [ 29.331050] ? trace_hardirqs_on+0x37/0xe0 [ 29.331087] ? __pfx_read_tsc+0x10/0x10 [ 29.331115] ? ktime_get_ts64+0x86/0x230 [ 29.331146] kunit_try_run_case+0x1a5/0x480 [ 29.331179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.331432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.331465] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.331495] ? __kthread_parkme+0x82/0x180 [ 29.331521] ? preempt_count_sub+0x50/0x80 [ 29.331549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.331579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.331610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.331638] kthread+0x337/0x6f0 [ 29.331663] ? trace_preempt_on+0x20/0xc0 [ 29.331689] ? __pfx_kthread+0x10/0x10 [ 29.331714] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.331740] ? calculate_sigpending+0x7b/0xa0 [ 29.331770] ? __pfx_kthread+0x10/0x10 [ 29.331795] ret_from_fork+0x116/0x1d0 [ 29.331819] ? __pfx_kthread+0x10/0x10 [ 29.331844] ret_from_fork_asm+0x1a/0x30 [ 29.331881] </TASK> [ 29.331897] [ 29.343918] Allocated by task 330: [ 29.344124] kasan_save_stack+0x45/0x70 [ 29.344460] kasan_save_track+0x18/0x40 [ 29.345109] kasan_save_alloc_info+0x3b/0x50 [ 29.345522] __kasan_kmalloc+0xb7/0xc0 [ 29.345739] __kmalloc_cache_noprof+0x189/0x420 [ 29.346333] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.346601] kunit_try_run_case+0x1a5/0x480 [ 29.346810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.347075] kthread+0x337/0x6f0 [ 29.347226] ret_from_fork+0x116/0x1d0 [ 29.347573] ret_from_fork_asm+0x1a/0x30 [ 29.348034] [ 29.348128] The buggy address belongs to the object at ffff888105aacd00 [ 29.348128] which belongs to the cache kmalloc-128 of size 128 [ 29.348980] The buggy address is located 0 bytes to the right of [ 29.348980] allocated 120-byte region [ffff888105aacd00, ffff888105aacd78) [ 29.349796] [ 29.349908] The buggy address belongs to the physical page: [ 29.350112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 29.350512] flags: 0x200000000000000(node=0|zone=2) [ 29.350809] page_type: f5(slab) [ 29.351039] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.351596] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.351879] page dumped because: kasan: bad access detected [ 29.352260] [ 29.352334] Memory state around the buggy address: [ 29.352593] ffff888105aacc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.353253] ffff888105aacc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.353637] >ffff888105aacd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.354028] ^ [ 29.354459] ffff888105aacd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.354802] ffff888105aace00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.355154] ================================================================== [ 29.355961] ================================================================== [ 29.356622] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.357028] Write of size 8 at addr ffff888105aacd78 by task kunit_try_catch/330 [ 29.357530] [ 29.357659] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.357752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.357769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.357797] Call Trace: [ 29.357819] <TASK> [ 29.357841] dump_stack_lvl+0x73/0xb0 [ 29.357874] print_report+0xd1/0x650 [ 29.357900] ? __virt_addr_valid+0x1db/0x2d0 [ 29.357964] ? copy_to_kernel_nofault+0x99/0x260 [ 29.358019] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.358049] ? copy_to_kernel_nofault+0x99/0x260 [ 29.358078] kasan_report+0x141/0x180 [ 29.358104] ? copy_to_kernel_nofault+0x99/0x260 [ 29.358137] kasan_check_range+0x10c/0x1c0 [ 29.358220] __kasan_check_write+0x18/0x20 [ 29.358289] copy_to_kernel_nofault+0x99/0x260 [ 29.358320] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.358347] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.358376] ? finish_task_switch.isra.0+0x153/0x700 [ 29.358416] ? __schedule+0x10cc/0x2b60 [ 29.358475] ? trace_hardirqs_on+0x37/0xe0 [ 29.358512] ? __pfx_read_tsc+0x10/0x10 [ 29.358538] ? ktime_get_ts64+0x86/0x230 [ 29.358568] kunit_try_run_case+0x1a5/0x480 [ 29.358599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.358626] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.358654] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.358682] ? __kthread_parkme+0x82/0x180 [ 29.358707] ? preempt_count_sub+0x50/0x80 [ 29.358734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.358763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.358791] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.358820] kthread+0x337/0x6f0 [ 29.358843] ? trace_preempt_on+0x20/0xc0 [ 29.358868] ? __pfx_kthread+0x10/0x10 [ 29.358893] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.358919] ? calculate_sigpending+0x7b/0xa0 [ 29.358947] ? __pfx_kthread+0x10/0x10 [ 29.358972] ret_from_fork+0x116/0x1d0 [ 29.358995] ? __pfx_kthread+0x10/0x10 [ 29.359020] ret_from_fork_asm+0x1a/0x30 [ 29.359055] </TASK> [ 29.359070] [ 29.368846] Allocated by task 330: [ 29.369047] kasan_save_stack+0x45/0x70 [ 29.369508] kasan_save_track+0x18/0x40 [ 29.369689] kasan_save_alloc_info+0x3b/0x50 [ 29.370015] __kasan_kmalloc+0xb7/0xc0 [ 29.370325] __kmalloc_cache_noprof+0x189/0x420 [ 29.370695] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.370994] kunit_try_run_case+0x1a5/0x480 [ 29.371358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.371806] kthread+0x337/0x6f0 [ 29.372030] ret_from_fork+0x116/0x1d0 [ 29.372226] ret_from_fork_asm+0x1a/0x30 [ 29.372453] [ 29.372556] The buggy address belongs to the object at ffff888105aacd00 [ 29.372556] which belongs to the cache kmalloc-128 of size 128 [ 29.373462] The buggy address is located 0 bytes to the right of [ 29.373462] allocated 120-byte region [ffff888105aacd00, ffff888105aacd78) [ 29.374153] [ 29.374346] The buggy address belongs to the physical page: [ 29.374587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 29.375044] flags: 0x200000000000000(node=0|zone=2) [ 29.375445] page_type: f5(slab) [ 29.375653] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.376058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.376577] page dumped because: kasan: bad access detected [ 29.376864] [ 29.376965] Memory state around the buggy address: [ 29.377223] ffff888105aacc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.377651] ffff888105aacc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.378136] >ffff888105aacd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.378567] ^ [ 29.378826] ffff888105aacd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.379103] ffff888105aace00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.379539] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 27.765836] ================================================================== [ 27.766296] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 27.767235] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.767608] [ 27.767737] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.767796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.767814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.767842] Call Trace: [ 27.767867] <TASK> [ 27.767893] dump_stack_lvl+0x73/0xb0 [ 27.767928] print_report+0xd1/0x650 [ 27.768267] ? __virt_addr_valid+0x1db/0x2d0 [ 27.768300] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.768330] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.768361] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.768407] kasan_report+0x141/0x180 [ 27.768433] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.768469] __asan_report_load4_noabort+0x18/0x20 [ 27.768497] kasan_atomics_helper+0x4b54/0x5450 [ 27.768530] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.768561] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.768591] ? kasan_atomics+0x152/0x310 [ 27.768622] kasan_atomics+0x1dc/0x310 [ 27.768648] ? __pfx_kasan_atomics+0x10/0x10 [ 27.768678] ? __pfx_read_tsc+0x10/0x10 [ 27.768709] ? ktime_get_ts64+0x86/0x230 [ 27.768741] kunit_try_run_case+0x1a5/0x480 [ 27.768772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.768800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.768830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.768860] ? __kthread_parkme+0x82/0x180 [ 27.768885] ? preempt_count_sub+0x50/0x80 [ 27.768914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.768960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.768990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.769020] kthread+0x337/0x6f0 [ 27.769044] ? trace_preempt_on+0x20/0xc0 [ 27.769073] ? __pfx_kthread+0x10/0x10 [ 27.769098] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.769126] ? calculate_sigpending+0x7b/0xa0 [ 27.769155] ? __pfx_kthread+0x10/0x10 [ 27.769181] ret_from_fork+0x116/0x1d0 [ 27.769205] ? __pfx_kthread+0x10/0x10 [ 27.769230] ret_from_fork_asm+0x1a/0x30 [ 27.769268] </TASK> [ 27.769283] [ 27.781509] Allocated by task 314: [ 27.781730] kasan_save_stack+0x45/0x70 [ 27.782093] kasan_save_track+0x18/0x40 [ 27.782331] kasan_save_alloc_info+0x3b/0x50 [ 27.782773] __kasan_kmalloc+0xb7/0xc0 [ 27.783054] __kmalloc_cache_noprof+0x189/0x420 [ 27.783424] kasan_atomics+0x95/0x310 [ 27.783607] kunit_try_run_case+0x1a5/0x480 [ 27.783827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.784411] kthread+0x337/0x6f0 [ 27.784602] ret_from_fork+0x116/0x1d0 [ 27.784791] ret_from_fork_asm+0x1a/0x30 [ 27.785013] [ 27.785139] The buggy address belongs to the object at ffff88810625b900 [ 27.785139] which belongs to the cache kmalloc-64 of size 64 [ 27.786013] The buggy address is located 0 bytes to the right of [ 27.786013] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.786903] [ 27.787100] The buggy address belongs to the physical page: [ 27.787445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.787987] flags: 0x200000000000000(node=0|zone=2) [ 27.788230] page_type: f5(slab) [ 27.788548] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.788916] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.789415] page dumped because: kasan: bad access detected [ 27.789658] [ 27.789749] Memory state around the buggy address: [ 27.790268] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.790589] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.791051] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.791678] ^ [ 27.792049] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.792625] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.793285] ================================================================== [ 28.882082] ================================================================== [ 28.882846] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 28.883304] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.883766] [ 28.883946] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.884001] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.884015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.884041] Call Trace: [ 28.884063] <TASK> [ 28.884085] dump_stack_lvl+0x73/0xb0 [ 28.884116] print_report+0xd1/0x650 [ 28.884142] ? __virt_addr_valid+0x1db/0x2d0 [ 28.884170] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.884196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.884231] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.884259] kasan_report+0x141/0x180 [ 28.884283] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.884316] kasan_check_range+0x10c/0x1c0 [ 28.884342] __kasan_check_write+0x18/0x20 [ 28.884367] kasan_atomics_helper+0x19e3/0x5450 [ 28.884407] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.884470] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.884497] ? kasan_atomics+0x152/0x310 [ 28.884536] kasan_atomics+0x1dc/0x310 [ 28.884561] ? __pfx_kasan_atomics+0x10/0x10 [ 28.884587] ? __pfx_read_tsc+0x10/0x10 [ 28.884612] ? ktime_get_ts64+0x86/0x230 [ 28.884667] kunit_try_run_case+0x1a5/0x480 [ 28.884696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.884734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.884762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.884815] ? __kthread_parkme+0x82/0x180 [ 28.884838] ? preempt_count_sub+0x50/0x80 [ 28.884865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.884915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.884942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.884996] kthread+0x337/0x6f0 [ 28.885019] ? trace_preempt_on+0x20/0xc0 [ 28.885058] ? __pfx_kthread+0x10/0x10 [ 28.885081] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.885123] ? calculate_sigpending+0x7b/0xa0 [ 28.885162] ? __pfx_kthread+0x10/0x10 [ 28.885187] ret_from_fork+0x116/0x1d0 [ 28.885219] ? __pfx_kthread+0x10/0x10 [ 28.885243] ret_from_fork_asm+0x1a/0x30 [ 28.885305] </TASK> [ 28.885319] [ 28.893932] Allocated by task 314: [ 28.894133] kasan_save_stack+0x45/0x70 [ 28.894342] kasan_save_track+0x18/0x40 [ 28.894576] kasan_save_alloc_info+0x3b/0x50 [ 28.894800] __kasan_kmalloc+0xb7/0xc0 [ 28.895092] __kmalloc_cache_noprof+0x189/0x420 [ 28.895342] kasan_atomics+0x95/0x310 [ 28.895596] kunit_try_run_case+0x1a5/0x480 [ 28.895913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.896175] kthread+0x337/0x6f0 [ 28.896348] ret_from_fork+0x116/0x1d0 [ 28.896547] ret_from_fork_asm+0x1a/0x30 [ 28.896741] [ 28.896841] The buggy address belongs to the object at ffff88810625b900 [ 28.896841] which belongs to the cache kmalloc-64 of size 64 [ 28.897223] The buggy address is located 0 bytes to the right of [ 28.897223] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.897756] [ 28.897931] The buggy address belongs to the physical page: [ 28.898194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.898612] flags: 0x200000000000000(node=0|zone=2) [ 28.898830] page_type: f5(slab) [ 28.899137] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.899520] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.899889] page dumped because: kasan: bad access detected [ 28.900157] [ 28.900253] Memory state around the buggy address: [ 28.900507] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.900861] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.901226] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.901563] ^ [ 28.901795] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.902457] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.902699] ================================================================== [ 28.903418] ================================================================== [ 28.903802] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 28.904318] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.904642] [ 28.904759] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.904814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.904829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.904854] Call Trace: [ 28.904899] <TASK> [ 28.904933] dump_stack_lvl+0x73/0xb0 [ 28.904991] print_report+0xd1/0x650 [ 28.905033] ? __virt_addr_valid+0x1db/0x2d0 [ 28.905074] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.905116] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.905158] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.905212] kasan_report+0x141/0x180 [ 28.905250] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.905296] kasan_check_range+0x10c/0x1c0 [ 28.905336] __kasan_check_write+0x18/0x20 [ 28.905375] kasan_atomics_helper+0x1a7f/0x5450 [ 28.905427] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.905469] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.905496] ? kasan_atomics+0x152/0x310 [ 28.905525] kasan_atomics+0x1dc/0x310 [ 28.905550] ? __pfx_kasan_atomics+0x10/0x10 [ 28.905577] ? __pfx_read_tsc+0x10/0x10 [ 28.905602] ? ktime_get_ts64+0x86/0x230 [ 28.905629] kunit_try_run_case+0x1a5/0x480 [ 28.905657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.905683] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.905710] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.905737] ? __kthread_parkme+0x82/0x180 [ 28.905760] ? preempt_count_sub+0x50/0x80 [ 28.905787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.905813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.905842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.905870] kthread+0x337/0x6f0 [ 28.905902] ? trace_preempt_on+0x20/0xc0 [ 28.905938] ? __pfx_kthread+0x10/0x10 [ 28.905962] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.905999] ? calculate_sigpending+0x7b/0xa0 [ 28.906026] ? __pfx_kthread+0x10/0x10 [ 28.906050] ret_from_fork+0x116/0x1d0 [ 28.906074] ? __pfx_kthread+0x10/0x10 [ 28.906098] ret_from_fork_asm+0x1a/0x30 [ 28.906133] </TASK> [ 28.906148] [ 28.914740] Allocated by task 314: [ 28.914951] kasan_save_stack+0x45/0x70 [ 28.915232] kasan_save_track+0x18/0x40 [ 28.915445] kasan_save_alloc_info+0x3b/0x50 [ 28.915681] __kasan_kmalloc+0xb7/0xc0 [ 28.915918] __kmalloc_cache_noprof+0x189/0x420 [ 28.916156] kasan_atomics+0x95/0x310 [ 28.916368] kunit_try_run_case+0x1a5/0x480 [ 28.916581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.916827] kthread+0x337/0x6f0 [ 28.917052] ret_from_fork+0x116/0x1d0 [ 28.917273] ret_from_fork_asm+0x1a/0x30 [ 28.917504] [ 28.917641] The buggy address belongs to the object at ffff88810625b900 [ 28.917641] which belongs to the cache kmalloc-64 of size 64 [ 28.918211] The buggy address is located 0 bytes to the right of [ 28.918211] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.918821] [ 28.918944] The buggy address belongs to the physical page: [ 28.919165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.919571] flags: 0x200000000000000(node=0|zone=2) [ 28.919810] page_type: f5(slab) [ 28.920084] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.920442] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.920851] page dumped because: kasan: bad access detected [ 28.921136] [ 28.921265] Memory state around the buggy address: [ 28.921565] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.921786] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.922103] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.922432] ^ [ 28.922665] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.923078] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.923297] ================================================================== [ 29.078619] ================================================================== [ 29.079067] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 29.079378] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.079691] [ 29.079808] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.079861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.079877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.079944] Call Trace: [ 29.079966] <TASK> [ 29.080001] dump_stack_lvl+0x73/0xb0 [ 29.080032] print_report+0xd1/0x650 [ 29.080058] ? __virt_addr_valid+0x1db/0x2d0 [ 29.080088] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.080116] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.080145] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.080173] kasan_report+0x141/0x180 [ 29.080198] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.080236] kasan_check_range+0x10c/0x1c0 [ 29.080263] __kasan_check_write+0x18/0x20 [ 29.080320] kasan_atomics_helper+0x1f43/0x5450 [ 29.080350] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.080399] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.080427] ? kasan_atomics+0x152/0x310 [ 29.080456] kasan_atomics+0x1dc/0x310 [ 29.080482] ? __pfx_kasan_atomics+0x10/0x10 [ 29.080508] ? __pfx_read_tsc+0x10/0x10 [ 29.080532] ? ktime_get_ts64+0x86/0x230 [ 29.080561] kunit_try_run_case+0x1a5/0x480 [ 29.080589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.080614] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.080642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.080669] ? __kthread_parkme+0x82/0x180 [ 29.080693] ? preempt_count_sub+0x50/0x80 [ 29.080721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.080749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.080811] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.080840] kthread+0x337/0x6f0 [ 29.080873] ? trace_preempt_on+0x20/0xc0 [ 29.080914] ? __pfx_kthread+0x10/0x10 [ 29.080938] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.080987] ? calculate_sigpending+0x7b/0xa0 [ 29.081015] ? __pfx_kthread+0x10/0x10 [ 29.081040] ret_from_fork+0x116/0x1d0 [ 29.081083] ? __pfx_kthread+0x10/0x10 [ 29.081106] ret_from_fork_asm+0x1a/0x30 [ 29.081152] </TASK> [ 29.081166] [ 29.091905] Allocated by task 314: [ 29.092081] kasan_save_stack+0x45/0x70 [ 29.092530] kasan_save_track+0x18/0x40 [ 29.092922] kasan_save_alloc_info+0x3b/0x50 [ 29.093291] __kasan_kmalloc+0xb7/0xc0 [ 29.093616] __kmalloc_cache_noprof+0x189/0x420 [ 29.093973] kasan_atomics+0x95/0x310 [ 29.094339] kunit_try_run_case+0x1a5/0x480 [ 29.094506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.095133] kthread+0x337/0x6f0 [ 29.095532] ret_from_fork+0x116/0x1d0 [ 29.095756] ret_from_fork_asm+0x1a/0x30 [ 29.096208] [ 29.096329] The buggy address belongs to the object at ffff88810625b900 [ 29.096329] which belongs to the cache kmalloc-64 of size 64 [ 29.097091] The buggy address is located 0 bytes to the right of [ 29.097091] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.097505] [ 29.097608] The buggy address belongs to the physical page: [ 29.097839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.098248] flags: 0x200000000000000(node=0|zone=2) [ 29.098481] page_type: f5(slab) [ 29.098619] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.098955] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.099456] page dumped because: kasan: bad access detected [ 29.099691] [ 29.099775] Memory state around the buggy address: [ 29.100056] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.100314] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.100661] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.101039] ^ [ 29.101235] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.101582] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.101900] ================================================================== [ 28.680285] ================================================================== [ 28.681428] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 28.682457] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.683044] [ 28.683384] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.683461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.683478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.683506] Call Trace: [ 28.683529] <TASK> [ 28.683552] dump_stack_lvl+0x73/0xb0 [ 28.683587] print_report+0xd1/0x650 [ 28.683614] ? __virt_addr_valid+0x1db/0x2d0 [ 28.683643] ? kasan_atomics_helper+0x151d/0x5450 [ 28.683673] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.683703] ? kasan_atomics_helper+0x151d/0x5450 [ 28.683733] kasan_report+0x141/0x180 [ 28.683759] ? kasan_atomics_helper+0x151d/0x5450 [ 28.683793] kasan_check_range+0x10c/0x1c0 [ 28.683821] __kasan_check_write+0x18/0x20 [ 28.683849] kasan_atomics_helper+0x151d/0x5450 [ 28.683993] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.684048] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.684093] ? kasan_atomics+0x152/0x310 [ 28.684126] kasan_atomics+0x1dc/0x310 [ 28.684192] ? __pfx_kasan_atomics+0x10/0x10 [ 28.684225] ? __pfx_read_tsc+0x10/0x10 [ 28.684252] ? ktime_get_ts64+0x86/0x230 [ 28.684282] kunit_try_run_case+0x1a5/0x480 [ 28.684312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.684341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.684371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.684411] ? __kthread_parkme+0x82/0x180 [ 28.684436] ? preempt_count_sub+0x50/0x80 [ 28.684466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.684496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.684526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.684555] kthread+0x337/0x6f0 [ 28.684580] ? trace_preempt_on+0x20/0xc0 [ 28.684611] ? __pfx_kthread+0x10/0x10 [ 28.684636] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.684663] ? calculate_sigpending+0x7b/0xa0 [ 28.684691] ? __pfx_kthread+0x10/0x10 [ 28.684717] ret_from_fork+0x116/0x1d0 [ 28.684740] ? __pfx_kthread+0x10/0x10 [ 28.684764] ret_from_fork_asm+0x1a/0x30 [ 28.684802] </TASK> [ 28.684818] [ 28.701087] Allocated by task 314: [ 28.701347] kasan_save_stack+0x45/0x70 [ 28.702494] kasan_save_track+0x18/0x40 [ 28.703109] kasan_save_alloc_info+0x3b/0x50 [ 28.703566] __kasan_kmalloc+0xb7/0xc0 [ 28.703739] __kmalloc_cache_noprof+0x189/0x420 [ 28.703929] kasan_atomics+0x95/0x310 [ 28.704082] kunit_try_run_case+0x1a5/0x480 [ 28.704259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.704502] kthread+0x337/0x6f0 [ 28.704644] ret_from_fork+0x116/0x1d0 [ 28.704822] ret_from_fork_asm+0x1a/0x30 [ 28.705086] [ 28.705194] The buggy address belongs to the object at ffff88810625b900 [ 28.705194] which belongs to the cache kmalloc-64 of size 64 [ 28.706022] The buggy address is located 0 bytes to the right of [ 28.706022] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.706998] [ 28.707086] The buggy address belongs to the physical page: [ 28.707285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.708011] flags: 0x200000000000000(node=0|zone=2) [ 28.708550] page_type: f5(slab) [ 28.708944] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.709705] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.710122] page dumped because: kasan: bad access detected [ 28.710316] [ 28.710404] Memory state around the buggy address: [ 28.710584] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.710827] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.711569] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.712298] ^ [ 28.712800] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.713524] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.714229] ================================================================== [ 28.793489] ================================================================== [ 28.793839] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 28.794273] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.794691] [ 28.794848] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.794968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.794987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.795029] Call Trace: [ 28.795052] <TASK> [ 28.795092] dump_stack_lvl+0x73/0xb0 [ 28.795143] print_report+0xd1/0x650 [ 28.795172] ? __virt_addr_valid+0x1db/0x2d0 [ 28.795201] ? kasan_atomics_helper+0x177f/0x5450 [ 28.795230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.795273] ? kasan_atomics_helper+0x177f/0x5450 [ 28.795304] kasan_report+0x141/0x180 [ 28.795342] ? kasan_atomics_helper+0x177f/0x5450 [ 28.795377] kasan_check_range+0x10c/0x1c0 [ 28.795416] __kasan_check_write+0x18/0x20 [ 28.795444] kasan_atomics_helper+0x177f/0x5450 [ 28.795475] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.795505] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.795534] ? kasan_atomics+0x152/0x310 [ 28.795566] kasan_atomics+0x1dc/0x310 [ 28.795592] ? __pfx_kasan_atomics+0x10/0x10 [ 28.795653] ? __pfx_read_tsc+0x10/0x10 [ 28.795681] ? ktime_get_ts64+0x86/0x230 [ 28.795724] kunit_try_run_case+0x1a5/0x480 [ 28.795755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.795784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.795814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.795844] ? __kthread_parkme+0x82/0x180 [ 28.795921] ? preempt_count_sub+0x50/0x80 [ 28.795951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.795994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.796024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.796084] kthread+0x337/0x6f0 [ 28.796108] ? trace_preempt_on+0x20/0xc0 [ 28.796150] ? __pfx_kthread+0x10/0x10 [ 28.796176] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.796204] ? calculate_sigpending+0x7b/0xa0 [ 28.796240] ? __pfx_kthread+0x10/0x10 [ 28.796267] ret_from_fork+0x116/0x1d0 [ 28.796290] ? __pfx_kthread+0x10/0x10 [ 28.796316] ret_from_fork_asm+0x1a/0x30 [ 28.796354] </TASK> [ 28.796369] [ 28.805255] Allocated by task 314: [ 28.805467] kasan_save_stack+0x45/0x70 [ 28.805712] kasan_save_track+0x18/0x40 [ 28.805994] kasan_save_alloc_info+0x3b/0x50 [ 28.806264] __kasan_kmalloc+0xb7/0xc0 [ 28.806570] __kmalloc_cache_noprof+0x189/0x420 [ 28.806884] kasan_atomics+0x95/0x310 [ 28.807094] kunit_try_run_case+0x1a5/0x480 [ 28.807303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.807556] kthread+0x337/0x6f0 [ 28.807741] ret_from_fork+0x116/0x1d0 [ 28.808021] ret_from_fork_asm+0x1a/0x30 [ 28.808249] [ 28.808353] The buggy address belongs to the object at ffff88810625b900 [ 28.808353] which belongs to the cache kmalloc-64 of size 64 [ 28.809054] The buggy address is located 0 bytes to the right of [ 28.809054] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.809680] [ 28.809835] The buggy address belongs to the physical page: [ 28.810210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.810620] flags: 0x200000000000000(node=0|zone=2) [ 28.810973] page_type: f5(slab) [ 28.811162] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.811594] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.811996] page dumped because: kasan: bad access detected [ 28.812194] [ 28.812275] Memory state around the buggy address: [ 28.812464] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.812862] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.813272] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.813639] ^ [ 28.813951] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.814278] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.814566] ================================================================== [ 28.268300] ================================================================== [ 28.269028] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 28.269576] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.270157] [ 28.270255] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.270332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.270347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.270373] Call Trace: [ 28.270406] <TASK> [ 28.270431] dump_stack_lvl+0x73/0xb0 [ 28.270463] print_report+0xd1/0x650 [ 28.270490] ? __virt_addr_valid+0x1db/0x2d0 [ 28.270517] ? kasan_atomics_helper+0xe78/0x5450 [ 28.270545] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.270574] ? kasan_atomics_helper+0xe78/0x5450 [ 28.270601] kasan_report+0x141/0x180 [ 28.270626] ? kasan_atomics_helper+0xe78/0x5450 [ 28.270659] kasan_check_range+0x10c/0x1c0 [ 28.270685] __kasan_check_write+0x18/0x20 [ 28.270710] kasan_atomics_helper+0xe78/0x5450 [ 28.270739] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.270767] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.270795] ? kasan_atomics+0x152/0x310 [ 28.270824] kasan_atomics+0x1dc/0x310 [ 28.270849] ? __pfx_kasan_atomics+0x10/0x10 [ 28.270875] ? __pfx_read_tsc+0x10/0x10 [ 28.270900] ? ktime_get_ts64+0x86/0x230 [ 28.270929] kunit_try_run_case+0x1a5/0x480 [ 28.270957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.270983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.271011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.271045] ? __kthread_parkme+0x82/0x180 [ 28.271068] ? preempt_count_sub+0x50/0x80 [ 28.271095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.271123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.271161] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.271189] kthread+0x337/0x6f0 [ 28.271212] ? trace_preempt_on+0x20/0xc0 [ 28.271239] ? __pfx_kthread+0x10/0x10 [ 28.271263] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.271288] ? calculate_sigpending+0x7b/0xa0 [ 28.271315] ? __pfx_kthread+0x10/0x10 [ 28.271340] ret_from_fork+0x116/0x1d0 [ 28.271362] ? __pfx_kthread+0x10/0x10 [ 28.271385] ret_from_fork_asm+0x1a/0x30 [ 28.271429] </TASK> [ 28.271444] [ 28.283981] Allocated by task 314: [ 28.284399] kasan_save_stack+0x45/0x70 [ 28.284843] kasan_save_track+0x18/0x40 [ 28.285265] kasan_save_alloc_info+0x3b/0x50 [ 28.285769] __kasan_kmalloc+0xb7/0xc0 [ 28.286164] __kmalloc_cache_noprof+0x189/0x420 [ 28.286648] kasan_atomics+0x95/0x310 [ 28.286994] kunit_try_run_case+0x1a5/0x480 [ 28.287470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.288042] kthread+0x337/0x6f0 [ 28.288420] ret_from_fork+0x116/0x1d0 [ 28.288828] ret_from_fork_asm+0x1a/0x30 [ 28.289251] [ 28.289439] The buggy address belongs to the object at ffff88810625b900 [ 28.289439] which belongs to the cache kmalloc-64 of size 64 [ 28.290718] The buggy address is located 0 bytes to the right of [ 28.290718] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.292009] [ 28.292204] The buggy address belongs to the physical page: [ 28.292760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.293292] flags: 0x200000000000000(node=0|zone=2) [ 28.293480] page_type: f5(slab) [ 28.293608] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.294489] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.295334] page dumped because: kasan: bad access detected [ 28.295865] [ 28.296067] Memory state around the buggy address: [ 28.296563] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.297255] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.298057] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.298712] ^ [ 28.299146] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.299863] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.300100] ================================================================== [ 28.815208] ================================================================== [ 28.815646] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 28.815955] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.816276] [ 28.816418] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.816512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.816529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.816588] Call Trace: [ 28.816610] <TASK> [ 28.816645] dump_stack_lvl+0x73/0xb0 [ 28.816699] print_report+0xd1/0x650 [ 28.816740] ? __virt_addr_valid+0x1db/0x2d0 [ 28.816804] ? kasan_atomics_helper+0x1818/0x5450 [ 28.816834] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.816889] ? kasan_atomics_helper+0x1818/0x5450 [ 28.816921] kasan_report+0x141/0x180 [ 28.816947] ? kasan_atomics_helper+0x1818/0x5450 [ 28.816984] kasan_check_range+0x10c/0x1c0 [ 28.817012] __kasan_check_write+0x18/0x20 [ 28.817040] kasan_atomics_helper+0x1818/0x5450 [ 28.817072] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.817104] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.817167] ? kasan_atomics+0x152/0x310 [ 28.817204] kasan_atomics+0x1dc/0x310 [ 28.817246] ? __pfx_kasan_atomics+0x10/0x10 [ 28.817277] ? __pfx_read_tsc+0x10/0x10 [ 28.817332] ? ktime_get_ts64+0x86/0x230 [ 28.817364] kunit_try_run_case+0x1a5/0x480 [ 28.817416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.817446] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.817475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.817504] ? __kthread_parkme+0x82/0x180 [ 28.817561] ? preempt_count_sub+0x50/0x80 [ 28.817591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.817621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.817666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.817696] kthread+0x337/0x6f0 [ 28.817752] ? trace_preempt_on+0x20/0xc0 [ 28.817783] ? __pfx_kthread+0x10/0x10 [ 28.817822] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.817850] ? calculate_sigpending+0x7b/0xa0 [ 28.817900] ? __pfx_kthread+0x10/0x10 [ 28.817927] ret_from_fork+0x116/0x1d0 [ 28.817952] ? __pfx_kthread+0x10/0x10 [ 28.817997] ret_from_fork_asm+0x1a/0x30 [ 28.818050] </TASK> [ 28.818066] [ 28.827928] Allocated by task 314: [ 28.828136] kasan_save_stack+0x45/0x70 [ 28.828313] kasan_save_track+0x18/0x40 [ 28.828522] kasan_save_alloc_info+0x3b/0x50 [ 28.828808] __kasan_kmalloc+0xb7/0xc0 [ 28.829110] __kmalloc_cache_noprof+0x189/0x420 [ 28.829420] kasan_atomics+0x95/0x310 [ 28.829630] kunit_try_run_case+0x1a5/0x480 [ 28.829841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.830201] kthread+0x337/0x6f0 [ 28.830437] ret_from_fork+0x116/0x1d0 [ 28.830653] ret_from_fork_asm+0x1a/0x30 [ 28.830941] [ 28.831068] The buggy address belongs to the object at ffff88810625b900 [ 28.831068] which belongs to the cache kmalloc-64 of size 64 [ 28.831676] The buggy address is located 0 bytes to the right of [ 28.831676] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.832401] [ 28.832527] The buggy address belongs to the physical page: [ 28.832802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.833239] flags: 0x200000000000000(node=0|zone=2) [ 28.833483] page_type: f5(slab) [ 28.833626] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.833966] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.834373] page dumped because: kasan: bad access detected [ 28.834681] [ 28.834832] Memory state around the buggy address: [ 28.835067] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.835318] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.835697] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.836150] ^ [ 28.836520] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.836889] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.837136] ================================================================== [ 27.847618] ================================================================== [ 27.848146] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 27.848598] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.849272] [ 27.849465] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.849530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.849546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.849577] Call Trace: [ 27.849636] <TASK> [ 27.849682] dump_stack_lvl+0x73/0xb0 [ 27.849734] print_report+0xd1/0x650 [ 27.849765] ? __virt_addr_valid+0x1db/0x2d0 [ 27.849795] ? kasan_atomics_helper+0x565/0x5450 [ 27.849824] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.849855] ? kasan_atomics_helper+0x565/0x5450 [ 27.849885] kasan_report+0x141/0x180 [ 27.849911] ? kasan_atomics_helper+0x565/0x5450 [ 27.849945] kasan_check_range+0x10c/0x1c0 [ 27.850003] __kasan_check_write+0x18/0x20 [ 27.850030] kasan_atomics_helper+0x565/0x5450 [ 27.850089] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.850119] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.850182] ? kasan_atomics+0x152/0x310 [ 27.850216] kasan_atomics+0x1dc/0x310 [ 27.850243] ? __pfx_kasan_atomics+0x10/0x10 [ 27.850333] ? __pfx_read_tsc+0x10/0x10 [ 27.850359] ? ktime_get_ts64+0x86/0x230 [ 27.850404] kunit_try_run_case+0x1a5/0x480 [ 27.850436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.850463] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.850492] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.850522] ? __kthread_parkme+0x82/0x180 [ 27.850547] ? preempt_count_sub+0x50/0x80 [ 27.850575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.850605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.850636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.850664] kthread+0x337/0x6f0 [ 27.850689] ? trace_preempt_on+0x20/0xc0 [ 27.850718] ? __pfx_kthread+0x10/0x10 [ 27.850744] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.850772] ? calculate_sigpending+0x7b/0xa0 [ 27.850800] ? __pfx_kthread+0x10/0x10 [ 27.850826] ret_from_fork+0x116/0x1d0 [ 27.850849] ? __pfx_kthread+0x10/0x10 [ 27.850874] ret_from_fork_asm+0x1a/0x30 [ 27.850911] </TASK> [ 27.850927] [ 27.861651] Allocated by task 314: [ 27.862072] kasan_save_stack+0x45/0x70 [ 27.862361] kasan_save_track+0x18/0x40 [ 27.862629] kasan_save_alloc_info+0x3b/0x50 [ 27.862925] __kasan_kmalloc+0xb7/0xc0 [ 27.863265] __kmalloc_cache_noprof+0x189/0x420 [ 27.863507] kasan_atomics+0x95/0x310 [ 27.863910] kunit_try_run_case+0x1a5/0x480 [ 27.864148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.864583] kthread+0x337/0x6f0 [ 27.864785] ret_from_fork+0x116/0x1d0 [ 27.865111] ret_from_fork_asm+0x1a/0x30 [ 27.865479] [ 27.865605] The buggy address belongs to the object at ffff88810625b900 [ 27.865605] which belongs to the cache kmalloc-64 of size 64 [ 27.866192] The buggy address is located 0 bytes to the right of [ 27.866192] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.866640] [ 27.866850] The buggy address belongs to the physical page: [ 27.867179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.867944] flags: 0x200000000000000(node=0|zone=2) [ 27.868351] page_type: f5(slab) [ 27.868511] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.868876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.869422] page dumped because: kasan: bad access detected [ 27.869690] [ 27.869763] Memory state around the buggy address: [ 27.870246] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.870642] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.871045] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.871611] ^ [ 27.871841] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.872425] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.872798] ================================================================== [ 28.767048] ================================================================== [ 28.767484] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 28.767838] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.768611] [ 28.768861] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.768962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.768980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.769008] Call Trace: [ 28.769031] <TASK> [ 28.769055] dump_stack_lvl+0x73/0xb0 [ 28.769088] print_report+0xd1/0x650 [ 28.769115] ? __virt_addr_valid+0x1db/0x2d0 [ 28.769144] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.769174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.769203] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.769233] kasan_report+0x141/0x180 [ 28.769259] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.769293] kasan_check_range+0x10c/0x1c0 [ 28.769320] __kasan_check_write+0x18/0x20 [ 28.769348] kasan_atomics_helper+0x16e7/0x5450 [ 28.769379] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.769550] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.769583] ? kasan_atomics+0x152/0x310 [ 28.769628] kasan_atomics+0x1dc/0x310 [ 28.769694] ? __pfx_kasan_atomics+0x10/0x10 [ 28.769724] ? __pfx_read_tsc+0x10/0x10 [ 28.769750] ? ktime_get_ts64+0x86/0x230 [ 28.769780] kunit_try_run_case+0x1a5/0x480 [ 28.769810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.769838] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.769891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.769921] ? __kthread_parkme+0x82/0x180 [ 28.769946] ? preempt_count_sub+0x50/0x80 [ 28.769974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.770004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.770033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.770062] kthread+0x337/0x6f0 [ 28.770086] ? trace_preempt_on+0x20/0xc0 [ 28.770116] ? __pfx_kthread+0x10/0x10 [ 28.770141] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.770168] ? calculate_sigpending+0x7b/0xa0 [ 28.770197] ? __pfx_kthread+0x10/0x10 [ 28.770223] ret_from_fork+0x116/0x1d0 [ 28.770246] ? __pfx_kthread+0x10/0x10 [ 28.770271] ret_from_fork_asm+0x1a/0x30 [ 28.770307] </TASK> [ 28.770322] [ 28.783265] Allocated by task 314: [ 28.783697] kasan_save_stack+0x45/0x70 [ 28.784212] kasan_save_track+0x18/0x40 [ 28.784537] kasan_save_alloc_info+0x3b/0x50 [ 28.784938] __kasan_kmalloc+0xb7/0xc0 [ 28.785144] __kmalloc_cache_noprof+0x189/0x420 [ 28.785364] kasan_atomics+0x95/0x310 [ 28.785522] kunit_try_run_case+0x1a5/0x480 [ 28.785781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.786004] kthread+0x337/0x6f0 [ 28.786188] ret_from_fork+0x116/0x1d0 [ 28.786424] ret_from_fork_asm+0x1a/0x30 [ 28.786603] [ 28.786734] The buggy address belongs to the object at ffff88810625b900 [ 28.786734] which belongs to the cache kmalloc-64 of size 64 [ 28.787276] The buggy address is located 0 bytes to the right of [ 28.787276] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.787909] [ 28.788020] The buggy address belongs to the physical page: [ 28.788303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.788685] flags: 0x200000000000000(node=0|zone=2) [ 28.788892] page_type: f5(slab) [ 28.789084] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.789481] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.789741] page dumped because: kasan: bad access detected [ 28.790047] [ 28.790151] Memory state around the buggy address: [ 28.790433] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.790752] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.791142] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.791490] ^ [ 28.791760] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.792231] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.792574] ================================================================== [ 27.987904] ================================================================== [ 27.988353] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 27.988810] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.989218] [ 27.989387] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.989463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.989479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.989509] Call Trace: [ 27.989559] <TASK> [ 27.989585] dump_stack_lvl+0x73/0xb0 [ 27.989618] print_report+0xd1/0x650 [ 27.989647] ? __virt_addr_valid+0x1db/0x2d0 [ 27.989678] ? kasan_atomics_helper+0x860/0x5450 [ 27.989727] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.989774] ? kasan_atomics_helper+0x860/0x5450 [ 27.989805] kasan_report+0x141/0x180 [ 27.989847] ? kasan_atomics_helper+0x860/0x5450 [ 27.989899] kasan_check_range+0x10c/0x1c0 [ 27.989943] __kasan_check_write+0x18/0x20 [ 27.989987] kasan_atomics_helper+0x860/0x5450 [ 27.990020] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.990051] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.990082] ? kasan_atomics+0x152/0x310 [ 27.990114] kasan_atomics+0x1dc/0x310 [ 27.990141] ? __pfx_kasan_atomics+0x10/0x10 [ 27.990170] ? __pfx_read_tsc+0x10/0x10 [ 27.990199] ? ktime_get_ts64+0x86/0x230 [ 27.990230] kunit_try_run_case+0x1a5/0x480 [ 27.990262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.990291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.990322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.990351] ? __kthread_parkme+0x82/0x180 [ 27.990378] ? preempt_count_sub+0x50/0x80 [ 27.990419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.990449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.990480] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.990511] kthread+0x337/0x6f0 [ 27.990536] ? trace_preempt_on+0x20/0xc0 [ 27.990567] ? __pfx_kthread+0x10/0x10 [ 27.990894] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.990952] ? calculate_sigpending+0x7b/0xa0 [ 27.990983] ? __pfx_kthread+0x10/0x10 [ 27.991038] ret_from_fork+0x116/0x1d0 [ 27.991065] ? __pfx_kthread+0x10/0x10 [ 27.991092] ret_from_fork_asm+0x1a/0x30 [ 27.991131] </TASK> [ 27.991202] [ 28.001056] Allocated by task 314: [ 28.001281] kasan_save_stack+0x45/0x70 [ 28.001625] kasan_save_track+0x18/0x40 [ 28.001853] kasan_save_alloc_info+0x3b/0x50 [ 28.002112] __kasan_kmalloc+0xb7/0xc0 [ 28.002584] __kmalloc_cache_noprof+0x189/0x420 [ 28.002860] kasan_atomics+0x95/0x310 [ 28.003131] kunit_try_run_case+0x1a5/0x480 [ 28.003436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.003702] kthread+0x337/0x6f0 [ 28.003950] ret_from_fork+0x116/0x1d0 [ 28.004280] ret_from_fork_asm+0x1a/0x30 [ 28.004553] [ 28.004664] The buggy address belongs to the object at ffff88810625b900 [ 28.004664] which belongs to the cache kmalloc-64 of size 64 [ 28.005279] The buggy address is located 0 bytes to the right of [ 28.005279] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.005949] [ 28.006107] The buggy address belongs to the physical page: [ 28.006665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.007101] flags: 0x200000000000000(node=0|zone=2) [ 28.007351] page_type: f5(slab) [ 28.007504] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.008033] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.008507] page dumped because: kasan: bad access detected [ 28.008710] [ 28.008816] Memory state around the buggy address: [ 28.009129] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.009618] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.009924] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.010581] ^ [ 28.010815] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.011106] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.011510] ================================================================== [ 28.066809] ================================================================== [ 28.067150] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 28.067687] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.068079] [ 28.068182] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.068288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.068305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.068332] Call Trace: [ 28.068367] <TASK> [ 28.068410] dump_stack_lvl+0x73/0xb0 [ 28.068444] print_report+0xd1/0x650 [ 28.068471] ? __virt_addr_valid+0x1db/0x2d0 [ 28.068500] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.068530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.068571] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.068600] kasan_report+0x141/0x180 [ 28.068638] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.068672] kasan_check_range+0x10c/0x1c0 [ 28.068700] __kasan_check_write+0x18/0x20 [ 28.068727] kasan_atomics_helper+0xa2b/0x5450 [ 28.068758] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.068788] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.068819] ? kasan_atomics+0x152/0x310 [ 28.068849] kasan_atomics+0x1dc/0x310 [ 28.068876] ? __pfx_kasan_atomics+0x10/0x10 [ 28.068904] ? __pfx_read_tsc+0x10/0x10 [ 28.068931] ? ktime_get_ts64+0x86/0x230 [ 28.068961] kunit_try_run_case+0x1a5/0x480 [ 28.068992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.069020] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.069051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.069080] ? __kthread_parkme+0x82/0x180 [ 28.069105] ? preempt_count_sub+0x50/0x80 [ 28.069133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.069403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.069443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.069473] kthread+0x337/0x6f0 [ 28.069498] ? trace_preempt_on+0x20/0xc0 [ 28.069527] ? __pfx_kthread+0x10/0x10 [ 28.069564] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.069592] ? calculate_sigpending+0x7b/0xa0 [ 28.069621] ? __pfx_kthread+0x10/0x10 [ 28.069661] ret_from_fork+0x116/0x1d0 [ 28.069684] ? __pfx_kthread+0x10/0x10 [ 28.069709] ret_from_fork_asm+0x1a/0x30 [ 28.069747] </TASK> [ 28.069762] [ 28.079273] Allocated by task 314: [ 28.079602] kasan_save_stack+0x45/0x70 [ 28.079826] kasan_save_track+0x18/0x40 [ 28.080041] kasan_save_alloc_info+0x3b/0x50 [ 28.080301] __kasan_kmalloc+0xb7/0xc0 [ 28.080544] __kmalloc_cache_noprof+0x189/0x420 [ 28.080857] kasan_atomics+0x95/0x310 [ 28.081068] kunit_try_run_case+0x1a5/0x480 [ 28.081358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.081662] kthread+0x337/0x6f0 [ 28.081848] ret_from_fork+0x116/0x1d0 [ 28.082060] ret_from_fork_asm+0x1a/0x30 [ 28.082212] [ 28.082288] The buggy address belongs to the object at ffff88810625b900 [ 28.082288] which belongs to the cache kmalloc-64 of size 64 [ 28.082703] The buggy address is located 0 bytes to the right of [ 28.082703] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.083794] [ 28.083986] The buggy address belongs to the physical page: [ 28.084379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.084786] flags: 0x200000000000000(node=0|zone=2) [ 28.085132] page_type: f5(slab) [ 28.085366] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.085648] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.085977] page dumped because: kasan: bad access detected [ 28.086286] [ 28.086527] Memory state around the buggy address: [ 28.086731] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.087094] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.087483] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.087789] ^ [ 28.088145] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.088701] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.089267] ================================================================== [ 27.700123] ================================================================== [ 27.700812] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 27.701331] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.701837] [ 27.702253] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.702316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.702334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.702362] Call Trace: [ 27.702388] <TASK> [ 27.702427] dump_stack_lvl+0x73/0xb0 [ 27.702462] print_report+0xd1/0x650 [ 27.702488] ? __virt_addr_valid+0x1db/0x2d0 [ 27.702516] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.702544] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.702574] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.702604] kasan_report+0x141/0x180 [ 27.702628] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.702662] __asan_report_store4_noabort+0x1b/0x30 [ 27.702689] kasan_atomics_helper+0x4b6e/0x5450 [ 27.702718] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.702749] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.702778] ? kasan_atomics+0x152/0x310 [ 27.702807] kasan_atomics+0x1dc/0x310 [ 27.702833] ? __pfx_kasan_atomics+0x10/0x10 [ 27.702860] ? __pfx_read_tsc+0x10/0x10 [ 27.702886] ? ktime_get_ts64+0x86/0x230 [ 27.702915] kunit_try_run_case+0x1a5/0x480 [ 27.702947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.702974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.703003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.703031] ? __kthread_parkme+0x82/0x180 [ 27.703056] ? preempt_count_sub+0x50/0x80 [ 27.703084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.703112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.703140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.703169] kthread+0x337/0x6f0 [ 27.703191] ? trace_preempt_on+0x20/0xc0 [ 27.703219] ? __pfx_kthread+0x10/0x10 [ 27.703243] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.703268] ? calculate_sigpending+0x7b/0xa0 [ 27.703296] ? __pfx_kthread+0x10/0x10 [ 27.703321] ret_from_fork+0x116/0x1d0 [ 27.703345] ? __pfx_kthread+0x10/0x10 [ 27.703369] ret_from_fork_asm+0x1a/0x30 [ 27.703418] </TASK> [ 27.703432] [ 27.717047] Allocated by task 314: [ 27.717472] kasan_save_stack+0x45/0x70 [ 27.717945] kasan_save_track+0x18/0x40 [ 27.718446] kasan_save_alloc_info+0x3b/0x50 [ 27.718916] __kasan_kmalloc+0xb7/0xc0 [ 27.719356] __kmalloc_cache_noprof+0x189/0x420 [ 27.719802] kasan_atomics+0x95/0x310 [ 27.719960] kunit_try_run_case+0x1a5/0x480 [ 27.720121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.720786] kthread+0x337/0x6f0 [ 27.721205] ret_from_fork+0x116/0x1d0 [ 27.721585] ret_from_fork_asm+0x1a/0x30 [ 27.721998] [ 27.722074] The buggy address belongs to the object at ffff88810625b900 [ 27.722074] which belongs to the cache kmalloc-64 of size 64 [ 27.723097] The buggy address is located 0 bytes to the right of [ 27.723097] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.724397] [ 27.724502] The buggy address belongs to the physical page: [ 27.724694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.725538] flags: 0x200000000000000(node=0|zone=2) [ 27.726020] page_type: f5(slab) [ 27.726336] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.726887] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.727128] page dumped because: kasan: bad access detected [ 27.727768] [ 27.727967] Memory state around the buggy address: [ 27.728532] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.729312] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.729921] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.730770] ^ [ 27.730964] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.731749] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.732307] ================================================================== [ 28.992842] ================================================================== [ 28.993179] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 28.993764] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.994225] [ 28.994352] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.994419] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.994435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.994461] Call Trace: [ 28.994483] <TASK> [ 28.994505] dump_stack_lvl+0x73/0xb0 [ 28.994537] print_report+0xd1/0x650 [ 28.994565] ? __virt_addr_valid+0x1db/0x2d0 [ 28.994593] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.994621] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.994650] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.994677] kasan_report+0x141/0x180 [ 28.994702] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.994737] kasan_check_range+0x10c/0x1c0 [ 28.994764] __kasan_check_write+0x18/0x20 [ 28.994790] kasan_atomics_helper+0x1ce1/0x5450 [ 28.994819] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.994850] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.994879] ? kasan_atomics+0x152/0x310 [ 28.994967] kasan_atomics+0x1dc/0x310 [ 28.994995] ? __pfx_kasan_atomics+0x10/0x10 [ 28.995035] ? __pfx_read_tsc+0x10/0x10 [ 28.995061] ? ktime_get_ts64+0x86/0x230 [ 28.995090] kunit_try_run_case+0x1a5/0x480 [ 28.995119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.995146] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.995175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.995202] ? __kthread_parkme+0x82/0x180 [ 28.995226] ? preempt_count_sub+0x50/0x80 [ 28.995253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.995282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.995310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.995338] kthread+0x337/0x6f0 [ 28.995464] ? trace_preempt_on+0x20/0xc0 [ 28.995493] ? __pfx_kthread+0x10/0x10 [ 28.995529] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.995556] ? calculate_sigpending+0x7b/0xa0 [ 28.995585] ? __pfx_kthread+0x10/0x10 [ 28.995609] ret_from_fork+0x116/0x1d0 [ 28.995632] ? __pfx_kthread+0x10/0x10 [ 28.995656] ret_from_fork_asm+0x1a/0x30 [ 28.995691] </TASK> [ 28.995706] [ 29.005938] Allocated by task 314: [ 29.006246] kasan_save_stack+0x45/0x70 [ 29.006429] kasan_save_track+0x18/0x40 [ 29.006579] kasan_save_alloc_info+0x3b/0x50 [ 29.006766] __kasan_kmalloc+0xb7/0xc0 [ 29.007097] __kmalloc_cache_noprof+0x189/0x420 [ 29.007588] kasan_atomics+0x95/0x310 [ 29.007800] kunit_try_run_case+0x1a5/0x480 [ 29.008143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.008446] kthread+0x337/0x6f0 [ 29.008580] ret_from_fork+0x116/0x1d0 [ 29.008783] ret_from_fork_asm+0x1a/0x30 [ 29.009154] [ 29.009466] The buggy address belongs to the object at ffff88810625b900 [ 29.009466] which belongs to the cache kmalloc-64 of size 64 [ 29.009994] The buggy address is located 0 bytes to the right of [ 29.009994] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.010664] [ 29.010773] The buggy address belongs to the physical page: [ 29.011117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.011413] flags: 0x200000000000000(node=0|zone=2) [ 29.011670] page_type: f5(slab) [ 29.012011] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.012377] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.012767] page dumped because: kasan: bad access detected [ 29.013068] [ 29.013280] Memory state around the buggy address: [ 29.013577] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.013982] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.014474] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.014847] ^ [ 29.015128] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015538] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015911] ================================================================== [ 28.971372] ================================================================== [ 28.972017] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 28.972809] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.973269] [ 28.973412] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.973470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.973485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.973511] Call Trace: [ 28.973535] <TASK> [ 28.973559] dump_stack_lvl+0x73/0xb0 [ 28.973590] print_report+0xd1/0x650 [ 28.973614] ? __virt_addr_valid+0x1db/0x2d0 [ 28.973642] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.973669] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.973697] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.973724] kasan_report+0x141/0x180 [ 28.973749] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.973781] __asan_report_load8_noabort+0x18/0x20 [ 28.973807] kasan_atomics_helper+0x4f30/0x5450 [ 28.973835] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.973862] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.973889] ? kasan_atomics+0x152/0x310 [ 28.973916] kasan_atomics+0x1dc/0x310 [ 28.973940] ? __pfx_kasan_atomics+0x10/0x10 [ 28.973967] ? __pfx_read_tsc+0x10/0x10 [ 28.973991] ? ktime_get_ts64+0x86/0x230 [ 28.974018] kunit_try_run_case+0x1a5/0x480 [ 28.974046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.974072] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.974099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.974125] ? __kthread_parkme+0x82/0x180 [ 28.974179] ? preempt_count_sub+0x50/0x80 [ 28.974206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.974244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.974272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.974298] kthread+0x337/0x6f0 [ 28.974321] ? trace_preempt_on+0x20/0xc0 [ 28.974348] ? __pfx_kthread+0x10/0x10 [ 28.974372] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.974404] ? calculate_sigpending+0x7b/0xa0 [ 28.974431] ? __pfx_kthread+0x10/0x10 [ 28.974454] ret_from_fork+0x116/0x1d0 [ 28.974476] ? __pfx_kthread+0x10/0x10 [ 28.974499] ret_from_fork_asm+0x1a/0x30 [ 28.974534] </TASK> [ 28.974547] [ 28.982982] Allocated by task 314: [ 28.983194] kasan_save_stack+0x45/0x70 [ 28.983612] kasan_save_track+0x18/0x40 [ 28.983753] kasan_save_alloc_info+0x3b/0x50 [ 28.983900] __kasan_kmalloc+0xb7/0xc0 [ 28.984043] __kmalloc_cache_noprof+0x189/0x420 [ 28.984202] kasan_atomics+0x95/0x310 [ 28.984339] kunit_try_run_case+0x1a5/0x480 [ 28.984706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.985019] kthread+0x337/0x6f0 [ 28.985447] ret_from_fork+0x116/0x1d0 [ 28.985654] ret_from_fork_asm+0x1a/0x30 [ 28.985865] [ 28.985961] The buggy address belongs to the object at ffff88810625b900 [ 28.985961] which belongs to the cache kmalloc-64 of size 64 [ 28.986529] The buggy address is located 0 bytes to the right of [ 28.986529] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.987068] [ 28.987226] The buggy address belongs to the physical page: [ 28.987584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.987910] flags: 0x200000000000000(node=0|zone=2) [ 28.988241] page_type: f5(slab) [ 28.988440] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.988842] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.989176] page dumped because: kasan: bad access detected [ 28.989353] [ 28.989434] Memory state around the buggy address: [ 28.989596] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.989980] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.990574] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.990954] ^ [ 28.991271] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.991598] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.991857] ================================================================== [ 29.262722] ================================================================== [ 29.263072] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 29.263528] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.263871] [ 29.264033] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.264115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.264131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.264160] Call Trace: [ 29.264184] <TASK> [ 29.264209] dump_stack_lvl+0x73/0xb0 [ 29.264250] print_report+0xd1/0x650 [ 29.264277] ? __virt_addr_valid+0x1db/0x2d0 [ 29.264307] ? kasan_atomics_helper+0x224c/0x5450 [ 29.264338] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.264369] ? kasan_atomics_helper+0x224c/0x5450 [ 29.264436] kasan_report+0x141/0x180 [ 29.264463] ? kasan_atomics_helper+0x224c/0x5450 [ 29.264499] kasan_check_range+0x10c/0x1c0 [ 29.264546] __kasan_check_write+0x18/0x20 [ 29.264574] kasan_atomics_helper+0x224c/0x5450 [ 29.264604] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.264635] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.264665] ? kasan_atomics+0x152/0x310 [ 29.264696] kasan_atomics+0x1dc/0x310 [ 29.264741] ? __pfx_kasan_atomics+0x10/0x10 [ 29.264770] ? __pfx_read_tsc+0x10/0x10 [ 29.264796] ? ktime_get_ts64+0x86/0x230 [ 29.264827] kunit_try_run_case+0x1a5/0x480 [ 29.264858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.264887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.264919] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.264950] ? __kthread_parkme+0x82/0x180 [ 29.264993] ? preempt_count_sub+0x50/0x80 [ 29.265023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.265065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.265095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.265125] kthread+0x337/0x6f0 [ 29.265149] ? trace_preempt_on+0x20/0xc0 [ 29.265180] ? __pfx_kthread+0x10/0x10 [ 29.265206] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.265253] ? calculate_sigpending+0x7b/0xa0 [ 29.265283] ? __pfx_kthread+0x10/0x10 [ 29.265310] ret_from_fork+0x116/0x1d0 [ 29.265333] ? __pfx_kthread+0x10/0x10 [ 29.265358] ret_from_fork_asm+0x1a/0x30 [ 29.265406] </TASK> [ 29.265422] [ 29.274322] Allocated by task 314: [ 29.274582] kasan_save_stack+0x45/0x70 [ 29.274817] kasan_save_track+0x18/0x40 [ 29.275015] kasan_save_alloc_info+0x3b/0x50 [ 29.275179] __kasan_kmalloc+0xb7/0xc0 [ 29.275360] __kmalloc_cache_noprof+0x189/0x420 [ 29.275644] kasan_atomics+0x95/0x310 [ 29.275877] kunit_try_run_case+0x1a5/0x480 [ 29.276189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.276471] kthread+0x337/0x6f0 [ 29.276680] ret_from_fork+0x116/0x1d0 [ 29.276875] ret_from_fork_asm+0x1a/0x30 [ 29.277116] [ 29.277254] The buggy address belongs to the object at ffff88810625b900 [ 29.277254] which belongs to the cache kmalloc-64 of size 64 [ 29.277901] The buggy address is located 0 bytes to the right of [ 29.277901] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.278511] [ 29.278615] The buggy address belongs to the physical page: [ 29.278880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.279151] flags: 0x200000000000000(node=0|zone=2) [ 29.279334] page_type: f5(slab) [ 29.279476] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.279895] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.280277] page dumped because: kasan: bad access detected [ 29.280597] [ 29.280739] Memory state around the buggy address: [ 29.281175] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.281487] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.281726] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.282237] ^ [ 29.282495] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.282905] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.283240] ================================================================== [ 27.605015] ================================================================== [ 27.605924] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 27.606479] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.607052] [ 27.607184] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.607246] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.607260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.607287] Call Trace: [ 27.607303] <TASK> [ 27.607326] dump_stack_lvl+0x73/0xb0 [ 27.607362] print_report+0xd1/0x650 [ 27.607388] ? __virt_addr_valid+0x1db/0x2d0 [ 27.607432] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.607459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.607489] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.607517] kasan_report+0x141/0x180 [ 27.607542] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.607574] __asan_report_load4_noabort+0x18/0x20 [ 27.607600] kasan_atomics_helper+0x4bbc/0x5450 [ 27.607629] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.607658] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.607686] ? kasan_atomics+0x152/0x310 [ 27.607715] kasan_atomics+0x1dc/0x310 [ 27.607741] ? __pfx_kasan_atomics+0x10/0x10 [ 27.607768] ? __pfx_read_tsc+0x10/0x10 [ 27.607794] ? ktime_get_ts64+0x86/0x230 [ 27.607824] kunit_try_run_case+0x1a5/0x480 [ 27.607857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.607901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.607931] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.607958] ? __kthread_parkme+0x82/0x180 [ 27.607983] ? preempt_count_sub+0x50/0x80 [ 27.608012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.608040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.608068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.608096] kthread+0x337/0x6f0 [ 27.608119] ? trace_preempt_on+0x20/0xc0 [ 27.608146] ? __pfx_kthread+0x10/0x10 [ 27.608169] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.608195] ? calculate_sigpending+0x7b/0xa0 [ 27.608230] ? __pfx_kthread+0x10/0x10 [ 27.608255] ret_from_fork+0x116/0x1d0 [ 27.608277] ? __pfx_kthread+0x10/0x10 [ 27.608301] ret_from_fork_asm+0x1a/0x30 [ 27.608338] </TASK> [ 27.608353] [ 27.619403] Allocated by task 314: [ 27.619646] kasan_save_stack+0x45/0x70 [ 27.619842] kasan_save_track+0x18/0x40 [ 27.620236] kasan_save_alloc_info+0x3b/0x50 [ 27.620493] __kasan_kmalloc+0xb7/0xc0 [ 27.620655] __kmalloc_cache_noprof+0x189/0x420 [ 27.621002] kasan_atomics+0x95/0x310 [ 27.621381] kunit_try_run_case+0x1a5/0x480 [ 27.621680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.621911] kthread+0x337/0x6f0 [ 27.622243] ret_from_fork+0x116/0x1d0 [ 27.622519] ret_from_fork_asm+0x1a/0x30 [ 27.622974] [ 27.623065] The buggy address belongs to the object at ffff88810625b900 [ 27.623065] which belongs to the cache kmalloc-64 of size 64 [ 27.623752] The buggy address is located 0 bytes to the right of [ 27.623752] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.624707] [ 27.624831] The buggy address belongs to the physical page: [ 27.625185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.625683] flags: 0x200000000000000(node=0|zone=2) [ 27.626015] page_type: f5(slab) [ 27.626182] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.626642] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.627154] page dumped because: kasan: bad access detected [ 27.627421] [ 27.627590] Memory state around the buggy address: [ 27.627941] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.628292] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.628947] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.629317] ^ [ 27.629554] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.629968] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.630280] ================================================================== [ 28.715808] ================================================================== [ 28.717137] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 28.717439] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.717695] [ 28.717800] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.717859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.717884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.717912] Call Trace: [ 28.717937] <TASK> [ 28.717963] dump_stack_lvl+0x73/0xb0 [ 28.717995] print_report+0xd1/0x650 [ 28.718024] ? __virt_addr_valid+0x1db/0x2d0 [ 28.718053] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.718083] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.718115] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.718146] kasan_report+0x141/0x180 [ 28.718173] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.718209] kasan_check_range+0x10c/0x1c0 [ 28.718237] __kasan_check_write+0x18/0x20 [ 28.718266] kasan_atomics_helper+0x15b6/0x5450 [ 28.718297] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.718328] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.718358] ? kasan_atomics+0x152/0x310 [ 28.718415] kasan_atomics+0x1dc/0x310 [ 28.718459] ? __pfx_kasan_atomics+0x10/0x10 [ 28.718488] ? __pfx_read_tsc+0x10/0x10 [ 28.718515] ? ktime_get_ts64+0x86/0x230 [ 28.718545] kunit_try_run_case+0x1a5/0x480 [ 28.718577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.718605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.718635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.718665] ? __kthread_parkme+0x82/0x180 [ 28.718691] ? preempt_count_sub+0x50/0x80 [ 28.718720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.718751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.718780] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.718824] kthread+0x337/0x6f0 [ 28.718849] ? trace_preempt_on+0x20/0xc0 [ 28.718892] ? __pfx_kthread+0x10/0x10 [ 28.718918] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.718946] ? calculate_sigpending+0x7b/0xa0 [ 28.718976] ? __pfx_kthread+0x10/0x10 [ 28.719002] ret_from_fork+0x116/0x1d0 [ 28.719026] ? __pfx_kthread+0x10/0x10 [ 28.719062] ret_from_fork_asm+0x1a/0x30 [ 28.719113] </TASK> [ 28.719140] [ 28.734489] Allocated by task 314: [ 28.734892] kasan_save_stack+0x45/0x70 [ 28.735310] kasan_save_track+0x18/0x40 [ 28.735591] kasan_save_alloc_info+0x3b/0x50 [ 28.735981] __kasan_kmalloc+0xb7/0xc0 [ 28.736407] __kmalloc_cache_noprof+0x189/0x420 [ 28.736789] kasan_atomics+0x95/0x310 [ 28.737045] kunit_try_run_case+0x1a5/0x480 [ 28.737407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.737601] kthread+0x337/0x6f0 [ 28.737731] ret_from_fork+0x116/0x1d0 [ 28.737875] ret_from_fork_asm+0x1a/0x30 [ 28.738061] [ 28.738194] The buggy address belongs to the object at ffff88810625b900 [ 28.738194] which belongs to the cache kmalloc-64 of size 64 [ 28.738754] The buggy address is located 0 bytes to the right of [ 28.738754] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.739351] [ 28.739470] The buggy address belongs to the physical page: [ 28.739723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.740096] flags: 0x200000000000000(node=0|zone=2) [ 28.740315] page_type: f5(slab) [ 28.740461] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.741162] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.741494] page dumped because: kasan: bad access detected [ 28.741763] [ 28.741863] Memory state around the buggy address: [ 28.742194] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.742442] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.742795] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.743243] ^ [ 28.743469] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.743783] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.744091] ================================================================== [ 29.039010] ================================================================== [ 29.039475] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 29.039860] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.040195] [ 29.040318] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.040374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.040400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.040427] Call Trace: [ 29.040450] <TASK> [ 29.040473] dump_stack_lvl+0x73/0xb0 [ 29.040503] print_report+0xd1/0x650 [ 29.040529] ? __virt_addr_valid+0x1db/0x2d0 [ 29.040556] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.040583] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.040612] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.040641] kasan_report+0x141/0x180 [ 29.040665] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.040697] kasan_check_range+0x10c/0x1c0 [ 29.040725] __kasan_check_write+0x18/0x20 [ 29.040750] kasan_atomics_helper+0x1e12/0x5450 [ 29.040777] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.040806] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.040833] ? kasan_atomics+0x152/0x310 [ 29.040862] kasan_atomics+0x1dc/0x310 [ 29.040886] ? __pfx_kasan_atomics+0x10/0x10 [ 29.040953] ? __pfx_read_tsc+0x10/0x10 [ 29.040979] ? ktime_get_ts64+0x86/0x230 [ 29.041020] kunit_try_run_case+0x1a5/0x480 [ 29.041050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.041076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.041104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.041130] ? __kthread_parkme+0x82/0x180 [ 29.041154] ? preempt_count_sub+0x50/0x80 [ 29.041181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.041208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.041236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.041263] kthread+0x337/0x6f0 [ 29.041285] ? trace_preempt_on+0x20/0xc0 [ 29.041313] ? __pfx_kthread+0x10/0x10 [ 29.041339] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.041363] ? calculate_sigpending+0x7b/0xa0 [ 29.041399] ? __pfx_kthread+0x10/0x10 [ 29.041422] ret_from_fork+0x116/0x1d0 [ 29.041445] ? __pfx_kthread+0x10/0x10 [ 29.041468] ret_from_fork_asm+0x1a/0x30 [ 29.041502] </TASK> [ 29.041516] [ 29.049650] Allocated by task 314: [ 29.049860] kasan_save_stack+0x45/0x70 [ 29.050112] kasan_save_track+0x18/0x40 [ 29.050298] kasan_save_alloc_info+0x3b/0x50 [ 29.050502] __kasan_kmalloc+0xb7/0xc0 [ 29.050697] __kmalloc_cache_noprof+0x189/0x420 [ 29.050919] kasan_atomics+0x95/0x310 [ 29.051058] kunit_try_run_case+0x1a5/0x480 [ 29.051255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.051551] kthread+0x337/0x6f0 [ 29.051723] ret_from_fork+0x116/0x1d0 [ 29.051956] ret_from_fork_asm+0x1a/0x30 [ 29.052141] [ 29.052277] The buggy address belongs to the object at ffff88810625b900 [ 29.052277] which belongs to the cache kmalloc-64 of size 64 [ 29.052777] The buggy address is located 0 bytes to the right of [ 29.052777] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.053459] [ 29.053560] The buggy address belongs to the physical page: [ 29.053865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.054162] flags: 0x200000000000000(node=0|zone=2) [ 29.054333] page_type: f5(slab) [ 29.054560] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.054979] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.055320] page dumped because: kasan: bad access detected [ 29.055613] [ 29.055740] Memory state around the buggy address: [ 29.056052] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.056397] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.056626] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.056848] ^ [ 29.057007] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.057415] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.057885] ================================================================== [ 29.164862] ================================================================== [ 29.165257] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 29.166081] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.166401] [ 29.166522] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.166577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.166593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.166620] Call Trace: [ 29.166643] <TASK> [ 29.166666] dump_stack_lvl+0x73/0xb0 [ 29.166697] print_report+0xd1/0x650 [ 29.166723] ? __virt_addr_valid+0x1db/0x2d0 [ 29.166750] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.166778] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.166807] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.166835] kasan_report+0x141/0x180 [ 29.166860] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.166893] kasan_check_range+0x10c/0x1c0 [ 29.166947] __kasan_check_write+0x18/0x20 [ 29.166974] kasan_atomics_helper+0x20c8/0x5450 [ 29.167004] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.167036] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.167065] ? kasan_atomics+0x152/0x310 [ 29.167095] kasan_atomics+0x1dc/0x310 [ 29.167121] ? __pfx_kasan_atomics+0x10/0x10 [ 29.167148] ? __pfx_read_tsc+0x10/0x10 [ 29.167173] ? ktime_get_ts64+0x86/0x230 [ 29.167202] kunit_try_run_case+0x1a5/0x480 [ 29.167232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.167259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.167287] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.167315] ? __kthread_parkme+0x82/0x180 [ 29.167339] ? preempt_count_sub+0x50/0x80 [ 29.167366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.167436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.167465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.167506] kthread+0x337/0x6f0 [ 29.167529] ? trace_preempt_on+0x20/0xc0 [ 29.167587] ? __pfx_kthread+0x10/0x10 [ 29.167610] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.167664] ? calculate_sigpending+0x7b/0xa0 [ 29.167692] ? __pfx_kthread+0x10/0x10 [ 29.167717] ret_from_fork+0x116/0x1d0 [ 29.167739] ? __pfx_kthread+0x10/0x10 [ 29.167764] ret_from_fork_asm+0x1a/0x30 [ 29.167799] </TASK> [ 29.167813] [ 29.176544] Allocated by task 314: [ 29.176741] kasan_save_stack+0x45/0x70 [ 29.177050] kasan_save_track+0x18/0x40 [ 29.177227] kasan_save_alloc_info+0x3b/0x50 [ 29.177374] __kasan_kmalloc+0xb7/0xc0 [ 29.177520] __kmalloc_cache_noprof+0x189/0x420 [ 29.177676] kasan_atomics+0x95/0x310 [ 29.177807] kunit_try_run_case+0x1a5/0x480 [ 29.178191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.178536] kthread+0x337/0x6f0 [ 29.178773] ret_from_fork+0x116/0x1d0 [ 29.179176] ret_from_fork_asm+0x1a/0x30 [ 29.179428] [ 29.179520] The buggy address belongs to the object at ffff88810625b900 [ 29.179520] which belongs to the cache kmalloc-64 of size 64 [ 29.180076] The buggy address is located 0 bytes to the right of [ 29.180076] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.180470] [ 29.180546] The buggy address belongs to the physical page: [ 29.180722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.180963] flags: 0x200000000000000(node=0|zone=2) [ 29.181144] page_type: f5(slab) [ 29.181327] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.181740] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.182240] page dumped because: kasan: bad access detected [ 29.182616] [ 29.182777] Memory state around the buggy address: [ 29.183161] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.183581] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.183935] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.184266] ^ [ 29.184508] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.184833] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.185262] ================================================================== [ 28.166351] ================================================================== [ 28.168713] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 28.170545] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.171771] [ 28.172375] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.172465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.172484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.172513] Call Trace: [ 28.172538] <TASK> [ 28.172565] dump_stack_lvl+0x73/0xb0 [ 28.172603] print_report+0xd1/0x650 [ 28.172633] ? __virt_addr_valid+0x1db/0x2d0 [ 28.172664] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.172694] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.172724] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.172755] kasan_report+0x141/0x180 [ 28.172781] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.172818] __asan_report_load4_noabort+0x18/0x20 [ 28.172848] kasan_atomics_helper+0x4a84/0x5450 [ 28.172879] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.172910] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.172940] ? kasan_atomics+0x152/0x310 [ 28.172972] kasan_atomics+0x1dc/0x310 [ 28.173001] ? __pfx_kasan_atomics+0x10/0x10 [ 28.173031] ? __pfx_read_tsc+0x10/0x10 [ 28.173059] ? ktime_get_ts64+0x86/0x230 [ 28.173090] kunit_try_run_case+0x1a5/0x480 [ 28.173121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.173150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.173180] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.173210] ? __kthread_parkme+0x82/0x180 [ 28.173236] ? preempt_count_sub+0x50/0x80 [ 28.173267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.173298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.173329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.173359] kthread+0x337/0x6f0 [ 28.173383] ? trace_preempt_on+0x20/0xc0 [ 28.173427] ? __pfx_kthread+0x10/0x10 [ 28.173452] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.173480] ? calculate_sigpending+0x7b/0xa0 [ 28.173509] ? __pfx_kthread+0x10/0x10 [ 28.173536] ret_from_fork+0x116/0x1d0 [ 28.173559] ? __pfx_kthread+0x10/0x10 [ 28.173584] ret_from_fork_asm+0x1a/0x30 [ 28.173622] </TASK> [ 28.173637] [ 28.190763] Allocated by task 314: [ 28.191172] kasan_save_stack+0x45/0x70 [ 28.191373] kasan_save_track+0x18/0x40 [ 28.191617] kasan_save_alloc_info+0x3b/0x50 [ 28.192112] __kasan_kmalloc+0xb7/0xc0 [ 28.192568] __kmalloc_cache_noprof+0x189/0x420 [ 28.193043] kasan_atomics+0x95/0x310 [ 28.193299] kunit_try_run_case+0x1a5/0x480 [ 28.193818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.194356] kthread+0x337/0x6f0 [ 28.194500] ret_from_fork+0x116/0x1d0 [ 28.194700] ret_from_fork_asm+0x1a/0x30 [ 28.195141] [ 28.195321] The buggy address belongs to the object at ffff88810625b900 [ 28.195321] which belongs to the cache kmalloc-64 of size 64 [ 28.196721] The buggy address is located 0 bytes to the right of [ 28.196721] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.197784] [ 28.197977] The buggy address belongs to the physical page: [ 28.198595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.198933] flags: 0x200000000000000(node=0|zone=2) [ 28.199446] page_type: f5(slab) [ 28.199811] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.200615] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.201317] page dumped because: kasan: bad access detected [ 28.201554] [ 28.201630] Memory state around the buggy address: [ 28.201802] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.202406] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.203055] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.203304] ^ [ 28.203639] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.203873] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.204462] ================================================================== [ 29.058816] ================================================================== [ 29.059228] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 29.059677] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.060126] [ 29.060276] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.060346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.060361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.060387] Call Trace: [ 29.060421] <TASK> [ 29.060445] dump_stack_lvl+0x73/0xb0 [ 29.060476] print_report+0xd1/0x650 [ 29.060517] ? __virt_addr_valid+0x1db/0x2d0 [ 29.060545] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.060572] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.060602] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.060630] kasan_report+0x141/0x180 [ 29.060654] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.060687] kasan_check_range+0x10c/0x1c0 [ 29.060713] __kasan_check_write+0x18/0x20 [ 29.060771] kasan_atomics_helper+0x1eaa/0x5450 [ 29.060801] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.060859] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.060886] ? kasan_atomics+0x152/0x310 [ 29.060914] kasan_atomics+0x1dc/0x310 [ 29.060940] ? __pfx_kasan_atomics+0x10/0x10 [ 29.060965] ? __pfx_read_tsc+0x10/0x10 [ 29.060990] ? ktime_get_ts64+0x86/0x230 [ 29.061019] kunit_try_run_case+0x1a5/0x480 [ 29.061047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.061073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.061101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.061128] ? __kthread_parkme+0x82/0x180 [ 29.061152] ? preempt_count_sub+0x50/0x80 [ 29.061179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.061206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.061233] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.061264] kthread+0x337/0x6f0 [ 29.061287] ? trace_preempt_on+0x20/0xc0 [ 29.061345] ? __pfx_kthread+0x10/0x10 [ 29.061369] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.061411] ? calculate_sigpending+0x7b/0xa0 [ 29.061439] ? __pfx_kthread+0x10/0x10 [ 29.061464] ret_from_fork+0x116/0x1d0 [ 29.061487] ? __pfx_kthread+0x10/0x10 [ 29.061510] ret_from_fork_asm+0x1a/0x30 [ 29.061545] </TASK> [ 29.061558] [ 29.069689] Allocated by task 314: [ 29.069832] kasan_save_stack+0x45/0x70 [ 29.070028] kasan_save_track+0x18/0x40 [ 29.070268] kasan_save_alloc_info+0x3b/0x50 [ 29.070517] __kasan_kmalloc+0xb7/0xc0 [ 29.070805] __kmalloc_cache_noprof+0x189/0x420 [ 29.071197] kasan_atomics+0x95/0x310 [ 29.071477] kunit_try_run_case+0x1a5/0x480 [ 29.071805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.072126] kthread+0x337/0x6f0 [ 29.072261] ret_from_fork+0x116/0x1d0 [ 29.072411] ret_from_fork_asm+0x1a/0x30 [ 29.072555] [ 29.072642] The buggy address belongs to the object at ffff88810625b900 [ 29.072642] which belongs to the cache kmalloc-64 of size 64 [ 29.073252] The buggy address is located 0 bytes to the right of [ 29.073252] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.073911] [ 29.073988] The buggy address belongs to the physical page: [ 29.074231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.074633] flags: 0x200000000000000(node=0|zone=2) [ 29.074874] page_type: f5(slab) [ 29.075065] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.075307] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.075553] page dumped because: kasan: bad access detected [ 29.075816] [ 29.075960] Memory state around the buggy address: [ 29.076206] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.076556] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.076892] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.077133] ^ [ 29.077446] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.077676] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.077918] ================================================================== [ 28.462632] ================================================================== [ 28.463010] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 28.463520] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.463767] [ 28.463892] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.463950] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.463966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.463993] Call Trace: [ 28.464016] <TASK> [ 28.464040] dump_stack_lvl+0x73/0xb0 [ 28.464072] print_report+0xd1/0x650 [ 28.464098] ? __virt_addr_valid+0x1db/0x2d0 [ 28.464127] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.464156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.464186] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.464217] kasan_report+0x141/0x180 [ 28.464247] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.464282] __asan_report_load4_noabort+0x18/0x20 [ 28.464309] kasan_atomics_helper+0x4a02/0x5450 [ 28.464340] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.464371] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.464411] ? kasan_atomics+0x152/0x310 [ 28.464441] kasan_atomics+0x1dc/0x310 [ 28.464467] ? __pfx_kasan_atomics+0x10/0x10 [ 28.464495] ? __pfx_read_tsc+0x10/0x10 [ 28.464521] ? ktime_get_ts64+0x86/0x230 [ 28.464550] kunit_try_run_case+0x1a5/0x480 [ 28.464581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.464609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.464660] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.464690] ? __kthread_parkme+0x82/0x180 [ 28.464726] ? preempt_count_sub+0x50/0x80 [ 28.464754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.464784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.464814] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.464843] kthread+0x337/0x6f0 [ 28.464867] ? trace_preempt_on+0x20/0xc0 [ 28.464896] ? __pfx_kthread+0x10/0x10 [ 28.464922] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.464949] ? calculate_sigpending+0x7b/0xa0 [ 28.464978] ? __pfx_kthread+0x10/0x10 [ 28.465005] ret_from_fork+0x116/0x1d0 [ 28.465028] ? __pfx_kthread+0x10/0x10 [ 28.465053] ret_from_fork_asm+0x1a/0x30 [ 28.465091] </TASK> [ 28.465106] [ 28.473241] Allocated by task 314: [ 28.473424] kasan_save_stack+0x45/0x70 [ 28.473608] kasan_save_track+0x18/0x40 [ 28.473794] kasan_save_alloc_info+0x3b/0x50 [ 28.474014] __kasan_kmalloc+0xb7/0xc0 [ 28.474187] __kmalloc_cache_noprof+0x189/0x420 [ 28.474410] kasan_atomics+0x95/0x310 [ 28.474581] kunit_try_run_case+0x1a5/0x480 [ 28.474781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.475089] kthread+0x337/0x6f0 [ 28.475248] ret_from_fork+0x116/0x1d0 [ 28.475422] ret_from_fork_asm+0x1a/0x30 [ 28.475616] [ 28.475694] The buggy address belongs to the object at ffff88810625b900 [ 28.475694] which belongs to the cache kmalloc-64 of size 64 [ 28.476210] The buggy address is located 0 bytes to the right of [ 28.476210] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.476616] [ 28.476711] The buggy address belongs to the physical page: [ 28.476980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.477360] flags: 0x200000000000000(node=0|zone=2) [ 28.477578] page_type: f5(slab) [ 28.477708] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.477951] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.478648] page dumped because: kasan: bad access detected [ 28.478929] [ 28.479018] Memory state around the buggy address: [ 28.479251] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.479505] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.479733] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.479955] ^ [ 28.480115] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.480349] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.480918] ================================================================== [ 28.415150] ================================================================== [ 28.415535] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 28.415921] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.416189] [ 28.416319] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.416375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.416403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.416430] Call Trace: [ 28.416452] <TASK> [ 28.416474] dump_stack_lvl+0x73/0xb0 [ 28.416506] print_report+0xd1/0x650 [ 28.416532] ? __virt_addr_valid+0x1db/0x2d0 [ 28.416560] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.416590] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.416620] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.416650] kasan_report+0x141/0x180 [ 28.416677] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.416711] __asan_report_load4_noabort+0x18/0x20 [ 28.416740] kasan_atomics_helper+0x4a1c/0x5450 [ 28.416771] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.416801] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.416831] ? kasan_atomics+0x152/0x310 [ 28.416861] kasan_atomics+0x1dc/0x310 [ 28.416888] ? __pfx_kasan_atomics+0x10/0x10 [ 28.416917] ? __pfx_read_tsc+0x10/0x10 [ 28.416944] ? ktime_get_ts64+0x86/0x230 [ 28.416974] kunit_try_run_case+0x1a5/0x480 [ 28.417005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.417034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.417062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.417105] ? __kthread_parkme+0x82/0x180 [ 28.417131] ? preempt_count_sub+0x50/0x80 [ 28.417160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.417190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.417219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.417249] kthread+0x337/0x6f0 [ 28.417274] ? trace_preempt_on+0x20/0xc0 [ 28.417304] ? __pfx_kthread+0x10/0x10 [ 28.417329] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.417356] ? calculate_sigpending+0x7b/0xa0 [ 28.417385] ? __pfx_kthread+0x10/0x10 [ 28.417424] ret_from_fork+0x116/0x1d0 [ 28.417448] ? __pfx_kthread+0x10/0x10 [ 28.417473] ret_from_fork_asm+0x1a/0x30 [ 28.417510] </TASK> [ 28.417525] [ 28.425530] Allocated by task 314: [ 28.425680] kasan_save_stack+0x45/0x70 [ 28.425839] kasan_save_track+0x18/0x40 [ 28.425982] kasan_save_alloc_info+0x3b/0x50 [ 28.426140] __kasan_kmalloc+0xb7/0xc0 [ 28.428440] __kmalloc_cache_noprof+0x189/0x420 [ 28.428658] kasan_atomics+0x95/0x310 [ 28.428807] kunit_try_run_case+0x1a5/0x480 [ 28.429031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.429372] kthread+0x337/0x6f0 [ 28.429519] ret_from_fork+0x116/0x1d0 [ 28.429665] ret_from_fork_asm+0x1a/0x30 [ 28.429817] [ 28.429894] The buggy address belongs to the object at ffff88810625b900 [ 28.429894] which belongs to the cache kmalloc-64 of size 64 [ 28.430541] The buggy address is located 0 bytes to the right of [ 28.430541] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.430973] [ 28.431058] The buggy address belongs to the physical page: [ 28.431249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.431733] flags: 0x200000000000000(node=0|zone=2) [ 28.434707] page_type: f5(slab) [ 28.434957] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.435227] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.435506] page dumped because: kasan: bad access detected [ 28.435697] [ 28.435804] Memory state around the buggy address: [ 28.435998] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.436239] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.436581] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.436870] ^ [ 28.437106] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.437339] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.438659] ================================================================== [ 28.329490] ================================================================== [ 28.330013] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 28.331071] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.331501] [ 28.331610] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.331670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.331688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.331717] Call Trace: [ 28.331742] <TASK> [ 28.331767] dump_stack_lvl+0x73/0xb0 [ 28.331802] print_report+0xd1/0x650 [ 28.331830] ? __virt_addr_valid+0x1db/0x2d0 [ 28.331897] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.331930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.331975] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.332006] kasan_report+0x141/0x180 [ 28.332032] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.332067] kasan_check_range+0x10c/0x1c0 [ 28.332095] __kasan_check_write+0x18/0x20 [ 28.332123] kasan_atomics_helper+0xfa9/0x5450 [ 28.332154] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.332358] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.332402] ? kasan_atomics+0x152/0x310 [ 28.332434] kasan_atomics+0x1dc/0x310 [ 28.332462] ? __pfx_kasan_atomics+0x10/0x10 [ 28.332490] ? __pfx_read_tsc+0x10/0x10 [ 28.332517] ? ktime_get_ts64+0x86/0x230 [ 28.332548] kunit_try_run_case+0x1a5/0x480 [ 28.332579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.332607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.332639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.332668] ? __kthread_parkme+0x82/0x180 [ 28.332694] ? preempt_count_sub+0x50/0x80 [ 28.332723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.332875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.332906] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.332936] kthread+0x337/0x6f0 [ 28.332961] ? trace_preempt_on+0x20/0xc0 [ 28.332991] ? __pfx_kthread+0x10/0x10 [ 28.333017] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.333045] ? calculate_sigpending+0x7b/0xa0 [ 28.333075] ? __pfx_kthread+0x10/0x10 [ 28.333101] ret_from_fork+0x116/0x1d0 [ 28.333262] ? __pfx_kthread+0x10/0x10 [ 28.333300] ret_from_fork_asm+0x1a/0x30 [ 28.333340] </TASK> [ 28.333356] [ 28.350075] Allocated by task 314: [ 28.350610] kasan_save_stack+0x45/0x70 [ 28.351008] kasan_save_track+0x18/0x40 [ 28.351215] kasan_save_alloc_info+0x3b/0x50 [ 28.351705] __kasan_kmalloc+0xb7/0xc0 [ 28.352131] __kmalloc_cache_noprof+0x189/0x420 [ 28.352693] kasan_atomics+0x95/0x310 [ 28.352857] kunit_try_run_case+0x1a5/0x480 [ 28.353021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.353440] kthread+0x337/0x6f0 [ 28.353825] ret_from_fork+0x116/0x1d0 [ 28.354341] ret_from_fork_asm+0x1a/0x30 [ 28.354776] [ 28.354948] The buggy address belongs to the object at ffff88810625b900 [ 28.354948] which belongs to the cache kmalloc-64 of size 64 [ 28.356615] The buggy address is located 0 bytes to the right of [ 28.356615] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.357415] [ 28.357641] The buggy address belongs to the physical page: [ 28.358000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.358631] flags: 0x200000000000000(node=0|zone=2) [ 28.359155] page_type: f5(slab) [ 28.359622] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.360169] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.360849] page dumped because: kasan: bad access detected [ 28.361623] [ 28.361828] Memory state around the buggy address: [ 28.362093] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.362834] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.363758] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.364526] ^ [ 28.364892] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.365689] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.366051] ================================================================== [ 28.543982] ================================================================== [ 28.544315] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 28.544726] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.545033] [ 28.545156] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.545213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.545229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.545257] Call Trace: [ 28.545279] <TASK> [ 28.545301] dump_stack_lvl+0x73/0xb0 [ 28.545331] print_report+0xd1/0x650 [ 28.545359] ? __virt_addr_valid+0x1db/0x2d0 [ 28.545387] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.545428] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.545457] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.545487] kasan_report+0x141/0x180 [ 28.545512] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.545545] __asan_report_load4_noabort+0x18/0x20 [ 28.545572] kasan_atomics_helper+0x49ce/0x5450 [ 28.545602] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.545632] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.545661] ? kasan_atomics+0x152/0x310 [ 28.545690] kasan_atomics+0x1dc/0x310 [ 28.545717] ? __pfx_kasan_atomics+0x10/0x10 [ 28.545743] ? __pfx_read_tsc+0x10/0x10 [ 28.545769] ? ktime_get_ts64+0x86/0x230 [ 28.545797] kunit_try_run_case+0x1a5/0x480 [ 28.545826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.545853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.545882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.545909] ? __kthread_parkme+0x82/0x180 [ 28.545933] ? preempt_count_sub+0x50/0x80 [ 28.545960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.545989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.546016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.546044] kthread+0x337/0x6f0 [ 28.546067] ? trace_preempt_on+0x20/0xc0 [ 28.546094] ? __pfx_kthread+0x10/0x10 [ 28.546119] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.546145] ? calculate_sigpending+0x7b/0xa0 [ 28.546173] ? __pfx_kthread+0x10/0x10 [ 28.546198] ret_from_fork+0x116/0x1d0 [ 28.546220] ? __pfx_kthread+0x10/0x10 [ 28.546244] ret_from_fork_asm+0x1a/0x30 [ 28.546279] </TASK> [ 28.546293] [ 28.562235] Allocated by task 314: [ 28.562409] kasan_save_stack+0x45/0x70 [ 28.562573] kasan_save_track+0x18/0x40 [ 28.562712] kasan_save_alloc_info+0x3b/0x50 [ 28.562892] __kasan_kmalloc+0xb7/0xc0 [ 28.563232] __kmalloc_cache_noprof+0x189/0x420 [ 28.563661] kasan_atomics+0x95/0x310 [ 28.564043] kunit_try_run_case+0x1a5/0x480 [ 28.564462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.565006] kthread+0x337/0x6f0 [ 28.565340] ret_from_fork+0x116/0x1d0 [ 28.565723] ret_from_fork_asm+0x1a/0x30 [ 28.566133] [ 28.566336] The buggy address belongs to the object at ffff88810625b900 [ 28.566336] which belongs to the cache kmalloc-64 of size 64 [ 28.567082] The buggy address is located 0 bytes to the right of [ 28.567082] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.567474] [ 28.567551] The buggy address belongs to the physical page: [ 28.567736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.568289] flags: 0x200000000000000(node=0|zone=2) [ 28.568783] page_type: f5(slab) [ 28.569134] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.569825] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.570528] page dumped because: kasan: bad access detected [ 28.571060] [ 28.571218] Memory state around the buggy address: [ 28.571669] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.572334] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.573005] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.573513] ^ [ 28.573745] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.574270] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.574506] ================================================================== [ 28.924055] ================================================================== [ 28.924786] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 28.925252] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.925507] [ 28.925605] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.925663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.925678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.925744] Call Trace: [ 28.925768] <TASK> [ 28.925821] dump_stack_lvl+0x73/0xb0 [ 28.925900] print_report+0xd1/0x650 [ 28.925927] ? __virt_addr_valid+0x1db/0x2d0 [ 28.925968] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.925996] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.926025] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.926056] kasan_report+0x141/0x180 [ 28.926081] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.926115] kasan_check_range+0x10c/0x1c0 [ 28.926141] __kasan_check_write+0x18/0x20 [ 28.926198] kasan_atomics_helper+0x1b22/0x5450 [ 28.926228] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.926268] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.926298] ? kasan_atomics+0x152/0x310 [ 28.926329] kasan_atomics+0x1dc/0x310 [ 28.926354] ? __pfx_kasan_atomics+0x10/0x10 [ 28.926420] ? __pfx_read_tsc+0x10/0x10 [ 28.926447] ? ktime_get_ts64+0x86/0x230 [ 28.926477] kunit_try_run_case+0x1a5/0x480 [ 28.926517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.926545] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.926602] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.926630] ? __kthread_parkme+0x82/0x180 [ 28.926666] ? preempt_count_sub+0x50/0x80 [ 28.926694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.926750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.926779] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.926819] kthread+0x337/0x6f0 [ 28.926842] ? trace_preempt_on+0x20/0xc0 [ 28.926890] ? __pfx_kthread+0x10/0x10 [ 28.926924] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.926950] ? calculate_sigpending+0x7b/0xa0 [ 28.926990] ? __pfx_kthread+0x10/0x10 [ 28.927015] ret_from_fork+0x116/0x1d0 [ 28.927039] ? __pfx_kthread+0x10/0x10 [ 28.927091] ret_from_fork_asm+0x1a/0x30 [ 28.927127] </TASK> [ 28.927142] [ 28.936253] Allocated by task 314: [ 28.936467] kasan_save_stack+0x45/0x70 [ 28.936704] kasan_save_track+0x18/0x40 [ 28.936938] kasan_save_alloc_info+0x3b/0x50 [ 28.937144] __kasan_kmalloc+0xb7/0xc0 [ 28.937340] __kmalloc_cache_noprof+0x189/0x420 [ 28.937593] kasan_atomics+0x95/0x310 [ 28.937820] kunit_try_run_case+0x1a5/0x480 [ 28.937978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.938164] kthread+0x337/0x6f0 [ 28.938330] ret_from_fork+0x116/0x1d0 [ 28.938541] ret_from_fork_asm+0x1a/0x30 [ 28.938748] [ 28.938846] The buggy address belongs to the object at ffff88810625b900 [ 28.938846] which belongs to the cache kmalloc-64 of size 64 [ 28.939433] The buggy address is located 0 bytes to the right of [ 28.939433] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.940052] [ 28.940156] The buggy address belongs to the physical page: [ 28.940469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.940931] flags: 0x200000000000000(node=0|zone=2) [ 28.941172] page_type: f5(slab) [ 28.941302] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.941563] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.941937] page dumped because: kasan: bad access detected [ 28.942254] [ 28.942351] Memory state around the buggy address: [ 28.942604] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.943005] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.943350] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.943712] ^ [ 28.943982] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.944332] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.944733] ================================================================== [ 29.121387] ================================================================== [ 29.121899] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 29.122316] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.122564] [ 29.122670] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.122726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.122741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.122780] Call Trace: [ 29.122803] <TASK> [ 29.122827] dump_stack_lvl+0x73/0xb0 [ 29.122871] print_report+0xd1/0x650 [ 29.122907] ? __virt_addr_valid+0x1db/0x2d0 [ 29.122935] ? kasan_atomics_helper+0x2006/0x5450 [ 29.122963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.123004] ? kasan_atomics_helper+0x2006/0x5450 [ 29.123033] kasan_report+0x141/0x180 [ 29.123070] ? kasan_atomics_helper+0x2006/0x5450 [ 29.123103] kasan_check_range+0x10c/0x1c0 [ 29.123130] __kasan_check_write+0x18/0x20 [ 29.123167] kasan_atomics_helper+0x2006/0x5450 [ 29.123198] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.123227] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.123267] ? kasan_atomics+0x152/0x310 [ 29.123296] kasan_atomics+0x1dc/0x310 [ 29.123322] ? __pfx_kasan_atomics+0x10/0x10 [ 29.123358] ? __pfx_read_tsc+0x10/0x10 [ 29.123384] ? ktime_get_ts64+0x86/0x230 [ 29.123429] kunit_try_run_case+0x1a5/0x480 [ 29.123459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.123486] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.123516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.123554] ? __kthread_parkme+0x82/0x180 [ 29.123577] ? preempt_count_sub+0x50/0x80 [ 29.123615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.123643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.123671] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.123709] kthread+0x337/0x6f0 [ 29.123731] ? trace_preempt_on+0x20/0xc0 [ 29.123773] ? __pfx_kthread+0x10/0x10 [ 29.123797] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.123824] ? calculate_sigpending+0x7b/0xa0 [ 29.123861] ? __pfx_kthread+0x10/0x10 [ 29.123886] ret_from_fork+0x116/0x1d0 [ 29.123908] ? __pfx_kthread+0x10/0x10 [ 29.123944] ret_from_fork_asm+0x1a/0x30 [ 29.123979] </TASK> [ 29.123994] [ 29.132310] Allocated by task 314: [ 29.132563] kasan_save_stack+0x45/0x70 [ 29.132784] kasan_save_track+0x18/0x40 [ 29.133061] kasan_save_alloc_info+0x3b/0x50 [ 29.133432] __kasan_kmalloc+0xb7/0xc0 [ 29.133646] __kmalloc_cache_noprof+0x189/0x420 [ 29.133826] kasan_atomics+0x95/0x310 [ 29.134087] kunit_try_run_case+0x1a5/0x480 [ 29.134315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.134642] kthread+0x337/0x6f0 [ 29.134804] ret_from_fork+0x116/0x1d0 [ 29.134990] ret_from_fork_asm+0x1a/0x30 [ 29.135264] [ 29.135341] The buggy address belongs to the object at ffff88810625b900 [ 29.135341] which belongs to the cache kmalloc-64 of size 64 [ 29.135728] The buggy address is located 0 bytes to the right of [ 29.135728] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.136249] [ 29.136350] The buggy address belongs to the physical page: [ 29.136623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.137263] flags: 0x200000000000000(node=0|zone=2) [ 29.137546] page_type: f5(slab) [ 29.137760] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.138112] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.138351] page dumped because: kasan: bad access detected [ 29.140002] [ 29.140217] Memory state around the buggy address: [ 29.140488] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.140830] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.141560] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.142216] ^ [ 29.142693] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.143309] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.144033] ================================================================== [ 29.207366] ================================================================== [ 29.207718] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 29.208135] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.208487] [ 29.208644] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.208747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.208763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.208814] Call Trace: [ 29.208836] <TASK> [ 29.208859] dump_stack_lvl+0x73/0xb0 [ 29.208918] print_report+0xd1/0x650 [ 29.208944] ? __virt_addr_valid+0x1db/0x2d0 [ 29.208972] ? kasan_atomics_helper+0x218a/0x5450 [ 29.209001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.209032] ? kasan_atomics_helper+0x218a/0x5450 [ 29.209061] kasan_report+0x141/0x180 [ 29.209086] ? kasan_atomics_helper+0x218a/0x5450 [ 29.209120] kasan_check_range+0x10c/0x1c0 [ 29.209147] __kasan_check_write+0x18/0x20 [ 29.209204] kasan_atomics_helper+0x218a/0x5450 [ 29.209235] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.209275] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.209304] ? kasan_atomics+0x152/0x310 [ 29.209358] kasan_atomics+0x1dc/0x310 [ 29.209385] ? __pfx_kasan_atomics+0x10/0x10 [ 29.209445] ? __pfx_read_tsc+0x10/0x10 [ 29.209485] ? ktime_get_ts64+0x86/0x230 [ 29.209515] kunit_try_run_case+0x1a5/0x480 [ 29.209544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.209586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.209614] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.209643] ? __kthread_parkme+0x82/0x180 [ 29.209668] ? preempt_count_sub+0x50/0x80 [ 29.209696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.209725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.209775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.209816] kthread+0x337/0x6f0 [ 29.209839] ? trace_preempt_on+0x20/0xc0 [ 29.209888] ? __pfx_kthread+0x10/0x10 [ 29.209913] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.209939] ? calculate_sigpending+0x7b/0xa0 [ 29.209968] ? __pfx_kthread+0x10/0x10 [ 29.209994] ret_from_fork+0x116/0x1d0 [ 29.210017] ? __pfx_kthread+0x10/0x10 [ 29.210041] ret_from_fork_asm+0x1a/0x30 [ 29.210077] </TASK> [ 29.210091] [ 29.218435] Allocated by task 314: [ 29.218647] kasan_save_stack+0x45/0x70 [ 29.218880] kasan_save_track+0x18/0x40 [ 29.219127] kasan_save_alloc_info+0x3b/0x50 [ 29.219349] __kasan_kmalloc+0xb7/0xc0 [ 29.219593] __kmalloc_cache_noprof+0x189/0x420 [ 29.219845] kasan_atomics+0x95/0x310 [ 29.220105] kunit_try_run_case+0x1a5/0x480 [ 29.220330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.220590] kthread+0x337/0x6f0 [ 29.220791] ret_from_fork+0x116/0x1d0 [ 29.221041] ret_from_fork_asm+0x1a/0x30 [ 29.221292] [ 29.221419] The buggy address belongs to the object at ffff88810625b900 [ 29.221419] which belongs to the cache kmalloc-64 of size 64 [ 29.221813] The buggy address is located 0 bytes to the right of [ 29.221813] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.225041] [ 29.226288] The buggy address belongs to the physical page: [ 29.226805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.228067] flags: 0x200000000000000(node=0|zone=2) [ 29.228288] page_type: f5(slab) [ 29.228455] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.228710] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.228967] page dumped because: kasan: bad access detected [ 29.229153] [ 29.229228] Memory state around the buggy address: [ 29.230310] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.230776] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.231510] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.231870] ^ [ 29.232091] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.232489] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.232850] ================================================================== [ 29.234088] ================================================================== [ 29.234815] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 29.235218] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.235894] [ 29.236054] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.236267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.236287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.236315] Call Trace: [ 29.236339] <TASK> [ 29.236364] dump_stack_lvl+0x73/0xb0 [ 29.236415] print_report+0xd1/0x650 [ 29.236444] ? __virt_addr_valid+0x1db/0x2d0 [ 29.236474] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.236506] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.236538] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.236570] kasan_report+0x141/0x180 [ 29.236596] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.236632] __asan_report_load8_noabort+0x18/0x20 [ 29.236662] kasan_atomics_helper+0x4fa5/0x5450 [ 29.236693] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.236724] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.236755] ? kasan_atomics+0x152/0x310 [ 29.236785] kasan_atomics+0x1dc/0x310 [ 29.236812] ? __pfx_kasan_atomics+0x10/0x10 [ 29.236841] ? __pfx_read_tsc+0x10/0x10 [ 29.236869] ? ktime_get_ts64+0x86/0x230 [ 29.236914] kunit_try_run_case+0x1a5/0x480 [ 29.236945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.236974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.237004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.237034] ? __kthread_parkme+0x82/0x180 [ 29.237060] ? preempt_count_sub+0x50/0x80 [ 29.237090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.237121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.237150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.237181] kthread+0x337/0x6f0 [ 29.237205] ? trace_preempt_on+0x20/0xc0 [ 29.237236] ? __pfx_kthread+0x10/0x10 [ 29.237261] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.237289] ? calculate_sigpending+0x7b/0xa0 [ 29.237320] ? __pfx_kthread+0x10/0x10 [ 29.237346] ret_from_fork+0x116/0x1d0 [ 29.237370] ? __pfx_kthread+0x10/0x10 [ 29.237408] ret_from_fork_asm+0x1a/0x30 [ 29.237445] </TASK> [ 29.237460] [ 29.249185] Allocated by task 314: [ 29.249387] kasan_save_stack+0x45/0x70 [ 29.249615] kasan_save_track+0x18/0x40 [ 29.249810] kasan_save_alloc_info+0x3b/0x50 [ 29.250570] __kasan_kmalloc+0xb7/0xc0 [ 29.250765] __kmalloc_cache_noprof+0x189/0x420 [ 29.251316] kasan_atomics+0x95/0x310 [ 29.251702] kunit_try_run_case+0x1a5/0x480 [ 29.252005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.252440] kthread+0x337/0x6f0 [ 29.252732] ret_from_fork+0x116/0x1d0 [ 29.253100] ret_from_fork_asm+0x1a/0x30 [ 29.253349] [ 29.253479] The buggy address belongs to the object at ffff88810625b900 [ 29.253479] which belongs to the cache kmalloc-64 of size 64 [ 29.254378] The buggy address is located 0 bytes to the right of [ 29.254378] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.255283] [ 29.255384] The buggy address belongs to the physical page: [ 29.255791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.256500] flags: 0x200000000000000(node=0|zone=2) [ 29.256890] page_type: f5(slab) [ 29.257200] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.257655] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.258182] page dumped because: kasan: bad access detected [ 29.258574] [ 29.258775] Memory state around the buggy address: [ 29.259104] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.259618] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.260046] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.260586] ^ [ 29.260944] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.261384] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.261864] ================================================================== [ 28.013215] ================================================================== [ 28.014239] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 28.014739] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.015441] [ 28.015753] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.015819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.015836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.015864] Call Trace: [ 28.015899] <TASK> [ 28.015922] dump_stack_lvl+0x73/0xb0 [ 28.015959] print_report+0xd1/0x650 [ 28.016010] ? __virt_addr_valid+0x1db/0x2d0 [ 28.016041] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.016071] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.016102] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.016134] kasan_report+0x141/0x180 [ 28.016160] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.016207] kasan_check_range+0x10c/0x1c0 [ 28.016241] __kasan_check_write+0x18/0x20 [ 28.016269] kasan_atomics_helper+0x8f9/0x5450 [ 28.016300] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.016331] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.016362] ? kasan_atomics+0x152/0x310 [ 28.016405] kasan_atomics+0x1dc/0x310 [ 28.016433] ? __pfx_kasan_atomics+0x10/0x10 [ 28.016462] ? __pfx_read_tsc+0x10/0x10 [ 28.016489] ? ktime_get_ts64+0x86/0x230 [ 28.016518] kunit_try_run_case+0x1a5/0x480 [ 28.016550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.016579] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.016608] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.016638] ? __kthread_parkme+0x82/0x180 [ 28.016664] ? preempt_count_sub+0x50/0x80 [ 28.016693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.016723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.016754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.016784] kthread+0x337/0x6f0 [ 28.016808] ? trace_preempt_on+0x20/0xc0 [ 28.016837] ? __pfx_kthread+0x10/0x10 [ 28.016863] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.016890] ? calculate_sigpending+0x7b/0xa0 [ 28.016919] ? __pfx_kthread+0x10/0x10 [ 28.016945] ret_from_fork+0x116/0x1d0 [ 28.016969] ? __pfx_kthread+0x10/0x10 [ 28.016994] ret_from_fork_asm+0x1a/0x30 [ 28.017031] </TASK> [ 28.017046] [ 28.030959] Allocated by task 314: [ 28.031735] kasan_save_stack+0x45/0x70 [ 28.032410] kasan_save_track+0x18/0x40 [ 28.032636] kasan_save_alloc_info+0x3b/0x50 [ 28.032812] __kasan_kmalloc+0xb7/0xc0 [ 28.033014] __kmalloc_cache_noprof+0x189/0x420 [ 28.033402] kasan_atomics+0x95/0x310 [ 28.033633] kunit_try_run_case+0x1a5/0x480 [ 28.033848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.034118] kthread+0x337/0x6f0 [ 28.034277] ret_from_fork+0x116/0x1d0 [ 28.034515] ret_from_fork_asm+0x1a/0x30 [ 28.034800] [ 28.034951] The buggy address belongs to the object at ffff88810625b900 [ 28.034951] which belongs to the cache kmalloc-64 of size 64 [ 28.035562] The buggy address is located 0 bytes to the right of [ 28.035562] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.036474] [ 28.036598] The buggy address belongs to the physical page: [ 28.037056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.037634] flags: 0x200000000000000(node=0|zone=2) [ 28.037939] page_type: f5(slab) [ 28.038137] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.038532] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.038930] page dumped because: kasan: bad access detected [ 28.039215] [ 28.039430] Memory state around the buggy address: [ 28.039629] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.040012] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.040577] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.041069] ^ [ 28.041410] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.041794] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.042145] ================================================================== [ 28.860488] ================================================================== [ 28.860989] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 28.861862] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.862232] [ 28.862374] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.862446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.862463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.862493] Call Trace: [ 28.862542] <TASK> [ 28.862578] dump_stack_lvl+0x73/0xb0 [ 28.862646] print_report+0xd1/0x650 [ 28.862703] ? __virt_addr_valid+0x1db/0x2d0 [ 28.862753] ? kasan_atomics_helper+0x194a/0x5450 [ 28.862828] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.862891] ? kasan_atomics_helper+0x194a/0x5450 [ 28.862923] kasan_report+0x141/0x180 [ 28.862950] ? kasan_atomics_helper+0x194a/0x5450 [ 28.862986] kasan_check_range+0x10c/0x1c0 [ 28.863014] __kasan_check_write+0x18/0x20 [ 28.863042] kasan_atomics_helper+0x194a/0x5450 [ 28.863072] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.863103] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.863133] ? kasan_atomics+0x152/0x310 [ 28.863164] kasan_atomics+0x1dc/0x310 [ 28.863191] ? __pfx_kasan_atomics+0x10/0x10 [ 28.863219] ? __pfx_read_tsc+0x10/0x10 [ 28.863246] ? ktime_get_ts64+0x86/0x230 [ 28.863276] kunit_try_run_case+0x1a5/0x480 [ 28.863308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.863336] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.863366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.863410] ? __kthread_parkme+0x82/0x180 [ 28.863435] ? preempt_count_sub+0x50/0x80 [ 28.863465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.863494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.863524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.863585] kthread+0x337/0x6f0 [ 28.863609] ? trace_preempt_on+0x20/0xc0 [ 28.863745] ? __pfx_kthread+0x10/0x10 [ 28.863772] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.863814] ? calculate_sigpending+0x7b/0xa0 [ 28.863845] ? __pfx_kthread+0x10/0x10 [ 28.863873] ret_from_fork+0x116/0x1d0 [ 28.863909] ? __pfx_kthread+0x10/0x10 [ 28.863935] ret_from_fork_asm+0x1a/0x30 [ 28.863973] </TASK> [ 28.863988] [ 28.872975] Allocated by task 314: [ 28.873205] kasan_save_stack+0x45/0x70 [ 28.873429] kasan_save_track+0x18/0x40 [ 28.873698] kasan_save_alloc_info+0x3b/0x50 [ 28.873911] __kasan_kmalloc+0xb7/0xc0 [ 28.874177] __kmalloc_cache_noprof+0x189/0x420 [ 28.874380] kasan_atomics+0x95/0x310 [ 28.874629] kunit_try_run_case+0x1a5/0x480 [ 28.874848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.875255] kthread+0x337/0x6f0 [ 28.875464] ret_from_fork+0x116/0x1d0 [ 28.875640] ret_from_fork_asm+0x1a/0x30 [ 28.875939] [ 28.876056] The buggy address belongs to the object at ffff88810625b900 [ 28.876056] which belongs to the cache kmalloc-64 of size 64 [ 28.876606] The buggy address is located 0 bytes to the right of [ 28.876606] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.877248] [ 28.877416] The buggy address belongs to the physical page: [ 28.877740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.878139] flags: 0x200000000000000(node=0|zone=2) [ 28.878441] page_type: f5(slab) [ 28.878660] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.879051] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.879292] page dumped because: kasan: bad access detected [ 28.879505] [ 28.879599] Memory state around the buggy address: [ 28.879853] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.880202] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.880545] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.880863] ^ [ 28.881032] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.881253] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.881481] ================================================================== [ 29.283914] ================================================================== [ 29.284432] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 29.284815] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.285062] [ 29.285158] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.285215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.285232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.285260] Call Trace: [ 29.285280] <TASK> [ 29.285302] dump_stack_lvl+0x73/0xb0 [ 29.285332] print_report+0xd1/0x650 [ 29.285360] ? __virt_addr_valid+0x1db/0x2d0 [ 29.285405] ? kasan_atomics_helper+0x5115/0x5450 [ 29.285434] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.285465] ? kasan_atomics_helper+0x5115/0x5450 [ 29.285496] kasan_report+0x141/0x180 [ 29.285522] ? kasan_atomics_helper+0x5115/0x5450 [ 29.285573] __asan_report_load8_noabort+0x18/0x20 [ 29.285603] kasan_atomics_helper+0x5115/0x5450 [ 29.285634] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.285664] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.285693] ? kasan_atomics+0x152/0x310 [ 29.285724] kasan_atomics+0x1dc/0x310 [ 29.285751] ? __pfx_kasan_atomics+0x10/0x10 [ 29.285804] ? __pfx_read_tsc+0x10/0x10 [ 29.285831] ? ktime_get_ts64+0x86/0x230 [ 29.285877] kunit_try_run_case+0x1a5/0x480 [ 29.285908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.285936] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.285980] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.286025] ? __kthread_parkme+0x82/0x180 [ 29.286065] ? preempt_count_sub+0x50/0x80 [ 29.286108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.286139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.286168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.286198] kthread+0x337/0x6f0 [ 29.286221] ? trace_preempt_on+0x20/0xc0 [ 29.286250] ? __pfx_kthread+0x10/0x10 [ 29.286276] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.286302] ? calculate_sigpending+0x7b/0xa0 [ 29.286332] ? __pfx_kthread+0x10/0x10 [ 29.286358] ret_from_fork+0x116/0x1d0 [ 29.286381] ? __pfx_kthread+0x10/0x10 [ 29.286417] ret_from_fork_asm+0x1a/0x30 [ 29.286453] </TASK> [ 29.286468] [ 29.295582] Allocated by task 314: [ 29.295748] kasan_save_stack+0x45/0x70 [ 29.295988] kasan_save_track+0x18/0x40 [ 29.296189] kasan_save_alloc_info+0x3b/0x50 [ 29.296442] __kasan_kmalloc+0xb7/0xc0 [ 29.296642] __kmalloc_cache_noprof+0x189/0x420 [ 29.296864] kasan_atomics+0x95/0x310 [ 29.297078] kunit_try_run_case+0x1a5/0x480 [ 29.297353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.297659] kthread+0x337/0x6f0 [ 29.297835] ret_from_fork+0x116/0x1d0 [ 29.298028] ret_from_fork_asm+0x1a/0x30 [ 29.298243] [ 29.298347] The buggy address belongs to the object at ffff88810625b900 [ 29.298347] which belongs to the cache kmalloc-64 of size 64 [ 29.299048] The buggy address is located 0 bytes to the right of [ 29.299048] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.299453] [ 29.299556] The buggy address belongs to the physical page: [ 29.299829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.300613] flags: 0x200000000000000(node=0|zone=2) [ 29.300860] page_type: f5(slab) [ 29.301049] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.301453] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.301891] page dumped because: kasan: bad access detected [ 29.302206] [ 29.302304] Memory state around the buggy address: [ 29.302555] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.302912] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.303254] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.303597] ^ [ 29.303763] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.303994] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.304227] ================================================================== [ 28.607545] ================================================================== [ 28.608888] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 28.609831] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.610096] [ 28.610200] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.610260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.610277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.610306] Call Trace: [ 28.610332] <TASK> [ 28.610357] dump_stack_lvl+0x73/0xb0 [ 28.610406] print_report+0xd1/0x650 [ 28.610434] ? __virt_addr_valid+0x1db/0x2d0 [ 28.610464] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.610495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.610526] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.610557] kasan_report+0x141/0x180 [ 28.610585] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.610835] __asan_report_load8_noabort+0x18/0x20 [ 28.610866] kasan_atomics_helper+0x4eae/0x5450 [ 28.610898] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.610929] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.610958] ? kasan_atomics+0x152/0x310 [ 28.610990] kasan_atomics+0x1dc/0x310 [ 28.611237] ? __pfx_kasan_atomics+0x10/0x10 [ 28.611266] ? __pfx_read_tsc+0x10/0x10 [ 28.611293] ? ktime_get_ts64+0x86/0x230 [ 28.611325] kunit_try_run_case+0x1a5/0x480 [ 28.611357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.611430] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.611460] ? __kthread_parkme+0x82/0x180 [ 28.611486] ? preempt_count_sub+0x50/0x80 [ 28.611515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.611575] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.611605] kthread+0x337/0x6f0 [ 28.611632] ? trace_preempt_on+0x20/0xc0 [ 28.611661] ? __pfx_kthread+0x10/0x10 [ 28.611687] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.611715] ? calculate_sigpending+0x7b/0xa0 [ 28.611744] ? __pfx_kthread+0x10/0x10 [ 28.611771] ret_from_fork+0x116/0x1d0 [ 28.611795] ? __pfx_kthread+0x10/0x10 [ 28.611821] ret_from_fork_asm+0x1a/0x30 [ 28.611858] </TASK> [ 28.611876] [ 28.624871] Allocated by task 314: [ 28.625100] kasan_save_stack+0x45/0x70 [ 28.625581] kasan_save_track+0x18/0x40 [ 28.625852] kasan_save_alloc_info+0x3b/0x50 [ 28.626755] __kasan_kmalloc+0xb7/0xc0 [ 28.626945] __kmalloc_cache_noprof+0x189/0x420 [ 28.627473] kasan_atomics+0x95/0x310 [ 28.627707] kunit_try_run_case+0x1a5/0x480 [ 28.628106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.628509] kthread+0x337/0x6f0 [ 28.628825] ret_from_fork+0x116/0x1d0 [ 28.629181] ret_from_fork_asm+0x1a/0x30 [ 28.629405] [ 28.629610] The buggy address belongs to the object at ffff88810625b900 [ 28.629610] which belongs to the cache kmalloc-64 of size 64 [ 28.630321] The buggy address is located 0 bytes to the right of [ 28.630321] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.630976] [ 28.631242] The buggy address belongs to the physical page: [ 28.631527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.632147] flags: 0x200000000000000(node=0|zone=2) [ 28.632528] page_type: f5(slab) [ 28.632827] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.633441] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.633907] page dumped because: kasan: bad access detected [ 28.634291] [ 28.634420] Memory state around the buggy address: [ 28.634694] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.635621] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.636210] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.636462] ^ [ 28.636630] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.636862] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.637193] ================================================================== [ 28.638491] ================================================================== [ 28.638918] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 28.639410] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.639719] [ 28.639871] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.639929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.639946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.639973] Call Trace: [ 28.639996] <TASK> [ 28.640017] dump_stack_lvl+0x73/0xb0 [ 28.640049] print_report+0xd1/0x650 [ 28.640076] ? __virt_addr_valid+0x1db/0x2d0 [ 28.640105] ? kasan_atomics_helper+0x1467/0x5450 [ 28.640135] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.640165] ? kasan_atomics_helper+0x1467/0x5450 [ 28.640195] kasan_report+0x141/0x180 [ 28.640221] ? kasan_atomics_helper+0x1467/0x5450 [ 28.640261] kasan_check_range+0x10c/0x1c0 [ 28.640289] __kasan_check_write+0x18/0x20 [ 28.640317] kasan_atomics_helper+0x1467/0x5450 [ 28.640348] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.640378] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.640419] ? kasan_atomics+0x152/0x310 [ 28.640449] kasan_atomics+0x1dc/0x310 [ 28.640476] ? __pfx_kasan_atomics+0x10/0x10 [ 28.640504] ? __pfx_read_tsc+0x10/0x10 [ 28.640530] ? ktime_get_ts64+0x86/0x230 [ 28.640561] kunit_try_run_case+0x1a5/0x480 [ 28.640591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.640619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.640649] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.640678] ? __kthread_parkme+0x82/0x180 [ 28.640703] ? preempt_count_sub+0x50/0x80 [ 28.640731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.640761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.640790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.640820] kthread+0x337/0x6f0 [ 28.640844] ? trace_preempt_on+0x20/0xc0 [ 28.640872] ? __pfx_kthread+0x10/0x10 [ 28.640915] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.640942] ? calculate_sigpending+0x7b/0xa0 [ 28.640971] ? __pfx_kthread+0x10/0x10 [ 28.640996] ret_from_fork+0x116/0x1d0 [ 28.641019] ? __pfx_kthread+0x10/0x10 [ 28.641045] ret_from_fork_asm+0x1a/0x30 [ 28.641081] </TASK> [ 28.641096] [ 28.648637] Allocated by task 314: [ 28.648776] kasan_save_stack+0x45/0x70 [ 28.648997] kasan_save_track+0x18/0x40 [ 28.649203] kasan_save_alloc_info+0x3b/0x50 [ 28.649453] __kasan_kmalloc+0xb7/0xc0 [ 28.649658] __kmalloc_cache_noprof+0x189/0x420 [ 28.649896] kasan_atomics+0x95/0x310 [ 28.650091] kunit_try_run_case+0x1a5/0x480 [ 28.650294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.650543] kthread+0x337/0x6f0 [ 28.650729] ret_from_fork+0x116/0x1d0 [ 28.650924] ret_from_fork_asm+0x1a/0x30 [ 28.651092] [ 28.651195] The buggy address belongs to the object at ffff88810625b900 [ 28.651195] which belongs to the cache kmalloc-64 of size 64 [ 28.651600] The buggy address is located 0 bytes to the right of [ 28.651600] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.652153] [ 28.652268] The buggy address belongs to the physical page: [ 28.652557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.652962] flags: 0x200000000000000(node=0|zone=2) [ 28.653226] page_type: f5(slab) [ 28.653426] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.653759] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.654125] page dumped because: kasan: bad access detected [ 28.654363] [ 28.654459] Memory state around the buggy address: [ 28.654624] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.654854] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.655215] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.655568] ^ [ 28.655805] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.656171] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.656415] ================================================================== [ 28.042863] ================================================================== [ 28.043250] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 28.043758] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.044255] [ 28.044378] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.044693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.044715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.044743] Call Trace: [ 28.044784] <TASK> [ 28.044810] dump_stack_lvl+0x73/0xb0 [ 28.044845] print_report+0xd1/0x650 [ 28.044872] ? __virt_addr_valid+0x1db/0x2d0 [ 28.044902] ? kasan_atomics_helper+0x992/0x5450 [ 28.044930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.044960] ? kasan_atomics_helper+0x992/0x5450 [ 28.044989] kasan_report+0x141/0x180 [ 28.045026] ? kasan_atomics_helper+0x992/0x5450 [ 28.045059] kasan_check_range+0x10c/0x1c0 [ 28.045099] __kasan_check_write+0x18/0x20 [ 28.045125] kasan_atomics_helper+0x992/0x5450 [ 28.045155] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.045185] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.045213] ? kasan_atomics+0x152/0x310 [ 28.045243] kasan_atomics+0x1dc/0x310 [ 28.045269] ? __pfx_kasan_atomics+0x10/0x10 [ 28.045297] ? __pfx_read_tsc+0x10/0x10 [ 28.045323] ? ktime_get_ts64+0x86/0x230 [ 28.045353] kunit_try_run_case+0x1a5/0x480 [ 28.045384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.045421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.045450] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.045479] ? __kthread_parkme+0x82/0x180 [ 28.045514] ? preempt_count_sub+0x50/0x80 [ 28.045542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.045578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.045608] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.045637] kthread+0x337/0x6f0 [ 28.045661] ? trace_preempt_on+0x20/0xc0 [ 28.045688] ? __pfx_kthread+0x10/0x10 [ 28.045714] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.045740] ? calculate_sigpending+0x7b/0xa0 [ 28.045768] ? __pfx_kthread+0x10/0x10 [ 28.045803] ret_from_fork+0x116/0x1d0 [ 28.045826] ? __pfx_kthread+0x10/0x10 [ 28.045850] ret_from_fork_asm+0x1a/0x30 [ 28.045887] </TASK> [ 28.045902] [ 28.055544] Allocated by task 314: [ 28.055713] kasan_save_stack+0x45/0x70 [ 28.056007] kasan_save_track+0x18/0x40 [ 28.056214] kasan_save_alloc_info+0x3b/0x50 [ 28.056669] __kasan_kmalloc+0xb7/0xc0 [ 28.056825] __kmalloc_cache_noprof+0x189/0x420 [ 28.057025] kasan_atomics+0x95/0x310 [ 28.057358] kunit_try_run_case+0x1a5/0x480 [ 28.057994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.058210] kthread+0x337/0x6f0 [ 28.058452] ret_from_fork+0x116/0x1d0 [ 28.058657] ret_from_fork_asm+0x1a/0x30 [ 28.058869] [ 28.059029] The buggy address belongs to the object at ffff88810625b900 [ 28.059029] which belongs to the cache kmalloc-64 of size 64 [ 28.059568] The buggy address is located 0 bytes to the right of [ 28.059568] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.060020] [ 28.060127] The buggy address belongs to the physical page: [ 28.060548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.061116] flags: 0x200000000000000(node=0|zone=2) [ 28.061671] page_type: f5(slab) [ 28.061826] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.062451] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.062708] page dumped because: kasan: bad access detected [ 28.063116] [ 28.063343] Memory state around the buggy address: [ 28.063645] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.064008] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.064535] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.064881] ^ [ 28.065304] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.065799] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.066161] ================================================================== [ 27.963101] ================================================================== [ 27.963581] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 27.964246] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.964526] [ 27.964630] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.964691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.964708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.964737] Call Trace: [ 27.964760] <TASK> [ 27.964783] dump_stack_lvl+0x73/0xb0 [ 27.964816] print_report+0xd1/0x650 [ 27.964843] ? __virt_addr_valid+0x1db/0x2d0 [ 27.964873] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.964919] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.964952] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.964983] kasan_report+0x141/0x180 [ 27.965010] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.965046] kasan_check_range+0x10c/0x1c0 [ 27.965074] __kasan_check_write+0x18/0x20 [ 27.965103] kasan_atomics_helper+0x7c7/0x5450 [ 27.965135] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.965166] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.965196] ? kasan_atomics+0x152/0x310 [ 27.965228] kasan_atomics+0x1dc/0x310 [ 27.965255] ? __pfx_kasan_atomics+0x10/0x10 [ 27.965285] ? __pfx_read_tsc+0x10/0x10 [ 27.965312] ? ktime_get_ts64+0x86/0x230 [ 27.965342] kunit_try_run_case+0x1a5/0x480 [ 27.965373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.965414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.965443] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.965473] ? __kthread_parkme+0x82/0x180 [ 27.965500] ? preempt_count_sub+0x50/0x80 [ 27.965528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.965559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.965590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.965619] kthread+0x337/0x6f0 [ 27.965644] ? trace_preempt_on+0x20/0xc0 [ 27.965672] ? __pfx_kthread+0x10/0x10 [ 27.965699] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.965726] ? calculate_sigpending+0x7b/0xa0 [ 27.965756] ? __pfx_kthread+0x10/0x10 [ 27.965783] ret_from_fork+0x116/0x1d0 [ 27.965807] ? __pfx_kthread+0x10/0x10 [ 27.965833] ret_from_fork_asm+0x1a/0x30 [ 27.965870] </TASK> [ 27.965886] [ 27.976168] Allocated by task 314: [ 27.976376] kasan_save_stack+0x45/0x70 [ 27.976668] kasan_save_track+0x18/0x40 [ 27.976870] kasan_save_alloc_info+0x3b/0x50 [ 27.977138] __kasan_kmalloc+0xb7/0xc0 [ 27.977411] __kmalloc_cache_noprof+0x189/0x420 [ 27.977650] kasan_atomics+0x95/0x310 [ 27.977905] kunit_try_run_case+0x1a5/0x480 [ 27.978139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.978412] kthread+0x337/0x6f0 [ 27.978546] ret_from_fork+0x116/0x1d0 [ 27.979041] ret_from_fork_asm+0x1a/0x30 [ 27.979477] [ 27.979585] The buggy address belongs to the object at ffff88810625b900 [ 27.979585] which belongs to the cache kmalloc-64 of size 64 [ 27.980245] The buggy address is located 0 bytes to the right of [ 27.980245] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.980867] [ 27.980984] The buggy address belongs to the physical page: [ 27.981537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.981815] flags: 0x200000000000000(node=0|zone=2) [ 27.982547] page_type: f5(slab) [ 27.982757] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.983318] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.983614] page dumped because: kasan: bad access detected [ 27.983873] [ 27.983981] Memory state around the buggy address: [ 27.984429] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.984845] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.985287] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.985551] ^ [ 27.985833] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.986497] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.987173] ================================================================== [ 27.896590] ================================================================== [ 27.896954] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 27.897345] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.897695] [ 27.897826] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.897895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.897910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.897937] Call Trace: [ 27.897960] <TASK> [ 27.897983] dump_stack_lvl+0x73/0xb0 [ 27.898014] print_report+0xd1/0x650 [ 27.898040] ? __virt_addr_valid+0x1db/0x2d0 [ 27.898068] ? kasan_atomics_helper+0x697/0x5450 [ 27.898096] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.898125] ? kasan_atomics_helper+0x697/0x5450 [ 27.898153] kasan_report+0x141/0x180 [ 27.898178] ? kasan_atomics_helper+0x697/0x5450 [ 27.898210] kasan_check_range+0x10c/0x1c0 [ 27.898237] __kasan_check_write+0x18/0x20 [ 27.898263] kasan_atomics_helper+0x697/0x5450 [ 27.898303] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.898331] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.898371] ? kasan_atomics+0x152/0x310 [ 27.898408] kasan_atomics+0x1dc/0x310 [ 27.898432] ? __pfx_kasan_atomics+0x10/0x10 [ 27.898459] ? __pfx_read_tsc+0x10/0x10 [ 27.898484] ? ktime_get_ts64+0x86/0x230 [ 27.898512] kunit_try_run_case+0x1a5/0x480 [ 27.898540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.898566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.898595] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.898622] ? __kthread_parkme+0x82/0x180 [ 27.898646] ? preempt_count_sub+0x50/0x80 [ 27.898673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.898756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.898786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.898814] kthread+0x337/0x6f0 [ 27.898836] ? trace_preempt_on+0x20/0xc0 [ 27.898864] ? __pfx_kthread+0x10/0x10 [ 27.898904] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.898930] ? calculate_sigpending+0x7b/0xa0 [ 27.898969] ? __pfx_kthread+0x10/0x10 [ 27.898994] ret_from_fork+0x116/0x1d0 [ 27.899016] ? __pfx_kthread+0x10/0x10 [ 27.899040] ret_from_fork_asm+0x1a/0x30 [ 27.899075] </TASK> [ 27.899090] [ 27.919806] Allocated by task 314: [ 27.920635] kasan_save_stack+0x45/0x70 [ 27.921381] kasan_save_track+0x18/0x40 [ 27.921940] kasan_save_alloc_info+0x3b/0x50 [ 27.922669] __kasan_kmalloc+0xb7/0xc0 [ 27.923373] __kmalloc_cache_noprof+0x189/0x420 [ 27.923969] kasan_atomics+0x95/0x310 [ 27.924356] kunit_try_run_case+0x1a5/0x480 [ 27.924820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.925595] kthread+0x337/0x6f0 [ 27.925737] ret_from_fork+0x116/0x1d0 [ 27.925877] ret_from_fork_asm+0x1a/0x30 [ 27.926021] [ 27.926097] The buggy address belongs to the object at ffff88810625b900 [ 27.926097] which belongs to the cache kmalloc-64 of size 64 [ 27.927346] The buggy address is located 0 bytes to the right of [ 27.927346] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.928854] [ 27.929107] The buggy address belongs to the physical page: [ 27.929719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.930448] flags: 0x200000000000000(node=0|zone=2) [ 27.930634] page_type: f5(slab) [ 27.930764] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.931278] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.932135] page dumped because: kasan: bad access detected [ 27.932869] [ 27.933059] Memory state around the buggy address: [ 27.933665] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.934465] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.934734] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.934997] ^ [ 27.935521] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.936182] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.937036] ================================================================== [ 29.102604] ================================================================== [ 29.102941] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 29.103291] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.103691] [ 29.103812] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.103870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.103884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.103910] Call Trace: [ 29.103934] <TASK> [ 29.103958] dump_stack_lvl+0x73/0xb0 [ 29.103990] print_report+0xd1/0x650 [ 29.104029] ? __virt_addr_valid+0x1db/0x2d0 [ 29.104058] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.104098] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.104128] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.104157] kasan_report+0x141/0x180 [ 29.104183] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.104217] __asan_report_load8_noabort+0x18/0x20 [ 29.104252] kasan_atomics_helper+0x4f71/0x5450 [ 29.104282] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.104321] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.104349] ? kasan_atomics+0x152/0x310 [ 29.104407] kasan_atomics+0x1dc/0x310 [ 29.104434] ? __pfx_kasan_atomics+0x10/0x10 [ 29.104471] ? __pfx_read_tsc+0x10/0x10 [ 29.104497] ? ktime_get_ts64+0x86/0x230 [ 29.104526] kunit_try_run_case+0x1a5/0x480 [ 29.104555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.104582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.104609] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.104638] ? __kthread_parkme+0x82/0x180 [ 29.104661] ? preempt_count_sub+0x50/0x80 [ 29.104689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.104717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.104744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.104782] kthread+0x337/0x6f0 [ 29.104805] ? trace_preempt_on+0x20/0xc0 [ 29.104845] ? __pfx_kthread+0x10/0x10 [ 29.104868] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.104905] ? calculate_sigpending+0x7b/0xa0 [ 29.104932] ? __pfx_kthread+0x10/0x10 [ 29.104957] ret_from_fork+0x116/0x1d0 [ 29.104989] ? __pfx_kthread+0x10/0x10 [ 29.105013] ret_from_fork_asm+0x1a/0x30 [ 29.105059] </TASK> [ 29.105074] [ 29.112469] Allocated by task 314: [ 29.112840] kasan_save_stack+0x45/0x70 [ 29.113060] kasan_save_track+0x18/0x40 [ 29.113288] kasan_save_alloc_info+0x3b/0x50 [ 29.113537] __kasan_kmalloc+0xb7/0xc0 [ 29.113761] __kmalloc_cache_noprof+0x189/0x420 [ 29.114175] kasan_atomics+0x95/0x310 [ 29.114404] kunit_try_run_case+0x1a5/0x480 [ 29.114614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.114888] kthread+0x337/0x6f0 [ 29.115039] ret_from_fork+0x116/0x1d0 [ 29.115172] ret_from_fork_asm+0x1a/0x30 [ 29.115326] [ 29.115434] The buggy address belongs to the object at ffff88810625b900 [ 29.115434] which belongs to the cache kmalloc-64 of size 64 [ 29.116017] The buggy address is located 0 bytes to the right of [ 29.116017] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.116574] [ 29.116676] The buggy address belongs to the physical page: [ 29.116970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.117288] flags: 0x200000000000000(node=0|zone=2) [ 29.117526] page_type: f5(slab) [ 29.117649] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.117876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.118097] page dumped because: kasan: bad access detected [ 29.118339] [ 29.118439] Memory state around the buggy address: [ 29.118666] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.118989] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.119307] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.119788] ^ [ 29.119946] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.120166] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.120510] ================================================================== [ 29.185991] ================================================================== [ 29.186695] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 29.187201] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.187551] [ 29.187648] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.187705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.187721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.187747] Call Trace: [ 29.187770] <TASK> [ 29.187794] dump_stack_lvl+0x73/0xb0 [ 29.187825] print_report+0xd1/0x650 [ 29.187852] ? __virt_addr_valid+0x1db/0x2d0 [ 29.187880] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.187908] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.187973] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.188021] kasan_report+0x141/0x180 [ 29.188060] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.188131] __asan_report_load8_noabort+0x18/0x20 [ 29.188188] kasan_atomics_helper+0x4fb2/0x5450 [ 29.188253] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.188282] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.188348] ? kasan_atomics+0x152/0x310 [ 29.188414] kasan_atomics+0x1dc/0x310 [ 29.188468] ? __pfx_kasan_atomics+0x10/0x10 [ 29.188513] ? __pfx_read_tsc+0x10/0x10 [ 29.188577] ? ktime_get_ts64+0x86/0x230 [ 29.188606] kunit_try_run_case+0x1a5/0x480 [ 29.188649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.188676] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.188706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.188735] ? __kthread_parkme+0x82/0x180 [ 29.188759] ? preempt_count_sub+0x50/0x80 [ 29.188787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.188816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.188845] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.188874] kthread+0x337/0x6f0 [ 29.188897] ? trace_preempt_on+0x20/0xc0 [ 29.188926] ? __pfx_kthread+0x10/0x10 [ 29.188951] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.188977] ? calculate_sigpending+0x7b/0xa0 [ 29.189006] ? __pfx_kthread+0x10/0x10 [ 29.189031] ret_from_fork+0x116/0x1d0 [ 29.189053] ? __pfx_kthread+0x10/0x10 [ 29.189078] ret_from_fork_asm+0x1a/0x30 [ 29.189114] </TASK> [ 29.189128] [ 29.198000] Allocated by task 314: [ 29.198183] kasan_save_stack+0x45/0x70 [ 29.198338] kasan_save_track+0x18/0x40 [ 29.198494] kasan_save_alloc_info+0x3b/0x50 [ 29.198645] __kasan_kmalloc+0xb7/0xc0 [ 29.198785] __kmalloc_cache_noprof+0x189/0x420 [ 29.199120] kasan_atomics+0x95/0x310 [ 29.199323] kunit_try_run_case+0x1a5/0x480 [ 29.199549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.199886] kthread+0x337/0x6f0 [ 29.200044] ret_from_fork+0x116/0x1d0 [ 29.200213] ret_from_fork_asm+0x1a/0x30 [ 29.200486] [ 29.200629] The buggy address belongs to the object at ffff88810625b900 [ 29.200629] which belongs to the cache kmalloc-64 of size 64 [ 29.201165] The buggy address is located 0 bytes to the right of [ 29.201165] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.201763] [ 29.201914] The buggy address belongs to the physical page: [ 29.202177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.202575] flags: 0x200000000000000(node=0|zone=2) [ 29.202910] page_type: f5(slab) [ 29.203092] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.203464] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.203802] page dumped because: kasan: bad access detected [ 29.204142] [ 29.204215] Memory state around the buggy address: [ 29.204522] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.204892] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.205216] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.205600] ^ [ 29.205847] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.206212] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.206542] ================================================================== [ 27.631752] ================================================================== [ 27.632318] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 27.632792] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.633191] [ 27.633441] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.633500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.633516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.633542] Call Trace: [ 27.633558] <TASK> [ 27.633581] dump_stack_lvl+0x73/0xb0 [ 27.633614] print_report+0xd1/0x650 [ 27.633639] ? __virt_addr_valid+0x1db/0x2d0 [ 27.633667] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.633695] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.633724] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.633753] kasan_report+0x141/0x180 [ 27.633778] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.633810] __asan_report_store4_noabort+0x1b/0x30 [ 27.633837] kasan_atomics_helper+0x4ba2/0x5450 [ 27.633867] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.633894] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.633923] ? kasan_atomics+0x152/0x310 [ 27.633953] kasan_atomics+0x1dc/0x310 [ 27.633978] ? __pfx_kasan_atomics+0x10/0x10 [ 27.634004] ? __pfx_read_tsc+0x10/0x10 [ 27.634029] ? ktime_get_ts64+0x86/0x230 [ 27.634058] kunit_try_run_case+0x1a5/0x480 [ 27.634087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.634113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.634142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.634193] ? __kthread_parkme+0x82/0x180 [ 27.634218] ? preempt_count_sub+0x50/0x80 [ 27.634245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.634273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.634301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.634329] kthread+0x337/0x6f0 [ 27.634351] ? trace_preempt_on+0x20/0xc0 [ 27.634378] ? __pfx_kthread+0x10/0x10 [ 27.634413] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.634438] ? calculate_sigpending+0x7b/0xa0 [ 27.634467] ? __pfx_kthread+0x10/0x10 [ 27.634492] ret_from_fork+0x116/0x1d0 [ 27.634513] ? __pfx_kthread+0x10/0x10 [ 27.634537] ret_from_fork_asm+0x1a/0x30 [ 27.634572] </TASK> [ 27.634585] [ 27.652865] Allocated by task 314: [ 27.653082] kasan_save_stack+0x45/0x70 [ 27.653710] kasan_save_track+0x18/0x40 [ 27.654313] kasan_save_alloc_info+0x3b/0x50 [ 27.654565] __kasan_kmalloc+0xb7/0xc0 [ 27.654766] __kmalloc_cache_noprof+0x189/0x420 [ 27.655610] kasan_atomics+0x95/0x310 [ 27.655889] kunit_try_run_case+0x1a5/0x480 [ 27.656553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.656988] kthread+0x337/0x6f0 [ 27.657308] ret_from_fork+0x116/0x1d0 [ 27.657758] ret_from_fork_asm+0x1a/0x30 [ 27.658245] [ 27.658352] The buggy address belongs to the object at ffff88810625b900 [ 27.658352] which belongs to the cache kmalloc-64 of size 64 [ 27.659367] The buggy address is located 0 bytes to the right of [ 27.659367] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.660560] [ 27.660681] The buggy address belongs to the physical page: [ 27.661140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.661755] flags: 0x200000000000000(node=0|zone=2) [ 27.662363] page_type: f5(slab) [ 27.662631] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.663511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.663856] page dumped because: kasan: bad access detected [ 27.664102] [ 27.664592] Memory state around the buggy address: [ 27.664915] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.665646] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.666220] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.666552] ^ [ 27.666773] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.667426] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.668503] ================================================================== [ 28.439501] ================================================================== [ 28.439882] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 28.440320] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.440714] [ 28.440933] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.440993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.441011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.441038] Call Trace: [ 28.441063] <TASK> [ 28.441088] dump_stack_lvl+0x73/0xb0 [ 28.441123] print_report+0xd1/0x650 [ 28.441151] ? __virt_addr_valid+0x1db/0x2d0 [ 28.441180] ? kasan_atomics_helper+0x1148/0x5450 [ 28.441210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.441240] ? kasan_atomics_helper+0x1148/0x5450 [ 28.441271] kasan_report+0x141/0x180 [ 28.441297] ? kasan_atomics_helper+0x1148/0x5450 [ 28.441333] kasan_check_range+0x10c/0x1c0 [ 28.441361] __kasan_check_write+0x18/0x20 [ 28.441388] kasan_atomics_helper+0x1148/0x5450 [ 28.441448] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.441478] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.441508] ? kasan_atomics+0x152/0x310 [ 28.441539] kasan_atomics+0x1dc/0x310 [ 28.441565] ? __pfx_kasan_atomics+0x10/0x10 [ 28.441593] ? __pfx_read_tsc+0x10/0x10 [ 28.441620] ? ktime_get_ts64+0x86/0x230 [ 28.441650] kunit_try_run_case+0x1a5/0x480 [ 28.441681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.441709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.441738] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.441767] ? __kthread_parkme+0x82/0x180 [ 28.441793] ? preempt_count_sub+0x50/0x80 [ 28.441823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.441854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.441893] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.441923] kthread+0x337/0x6f0 [ 28.441948] ? trace_preempt_on+0x20/0xc0 [ 28.441976] ? __pfx_kthread+0x10/0x10 [ 28.442003] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.442031] ? calculate_sigpending+0x7b/0xa0 [ 28.442061] ? __pfx_kthread+0x10/0x10 [ 28.442088] ret_from_fork+0x116/0x1d0 [ 28.442112] ? __pfx_kthread+0x10/0x10 [ 28.442136] ret_from_fork_asm+0x1a/0x30 [ 28.442175] </TASK> [ 28.442190] [ 28.453792] Allocated by task 314: [ 28.454120] kasan_save_stack+0x45/0x70 [ 28.454337] kasan_save_track+0x18/0x40 [ 28.454537] kasan_save_alloc_info+0x3b/0x50 [ 28.454701] __kasan_kmalloc+0xb7/0xc0 [ 28.454849] __kmalloc_cache_noprof+0x189/0x420 [ 28.455018] kasan_atomics+0x95/0x310 [ 28.455206] kunit_try_run_case+0x1a5/0x480 [ 28.455469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.455748] kthread+0x337/0x6f0 [ 28.455941] ret_from_fork+0x116/0x1d0 [ 28.456115] ret_from_fork_asm+0x1a/0x30 [ 28.456312] [ 28.456431] The buggy address belongs to the object at ffff88810625b900 [ 28.456431] which belongs to the cache kmalloc-64 of size 64 [ 28.456835] The buggy address is located 0 bytes to the right of [ 28.456835] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.457478] [ 28.457589] The buggy address belongs to the physical page: [ 28.457822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.458234] flags: 0x200000000000000(node=0|zone=2) [ 28.458490] page_type: f5(slab) [ 28.458669] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.459060] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.459400] page dumped because: kasan: bad access detected [ 28.459646] [ 28.459724] Memory state around the buggy address: [ 28.459925] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.460282] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.460580] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.460843] ^ [ 28.461290] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.461623] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.461924] ================================================================== [ 28.236631] ================================================================== [ 28.237387] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 28.238425] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.239310] [ 28.239876] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.239942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.239958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.239985] Call Trace: [ 28.240004] <TASK> [ 28.240028] dump_stack_lvl+0x73/0xb0 [ 28.240062] print_report+0xd1/0x650 [ 28.240090] ? __virt_addr_valid+0x1db/0x2d0 [ 28.240136] ? kasan_atomics_helper+0xde0/0x5450 [ 28.240165] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.240234] ? kasan_atomics_helper+0xde0/0x5450 [ 28.240264] kasan_report+0x141/0x180 [ 28.240290] ? kasan_atomics_helper+0xde0/0x5450 [ 28.240324] kasan_check_range+0x10c/0x1c0 [ 28.240351] __kasan_check_write+0x18/0x20 [ 28.240378] kasan_atomics_helper+0xde0/0x5450 [ 28.240419] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.240449] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.240478] ? kasan_atomics+0x152/0x310 [ 28.240508] kasan_atomics+0x1dc/0x310 [ 28.240534] ? __pfx_kasan_atomics+0x10/0x10 [ 28.240561] ? __pfx_read_tsc+0x10/0x10 [ 28.240588] ? ktime_get_ts64+0x86/0x230 [ 28.240617] kunit_try_run_case+0x1a5/0x480 [ 28.240648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.240675] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.240705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.240733] ? __kthread_parkme+0x82/0x180 [ 28.240758] ? preempt_count_sub+0x50/0x80 [ 28.240786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.240818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.240847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.240876] kthread+0x337/0x6f0 [ 28.240962] ? trace_preempt_on+0x20/0xc0 [ 28.240993] ? __pfx_kthread+0x10/0x10 [ 28.241018] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.241045] ? calculate_sigpending+0x7b/0xa0 [ 28.241074] ? __pfx_kthread+0x10/0x10 [ 28.241101] ret_from_fork+0x116/0x1d0 [ 28.241125] ? __pfx_kthread+0x10/0x10 [ 28.241213] ret_from_fork_asm+0x1a/0x30 [ 28.241255] </TASK> [ 28.241270] [ 28.253610] Allocated by task 314: [ 28.253826] kasan_save_stack+0x45/0x70 [ 28.254259] kasan_save_track+0x18/0x40 [ 28.254652] kasan_save_alloc_info+0x3b/0x50 [ 28.255146] __kasan_kmalloc+0xb7/0xc0 [ 28.255541] __kmalloc_cache_noprof+0x189/0x420 [ 28.256014] kasan_atomics+0x95/0x310 [ 28.256405] kunit_try_run_case+0x1a5/0x480 [ 28.256904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.257168] kthread+0x337/0x6f0 [ 28.257299] ret_from_fork+0x116/0x1d0 [ 28.257471] ret_from_fork_asm+0x1a/0x30 [ 28.257810] [ 28.258023] The buggy address belongs to the object at ffff88810625b900 [ 28.258023] which belongs to the cache kmalloc-64 of size 64 [ 28.259311] The buggy address is located 0 bytes to the right of [ 28.259311] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.260596] [ 28.260794] The buggy address belongs to the physical page: [ 28.261172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.261462] flags: 0x200000000000000(node=0|zone=2) [ 28.261718] page_type: f5(slab) [ 28.261985] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.262725] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.263037] page dumped because: kasan: bad access detected [ 28.263622] [ 28.263789] Memory state around the buggy address: [ 28.264339] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.264952] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.265198] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.265808] ^ [ 28.266289] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.266681] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.267304] ================================================================== [ 28.089729] ================================================================== [ 28.090470] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 28.090904] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.091371] [ 28.091525] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.091595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.091612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.091638] Call Trace: [ 28.091661] <TASK> [ 28.091685] dump_stack_lvl+0x73/0xb0 [ 28.091720] print_report+0xd1/0x650 [ 28.091746] ? __virt_addr_valid+0x1db/0x2d0 [ 28.091775] ? kasan_atomics_helper+0xac7/0x5450 [ 28.091804] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.091834] ? kasan_atomics_helper+0xac7/0x5450 [ 28.091863] kasan_report+0x141/0x180 [ 28.091888] ? kasan_atomics_helper+0xac7/0x5450 [ 28.091921] kasan_check_range+0x10c/0x1c0 [ 28.091959] __kasan_check_write+0x18/0x20 [ 28.091986] kasan_atomics_helper+0xac7/0x5450 [ 28.092028] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.092057] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.092086] ? kasan_atomics+0x152/0x310 [ 28.092126] kasan_atomics+0x1dc/0x310 [ 28.092152] ? __pfx_kasan_atomics+0x10/0x10 [ 28.092180] ? __pfx_read_tsc+0x10/0x10 [ 28.092440] ? ktime_get_ts64+0x86/0x230 [ 28.092485] kunit_try_run_case+0x1a5/0x480 [ 28.092517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.092545] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.092574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.092604] ? __kthread_parkme+0x82/0x180 [ 28.092629] ? preempt_count_sub+0x50/0x80 [ 28.092657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.092687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.092717] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.092745] kthread+0x337/0x6f0 [ 28.092770] ? trace_preempt_on+0x20/0xc0 [ 28.092800] ? __pfx_kthread+0x10/0x10 [ 28.092825] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.092851] ? calculate_sigpending+0x7b/0xa0 [ 28.092880] ? __pfx_kthread+0x10/0x10 [ 28.092905] ret_from_fork+0x116/0x1d0 [ 28.092943] ? __pfx_kthread+0x10/0x10 [ 28.092968] ret_from_fork_asm+0x1a/0x30 [ 28.093019] </TASK> [ 28.093034] [ 28.102606] Allocated by task 314: [ 28.102758] kasan_save_stack+0x45/0x70 [ 28.102918] kasan_save_track+0x18/0x40 [ 28.103126] kasan_save_alloc_info+0x3b/0x50 [ 28.103476] __kasan_kmalloc+0xb7/0xc0 [ 28.103735] __kmalloc_cache_noprof+0x189/0x420 [ 28.104242] kasan_atomics+0x95/0x310 [ 28.104606] kunit_try_run_case+0x1a5/0x480 [ 28.104818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.105225] kthread+0x337/0x6f0 [ 28.105464] ret_from_fork+0x116/0x1d0 [ 28.105705] ret_from_fork_asm+0x1a/0x30 [ 28.105855] [ 28.105930] The buggy address belongs to the object at ffff88810625b900 [ 28.105930] which belongs to the cache kmalloc-64 of size 64 [ 28.106988] The buggy address is located 0 bytes to the right of [ 28.106988] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.107998] [ 28.108126] The buggy address belongs to the physical page: [ 28.108998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.109468] flags: 0x200000000000000(node=0|zone=2) [ 28.109723] page_type: f5(slab) [ 28.110355] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.110735] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.111568] page dumped because: kasan: bad access detected [ 28.112009] [ 28.112112] Memory state around the buggy address: [ 28.112630] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.112903] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.113239] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.113686] ^ [ 28.114025] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.114609] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.114957] ================================================================== [ 28.395103] ================================================================== [ 28.395511] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 28.395946] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.396375] [ 28.396512] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.396572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.396588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.396619] Call Trace: [ 28.396643] <TASK> [ 28.396664] dump_stack_lvl+0x73/0xb0 [ 28.396698] print_report+0xd1/0x650 [ 28.396728] ? __virt_addr_valid+0x1db/0x2d0 [ 28.396760] ? kasan_atomics_helper+0x1079/0x5450 [ 28.396792] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.396824] ? kasan_atomics_helper+0x1079/0x5450 [ 28.396858] kasan_report+0x141/0x180 [ 28.396897] ? kasan_atomics_helper+0x1079/0x5450 [ 28.396934] kasan_check_range+0x10c/0x1c0 [ 28.396964] __kasan_check_write+0x18/0x20 [ 28.396993] kasan_atomics_helper+0x1079/0x5450 [ 28.397024] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.397056] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.397086] ? kasan_atomics+0x152/0x310 [ 28.397118] kasan_atomics+0x1dc/0x310 [ 28.397146] ? __pfx_kasan_atomics+0x10/0x10 [ 28.397175] ? __pfx_read_tsc+0x10/0x10 [ 28.397202] ? ktime_get_ts64+0x86/0x230 [ 28.397232] kunit_try_run_case+0x1a5/0x480 [ 28.397264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.397293] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.397323] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.397355] ? __kthread_parkme+0x82/0x180 [ 28.397381] ? preempt_count_sub+0x50/0x80 [ 28.397424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.397455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.397485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.397517] kthread+0x337/0x6f0 [ 28.397543] ? trace_preempt_on+0x20/0xc0 [ 28.397575] ? __pfx_kthread+0x10/0x10 [ 28.397602] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.397630] ? calculate_sigpending+0x7b/0xa0 [ 28.397661] ? __pfx_kthread+0x10/0x10 [ 28.397688] ret_from_fork+0x116/0x1d0 [ 28.397713] ? __pfx_kthread+0x10/0x10 [ 28.397739] ret_from_fork_asm+0x1a/0x30 [ 28.397778] </TASK> [ 28.397794] [ 28.406162] Allocated by task 314: [ 28.406360] kasan_save_stack+0x45/0x70 [ 28.406590] kasan_save_track+0x18/0x40 [ 28.406811] kasan_save_alloc_info+0x3b/0x50 [ 28.407039] __kasan_kmalloc+0xb7/0xc0 [ 28.407247] __kmalloc_cache_noprof+0x189/0x420 [ 28.407430] kasan_atomics+0x95/0x310 [ 28.407578] kunit_try_run_case+0x1a5/0x480 [ 28.407740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.408133] kthread+0x337/0x6f0 [ 28.408322] ret_from_fork+0x116/0x1d0 [ 28.408545] ret_from_fork_asm+0x1a/0x30 [ 28.408765] [ 28.408873] The buggy address belongs to the object at ffff88810625b900 [ 28.408873] which belongs to the cache kmalloc-64 of size 64 [ 28.409564] The buggy address is located 0 bytes to the right of [ 28.409564] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.410105] [ 28.410187] The buggy address belongs to the physical page: [ 28.410469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.410843] flags: 0x200000000000000(node=0|zone=2) [ 28.411049] page_type: f5(slab) [ 28.411186] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.411459] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.411760] page dumped because: kasan: bad access detected [ 28.412040] [ 28.412152] Memory state around the buggy address: [ 28.412416] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.412771] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.413104] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.413341] ^ [ 28.413521] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.413762] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.414511] ================================================================== [ 28.140905] ================================================================== [ 28.141423] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 28.141818] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.142147] [ 28.142422] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.142487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.142504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.142533] Call Trace: [ 28.142558] <TASK> [ 28.142585] dump_stack_lvl+0x73/0xb0 [ 28.142620] print_report+0xd1/0x650 [ 28.142647] ? __virt_addr_valid+0x1db/0x2d0 [ 28.142677] ? kasan_atomics_helper+0xc70/0x5450 [ 28.142706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.142737] ? kasan_atomics_helper+0xc70/0x5450 [ 28.142768] kasan_report+0x141/0x180 [ 28.142795] ? kasan_atomics_helper+0xc70/0x5450 [ 28.142843] kasan_check_range+0x10c/0x1c0 [ 28.142872] __kasan_check_write+0x18/0x20 [ 28.142913] kasan_atomics_helper+0xc70/0x5450 [ 28.142945] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.142975] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.143005] ? kasan_atomics+0x152/0x310 [ 28.143037] kasan_atomics+0x1dc/0x310 [ 28.143064] ? __pfx_kasan_atomics+0x10/0x10 [ 28.143093] ? __pfx_read_tsc+0x10/0x10 [ 28.143120] ? ktime_get_ts64+0x86/0x230 [ 28.143150] kunit_try_run_case+0x1a5/0x480 [ 28.143182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.143223] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.143253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.143283] ? __kthread_parkme+0x82/0x180 [ 28.143309] ? preempt_count_sub+0x50/0x80 [ 28.143412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.143447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.143489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.143519] kthread+0x337/0x6f0 [ 28.143557] ? trace_preempt_on+0x20/0xc0 [ 28.143586] ? __pfx_kthread+0x10/0x10 [ 28.143613] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.143640] ? calculate_sigpending+0x7b/0xa0 [ 28.143670] ? __pfx_kthread+0x10/0x10 [ 28.143697] ret_from_fork+0x116/0x1d0 [ 28.143722] ? __pfx_kthread+0x10/0x10 [ 28.143748] ret_from_fork_asm+0x1a/0x30 [ 28.143785] </TASK> [ 28.143800] [ 28.153447] Allocated by task 314: [ 28.153701] kasan_save_stack+0x45/0x70 [ 28.153884] kasan_save_track+0x18/0x40 [ 28.154297] kasan_save_alloc_info+0x3b/0x50 [ 28.154788] __kasan_kmalloc+0xb7/0xc0 [ 28.155217] __kmalloc_cache_noprof+0x189/0x420 [ 28.155456] kasan_atomics+0x95/0x310 [ 28.155674] kunit_try_run_case+0x1a5/0x480 [ 28.156036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.156465] kthread+0x337/0x6f0 [ 28.156692] ret_from_fork+0x116/0x1d0 [ 28.156879] ret_from_fork_asm+0x1a/0x30 [ 28.157111] [ 28.157298] The buggy address belongs to the object at ffff88810625b900 [ 28.157298] which belongs to the cache kmalloc-64 of size 64 [ 28.158460] The buggy address is located 0 bytes to the right of [ 28.158460] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.159020] [ 28.159132] The buggy address belongs to the physical page: [ 28.159370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.159656] flags: 0x200000000000000(node=0|zone=2) [ 28.160036] page_type: f5(slab) [ 28.160418] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.160826] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.161672] page dumped because: kasan: bad access detected [ 28.161880] [ 28.161993] Memory state around the buggy address: [ 28.162735] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.163114] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.163998] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.165135] ^ [ 28.165341] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.165610] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.165855] ================================================================== [ 27.938039] ================================================================== [ 27.938516] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 27.938781] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.939276] [ 27.939383] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.939456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.939472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.939500] Call Trace: [ 27.939523] <TASK> [ 27.939548] dump_stack_lvl+0x73/0xb0 [ 27.939580] print_report+0xd1/0x650 [ 27.939608] ? __virt_addr_valid+0x1db/0x2d0 [ 27.939636] ? kasan_atomics_helper+0x72f/0x5450 [ 27.939664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.939694] ? kasan_atomics_helper+0x72f/0x5450 [ 27.939723] kasan_report+0x141/0x180 [ 27.939749] ? kasan_atomics_helper+0x72f/0x5450 [ 27.939783] kasan_check_range+0x10c/0x1c0 [ 27.939812] __kasan_check_write+0x18/0x20 [ 27.939838] kasan_atomics_helper+0x72f/0x5450 [ 27.939868] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.939908] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.939937] ? kasan_atomics+0x152/0x310 [ 27.939968] kasan_atomics+0x1dc/0x310 [ 27.939994] ? __pfx_kasan_atomics+0x10/0x10 [ 27.940022] ? __pfx_read_tsc+0x10/0x10 [ 27.940048] ? ktime_get_ts64+0x86/0x230 [ 27.940078] kunit_try_run_case+0x1a5/0x480 [ 27.940108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.940135] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.940378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.940424] ? __kthread_parkme+0x82/0x180 [ 27.940451] ? preempt_count_sub+0x50/0x80 [ 27.940479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.940509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.940539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.940567] kthread+0x337/0x6f0 [ 27.940591] ? trace_preempt_on+0x20/0xc0 [ 27.940620] ? __pfx_kthread+0x10/0x10 [ 27.940645] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.940670] ? calculate_sigpending+0x7b/0xa0 [ 27.940699] ? __pfx_kthread+0x10/0x10 [ 27.940725] ret_from_fork+0x116/0x1d0 [ 27.940747] ? __pfx_kthread+0x10/0x10 [ 27.940772] ret_from_fork_asm+0x1a/0x30 [ 27.940809] </TASK> [ 27.940823] [ 27.952899] Allocated by task 314: [ 27.953216] kasan_save_stack+0x45/0x70 [ 27.953411] kasan_save_track+0x18/0x40 [ 27.953562] kasan_save_alloc_info+0x3b/0x50 [ 27.953726] __kasan_kmalloc+0xb7/0xc0 [ 27.953931] __kmalloc_cache_noprof+0x189/0x420 [ 27.954175] kasan_atomics+0x95/0x310 [ 27.954412] kunit_try_run_case+0x1a5/0x480 [ 27.954762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.955047] kthread+0x337/0x6f0 [ 27.955304] ret_from_fork+0x116/0x1d0 [ 27.955533] ret_from_fork_asm+0x1a/0x30 [ 27.955745] [ 27.955843] The buggy address belongs to the object at ffff88810625b900 [ 27.955843] which belongs to the cache kmalloc-64 of size 64 [ 27.956340] The buggy address is located 0 bytes to the right of [ 27.956340] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.957491] [ 27.957612] The buggy address belongs to the physical page: [ 27.957808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.958205] flags: 0x200000000000000(node=0|zone=2) [ 27.958553] page_type: f5(slab) [ 27.958749] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.959122] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.959535] page dumped because: kasan: bad access detected [ 27.959817] [ 27.959925] Memory state around the buggy address: [ 27.960303] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.960657] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.960912] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.961611] ^ [ 27.961886] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.962278] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.962633] ================================================================== [ 27.732809] ================================================================== [ 27.733337] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 27.733858] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.734640] [ 27.735001] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.735167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.735185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.735213] Call Trace: [ 27.735354] <TASK> [ 27.735380] dump_stack_lvl+0x73/0xb0 [ 27.735456] print_report+0xd1/0x650 [ 27.735567] ? __virt_addr_valid+0x1db/0x2d0 [ 27.735602] ? kasan_atomics_helper+0x3df/0x5450 [ 27.735630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.735660] ? kasan_atomics_helper+0x3df/0x5450 [ 27.735689] kasan_report+0x141/0x180 [ 27.735715] ? kasan_atomics_helper+0x3df/0x5450 [ 27.735748] kasan_check_range+0x10c/0x1c0 [ 27.735774] __kasan_check_read+0x15/0x20 [ 27.735801] kasan_atomics_helper+0x3df/0x5450 [ 27.735830] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.735860] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.735889] ? kasan_atomics+0x152/0x310 [ 27.735917] kasan_atomics+0x1dc/0x310 [ 27.735943] ? __pfx_kasan_atomics+0x10/0x10 [ 27.735971] ? __pfx_read_tsc+0x10/0x10 [ 27.735996] ? ktime_get_ts64+0x86/0x230 [ 27.736025] kunit_try_run_case+0x1a5/0x480 [ 27.736055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.736083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.736111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.736139] ? __kthread_parkme+0x82/0x180 [ 27.736165] ? preempt_count_sub+0x50/0x80 [ 27.736193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.736229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.736259] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.736288] kthread+0x337/0x6f0 [ 27.736311] ? trace_preempt_on+0x20/0xc0 [ 27.736340] ? __pfx_kthread+0x10/0x10 [ 27.736364] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.736402] ? calculate_sigpending+0x7b/0xa0 [ 27.736430] ? __pfx_kthread+0x10/0x10 [ 27.736456] ret_from_fork+0x116/0x1d0 [ 27.736480] ? __pfx_kthread+0x10/0x10 [ 27.736504] ret_from_fork_asm+0x1a/0x30 [ 27.736543] </TASK> [ 27.736559] [ 27.753029] Allocated by task 314: [ 27.753208] kasan_save_stack+0x45/0x70 [ 27.753420] kasan_save_track+0x18/0x40 [ 27.753566] kasan_save_alloc_info+0x3b/0x50 [ 27.754308] __kasan_kmalloc+0xb7/0xc0 [ 27.754495] __kmalloc_cache_noprof+0x189/0x420 [ 27.754735] kasan_atomics+0x95/0x310 [ 27.755223] kunit_try_run_case+0x1a5/0x480 [ 27.755543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.755828] kthread+0x337/0x6f0 [ 27.756131] ret_from_fork+0x116/0x1d0 [ 27.756446] ret_from_fork_asm+0x1a/0x30 [ 27.756656] [ 27.756752] The buggy address belongs to the object at ffff88810625b900 [ 27.756752] which belongs to the cache kmalloc-64 of size 64 [ 27.757691] The buggy address is located 0 bytes to the right of [ 27.757691] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.758651] [ 27.758745] The buggy address belongs to the physical page: [ 27.759085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.759538] flags: 0x200000000000000(node=0|zone=2) [ 27.760088] page_type: f5(slab) [ 27.760290] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.760882] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.761369] page dumped because: kasan: bad access detected [ 27.761738] [ 27.761872] Memory state around the buggy address: [ 27.762087] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.762448] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.763278] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.763747] ^ [ 27.764049] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.764661] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.765137] ================================================================== [ 28.481681] ================================================================== [ 28.482482] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 28.482908] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.483144] [ 28.483302] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.483358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.483373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.483412] Call Trace: [ 28.483436] <TASK> [ 28.483458] dump_stack_lvl+0x73/0xb0 [ 28.483488] print_report+0xd1/0x650 [ 28.483514] ? __virt_addr_valid+0x1db/0x2d0 [ 28.483542] ? kasan_atomics_helper+0x1217/0x5450 [ 28.483570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.483599] ? kasan_atomics_helper+0x1217/0x5450 [ 28.483628] kasan_report+0x141/0x180 [ 28.483653] ? kasan_atomics_helper+0x1217/0x5450 [ 28.483689] kasan_check_range+0x10c/0x1c0 [ 28.483717] __kasan_check_write+0x18/0x20 [ 28.483744] kasan_atomics_helper+0x1217/0x5450 [ 28.483773] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.483801] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.483829] ? kasan_atomics+0x152/0x310 [ 28.483859] kasan_atomics+0x1dc/0x310 [ 28.483886] ? __pfx_kasan_atomics+0x10/0x10 [ 28.483914] ? __pfx_read_tsc+0x10/0x10 [ 28.483938] ? ktime_get_ts64+0x86/0x230 [ 28.483969] kunit_try_run_case+0x1a5/0x480 [ 28.483997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.484024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.484052] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.484080] ? __kthread_parkme+0x82/0x180 [ 28.484104] ? preempt_count_sub+0x50/0x80 [ 28.484132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.484160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.484188] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.484216] kthread+0x337/0x6f0 [ 28.484244] ? trace_preempt_on+0x20/0xc0 [ 28.484272] ? __pfx_kthread+0x10/0x10 [ 28.484295] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.484320] ? calculate_sigpending+0x7b/0xa0 [ 28.484348] ? __pfx_kthread+0x10/0x10 [ 28.484373] ret_from_fork+0x116/0x1d0 [ 28.484417] ? __pfx_kthread+0x10/0x10 [ 28.484441] ret_from_fork_asm+0x1a/0x30 [ 28.484476] </TASK> [ 28.484490] [ 28.496008] Allocated by task 314: [ 28.496449] kasan_save_stack+0x45/0x70 [ 28.496727] kasan_save_track+0x18/0x40 [ 28.496895] kasan_save_alloc_info+0x3b/0x50 [ 28.497186] __kasan_kmalloc+0xb7/0xc0 [ 28.497379] __kmalloc_cache_noprof+0x189/0x420 [ 28.497629] kasan_atomics+0x95/0x310 [ 28.497784] kunit_try_run_case+0x1a5/0x480 [ 28.498354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.498613] kthread+0x337/0x6f0 [ 28.498751] ret_from_fork+0x116/0x1d0 [ 28.499113] ret_from_fork_asm+0x1a/0x30 [ 28.499312] [ 28.499562] The buggy address belongs to the object at ffff88810625b900 [ 28.499562] which belongs to the cache kmalloc-64 of size 64 [ 28.500189] The buggy address is located 0 bytes to the right of [ 28.500189] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.500789] [ 28.500892] The buggy address belongs to the physical page: [ 28.501212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.501569] flags: 0x200000000000000(node=0|zone=2) [ 28.501790] page_type: f5(slab) [ 28.502230] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.502557] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.502949] page dumped because: kasan: bad access detected [ 28.503211] [ 28.503439] Memory state around the buggy address: [ 28.503629] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.504172] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.504560] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.504991] ^ [ 28.505179] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.505621] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.506028] ================================================================== [ 28.115650] ================================================================== [ 28.116029] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 28.116562] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.116885] [ 28.117319] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.117382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.117412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.117439] Call Trace: [ 28.117463] <TASK> [ 28.117569] dump_stack_lvl+0x73/0xb0 [ 28.117609] print_report+0xd1/0x650 [ 28.117639] ? __virt_addr_valid+0x1db/0x2d0 [ 28.117669] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.117699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.117730] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.117759] kasan_report+0x141/0x180 [ 28.117786] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.117820] kasan_check_range+0x10c/0x1c0 [ 28.117860] __kasan_check_write+0x18/0x20 [ 28.117889] kasan_atomics_helper+0xb6a/0x5450 [ 28.117931] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.117962] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.117992] ? kasan_atomics+0x152/0x310 [ 28.118023] kasan_atomics+0x1dc/0x310 [ 28.118050] ? __pfx_kasan_atomics+0x10/0x10 [ 28.118079] ? __pfx_read_tsc+0x10/0x10 [ 28.118105] ? ktime_get_ts64+0x86/0x230 [ 28.118136] kunit_try_run_case+0x1a5/0x480 [ 28.118167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.118195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.118226] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.118255] ? __kthread_parkme+0x82/0x180 [ 28.118279] ? preempt_count_sub+0x50/0x80 [ 28.118308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.118412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.118448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.118480] kthread+0x337/0x6f0 [ 28.118505] ? trace_preempt_on+0x20/0xc0 [ 28.118534] ? __pfx_kthread+0x10/0x10 [ 28.118560] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.118587] ? calculate_sigpending+0x7b/0xa0 [ 28.118616] ? __pfx_kthread+0x10/0x10 [ 28.118643] ret_from_fork+0x116/0x1d0 [ 28.118667] ? __pfx_kthread+0x10/0x10 [ 28.118692] ret_from_fork_asm+0x1a/0x30 [ 28.118729] </TASK> [ 28.118745] [ 28.128881] Allocated by task 314: [ 28.129144] kasan_save_stack+0x45/0x70 [ 28.129486] kasan_save_track+0x18/0x40 [ 28.129655] kasan_save_alloc_info+0x3b/0x50 [ 28.129822] __kasan_kmalloc+0xb7/0xc0 [ 28.130087] __kmalloc_cache_noprof+0x189/0x420 [ 28.130537] kasan_atomics+0x95/0x310 [ 28.130737] kunit_try_run_case+0x1a5/0x480 [ 28.130899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.131089] kthread+0x337/0x6f0 [ 28.131220] ret_from_fork+0x116/0x1d0 [ 28.131643] ret_from_fork_asm+0x1a/0x30 [ 28.132043] [ 28.132161] The buggy address belongs to the object at ffff88810625b900 [ 28.132161] which belongs to the cache kmalloc-64 of size 64 [ 28.133153] The buggy address is located 0 bytes to the right of [ 28.133153] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.133874] [ 28.133963] The buggy address belongs to the physical page: [ 28.134238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.134871] flags: 0x200000000000000(node=0|zone=2) [ 28.135067] page_type: f5(slab) [ 28.135201] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.135955] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.136218] page dumped because: kasan: bad access detected [ 28.136417] [ 28.136694] Memory state around the buggy address: [ 28.137434] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.137818] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.138410] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.138702] ^ [ 28.138932] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.139504] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.139751] ================================================================== [ 28.945786] ================================================================== [ 28.946068] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 28.946673] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.947215] [ 28.947346] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.947477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.947495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.947535] Call Trace: [ 28.947559] <TASK> [ 28.947583] dump_stack_lvl+0x73/0xb0 [ 28.947617] print_report+0xd1/0x650 [ 28.947643] ? __virt_addr_valid+0x1db/0x2d0 [ 28.947672] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.947702] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.947735] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.947766] kasan_report+0x141/0x180 [ 28.947791] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.947826] kasan_check_range+0x10c/0x1c0 [ 28.947852] __kasan_check_write+0x18/0x20 [ 28.947879] kasan_atomics_helper+0x1c18/0x5450 [ 28.948470] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.948507] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.948539] ? kasan_atomics+0x152/0x310 [ 28.948570] kasan_atomics+0x1dc/0x310 [ 28.948597] ? __pfx_kasan_atomics+0x10/0x10 [ 28.948624] ? __pfx_read_tsc+0x10/0x10 [ 28.948651] ? ktime_get_ts64+0x86/0x230 [ 28.948680] kunit_try_run_case+0x1a5/0x480 [ 28.948709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.948736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.948766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.948794] ? __kthread_parkme+0x82/0x180 [ 28.948818] ? preempt_count_sub+0x50/0x80 [ 28.948845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.949434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.949481] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.949513] kthread+0x337/0x6f0 [ 28.949539] ? trace_preempt_on+0x20/0xc0 [ 28.949570] ? __pfx_kthread+0x10/0x10 [ 28.949595] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.949623] ? calculate_sigpending+0x7b/0xa0 [ 28.949651] ? __pfx_kthread+0x10/0x10 [ 28.949676] ret_from_fork+0x116/0x1d0 [ 28.949699] ? __pfx_kthread+0x10/0x10 [ 28.949724] ret_from_fork_asm+0x1a/0x30 [ 28.949762] </TASK> [ 28.949778] [ 28.960952] Allocated by task 314: [ 28.961105] kasan_save_stack+0x45/0x70 [ 28.961264] kasan_save_track+0x18/0x40 [ 28.961468] kasan_save_alloc_info+0x3b/0x50 [ 28.962002] __kasan_kmalloc+0xb7/0xc0 [ 28.962231] __kmalloc_cache_noprof+0x189/0x420 [ 28.962440] kasan_atomics+0x95/0x310 [ 28.962575] kunit_try_run_case+0x1a5/0x480 [ 28.962723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.962903] kthread+0x337/0x6f0 [ 28.963027] ret_from_fork+0x116/0x1d0 [ 28.963161] ret_from_fork_asm+0x1a/0x30 [ 28.963303] [ 28.963373] The buggy address belongs to the object at ffff88810625b900 [ 28.963373] which belongs to the cache kmalloc-64 of size 64 [ 28.963752] The buggy address is located 0 bytes to the right of [ 28.963752] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.964115] [ 28.964191] The buggy address belongs to the physical page: [ 28.964370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.965043] flags: 0x200000000000000(node=0|zone=2) [ 28.965294] page_type: f5(slab) [ 28.965498] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.965949] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.966327] page dumped because: kasan: bad access detected [ 28.966585] [ 28.966678] Memory state around the buggy address: [ 28.966900] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.968164] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.968972] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.969191] ^ [ 28.969443] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.969713] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.970598] ================================================================== [ 29.016699] ================================================================== [ 29.017082] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 29.017598] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.017858] [ 29.018155] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.018253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.018282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.018309] Call Trace: [ 29.018332] <TASK> [ 29.018358] dump_stack_lvl+0x73/0xb0 [ 29.018402] print_report+0xd1/0x650 [ 29.018427] ? __virt_addr_valid+0x1db/0x2d0 [ 29.018456] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.018485] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.018515] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.018544] kasan_report+0x141/0x180 [ 29.018569] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.018602] kasan_check_range+0x10c/0x1c0 [ 29.018628] __kasan_check_write+0x18/0x20 [ 29.018653] kasan_atomics_helper+0x1d7a/0x5450 [ 29.018757] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.018799] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.018827] ? kasan_atomics+0x152/0x310 [ 29.018857] kasan_atomics+0x1dc/0x310 [ 29.018894] ? __pfx_kasan_atomics+0x10/0x10 [ 29.018922] ? __pfx_read_tsc+0x10/0x10 [ 29.018948] ? ktime_get_ts64+0x86/0x230 [ 29.018976] kunit_try_run_case+0x1a5/0x480 [ 29.019005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.019032] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.019060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.019088] ? __kthread_parkme+0x82/0x180 [ 29.019112] ? preempt_count_sub+0x50/0x80 [ 29.019139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.019167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.019195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.019222] kthread+0x337/0x6f0 [ 29.019245] ? trace_preempt_on+0x20/0xc0 [ 29.019274] ? __pfx_kthread+0x10/0x10 [ 29.019298] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.019323] ? calculate_sigpending+0x7b/0xa0 [ 29.019351] ? __pfx_kthread+0x10/0x10 [ 29.019375] ret_from_fork+0x116/0x1d0 [ 29.019410] ? __pfx_kthread+0x10/0x10 [ 29.019433] ret_from_fork_asm+0x1a/0x30 [ 29.019469] </TASK> [ 29.019483] [ 29.028487] Allocated by task 314: [ 29.028800] kasan_save_stack+0x45/0x70 [ 29.029376] kasan_save_track+0x18/0x40 [ 29.029645] kasan_save_alloc_info+0x3b/0x50 [ 29.029863] __kasan_kmalloc+0xb7/0xc0 [ 29.030067] __kmalloc_cache_noprof+0x189/0x420 [ 29.030318] kasan_atomics+0x95/0x310 [ 29.030469] kunit_try_run_case+0x1a5/0x480 [ 29.030621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.031099] kthread+0x337/0x6f0 [ 29.031313] ret_from_fork+0x116/0x1d0 [ 29.031517] ret_from_fork_asm+0x1a/0x30 [ 29.031719] [ 29.031821] The buggy address belongs to the object at ffff88810625b900 [ 29.031821] which belongs to the cache kmalloc-64 of size 64 [ 29.032615] The buggy address is located 0 bytes to the right of [ 29.032615] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.033290] [ 29.033403] The buggy address belongs to the physical page: [ 29.033661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.034091] flags: 0x200000000000000(node=0|zone=2) [ 29.034487] page_type: f5(slab) [ 29.034640] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.035066] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.035438] page dumped because: kasan: bad access detected [ 29.035775] [ 29.035848] Memory state around the buggy address: [ 29.036150] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.036429] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.036928] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.037275] ^ [ 29.037539] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.037837] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.038122] ================================================================== [ 28.506823] ================================================================== [ 28.507482] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 28.507831] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.508249] [ 28.508364] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.508430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.508444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.508471] Call Trace: [ 28.508492] <TASK> [ 28.508515] dump_stack_lvl+0x73/0xb0 [ 28.508548] print_report+0xd1/0x650 [ 28.508576] ? __virt_addr_valid+0x1db/0x2d0 [ 28.508603] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.508631] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.508661] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.508689] kasan_report+0x141/0x180 [ 28.508714] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.508746] __asan_report_load4_noabort+0x18/0x20 [ 28.508773] kasan_atomics_helper+0x49e8/0x5450 [ 28.508802] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.508831] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.508861] ? kasan_atomics+0x152/0x310 [ 28.508890] kasan_atomics+0x1dc/0x310 [ 28.508916] ? __pfx_kasan_atomics+0x10/0x10 [ 28.508943] ? __pfx_read_tsc+0x10/0x10 [ 28.508967] ? ktime_get_ts64+0x86/0x230 [ 28.508996] kunit_try_run_case+0x1a5/0x480 [ 28.509024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.509064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.509091] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.509118] ? __kthread_parkme+0x82/0x180 [ 28.509142] ? preempt_count_sub+0x50/0x80 [ 28.509168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.509196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.509223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.509251] kthread+0x337/0x6f0 [ 28.509274] ? trace_preempt_on+0x20/0xc0 [ 28.509301] ? __pfx_kthread+0x10/0x10 [ 28.509324] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.509350] ? calculate_sigpending+0x7b/0xa0 [ 28.509377] ? __pfx_kthread+0x10/0x10 [ 28.509413] ret_from_fork+0x116/0x1d0 [ 28.509436] ? __pfx_kthread+0x10/0x10 [ 28.509460] ret_from_fork_asm+0x1a/0x30 [ 28.509494] </TASK> [ 28.509508] [ 28.516873] Allocated by task 314: [ 28.517040] kasan_save_stack+0x45/0x70 [ 28.517188] kasan_save_track+0x18/0x40 [ 28.517400] kasan_save_alloc_info+0x3b/0x50 [ 28.517623] __kasan_kmalloc+0xb7/0xc0 [ 28.517783] __kmalloc_cache_noprof+0x189/0x420 [ 28.518013] kasan_atomics+0x95/0x310 [ 28.518165] kunit_try_run_case+0x1a5/0x480 [ 28.518383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.518611] kthread+0x337/0x6f0 [ 28.518767] ret_from_fork+0x116/0x1d0 [ 28.518955] ret_from_fork_asm+0x1a/0x30 [ 28.519141] [ 28.519212] The buggy address belongs to the object at ffff88810625b900 [ 28.519212] which belongs to the cache kmalloc-64 of size 64 [ 28.519809] The buggy address is located 0 bytes to the right of [ 28.519809] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.520225] [ 28.520297] The buggy address belongs to the physical page: [ 28.520484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.520942] flags: 0x200000000000000(node=0|zone=2) [ 28.521242] page_type: f5(slab) [ 28.521424] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.521674] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.521976] page dumped because: kasan: bad access detected [ 28.522231] [ 28.522324] Memory state around the buggy address: [ 28.522567] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.522899] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.523194] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.523420] ^ [ 28.523591] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.523959] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.524286] ================================================================== [ 28.205279] ================================================================== [ 28.206086] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 28.206961] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.207230] [ 28.207329] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.207386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.207414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.207441] Call Trace: [ 28.207459] <TASK> [ 28.207481] dump_stack_lvl+0x73/0xb0 [ 28.207513] print_report+0xd1/0x650 [ 28.207540] ? __virt_addr_valid+0x1db/0x2d0 [ 28.207569] ? kasan_atomics_helper+0xd47/0x5450 [ 28.207597] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.207626] ? kasan_atomics_helper+0xd47/0x5450 [ 28.207655] kasan_report+0x141/0x180 [ 28.207681] ? kasan_atomics_helper+0xd47/0x5450 [ 28.207716] kasan_check_range+0x10c/0x1c0 [ 28.207745] __kasan_check_write+0x18/0x20 [ 28.207771] kasan_atomics_helper+0xd47/0x5450 [ 28.207801] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.207830] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.207859] ? kasan_atomics+0x152/0x310 [ 28.207889] kasan_atomics+0x1dc/0x310 [ 28.207915] ? __pfx_kasan_atomics+0x10/0x10 [ 28.207943] ? __pfx_read_tsc+0x10/0x10 [ 28.207971] ? ktime_get_ts64+0x86/0x230 [ 28.207999] kunit_try_run_case+0x1a5/0x480 [ 28.208029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.208056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.208085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.208113] ? __kthread_parkme+0x82/0x180 [ 28.208137] ? preempt_count_sub+0x50/0x80 [ 28.208164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.208192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.208220] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.208270] kthread+0x337/0x6f0 [ 28.208293] ? trace_preempt_on+0x20/0xc0 [ 28.208321] ? __pfx_kthread+0x10/0x10 [ 28.208345] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.208371] ? calculate_sigpending+0x7b/0xa0 [ 28.208410] ? __pfx_kthread+0x10/0x10 [ 28.208435] ret_from_fork+0x116/0x1d0 [ 28.208456] ? __pfx_kthread+0x10/0x10 [ 28.208481] ret_from_fork_asm+0x1a/0x30 [ 28.208516] </TASK> [ 28.208531] [ 28.218920] Allocated by task 314: [ 28.219419] kasan_save_stack+0x45/0x70 [ 28.220045] kasan_save_track+0x18/0x40 [ 28.220629] kasan_save_alloc_info+0x3b/0x50 [ 28.221419] __kasan_kmalloc+0xb7/0xc0 [ 28.221866] __kmalloc_cache_noprof+0x189/0x420 [ 28.222385] kasan_atomics+0x95/0x310 [ 28.222766] kunit_try_run_case+0x1a5/0x480 [ 28.223309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.223923] kthread+0x337/0x6f0 [ 28.224293] ret_from_fork+0x116/0x1d0 [ 28.224769] ret_from_fork_asm+0x1a/0x30 [ 28.225252] [ 28.225491] The buggy address belongs to the object at ffff88810625b900 [ 28.225491] which belongs to the cache kmalloc-64 of size 64 [ 28.226655] The buggy address is located 0 bytes to the right of [ 28.226655] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.227537] [ 28.227773] The buggy address belongs to the physical page: [ 28.228414] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.229365] flags: 0x200000000000000(node=0|zone=2) [ 28.229853] page_type: f5(slab) [ 28.229999] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.230847] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.231404] page dumped because: kasan: bad access detected [ 28.231600] [ 28.231691] Memory state around the buggy address: [ 28.232189] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.233030] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.233760] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.234575] ^ [ 28.234746] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.234984] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.235490] ================================================================== [ 28.301124] ================================================================== [ 28.301850] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 28.302702] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.303282] [ 28.303380] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.303451] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.303468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.303494] Call Trace: [ 28.303518] <TASK> [ 28.303543] dump_stack_lvl+0x73/0xb0 [ 28.303577] print_report+0xd1/0x650 [ 28.303606] ? __virt_addr_valid+0x1db/0x2d0 [ 28.303634] ? kasan_atomics_helper+0xf10/0x5450 [ 28.303664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.303856] ? kasan_atomics_helper+0xf10/0x5450 [ 28.303937] kasan_report+0x141/0x180 [ 28.303963] ? kasan_atomics_helper+0xf10/0x5450 [ 28.303997] kasan_check_range+0x10c/0x1c0 [ 28.304025] __kasan_check_write+0x18/0x20 [ 28.304051] kasan_atomics_helper+0xf10/0x5450 [ 28.304081] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.304110] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.304140] ? kasan_atomics+0x152/0x310 [ 28.304171] kasan_atomics+0x1dc/0x310 [ 28.304197] ? __pfx_kasan_atomics+0x10/0x10 [ 28.304230] ? __pfx_read_tsc+0x10/0x10 [ 28.304256] ? ktime_get_ts64+0x86/0x230 [ 28.304285] kunit_try_run_case+0x1a5/0x480 [ 28.304314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.304342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.304370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.304409] ? __kthread_parkme+0x82/0x180 [ 28.304434] ? preempt_count_sub+0x50/0x80 [ 28.304462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.304491] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.304520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.304548] kthread+0x337/0x6f0 [ 28.304572] ? trace_preempt_on+0x20/0xc0 [ 28.304600] ? __pfx_kthread+0x10/0x10 [ 28.304624] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.304650] ? calculate_sigpending+0x7b/0xa0 [ 28.304679] ? __pfx_kthread+0x10/0x10 [ 28.304704] ret_from_fork+0x116/0x1d0 [ 28.304727] ? __pfx_kthread+0x10/0x10 [ 28.304752] ret_from_fork_asm+0x1a/0x30 [ 28.304789] </TASK> [ 28.304804] [ 28.316716] Allocated by task 314: [ 28.316904] kasan_save_stack+0x45/0x70 [ 28.317940] kasan_save_track+0x18/0x40 [ 28.318106] kasan_save_alloc_info+0x3b/0x50 [ 28.318626] __kasan_kmalloc+0xb7/0xc0 [ 28.318952] __kmalloc_cache_noprof+0x189/0x420 [ 28.319149] kasan_atomics+0x95/0x310 [ 28.319555] kunit_try_run_case+0x1a5/0x480 [ 28.319777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.320468] kthread+0x337/0x6f0 [ 28.320655] ret_from_fork+0x116/0x1d0 [ 28.320856] ret_from_fork_asm+0x1a/0x30 [ 28.321086] [ 28.321432] The buggy address belongs to the object at ffff88810625b900 [ 28.321432] which belongs to the cache kmalloc-64 of size 64 [ 28.321980] The buggy address is located 0 bytes to the right of [ 28.321980] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.322893] [ 28.323231] The buggy address belongs to the physical page: [ 28.323624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.324016] flags: 0x200000000000000(node=0|zone=2) [ 28.324677] page_type: f5(slab) [ 28.324874] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.325206] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.325893] page dumped because: kasan: bad access detected [ 28.326333] [ 28.326435] Memory state around the buggy address: [ 28.326675] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.326991] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.327327] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.327658] ^ [ 28.328447] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.328744] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.328999] ================================================================== [ 29.145309] ================================================================== [ 29.146003] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 29.146794] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 29.147184] [ 29.147307] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 29.147366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.147384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.147422] Call Trace: [ 29.147447] <TASK> [ 29.147472] dump_stack_lvl+0x73/0xb0 [ 29.147507] print_report+0xd1/0x650 [ 29.147535] ? __virt_addr_valid+0x1db/0x2d0 [ 29.147563] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.147592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.147621] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.147651] kasan_report+0x141/0x180 [ 29.147676] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.147710] __asan_report_load8_noabort+0x18/0x20 [ 29.147737] kasan_atomics_helper+0x4f98/0x5450 [ 29.147767] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.147796] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.147825] ? kasan_atomics+0x152/0x310 [ 29.147855] kasan_atomics+0x1dc/0x310 [ 29.147882] ? __pfx_kasan_atomics+0x10/0x10 [ 29.147910] ? __pfx_read_tsc+0x10/0x10 [ 29.147936] ? ktime_get_ts64+0x86/0x230 [ 29.147965] kunit_try_run_case+0x1a5/0x480 [ 29.147995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.148022] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.148064] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.148092] ? __kthread_parkme+0x82/0x180 [ 29.148129] ? preempt_count_sub+0x50/0x80 [ 29.148158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.148187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.148216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.148249] kthread+0x337/0x6f0 [ 29.148273] ? trace_preempt_on+0x20/0xc0 [ 29.148311] ? __pfx_kthread+0x10/0x10 [ 29.148334] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.148373] ? calculate_sigpending+0x7b/0xa0 [ 29.148408] ? __pfx_kthread+0x10/0x10 [ 29.148434] ret_from_fork+0x116/0x1d0 [ 29.148456] ? __pfx_kthread+0x10/0x10 [ 29.148480] ret_from_fork_asm+0x1a/0x30 [ 29.148517] </TASK> [ 29.148531] [ 29.155963] Allocated by task 314: [ 29.156167] kasan_save_stack+0x45/0x70 [ 29.156376] kasan_save_track+0x18/0x40 [ 29.156571] kasan_save_alloc_info+0x3b/0x50 [ 29.156780] __kasan_kmalloc+0xb7/0xc0 [ 29.156937] __kmalloc_cache_noprof+0x189/0x420 [ 29.157090] kasan_atomics+0x95/0x310 [ 29.157218] kunit_try_run_case+0x1a5/0x480 [ 29.157509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.157767] kthread+0x337/0x6f0 [ 29.157998] ret_from_fork+0x116/0x1d0 [ 29.158216] ret_from_fork_asm+0x1a/0x30 [ 29.158419] [ 29.158490] The buggy address belongs to the object at ffff88810625b900 [ 29.158490] which belongs to the cache kmalloc-64 of size 64 [ 29.158837] The buggy address is located 0 bytes to the right of [ 29.158837] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 29.159959] [ 29.160058] The buggy address belongs to the physical page: [ 29.160240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 29.160547] flags: 0x200000000000000(node=0|zone=2) [ 29.160789] page_type: f5(slab) [ 29.161047] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.161376] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.161677] page dumped because: kasan: bad access detected [ 29.161889] [ 29.161985] Memory state around the buggy address: [ 29.162250] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.162612] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.162971] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.163255] ^ [ 29.163460] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.163807] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.164159] ================================================================== [ 27.819897] ================================================================== [ 27.820596] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 27.820967] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.821317] [ 27.821443] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.821503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.821519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.821547] Call Trace: [ 27.821572] <TASK> [ 27.821596] dump_stack_lvl+0x73/0xb0 [ 27.821630] print_report+0xd1/0x650 [ 27.821657] ? __virt_addr_valid+0x1db/0x2d0 [ 27.821687] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.821715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.821745] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.821776] kasan_report+0x141/0x180 [ 27.821803] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.821837] __asan_report_store4_noabort+0x1b/0x30 [ 27.821864] kasan_atomics_helper+0x4b3a/0x5450 [ 27.821894] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.821925] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.821954] ? kasan_atomics+0x152/0x310 [ 27.822008] kasan_atomics+0x1dc/0x310 [ 27.822034] ? __pfx_kasan_atomics+0x10/0x10 [ 27.822061] ? __pfx_read_tsc+0x10/0x10 [ 27.822087] ? ktime_get_ts64+0x86/0x230 [ 27.822116] kunit_try_run_case+0x1a5/0x480 [ 27.822146] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.822173] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.822201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.822230] ? __kthread_parkme+0x82/0x180 [ 27.822255] ? preempt_count_sub+0x50/0x80 [ 27.822282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.822312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.822359] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.822388] kthread+0x337/0x6f0 [ 27.822423] ? trace_preempt_on+0x20/0xc0 [ 27.822453] ? __pfx_kthread+0x10/0x10 [ 27.822476] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.822503] ? calculate_sigpending+0x7b/0xa0 [ 27.822531] ? __pfx_kthread+0x10/0x10 [ 27.822555] ret_from_fork+0x116/0x1d0 [ 27.822578] ? __pfx_kthread+0x10/0x10 [ 27.822602] ret_from_fork_asm+0x1a/0x30 [ 27.822638] </TASK> [ 27.822652] [ 27.834775] Allocated by task 314: [ 27.835002] kasan_save_stack+0x45/0x70 [ 27.835312] kasan_save_track+0x18/0x40 [ 27.835641] kasan_save_alloc_info+0x3b/0x50 [ 27.835918] __kasan_kmalloc+0xb7/0xc0 [ 27.836327] __kmalloc_cache_noprof+0x189/0x420 [ 27.836574] kasan_atomics+0x95/0x310 [ 27.836820] kunit_try_run_case+0x1a5/0x480 [ 27.837080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.837515] kthread+0x337/0x6f0 [ 27.837731] ret_from_fork+0x116/0x1d0 [ 27.838448] ret_from_fork_asm+0x1a/0x30 [ 27.838665] [ 27.838773] The buggy address belongs to the object at ffff88810625b900 [ 27.838773] which belongs to the cache kmalloc-64 of size 64 [ 27.839623] The buggy address is located 0 bytes to the right of [ 27.839623] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.840424] [ 27.840557] The buggy address belongs to the physical page: [ 27.840827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.841444] flags: 0x200000000000000(node=0|zone=2) [ 27.841677] page_type: f5(slab) [ 27.841855] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.842354] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.842829] page dumped because: kasan: bad access detected [ 27.843115] [ 27.843366] Memory state around the buggy address: [ 27.843865] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.844377] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.844766] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.845322] ^ [ 27.845767] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.846154] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.846631] ================================================================== [ 28.575491] ================================================================== [ 28.576275] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 28.577007] Read of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.577697] [ 28.577924] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.577992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.578007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.578034] Call Trace: [ 28.578067] <TASK> [ 28.578091] dump_stack_lvl+0x73/0xb0 [ 28.578124] print_report+0xd1/0x650 [ 28.578162] ? __virt_addr_valid+0x1db/0x2d0 [ 28.578190] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.578218] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.578247] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.578278] kasan_report+0x141/0x180 [ 28.578303] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.578336] kasan_check_range+0x10c/0x1c0 [ 28.578362] __kasan_check_read+0x15/0x20 [ 28.578400] kasan_atomics_helper+0x13b5/0x5450 [ 28.578431] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.578460] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.578488] ? kasan_atomics+0x152/0x310 [ 28.578517] kasan_atomics+0x1dc/0x310 [ 28.578542] ? __pfx_kasan_atomics+0x10/0x10 [ 28.578569] ? __pfx_read_tsc+0x10/0x10 [ 28.578594] ? ktime_get_ts64+0x86/0x230 [ 28.578624] kunit_try_run_case+0x1a5/0x480 [ 28.578652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.578679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.578707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.578735] ? __kthread_parkme+0x82/0x180 [ 28.578760] ? preempt_count_sub+0x50/0x80 [ 28.578787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.578815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.578843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.578893] kthread+0x337/0x6f0 [ 28.578916] ? trace_preempt_on+0x20/0xc0 [ 28.578945] ? __pfx_kthread+0x10/0x10 [ 28.578969] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.578994] ? calculate_sigpending+0x7b/0xa0 [ 28.579022] ? __pfx_kthread+0x10/0x10 [ 28.579047] ret_from_fork+0x116/0x1d0 [ 28.579069] ? __pfx_kthread+0x10/0x10 [ 28.579092] ret_from_fork_asm+0x1a/0x30 [ 28.579128] </TASK> [ 28.579143] [ 28.591913] Allocated by task 314: [ 28.592309] kasan_save_stack+0x45/0x70 [ 28.592739] kasan_save_track+0x18/0x40 [ 28.593176] kasan_save_alloc_info+0x3b/0x50 [ 28.593682] __kasan_kmalloc+0xb7/0xc0 [ 28.594062] __kmalloc_cache_noprof+0x189/0x420 [ 28.594456] kasan_atomics+0x95/0x310 [ 28.594599] kunit_try_run_case+0x1a5/0x480 [ 28.594757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.595119] kthread+0x337/0x6f0 [ 28.595458] ret_from_fork+0x116/0x1d0 [ 28.595862] ret_from_fork_asm+0x1a/0x30 [ 28.596282] [ 28.596463] The buggy address belongs to the object at ffff88810625b900 [ 28.596463] which belongs to the cache kmalloc-64 of size 64 [ 28.597619] The buggy address is located 0 bytes to the right of [ 28.597619] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.598371] [ 28.598565] The buggy address belongs to the physical page: [ 28.599250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.599838] flags: 0x200000000000000(node=0|zone=2) [ 28.600348] page_type: f5(slab) [ 28.600696] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.600985] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.601595] page dumped because: kasan: bad access detected [ 28.601787] [ 28.601860] Memory state around the buggy address: [ 28.602361] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.603078] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.603873] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.604369] ^ [ 28.604570] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.604813] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.605680] ================================================================== [ 28.524873] ================================================================== [ 28.525300] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 28.525670] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.526026] [ 28.526135] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.526187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.526202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.526228] Call Trace: [ 28.526248] <TASK> [ 28.526267] dump_stack_lvl+0x73/0xb0 [ 28.526297] print_report+0xd1/0x650 [ 28.526322] ? __virt_addr_valid+0x1db/0x2d0 [ 28.526349] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.526376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.526416] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.526444] kasan_report+0x141/0x180 [ 28.526468] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.526501] kasan_check_range+0x10c/0x1c0 [ 28.526527] __kasan_check_write+0x18/0x20 [ 28.526552] kasan_atomics_helper+0x12e6/0x5450 [ 28.526580] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.526610] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.526638] ? kasan_atomics+0x152/0x310 [ 28.526667] kasan_atomics+0x1dc/0x310 [ 28.526691] ? __pfx_kasan_atomics+0x10/0x10 [ 28.526717] ? __pfx_read_tsc+0x10/0x10 [ 28.526742] ? ktime_get_ts64+0x86/0x230 [ 28.526770] kunit_try_run_case+0x1a5/0x480 [ 28.526798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.526824] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.526851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.526891] ? __kthread_parkme+0x82/0x180 [ 28.526915] ? preempt_count_sub+0x50/0x80 [ 28.526943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.526971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.527000] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.527028] kthread+0x337/0x6f0 [ 28.527051] ? trace_preempt_on+0x20/0xc0 [ 28.527078] ? __pfx_kthread+0x10/0x10 [ 28.527102] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.527128] ? calculate_sigpending+0x7b/0xa0 [ 28.527156] ? __pfx_kthread+0x10/0x10 [ 28.527180] ret_from_fork+0x116/0x1d0 [ 28.527203] ? __pfx_kthread+0x10/0x10 [ 28.527229] ret_from_fork_asm+0x1a/0x30 [ 28.527265] </TASK> [ 28.527280] [ 28.535252] Allocated by task 314: [ 28.535469] kasan_save_stack+0x45/0x70 [ 28.535674] kasan_save_track+0x18/0x40 [ 28.535817] kasan_save_alloc_info+0x3b/0x50 [ 28.536066] __kasan_kmalloc+0xb7/0xc0 [ 28.536282] __kmalloc_cache_noprof+0x189/0x420 [ 28.536479] kasan_atomics+0x95/0x310 [ 28.536619] kunit_try_run_case+0x1a5/0x480 [ 28.536774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.537245] kthread+0x337/0x6f0 [ 28.537439] ret_from_fork+0x116/0x1d0 [ 28.537641] ret_from_fork_asm+0x1a/0x30 [ 28.537850] [ 28.537985] The buggy address belongs to the object at ffff88810625b900 [ 28.537985] which belongs to the cache kmalloc-64 of size 64 [ 28.538364] The buggy address is located 0 bytes to the right of [ 28.538364] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.538765] [ 28.538840] The buggy address belongs to the physical page: [ 28.539108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.539491] flags: 0x200000000000000(node=0|zone=2) [ 28.539737] page_type: f5(slab) [ 28.539914] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.540233] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.540687] page dumped because: kasan: bad access detected [ 28.540942] [ 28.541013] Memory state around the buggy address: [ 28.541178] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.541423] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.541657] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.542159] ^ [ 28.542421] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.542767] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.543371] ================================================================== [ 28.744861] ================================================================== [ 28.745309] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 28.745652] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.746080] [ 28.746189] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.746245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.746272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.746299] Call Trace: [ 28.746322] <TASK> [ 28.746356] dump_stack_lvl+0x73/0xb0 [ 28.746387] print_report+0xd1/0x650 [ 28.746422] ? __virt_addr_valid+0x1db/0x2d0 [ 28.746452] ? kasan_atomics_helper+0x164f/0x5450 [ 28.746481] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.746512] ? kasan_atomics_helper+0x164f/0x5450 [ 28.746542] kasan_report+0x141/0x180 [ 28.746567] ? kasan_atomics_helper+0x164f/0x5450 [ 28.746601] kasan_check_range+0x10c/0x1c0 [ 28.746629] __kasan_check_write+0x18/0x20 [ 28.746656] kasan_atomics_helper+0x164f/0x5450 [ 28.746687] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.746717] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.746746] ? kasan_atomics+0x152/0x310 [ 28.746776] kasan_atomics+0x1dc/0x310 [ 28.746803] ? __pfx_kasan_atomics+0x10/0x10 [ 28.746831] ? __pfx_read_tsc+0x10/0x10 [ 28.746857] ? ktime_get_ts64+0x86/0x230 [ 28.746899] kunit_try_run_case+0x1a5/0x480 [ 28.746941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.746968] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.747010] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.747039] ? __kthread_parkme+0x82/0x180 [ 28.747065] ? preempt_count_sub+0x50/0x80 [ 28.747093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.747123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.747152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.747182] kthread+0x337/0x6f0 [ 28.747207] ? trace_preempt_on+0x20/0xc0 [ 28.747237] ? __pfx_kthread+0x10/0x10 [ 28.747262] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.747289] ? calculate_sigpending+0x7b/0xa0 [ 28.747318] ? __pfx_kthread+0x10/0x10 [ 28.747344] ret_from_fork+0x116/0x1d0 [ 28.747367] ? __pfx_kthread+0x10/0x10 [ 28.747415] ret_from_fork_asm+0x1a/0x30 [ 28.747452] </TASK> [ 28.747466] [ 28.755699] Allocated by task 314: [ 28.755912] kasan_save_stack+0x45/0x70 [ 28.756128] kasan_save_track+0x18/0x40 [ 28.756280] kasan_save_alloc_info+0x3b/0x50 [ 28.756501] __kasan_kmalloc+0xb7/0xc0 [ 28.756723] __kmalloc_cache_noprof+0x189/0x420 [ 28.756927] kasan_atomics+0x95/0x310 [ 28.757069] kunit_try_run_case+0x1a5/0x480 [ 28.757347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.757638] kthread+0x337/0x6f0 [ 28.757838] ret_from_fork+0x116/0x1d0 [ 28.758057] ret_from_fork_asm+0x1a/0x30 [ 28.758277] [ 28.758409] The buggy address belongs to the object at ffff88810625b900 [ 28.758409] which belongs to the cache kmalloc-64 of size 64 [ 28.758898] The buggy address is located 0 bytes to the right of [ 28.758898] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.759456] [ 28.759533] The buggy address belongs to the physical page: [ 28.759720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.760039] flags: 0x200000000000000(node=0|zone=2) [ 28.760338] page_type: f5(slab) [ 28.760545] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.760910] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.761256] page dumped because: kasan: bad access detected [ 28.762221] [ 28.762349] Memory state around the buggy address: [ 28.762604] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.763180] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.763528] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.763833] ^ [ 28.764455] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.764791] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.765518] ================================================================== [ 27.669880] ================================================================== [ 27.670338] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 27.670693] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.671192] [ 27.671579] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.671748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.671765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.671792] Call Trace: [ 27.671815] <TASK> [ 27.671875] dump_stack_lvl+0x73/0xb0 [ 27.671912] print_report+0xd1/0x650 [ 27.671939] ? __virt_addr_valid+0x1db/0x2d0 [ 27.671967] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.671996] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.672026] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.672055] kasan_report+0x141/0x180 [ 27.672080] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.672114] __asan_report_load4_noabort+0x18/0x20 [ 27.672142] kasan_atomics_helper+0x4b88/0x5450 [ 27.672173] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.672203] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.672237] ? kasan_atomics+0x152/0x310 [ 27.672267] kasan_atomics+0x1dc/0x310 [ 27.672294] ? __pfx_kasan_atomics+0x10/0x10 [ 27.672322] ? __pfx_read_tsc+0x10/0x10 [ 27.672348] ? ktime_get_ts64+0x86/0x230 [ 27.672377] kunit_try_run_case+0x1a5/0x480 [ 27.672419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.672447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.672476] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.672505] ? __kthread_parkme+0x82/0x180 [ 27.672530] ? preempt_count_sub+0x50/0x80 [ 27.672557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.672585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.672614] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.672644] kthread+0x337/0x6f0 [ 27.672667] ? trace_preempt_on+0x20/0xc0 [ 27.672696] ? __pfx_kthread+0x10/0x10 [ 27.672721] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.672747] ? calculate_sigpending+0x7b/0xa0 [ 27.672775] ? __pfx_kthread+0x10/0x10 [ 27.672801] ret_from_fork+0x116/0x1d0 [ 27.672823] ? __pfx_kthread+0x10/0x10 [ 27.672847] ret_from_fork_asm+0x1a/0x30 [ 27.672883] </TASK> [ 27.672897] [ 27.686707] Allocated by task 314: [ 27.687127] kasan_save_stack+0x45/0x70 [ 27.687756] kasan_save_track+0x18/0x40 [ 27.688287] kasan_save_alloc_info+0x3b/0x50 [ 27.688597] __kasan_kmalloc+0xb7/0xc0 [ 27.689105] __kmalloc_cache_noprof+0x189/0x420 [ 27.689444] kasan_atomics+0x95/0x310 [ 27.689647] kunit_try_run_case+0x1a5/0x480 [ 27.689853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.690101] kthread+0x337/0x6f0 [ 27.690666] ret_from_fork+0x116/0x1d0 [ 27.691038] ret_from_fork_asm+0x1a/0x30 [ 27.691546] [ 27.691659] The buggy address belongs to the object at ffff88810625b900 [ 27.691659] which belongs to the cache kmalloc-64 of size 64 [ 27.692512] The buggy address is located 0 bytes to the right of [ 27.692512] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.692973] [ 27.693083] The buggy address belongs to the physical page: [ 27.693339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.693710] flags: 0x200000000000000(node=0|zone=2) [ 27.694033] page_type: f5(slab) [ 27.694164] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.694538] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.694852] page dumped because: kasan: bad access detected [ 27.695781] [ 27.695872] Memory state around the buggy address: [ 27.696465] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.696913] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.697466] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.697895] ^ [ 27.698257] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.698775] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.699488] ================================================================== [ 28.656843] ================================================================== [ 28.657209] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 28.657587] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.658066] [ 28.658158] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.658211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.658227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.658254] Call Trace: [ 28.658273] <TASK> [ 28.658292] dump_stack_lvl+0x73/0xb0 [ 28.658321] print_report+0xd1/0x650 [ 28.658348] ? __virt_addr_valid+0x1db/0x2d0 [ 28.658375] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.658417] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.658447] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.658477] kasan_report+0x141/0x180 [ 28.658503] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.658538] __asan_report_store8_noabort+0x1b/0x30 [ 28.658567] kasan_atomics_helper+0x50d4/0x5450 [ 28.658597] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.658628] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.658656] ? kasan_atomics+0x152/0x310 [ 28.658686] kasan_atomics+0x1dc/0x310 [ 28.658713] ? __pfx_kasan_atomics+0x10/0x10 [ 28.658741] ? __pfx_read_tsc+0x10/0x10 [ 28.658767] ? ktime_get_ts64+0x86/0x230 [ 28.658796] kunit_try_run_case+0x1a5/0x480 [ 28.658825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.658853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.658882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.658911] ? __kthread_parkme+0x82/0x180 [ 28.658935] ? preempt_count_sub+0x50/0x80 [ 28.658963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.658994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.659023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.659053] kthread+0x337/0x6f0 [ 28.659076] ? trace_preempt_on+0x20/0xc0 [ 28.659105] ? __pfx_kthread+0x10/0x10 [ 28.659130] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.659157] ? calculate_sigpending+0x7b/0xa0 [ 28.659186] ? __pfx_kthread+0x10/0x10 [ 28.659212] ret_from_fork+0x116/0x1d0 [ 28.659236] ? __pfx_kthread+0x10/0x10 [ 28.659261] ret_from_fork_asm+0x1a/0x30 [ 28.659322] </TASK> [ 28.659336] [ 28.667498] Allocated by task 314: [ 28.667699] kasan_save_stack+0x45/0x70 [ 28.667943] kasan_save_track+0x18/0x40 [ 28.668153] kasan_save_alloc_info+0x3b/0x50 [ 28.668377] __kasan_kmalloc+0xb7/0xc0 [ 28.668568] __kmalloc_cache_noprof+0x189/0x420 [ 28.668739] kasan_atomics+0x95/0x310 [ 28.668882] kunit_try_run_case+0x1a5/0x480 [ 28.669359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.669635] kthread+0x337/0x6f0 [ 28.669777] ret_from_fork+0x116/0x1d0 [ 28.669923] ret_from_fork_asm+0x1a/0x30 [ 28.670076] [ 28.670152] The buggy address belongs to the object at ffff88810625b900 [ 28.670152] which belongs to the cache kmalloc-64 of size 64 [ 28.670726] The buggy address is located 0 bytes to the right of [ 28.670726] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.671638] [ 28.671749] The buggy address belongs to the physical page: [ 28.672053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.672327] flags: 0x200000000000000(node=0|zone=2) [ 28.672522] page_type: f5(slab) [ 28.672709] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.673234] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.673667] page dumped because: kasan: bad access detected [ 28.674244] [ 28.674352] Memory state around the buggy address: [ 28.674625] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.674871] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.675230] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.676655] ^ [ 28.677135] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.678127] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.678680] ================================================================== [ 28.367323] ================================================================== [ 28.368024] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 28.368575] Read of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.368934] [ 28.369040] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.369099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.369117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.369142] Call Trace: [ 28.369161] <TASK> [ 28.369185] dump_stack_lvl+0x73/0xb0 [ 28.369219] print_report+0xd1/0x650 [ 28.369246] ? __virt_addr_valid+0x1db/0x2d0 [ 28.369275] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.369306] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.369354] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.369385] kasan_report+0x141/0x180 [ 28.369491] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.369526] __asan_report_load4_noabort+0x18/0x20 [ 28.369556] kasan_atomics_helper+0x4a36/0x5450 [ 28.369587] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.369628] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.369658] ? kasan_atomics+0x152/0x310 [ 28.369700] kasan_atomics+0x1dc/0x310 [ 28.369726] ? __pfx_kasan_atomics+0x10/0x10 [ 28.369755] ? __pfx_read_tsc+0x10/0x10 [ 28.369782] ? ktime_get_ts64+0x86/0x230 [ 28.369813] kunit_try_run_case+0x1a5/0x480 [ 28.369844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.369872] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.369910] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.369939] ? __kthread_parkme+0x82/0x180 [ 28.369965] ? preempt_count_sub+0x50/0x80 [ 28.369994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.370024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.370054] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.370084] kthread+0x337/0x6f0 [ 28.370108] ? trace_preempt_on+0x20/0xc0 [ 28.370137] ? __pfx_kthread+0x10/0x10 [ 28.370162] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.370189] ? calculate_sigpending+0x7b/0xa0 [ 28.370220] ? __pfx_kthread+0x10/0x10 [ 28.370246] ret_from_fork+0x116/0x1d0 [ 28.370269] ? __pfx_kthread+0x10/0x10 [ 28.370295] ret_from_fork_asm+0x1a/0x30 [ 28.370332] </TASK> [ 28.370348] [ 28.385324] Allocated by task 314: [ 28.385696] kasan_save_stack+0x45/0x70 [ 28.386148] kasan_save_track+0x18/0x40 [ 28.386582] kasan_save_alloc_info+0x3b/0x50 [ 28.387026] __kasan_kmalloc+0xb7/0xc0 [ 28.387217] __kmalloc_cache_noprof+0x189/0x420 [ 28.387404] kasan_atomics+0x95/0x310 [ 28.387553] kunit_try_run_case+0x1a5/0x480 [ 28.387719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.387925] kthread+0x337/0x6f0 [ 28.388061] ret_from_fork+0x116/0x1d0 [ 28.388323] ret_from_fork_asm+0x1a/0x30 [ 28.388560] [ 28.388665] The buggy address belongs to the object at ffff88810625b900 [ 28.388665] which belongs to the cache kmalloc-64 of size 64 [ 28.389314] The buggy address is located 0 bytes to the right of [ 28.389314] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.389878] [ 28.389961] The buggy address belongs to the physical page: [ 28.390206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.390677] flags: 0x200000000000000(node=0|zone=2) [ 28.390919] page_type: f5(slab) [ 28.391095] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.391387] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.391782] page dumped because: kasan: bad access detected [ 28.392071] [ 28.392177] Memory state around the buggy address: [ 28.392408] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.392711] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.392962] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.393499] ^ [ 28.393750] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394042] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394337] ================================================================== [ 28.837936] ================================================================== [ 28.838349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 28.838787] Write of size 8 at addr ffff88810625b930 by task kunit_try_catch/314 [ 28.839287] [ 28.839411] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 28.839472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.839489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.839518] Call Trace: [ 28.839542] <TASK> [ 28.839567] dump_stack_lvl+0x73/0xb0 [ 28.839628] print_report+0xd1/0x650 [ 28.839669] ? __virt_addr_valid+0x1db/0x2d0 [ 28.839701] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.839785] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.839817] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.839849] kasan_report+0x141/0x180 [ 28.839877] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.839913] kasan_check_range+0x10c/0x1c0 [ 28.839941] __kasan_check_write+0x18/0x20 [ 28.839969] kasan_atomics_helper+0x18b1/0x5450 [ 28.840001] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.840032] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.840062] ? kasan_atomics+0x152/0x310 [ 28.840094] kasan_atomics+0x1dc/0x310 [ 28.840120] ? __pfx_kasan_atomics+0x10/0x10 [ 28.840150] ? __pfx_read_tsc+0x10/0x10 [ 28.840177] ? ktime_get_ts64+0x86/0x230 [ 28.840208] kunit_try_run_case+0x1a5/0x480 [ 28.840246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.840275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.840305] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.840335] ? __kthread_parkme+0x82/0x180 [ 28.840360] ? preempt_count_sub+0x50/0x80 [ 28.840398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.840429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.840460] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.840491] kthread+0x337/0x6f0 [ 28.840516] ? trace_preempt_on+0x20/0xc0 [ 28.840546] ? __pfx_kthread+0x10/0x10 [ 28.840573] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.840602] ? calculate_sigpending+0x7b/0xa0 [ 28.840632] ? __pfx_kthread+0x10/0x10 [ 28.840658] ret_from_fork+0x116/0x1d0 [ 28.840682] ? __pfx_kthread+0x10/0x10 [ 28.840707] ret_from_fork_asm+0x1a/0x30 [ 28.840790] </TASK> [ 28.840807] [ 28.850654] Allocated by task 314: [ 28.850895] kasan_save_stack+0x45/0x70 [ 28.851115] kasan_save_track+0x18/0x40 [ 28.851365] kasan_save_alloc_info+0x3b/0x50 [ 28.851542] __kasan_kmalloc+0xb7/0xc0 [ 28.851790] __kmalloc_cache_noprof+0x189/0x420 [ 28.852187] kasan_atomics+0x95/0x310 [ 28.852421] kunit_try_run_case+0x1a5/0x480 [ 28.852677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.852917] kthread+0x337/0x6f0 [ 28.853102] ret_from_fork+0x116/0x1d0 [ 28.853440] ret_from_fork_asm+0x1a/0x30 [ 28.853701] [ 28.853793] The buggy address belongs to the object at ffff88810625b900 [ 28.853793] which belongs to the cache kmalloc-64 of size 64 [ 28.854498] The buggy address is located 0 bytes to the right of [ 28.854498] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 28.855155] [ 28.855268] The buggy address belongs to the physical page: [ 28.855572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 28.855985] flags: 0x200000000000000(node=0|zone=2) [ 28.856321] page_type: f5(slab) [ 28.856469] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.856728] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.856978] page dumped because: kasan: bad access detected [ 28.857522] [ 28.857628] Memory state around the buggy address: [ 28.857875] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.858201] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.858479] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.858829] ^ [ 28.859180] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.859624] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.859859] ================================================================== [ 27.873631] ================================================================== [ 27.873949] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 27.874487] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.874800] [ 27.874978] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.875038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.875054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.875081] Call Trace: [ 27.875105] <TASK> [ 27.875129] dump_stack_lvl+0x73/0xb0 [ 27.875366] print_report+0xd1/0x650 [ 27.875423] ? __virt_addr_valid+0x1db/0x2d0 [ 27.875465] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.875495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.875538] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.875567] kasan_report+0x141/0x180 [ 27.875593] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.875627] kasan_check_range+0x10c/0x1c0 [ 27.875654] __kasan_check_write+0x18/0x20 [ 27.875681] kasan_atomics_helper+0x5fe/0x5450 [ 27.875711] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.875741] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.875771] ? kasan_atomics+0x152/0x310 [ 27.875800] kasan_atomics+0x1dc/0x310 [ 27.875825] ? __pfx_kasan_atomics+0x10/0x10 [ 27.875864] ? __pfx_read_tsc+0x10/0x10 [ 27.875902] ? ktime_get_ts64+0x86/0x230 [ 27.875937] kunit_try_run_case+0x1a5/0x480 [ 27.875968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.875996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.876025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.876053] ? __kthread_parkme+0x82/0x180 [ 27.876078] ? preempt_count_sub+0x50/0x80 [ 27.876107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.876136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.876234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.876266] kthread+0x337/0x6f0 [ 27.876290] ? trace_preempt_on+0x20/0xc0 [ 27.876319] ? __pfx_kthread+0x10/0x10 [ 27.876344] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.876371] ? calculate_sigpending+0x7b/0xa0 [ 27.876412] ? __pfx_kthread+0x10/0x10 [ 27.876438] ret_from_fork+0x116/0x1d0 [ 27.876462] ? __pfx_kthread+0x10/0x10 [ 27.876486] ret_from_fork_asm+0x1a/0x30 [ 27.876523] </TASK> [ 27.876538] [ 27.886072] Allocated by task 314: [ 27.886228] kasan_save_stack+0x45/0x70 [ 27.886534] kasan_save_track+0x18/0x40 [ 27.886814] kasan_save_alloc_info+0x3b/0x50 [ 27.887223] __kasan_kmalloc+0xb7/0xc0 [ 27.887614] __kmalloc_cache_noprof+0x189/0x420 [ 27.887905] kasan_atomics+0x95/0x310 [ 27.888100] kunit_try_run_case+0x1a5/0x480 [ 27.888409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.888648] kthread+0x337/0x6f0 [ 27.888851] ret_from_fork+0x116/0x1d0 [ 27.889023] ret_from_fork_asm+0x1a/0x30 [ 27.889171] [ 27.889245] The buggy address belongs to the object at ffff88810625b900 [ 27.889245] which belongs to the cache kmalloc-64 of size 64 [ 27.889698] The buggy address is located 0 bytes to the right of [ 27.889698] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.890470] [ 27.890621] The buggy address belongs to the physical page: [ 27.890807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.891646] flags: 0x200000000000000(node=0|zone=2) [ 27.892019] page_type: f5(slab) [ 27.892156] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.892648] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.892998] page dumped because: kasan: bad access detected [ 27.893180] [ 27.893252] Memory state around the buggy address: [ 27.893642] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.894016] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.894475] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.894727] ^ [ 27.895044] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.895612] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.895923] ================================================================== [ 27.793903] ================================================================== [ 27.794523] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 27.794896] Write of size 4 at addr ffff88810625b930 by task kunit_try_catch/314 [ 27.795531] [ 27.795696] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.795930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.795951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.795978] Call Trace: [ 27.796057] <TASK> [ 27.796081] dump_stack_lvl+0x73/0xb0 [ 27.796114] print_report+0xd1/0x650 [ 27.796140] ? __virt_addr_valid+0x1db/0x2d0 [ 27.796167] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.796197] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.796232] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.796261] kasan_report+0x141/0x180 [ 27.796286] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.796319] kasan_check_range+0x10c/0x1c0 [ 27.796346] __kasan_check_write+0x18/0x20 [ 27.796373] kasan_atomics_helper+0x4a0/0x5450 [ 27.796415] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.796443] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.796471] ? kasan_atomics+0x152/0x310 [ 27.796500] kasan_atomics+0x1dc/0x310 [ 27.796525] ? __pfx_kasan_atomics+0x10/0x10 [ 27.796552] ? __pfx_read_tsc+0x10/0x10 [ 27.796577] ? ktime_get_ts64+0x86/0x230 [ 27.796606] kunit_try_run_case+0x1a5/0x480 [ 27.796636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.796662] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.796690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.796718] ? __kthread_parkme+0x82/0x180 [ 27.796742] ? preempt_count_sub+0x50/0x80 [ 27.796768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.796796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.796824] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.796852] kthread+0x337/0x6f0 [ 27.796874] ? trace_preempt_on+0x20/0xc0 [ 27.796902] ? __pfx_kthread+0x10/0x10 [ 27.796925] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.796951] ? calculate_sigpending+0x7b/0xa0 [ 27.796981] ? __pfx_kthread+0x10/0x10 [ 27.797005] ret_from_fork+0x116/0x1d0 [ 27.797027] ? __pfx_kthread+0x10/0x10 [ 27.797063] ret_from_fork_asm+0x1a/0x30 [ 27.797100] </TASK> [ 27.797114] [ 27.807686] Allocated by task 314: [ 27.807889] kasan_save_stack+0x45/0x70 [ 27.808088] kasan_save_track+0x18/0x40 [ 27.808764] kasan_save_alloc_info+0x3b/0x50 [ 27.809043] __kasan_kmalloc+0xb7/0xc0 [ 27.809231] __kmalloc_cache_noprof+0x189/0x420 [ 27.809576] kasan_atomics+0x95/0x310 [ 27.809851] kunit_try_run_case+0x1a5/0x480 [ 27.810301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.810564] kthread+0x337/0x6f0 [ 27.810890] ret_from_fork+0x116/0x1d0 [ 27.811112] ret_from_fork_asm+0x1a/0x30 [ 27.811477] [ 27.811585] The buggy address belongs to the object at ffff88810625b900 [ 27.811585] which belongs to the cache kmalloc-64 of size 64 [ 27.812301] The buggy address is located 0 bytes to the right of [ 27.812301] allocated 48-byte region [ffff88810625b900, ffff88810625b930) [ 27.812795] [ 27.812899] The buggy address belongs to the physical page: [ 27.813148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 27.813820] flags: 0x200000000000000(node=0|zone=2) [ 27.814154] page_type: f5(slab) [ 27.814345] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.814862] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.815277] page dumped because: kasan: bad access detected [ 27.815675] [ 27.815762] Memory state around the buggy address: [ 27.816075] ffff88810625b800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.816532] ffff88810625b880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.816962] >ffff88810625b900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.817273] ^ [ 27.817717] ffff88810625b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.818289] ffff88810625ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.818615] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 27.405659] ================================================================== [ 27.406031] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.406873] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.407564] [ 27.407862] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.407931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.407944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.407968] Call Trace: [ 27.407989] <TASK> [ 27.408010] dump_stack_lvl+0x73/0xb0 [ 27.408041] print_report+0xd1/0x650 [ 27.408064] ? __virt_addr_valid+0x1db/0x2d0 [ 27.408087] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.408114] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.408139] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.408167] kasan_report+0x141/0x180 [ 27.408189] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.408220] kasan_check_range+0x10c/0x1c0 [ 27.408253] __kasan_check_write+0x18/0x20 [ 27.408276] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.408304] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.408331] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.408356] ? kasan_bitops_generic+0x92/0x1c0 [ 27.408383] kasan_bitops_generic+0x121/0x1c0 [ 27.408420] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.408444] ? __pfx_read_tsc+0x10/0x10 [ 27.408466] ? ktime_get_ts64+0x86/0x230 [ 27.408492] kunit_try_run_case+0x1a5/0x480 [ 27.408518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.408542] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.408567] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.408592] ? __kthread_parkme+0x82/0x180 [ 27.408613] ? preempt_count_sub+0x50/0x80 [ 27.408637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.408662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.408687] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.408712] kthread+0x337/0x6f0 [ 27.408733] ? trace_preempt_on+0x20/0xc0 [ 27.408757] ? __pfx_kthread+0x10/0x10 [ 27.408779] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.408801] ? calculate_sigpending+0x7b/0xa0 [ 27.408825] ? __pfx_kthread+0x10/0x10 [ 27.408847] ret_from_fork+0x116/0x1d0 [ 27.408867] ? __pfx_kthread+0x10/0x10 [ 27.408902] ret_from_fork_asm+0x1a/0x30 [ 27.408936] </TASK> [ 27.408948] [ 27.421018] Allocated by task 310: [ 27.421386] kasan_save_stack+0x45/0x70 [ 27.421607] kasan_save_track+0x18/0x40 [ 27.421765] kasan_save_alloc_info+0x3b/0x50 [ 27.422262] __kasan_kmalloc+0xb7/0xc0 [ 27.422466] __kmalloc_cache_noprof+0x189/0x420 [ 27.422801] kasan_bitops_generic+0x92/0x1c0 [ 27.423060] kunit_try_run_case+0x1a5/0x480 [ 27.423553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.423805] kthread+0x337/0x6f0 [ 27.423947] ret_from_fork+0x116/0x1d0 [ 27.424143] ret_from_fork_asm+0x1a/0x30 [ 27.424366] [ 27.424476] The buggy address belongs to the object at ffff88810527f2e0 [ 27.424476] which belongs to the cache kmalloc-16 of size 16 [ 27.424930] The buggy address is located 8 bytes inside of [ 27.424930] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.425452] [ 27.425554] The buggy address belongs to the physical page: [ 27.425806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.426079] flags: 0x200000000000000(node=0|zone=2) [ 27.426438] page_type: f5(slab) [ 27.426589] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.426871] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.427274] page dumped because: kasan: bad access detected [ 27.427509] [ 27.427604] Memory state around the buggy address: [ 27.427789] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.428105] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.428375] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.428675] ^ [ 27.428989] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.429206] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.429517] ================================================================== [ 27.430001] ================================================================== [ 27.430522] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.430999] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.431351] [ 27.431471] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.431522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.431535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.431558] Call Trace: [ 27.431577] <TASK> [ 27.431597] dump_stack_lvl+0x73/0xb0 [ 27.431625] print_report+0xd1/0x650 [ 27.431648] ? __virt_addr_valid+0x1db/0x2d0 [ 27.431674] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.431700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.431726] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.431754] kasan_report+0x141/0x180 [ 27.431777] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.431809] kasan_check_range+0x10c/0x1c0 [ 27.431833] __kasan_check_write+0x18/0x20 [ 27.431856] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.432230] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.432275] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.432301] ? kasan_bitops_generic+0x92/0x1c0 [ 27.432329] kasan_bitops_generic+0x121/0x1c0 [ 27.432354] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.432380] ? __pfx_read_tsc+0x10/0x10 [ 27.432416] ? ktime_get_ts64+0x86/0x230 [ 27.432442] kunit_try_run_case+0x1a5/0x480 [ 27.432468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.432546] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.432576] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.432602] ? __kthread_parkme+0x82/0x180 [ 27.432625] ? preempt_count_sub+0x50/0x80 [ 27.432650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.432676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.432701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.432727] kthread+0x337/0x6f0 [ 27.432747] ? trace_preempt_on+0x20/0xc0 [ 27.432773] ? __pfx_kthread+0x10/0x10 [ 27.432796] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.432819] ? calculate_sigpending+0x7b/0xa0 [ 27.432845] ? __pfx_kthread+0x10/0x10 [ 27.432867] ret_from_fork+0x116/0x1d0 [ 27.432887] ? __pfx_kthread+0x10/0x10 [ 27.432908] ret_from_fork_asm+0x1a/0x30 [ 27.432941] </TASK> [ 27.432954] [ 27.441702] Allocated by task 310: [ 27.441922] kasan_save_stack+0x45/0x70 [ 27.442095] kasan_save_track+0x18/0x40 [ 27.442428] kasan_save_alloc_info+0x3b/0x50 [ 27.442606] __kasan_kmalloc+0xb7/0xc0 [ 27.442748] __kmalloc_cache_noprof+0x189/0x420 [ 27.442904] kasan_bitops_generic+0x92/0x1c0 [ 27.443081] kunit_try_run_case+0x1a5/0x480 [ 27.443297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.443565] kthread+0x337/0x6f0 [ 27.443754] ret_from_fork+0x116/0x1d0 [ 27.443897] ret_from_fork_asm+0x1a/0x30 [ 27.444210] [ 27.444316] The buggy address belongs to the object at ffff88810527f2e0 [ 27.444316] which belongs to the cache kmalloc-16 of size 16 [ 27.444770] The buggy address is located 8 bytes inside of [ 27.444770] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.445360] [ 27.445493] The buggy address belongs to the physical page: [ 27.445768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.446284] flags: 0x200000000000000(node=0|zone=2) [ 27.446549] page_type: f5(slab) [ 27.446732] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.447058] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.447382] page dumped because: kasan: bad access detected [ 27.447741] [ 27.447828] Memory state around the buggy address: [ 27.448048] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.448287] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.448578] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.448910] ^ [ 27.449442] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.449771] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.450310] ================================================================== [ 27.577113] ================================================================== [ 27.577832] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.578360] Read of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.578937] [ 27.579038] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.579097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.579112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.579138] Call Trace: [ 27.579162] <TASK> [ 27.579184] dump_stack_lvl+0x73/0xb0 [ 27.579217] print_report+0xd1/0x650 [ 27.579241] ? __virt_addr_valid+0x1db/0x2d0 [ 27.579267] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.579296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.579324] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.579353] kasan_report+0x141/0x180 [ 27.579376] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.579421] __asan_report_load8_noabort+0x18/0x20 [ 27.579448] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.579477] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.579507] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.579533] ? kasan_bitops_generic+0x92/0x1c0 [ 27.579562] kasan_bitops_generic+0x121/0x1c0 [ 27.579587] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.579614] ? __pfx_read_tsc+0x10/0x10 [ 27.579639] ? ktime_get_ts64+0x86/0x230 [ 27.579667] kunit_try_run_case+0x1a5/0x480 [ 27.579696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.579722] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.579749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.579777] ? __kthread_parkme+0x82/0x180 [ 27.579800] ? preempt_count_sub+0x50/0x80 [ 27.579826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.579854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.579897] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.579925] kthread+0x337/0x6f0 [ 27.579947] ? trace_preempt_on+0x20/0xc0 [ 27.579973] ? __pfx_kthread+0x10/0x10 [ 27.579996] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.580021] ? calculate_sigpending+0x7b/0xa0 [ 27.580047] ? __pfx_kthread+0x10/0x10 [ 27.580071] ret_from_fork+0x116/0x1d0 [ 27.580092] ? __pfx_kthread+0x10/0x10 [ 27.580115] ret_from_fork_asm+0x1a/0x30 [ 27.580159] </TASK> [ 27.580173] [ 27.588900] Allocated by task 310: [ 27.589049] kasan_save_stack+0x45/0x70 [ 27.589206] kasan_save_track+0x18/0x40 [ 27.589423] kasan_save_alloc_info+0x3b/0x50 [ 27.589645] __kasan_kmalloc+0xb7/0xc0 [ 27.589877] __kmalloc_cache_noprof+0x189/0x420 [ 27.590177] kasan_bitops_generic+0x92/0x1c0 [ 27.590380] kunit_try_run_case+0x1a5/0x480 [ 27.590549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.590737] kthread+0x337/0x6f0 [ 27.590865] ret_from_fork+0x116/0x1d0 [ 27.591152] ret_from_fork_asm+0x1a/0x30 [ 27.591496] [ 27.591600] The buggy address belongs to the object at ffff88810527f2e0 [ 27.591600] which belongs to the cache kmalloc-16 of size 16 [ 27.592213] The buggy address is located 8 bytes inside of [ 27.592213] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.592699] [ 27.592777] The buggy address belongs to the physical page: [ 27.592965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.593226] flags: 0x200000000000000(node=0|zone=2) [ 27.593414] page_type: f5(slab) [ 27.593600] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.594144] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.594582] page dumped because: kasan: bad access detected [ 27.594918] [ 27.595035] Memory state around the buggy address: [ 27.595254] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.595731] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.596052] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.596494] ^ [ 27.596797] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.597099] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.597329] ================================================================== [ 27.450855] ================================================================== [ 27.451441] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.451775] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.452036] [ 27.452156] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.452210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.452233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.452258] Call Trace: [ 27.452277] <TASK> [ 27.452295] dump_stack_lvl+0x73/0xb0 [ 27.452324] print_report+0xd1/0x650 [ 27.452348] ? __virt_addr_valid+0x1db/0x2d0 [ 27.452374] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.452413] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.452441] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.452470] kasan_report+0x141/0x180 [ 27.452494] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.452527] kasan_check_range+0x10c/0x1c0 [ 27.452611] __kasan_check_write+0x18/0x20 [ 27.452636] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.452665] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.452695] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.452722] ? kasan_bitops_generic+0x92/0x1c0 [ 27.452753] kasan_bitops_generic+0x121/0x1c0 [ 27.452777] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.452804] ? __pfx_read_tsc+0x10/0x10 [ 27.452827] ? ktime_get_ts64+0x86/0x230 [ 27.452855] kunit_try_run_case+0x1a5/0x480 [ 27.452881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.452908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.452935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.452963] ? __kthread_parkme+0x82/0x180 [ 27.452987] ? preempt_count_sub+0x50/0x80 [ 27.453013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.453041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.453068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.453094] kthread+0x337/0x6f0 [ 27.453134] ? trace_preempt_on+0x20/0xc0 [ 27.453328] ? __pfx_kthread+0x10/0x10 [ 27.453362] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.453388] ? calculate_sigpending+0x7b/0xa0 [ 27.453429] ? __pfx_kthread+0x10/0x10 [ 27.453453] ret_from_fork+0x116/0x1d0 [ 27.453475] ? __pfx_kthread+0x10/0x10 [ 27.453498] ret_from_fork_asm+0x1a/0x30 [ 27.453531] </TASK> [ 27.453544] [ 27.462518] Allocated by task 310: [ 27.462890] kasan_save_stack+0x45/0x70 [ 27.463341] kasan_save_track+0x18/0x40 [ 27.463508] kasan_save_alloc_info+0x3b/0x50 [ 27.463667] __kasan_kmalloc+0xb7/0xc0 [ 27.463811] __kmalloc_cache_noprof+0x189/0x420 [ 27.464329] kasan_bitops_generic+0x92/0x1c0 [ 27.464582] kunit_try_run_case+0x1a5/0x480 [ 27.464806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.465244] kthread+0x337/0x6f0 [ 27.465434] ret_from_fork+0x116/0x1d0 [ 27.465614] ret_from_fork_asm+0x1a/0x30 [ 27.465795] [ 27.465868] The buggy address belongs to the object at ffff88810527f2e0 [ 27.465868] which belongs to the cache kmalloc-16 of size 16 [ 27.466611] The buggy address is located 8 bytes inside of [ 27.466611] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.467129] [ 27.467252] The buggy address belongs to the physical page: [ 27.467523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.467877] flags: 0x200000000000000(node=0|zone=2) [ 27.468204] page_type: f5(slab) [ 27.468371] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.468710] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.468968] page dumped because: kasan: bad access detected [ 27.469148] [ 27.469218] Memory state around the buggy address: [ 27.469382] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.469688] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.470490] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.470854] ^ [ 27.471249] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.471568] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.471845] ================================================================== [ 27.472599] ================================================================== [ 27.472944] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.473385] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.473651] [ 27.473751] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.473804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.473817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.473843] Call Trace: [ 27.473863] <TASK> [ 27.473892] dump_stack_lvl+0x73/0xb0 [ 27.473923] print_report+0xd1/0x650 [ 27.473948] ? __virt_addr_valid+0x1db/0x2d0 [ 27.473977] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.474007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.474036] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.474066] kasan_report+0x141/0x180 [ 27.474093] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.474128] kasan_check_range+0x10c/0x1c0 [ 27.474164] __kasan_check_write+0x18/0x20 [ 27.474190] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.474221] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.474251] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.474279] ? kasan_bitops_generic+0x92/0x1c0 [ 27.474308] kasan_bitops_generic+0x121/0x1c0 [ 27.474334] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.474361] ? __pfx_read_tsc+0x10/0x10 [ 27.474384] ? ktime_get_ts64+0x86/0x230 [ 27.474427] kunit_try_run_case+0x1a5/0x480 [ 27.474455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.474481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.474507] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.474535] ? __kthread_parkme+0x82/0x180 [ 27.474557] ? preempt_count_sub+0x50/0x80 [ 27.474584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.474611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.474637] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.474664] kthread+0x337/0x6f0 [ 27.474685] ? trace_preempt_on+0x20/0xc0 [ 27.474711] ? __pfx_kthread+0x10/0x10 [ 27.474735] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.474760] ? calculate_sigpending+0x7b/0xa0 [ 27.474789] ? __pfx_kthread+0x10/0x10 [ 27.474812] ret_from_fork+0x116/0x1d0 [ 27.474834] ? __pfx_kthread+0x10/0x10 [ 27.474857] ret_from_fork_asm+0x1a/0x30 [ 27.474891] </TASK> [ 27.474904] [ 27.484238] Allocated by task 310: [ 27.484447] kasan_save_stack+0x45/0x70 [ 27.484668] kasan_save_track+0x18/0x40 [ 27.484874] kasan_save_alloc_info+0x3b/0x50 [ 27.485458] __kasan_kmalloc+0xb7/0xc0 [ 27.485612] __kmalloc_cache_noprof+0x189/0x420 [ 27.485777] kasan_bitops_generic+0x92/0x1c0 [ 27.485933] kunit_try_run_case+0x1a5/0x480 [ 27.486367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.486668] kthread+0x337/0x6f0 [ 27.486855] ret_from_fork+0x116/0x1d0 [ 27.487064] ret_from_fork_asm+0x1a/0x30 [ 27.487277] [ 27.487371] The buggy address belongs to the object at ffff88810527f2e0 [ 27.487371] which belongs to the cache kmalloc-16 of size 16 [ 27.487977] The buggy address is located 8 bytes inside of [ 27.487977] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.488679] [ 27.488768] The buggy address belongs to the physical page: [ 27.489128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.489630] flags: 0x200000000000000(node=0|zone=2) [ 27.489915] page_type: f5(slab) [ 27.490052] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.490525] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.490858] page dumped because: kasan: bad access detected [ 27.491117] [ 27.491223] Memory state around the buggy address: [ 27.491460] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.491727] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.492004] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.492419] ^ [ 27.492635] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.493344] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.493685] ================================================================== [ 27.494143] ================================================================== [ 27.494542] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.495106] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.495430] [ 27.495532] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.495591] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.495605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.495630] Call Trace: [ 27.495654] <TASK> [ 27.495678] dump_stack_lvl+0x73/0xb0 [ 27.495711] print_report+0xd1/0x650 [ 27.495738] ? __virt_addr_valid+0x1db/0x2d0 [ 27.495765] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.495794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.495823] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.495853] kasan_report+0x141/0x180 [ 27.495876] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.495910] kasan_check_range+0x10c/0x1c0 [ 27.495936] __kasan_check_write+0x18/0x20 [ 27.495961] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.495991] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.496020] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.496048] ? kasan_bitops_generic+0x92/0x1c0 [ 27.496077] kasan_bitops_generic+0x121/0x1c0 [ 27.496102] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.496128] ? __pfx_read_tsc+0x10/0x10 [ 27.496153] ? ktime_get_ts64+0x86/0x230 [ 27.496180] kunit_try_run_case+0x1a5/0x480 [ 27.496209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.496244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.496272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.496300] ? __kthread_parkme+0x82/0x180 [ 27.496323] ? preempt_count_sub+0x50/0x80 [ 27.496349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.496376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.496414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.496441] kthread+0x337/0x6f0 [ 27.496463] ? trace_preempt_on+0x20/0xc0 [ 27.496488] ? __pfx_kthread+0x10/0x10 [ 27.496512] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.496538] ? calculate_sigpending+0x7b/0xa0 [ 27.496565] ? __pfx_kthread+0x10/0x10 [ 27.496590] ret_from_fork+0x116/0x1d0 [ 27.496612] ? __pfx_kthread+0x10/0x10 [ 27.496636] ret_from_fork_asm+0x1a/0x30 [ 27.496672] </TASK> [ 27.496686] [ 27.506569] Allocated by task 310: [ 27.506768] kasan_save_stack+0x45/0x70 [ 27.506996] kasan_save_track+0x18/0x40 [ 27.507290] kasan_save_alloc_info+0x3b/0x50 [ 27.507532] __kasan_kmalloc+0xb7/0xc0 [ 27.507715] __kmalloc_cache_noprof+0x189/0x420 [ 27.507879] kasan_bitops_generic+0x92/0x1c0 [ 27.508033] kunit_try_run_case+0x1a5/0x480 [ 27.508212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.508622] kthread+0x337/0x6f0 [ 27.508811] ret_from_fork+0x116/0x1d0 [ 27.508979] ret_from_fork_asm+0x1a/0x30 [ 27.509128] [ 27.509201] The buggy address belongs to the object at ffff88810527f2e0 [ 27.509201] which belongs to the cache kmalloc-16 of size 16 [ 27.510377] The buggy address is located 8 bytes inside of [ 27.510377] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.510841] [ 27.510921] The buggy address belongs to the physical page: [ 27.511109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.511432] flags: 0x200000000000000(node=0|zone=2) [ 27.511768] page_type: f5(slab) [ 27.512029] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.512701] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.513299] page dumped because: kasan: bad access detected [ 27.513502] [ 27.513577] Memory state around the buggy address: [ 27.513747] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.513983] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.514308] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.515207] ^ [ 27.515587] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.515907] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.516149] ================================================================== [ 27.542204] ================================================================== [ 27.543027] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.543713] Read of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.544438] [ 27.544692] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.544756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.544771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.544805] Call Trace: [ 27.544828] <TASK> [ 27.544850] dump_stack_lvl+0x73/0xb0 [ 27.544884] print_report+0xd1/0x650 [ 27.544908] ? __virt_addr_valid+0x1db/0x2d0 [ 27.544935] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.544964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.544993] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.545023] kasan_report+0x141/0x180 [ 27.545047] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.545083] kasan_check_range+0x10c/0x1c0 [ 27.545109] __kasan_check_read+0x15/0x20 [ 27.545133] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.545278] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.545311] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.545339] ? kasan_bitops_generic+0x92/0x1c0 [ 27.545368] kasan_bitops_generic+0x121/0x1c0 [ 27.545444] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.545473] ? __pfx_read_tsc+0x10/0x10 [ 27.545498] ? ktime_get_ts64+0x86/0x230 [ 27.545526] kunit_try_run_case+0x1a5/0x480 [ 27.545554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.545579] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.545607] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.545634] ? __kthread_parkme+0x82/0x180 [ 27.545656] ? preempt_count_sub+0x50/0x80 [ 27.545683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.545711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.545739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.545766] kthread+0x337/0x6f0 [ 27.545788] ? trace_preempt_on+0x20/0xc0 [ 27.545815] ? __pfx_kthread+0x10/0x10 [ 27.545838] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.545864] ? calculate_sigpending+0x7b/0xa0 [ 27.545890] ? __pfx_kthread+0x10/0x10 [ 27.545915] ret_from_fork+0x116/0x1d0 [ 27.545936] ? __pfx_kthread+0x10/0x10 [ 27.545960] ret_from_fork_asm+0x1a/0x30 [ 27.545995] </TASK> [ 27.546009] [ 27.560537] Allocated by task 310: [ 27.560749] kasan_save_stack+0x45/0x70 [ 27.561426] kasan_save_track+0x18/0x40 [ 27.561689] kasan_save_alloc_info+0x3b/0x50 [ 27.562006] __kasan_kmalloc+0xb7/0xc0 [ 27.562673] __kmalloc_cache_noprof+0x189/0x420 [ 27.563091] kasan_bitops_generic+0x92/0x1c0 [ 27.563537] kunit_try_run_case+0x1a5/0x480 [ 27.563911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.564365] kthread+0x337/0x6f0 [ 27.564563] ret_from_fork+0x116/0x1d0 [ 27.564754] ret_from_fork_asm+0x1a/0x30 [ 27.565316] [ 27.565490] The buggy address belongs to the object at ffff88810527f2e0 [ 27.565490] which belongs to the cache kmalloc-16 of size 16 [ 27.566636] The buggy address is located 8 bytes inside of [ 27.566636] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.567870] [ 27.568091] The buggy address belongs to the physical page: [ 27.568696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.569512] flags: 0x200000000000000(node=0|zone=2) [ 27.569781] page_type: f5(slab) [ 27.570403] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.570754] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.571478] page dumped because: kasan: bad access detected [ 27.572144] [ 27.572241] Memory state around the buggy address: [ 27.572830] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.573414] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.574010] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.574589] ^ [ 27.575095] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.575610] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.576183] ================================================================== [ 27.516764] ================================================================== [ 27.517134] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.517592] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.517966] [ 27.518070] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.518128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.518142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.518168] Call Trace: [ 27.518191] <TASK> [ 27.518215] dump_stack_lvl+0x73/0xb0 [ 27.518246] print_report+0xd1/0x650 [ 27.518271] ? __virt_addr_valid+0x1db/0x2d0 [ 27.518300] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.518330] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.518360] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.518403] kasan_report+0x141/0x180 [ 27.518427] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.518463] kasan_check_range+0x10c/0x1c0 [ 27.518489] __kasan_check_write+0x18/0x20 [ 27.518514] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.518544] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.518575] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.518604] ? kasan_bitops_generic+0x92/0x1c0 [ 27.518633] kasan_bitops_generic+0x121/0x1c0 [ 27.518660] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.518687] ? __pfx_read_tsc+0x10/0x10 [ 27.518712] ? ktime_get_ts64+0x86/0x230 [ 27.518740] kunit_try_run_case+0x1a5/0x480 [ 27.518770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.518796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.518825] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.518853] ? __kthread_parkme+0x82/0x180 [ 27.518877] ? preempt_count_sub+0x50/0x80 [ 27.519205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.519240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.519270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.519298] kthread+0x337/0x6f0 [ 27.519322] ? trace_preempt_on+0x20/0xc0 [ 27.519351] ? __pfx_kthread+0x10/0x10 [ 27.519375] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.519415] ? calculate_sigpending+0x7b/0xa0 [ 27.519443] ? __pfx_kthread+0x10/0x10 [ 27.519469] ret_from_fork+0x116/0x1d0 [ 27.519491] ? __pfx_kthread+0x10/0x10 [ 27.519515] ret_from_fork_asm+0x1a/0x30 [ 27.519552] </TASK> [ 27.519567] [ 27.529526] Allocated by task 310: [ 27.529753] kasan_save_stack+0x45/0x70 [ 27.530124] kasan_save_track+0x18/0x40 [ 27.530439] kasan_save_alloc_info+0x3b/0x50 [ 27.530646] __kasan_kmalloc+0xb7/0xc0 [ 27.530838] __kmalloc_cache_noprof+0x189/0x420 [ 27.531063] kasan_bitops_generic+0x92/0x1c0 [ 27.531337] kunit_try_run_case+0x1a5/0x480 [ 27.531550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.531817] kthread+0x337/0x6f0 [ 27.532005] ret_from_fork+0x116/0x1d0 [ 27.532210] ret_from_fork_asm+0x1a/0x30 [ 27.532422] [ 27.532515] The buggy address belongs to the object at ffff88810527f2e0 [ 27.532515] which belongs to the cache kmalloc-16 of size 16 [ 27.533064] The buggy address is located 8 bytes inside of [ 27.533064] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.533665] [ 27.534143] The buggy address belongs to the physical page: [ 27.534476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.534779] flags: 0x200000000000000(node=0|zone=2) [ 27.534972] page_type: f5(slab) [ 27.535108] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.535368] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.535756] page dumped because: kasan: bad access detected [ 27.536445] [ 27.536539] Memory state around the buggy address: [ 27.536716] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.537438] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.537811] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.539133] ^ [ 27.539382] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.540229] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.540609] ================================================================== [ 27.372112] ================================================================== [ 27.372483] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.372830] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.373402] [ 27.373532] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.373589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.373603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.373627] Call Trace: [ 27.373648] <TASK> [ 27.373667] dump_stack_lvl+0x73/0xb0 [ 27.373698] print_report+0xd1/0x650 [ 27.373721] ? __virt_addr_valid+0x1db/0x2d0 [ 27.373746] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.373773] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.373800] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.373828] kasan_report+0x141/0x180 [ 27.373850] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.373882] kasan_check_range+0x10c/0x1c0 [ 27.373906] __kasan_check_write+0x18/0x20 [ 27.373930] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.373958] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.373986] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.374010] ? kasan_bitops_generic+0x92/0x1c0 [ 27.374064] kasan_bitops_generic+0x121/0x1c0 [ 27.374088] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.374113] ? __pfx_read_tsc+0x10/0x10 [ 27.374210] ? ktime_get_ts64+0x86/0x230 [ 27.374242] kunit_try_run_case+0x1a5/0x480 [ 27.374270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.374294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.374321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.374347] ? __kthread_parkme+0x82/0x180 [ 27.374369] ? preempt_count_sub+0x50/0x80 [ 27.374404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.374431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.374456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.374483] kthread+0x337/0x6f0 [ 27.374504] ? trace_preempt_on+0x20/0xc0 [ 27.374530] ? __pfx_kthread+0x10/0x10 [ 27.374552] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.374575] ? calculate_sigpending+0x7b/0xa0 [ 27.374601] ? __pfx_kthread+0x10/0x10 [ 27.374624] ret_from_fork+0x116/0x1d0 [ 27.374645] ? __pfx_kthread+0x10/0x10 [ 27.374666] ret_from_fork_asm+0x1a/0x30 [ 27.374699] </TASK> [ 27.374711] [ 27.391365] Allocated by task 310: [ 27.391571] kasan_save_stack+0x45/0x70 [ 27.391791] kasan_save_track+0x18/0x40 [ 27.392321] kasan_save_alloc_info+0x3b/0x50 [ 27.392622] __kasan_kmalloc+0xb7/0xc0 [ 27.392816] __kmalloc_cache_noprof+0x189/0x420 [ 27.393332] kasan_bitops_generic+0x92/0x1c0 [ 27.393671] kunit_try_run_case+0x1a5/0x480 [ 27.393961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.394183] kthread+0x337/0x6f0 [ 27.394622] ret_from_fork+0x116/0x1d0 [ 27.394811] ret_from_fork_asm+0x1a/0x30 [ 27.395084] [ 27.395167] The buggy address belongs to the object at ffff88810527f2e0 [ 27.395167] which belongs to the cache kmalloc-16 of size 16 [ 27.396269] The buggy address is located 8 bytes inside of [ 27.396269] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.396977] [ 27.397146] The buggy address belongs to the physical page: [ 27.397554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.398448] flags: 0x200000000000000(node=0|zone=2) [ 27.398883] page_type: f5(slab) [ 27.399485] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.399795] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.400519] page dumped because: kasan: bad access detected [ 27.401215] [ 27.401378] Memory state around the buggy address: [ 27.401759] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.402053] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.402958] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.403698] ^ [ 27.404444] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.404670] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.404884] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 27.251428] ================================================================== [ 27.251770] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.252197] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.252626] [ 27.252755] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.252811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.252825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.252850] Call Trace: [ 27.252871] <TASK> [ 27.252893] dump_stack_lvl+0x73/0xb0 [ 27.252924] print_report+0xd1/0x650 [ 27.252949] ? __virt_addr_valid+0x1db/0x2d0 [ 27.252975] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253002] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.253029] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253056] kasan_report+0x141/0x180 [ 27.253079] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253111] kasan_check_range+0x10c/0x1c0 [ 27.253136] __kasan_check_write+0x18/0x20 [ 27.253161] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.253188] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.253216] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.253243] ? kasan_bitops_generic+0x92/0x1c0 [ 27.253272] kasan_bitops_generic+0x116/0x1c0 [ 27.253297] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.253323] ? __pfx_read_tsc+0x10/0x10 [ 27.253346] ? ktime_get_ts64+0x86/0x230 [ 27.253373] kunit_try_run_case+0x1a5/0x480 [ 27.253412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.253437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.253464] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.253490] ? __kthread_parkme+0x82/0x180 [ 27.253513] ? preempt_count_sub+0x50/0x80 [ 27.253539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.253567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.253592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.253619] kthread+0x337/0x6f0 [ 27.253639] ? trace_preempt_on+0x20/0xc0 [ 27.253665] ? __pfx_kthread+0x10/0x10 [ 27.253687] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.253711] ? calculate_sigpending+0x7b/0xa0 [ 27.253737] ? __pfx_kthread+0x10/0x10 [ 27.253761] ret_from_fork+0x116/0x1d0 [ 27.253781] ? __pfx_kthread+0x10/0x10 [ 27.253804] ret_from_fork_asm+0x1a/0x30 [ 27.253837] </TASK> [ 27.253850] [ 27.262535] Allocated by task 310: [ 27.262683] kasan_save_stack+0x45/0x70 [ 27.262834] kasan_save_track+0x18/0x40 [ 27.262995] kasan_save_alloc_info+0x3b/0x50 [ 27.263212] __kasan_kmalloc+0xb7/0xc0 [ 27.263484] __kmalloc_cache_noprof+0x189/0x420 [ 27.263808] kasan_bitops_generic+0x92/0x1c0 [ 27.264042] kunit_try_run_case+0x1a5/0x480 [ 27.264208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.264484] kthread+0x337/0x6f0 [ 27.264642] ret_from_fork+0x116/0x1d0 [ 27.264828] ret_from_fork_asm+0x1a/0x30 [ 27.265103] [ 27.265239] The buggy address belongs to the object at ffff88810527f2e0 [ 27.265239] which belongs to the cache kmalloc-16 of size 16 [ 27.266011] The buggy address is located 8 bytes inside of [ 27.266011] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.266543] [ 27.266624] The buggy address belongs to the physical page: [ 27.266806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.267144] flags: 0x200000000000000(node=0|zone=2) [ 27.267387] page_type: f5(slab) [ 27.267738] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.268011] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.268256] page dumped because: kasan: bad access detected [ 27.268446] [ 27.268515] Memory state around the buggy address: [ 27.268766] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.269368] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.269960] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.270502] ^ [ 27.270776] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.271071] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.271571] ================================================================== [ 27.292504] ================================================================== [ 27.292871] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.293371] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.293714] [ 27.293835] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.293889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.293903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.293949] Call Trace: [ 27.293969] <TASK> [ 27.293990] dump_stack_lvl+0x73/0xb0 [ 27.294019] print_report+0xd1/0x650 [ 27.294043] ? __virt_addr_valid+0x1db/0x2d0 [ 27.294070] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.294125] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294368] kasan_report+0x141/0x180 [ 27.294408] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294441] kasan_check_range+0x10c/0x1c0 [ 27.294468] __kasan_check_write+0x18/0x20 [ 27.294493] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.294521] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.294550] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.294576] ? kasan_bitops_generic+0x92/0x1c0 [ 27.294606] kasan_bitops_generic+0x116/0x1c0 [ 27.294632] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.294658] ? __pfx_read_tsc+0x10/0x10 [ 27.294682] ? ktime_get_ts64+0x86/0x230 [ 27.294709] kunit_try_run_case+0x1a5/0x480 [ 27.294737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.294762] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.294789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.294816] ? __kthread_parkme+0x82/0x180 [ 27.294838] ? preempt_count_sub+0x50/0x80 [ 27.294865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.294895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.294924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.294950] kthread+0x337/0x6f0 [ 27.294971] ? trace_preempt_on+0x20/0xc0 [ 27.294998] ? __pfx_kthread+0x10/0x10 [ 27.295021] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.295069] ? calculate_sigpending+0x7b/0xa0 [ 27.295096] ? __pfx_kthread+0x10/0x10 [ 27.295119] ret_from_fork+0x116/0x1d0 [ 27.295215] ? __pfx_kthread+0x10/0x10 [ 27.295241] ret_from_fork_asm+0x1a/0x30 [ 27.295277] </TASK> [ 27.295290] [ 27.303850] Allocated by task 310: [ 27.304027] kasan_save_stack+0x45/0x70 [ 27.304346] kasan_save_track+0x18/0x40 [ 27.304539] kasan_save_alloc_info+0x3b/0x50 [ 27.304695] __kasan_kmalloc+0xb7/0xc0 [ 27.304832] __kmalloc_cache_noprof+0x189/0x420 [ 27.305092] kasan_bitops_generic+0x92/0x1c0 [ 27.305383] kunit_try_run_case+0x1a5/0x480 [ 27.305615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.305876] kthread+0x337/0x6f0 [ 27.306064] ret_from_fork+0x116/0x1d0 [ 27.306314] ret_from_fork_asm+0x1a/0x30 [ 27.306543] [ 27.306641] The buggy address belongs to the object at ffff88810527f2e0 [ 27.306641] which belongs to the cache kmalloc-16 of size 16 [ 27.307114] The buggy address is located 8 bytes inside of [ 27.307114] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.307616] [ 27.307710] The buggy address belongs to the physical page: [ 27.307934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.308257] flags: 0x200000000000000(node=0|zone=2) [ 27.308445] page_type: f5(slab) [ 27.308572] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.308810] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.309082] page dumped because: kasan: bad access detected [ 27.309575] [ 27.309678] Memory state around the buggy address: [ 27.309935] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.310333] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.310677] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.311003] ^ [ 27.311342] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.311590] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.311804] ================================================================== [ 27.331513] ================================================================== [ 27.331849] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.332497] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.332834] [ 27.332949] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.333003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.333016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.333040] Call Trace: [ 27.333061] <TASK> [ 27.333083] dump_stack_lvl+0x73/0xb0 [ 27.333208] print_report+0xd1/0x650 [ 27.333238] ? __virt_addr_valid+0x1db/0x2d0 [ 27.333263] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333289] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.333317] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333343] kasan_report+0x141/0x180 [ 27.333366] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333406] kasan_check_range+0x10c/0x1c0 [ 27.333431] __kasan_check_write+0x18/0x20 [ 27.333455] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.333480] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.333507] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.333534] ? kasan_bitops_generic+0x92/0x1c0 [ 27.333562] kasan_bitops_generic+0x116/0x1c0 [ 27.333585] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.333610] ? __pfx_read_tsc+0x10/0x10 [ 27.333632] ? ktime_get_ts64+0x86/0x230 [ 27.333659] kunit_try_run_case+0x1a5/0x480 [ 27.333685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.333737] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.333764] ? __kthread_parkme+0x82/0x180 [ 27.333785] ? preempt_count_sub+0x50/0x80 [ 27.333810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.333861] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.333887] kthread+0x337/0x6f0 [ 27.333908] ? trace_preempt_on+0x20/0xc0 [ 27.333953] ? __pfx_kthread+0x10/0x10 [ 27.333975] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.333998] ? calculate_sigpending+0x7b/0xa0 [ 27.334023] ? __pfx_kthread+0x10/0x10 [ 27.334045] ret_from_fork+0x116/0x1d0 [ 27.334066] ? __pfx_kthread+0x10/0x10 [ 27.334088] ret_from_fork_asm+0x1a/0x30 [ 27.334121] </TASK> [ 27.334193] [ 27.342547] Allocated by task 310: [ 27.342755] kasan_save_stack+0x45/0x70 [ 27.342969] kasan_save_track+0x18/0x40 [ 27.343234] kasan_save_alloc_info+0x3b/0x50 [ 27.343436] __kasan_kmalloc+0xb7/0xc0 [ 27.343593] __kmalloc_cache_noprof+0x189/0x420 [ 27.343817] kasan_bitops_generic+0x92/0x1c0 [ 27.344043] kunit_try_run_case+0x1a5/0x480 [ 27.344302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.344504] kthread+0x337/0x6f0 [ 27.344629] ret_from_fork+0x116/0x1d0 [ 27.344765] ret_from_fork_asm+0x1a/0x30 [ 27.344934] [ 27.345006] The buggy address belongs to the object at ffff88810527f2e0 [ 27.345006] which belongs to the cache kmalloc-16 of size 16 [ 27.345750] The buggy address is located 8 bytes inside of [ 27.345750] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.346474] [ 27.346582] The buggy address belongs to the physical page: [ 27.346842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.347314] flags: 0x200000000000000(node=0|zone=2) [ 27.347579] page_type: f5(slab) [ 27.347759] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.348111] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.348512] page dumped because: kasan: bad access detected [ 27.348759] [ 27.348831] Memory state around the buggy address: [ 27.349076] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.349691] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.349990] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.350281] ^ [ 27.350551] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.350889] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.351144] ================================================================== [ 27.312333] ================================================================== [ 27.312692] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.313099] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.313633] [ 27.313759] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.313812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.313825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.313849] Call Trace: [ 27.313869] <TASK> [ 27.313888] dump_stack_lvl+0x73/0xb0 [ 27.313917] print_report+0xd1/0x650 [ 27.313940] ? __virt_addr_valid+0x1db/0x2d0 [ 27.313966] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.313991] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.314017] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.314068] kasan_report+0x141/0x180 [ 27.314091] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.314120] kasan_check_range+0x10c/0x1c0 [ 27.314218] __kasan_check_write+0x18/0x20 [ 27.314244] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.314270] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.314296] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.314320] ? kasan_bitops_generic+0x92/0x1c0 [ 27.314348] kasan_bitops_generic+0x116/0x1c0 [ 27.314370] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.314405] ? __pfx_read_tsc+0x10/0x10 [ 27.314427] ? ktime_get_ts64+0x86/0x230 [ 27.314453] kunit_try_run_case+0x1a5/0x480 [ 27.314479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.314503] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.314529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.314554] ? __kthread_parkme+0x82/0x180 [ 27.314576] ? preempt_count_sub+0x50/0x80 [ 27.314600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.314626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.314650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.314675] kthread+0x337/0x6f0 [ 27.314696] ? trace_preempt_on+0x20/0xc0 [ 27.314720] ? __pfx_kthread+0x10/0x10 [ 27.314743] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.314766] ? calculate_sigpending+0x7b/0xa0 [ 27.314790] ? __pfx_kthread+0x10/0x10 [ 27.314812] ret_from_fork+0x116/0x1d0 [ 27.314831] ? __pfx_kthread+0x10/0x10 [ 27.314852] ret_from_fork_asm+0x1a/0x30 [ 27.314884] </TASK> [ 27.314896] [ 27.322751] Allocated by task 310: [ 27.322943] kasan_save_stack+0x45/0x70 [ 27.323250] kasan_save_track+0x18/0x40 [ 27.323461] kasan_save_alloc_info+0x3b/0x50 [ 27.323667] __kasan_kmalloc+0xb7/0xc0 [ 27.323858] __kmalloc_cache_noprof+0x189/0x420 [ 27.324095] kasan_bitops_generic+0x92/0x1c0 [ 27.324378] kunit_try_run_case+0x1a5/0x480 [ 27.324603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.324859] kthread+0x337/0x6f0 [ 27.325042] ret_from_fork+0x116/0x1d0 [ 27.325472] ret_from_fork_asm+0x1a/0x30 [ 27.325662] [ 27.325749] The buggy address belongs to the object at ffff88810527f2e0 [ 27.325749] which belongs to the cache kmalloc-16 of size 16 [ 27.326272] The buggy address is located 8 bytes inside of [ 27.326272] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.326743] [ 27.326820] The buggy address belongs to the physical page: [ 27.327050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.327356] flags: 0x200000000000000(node=0|zone=2) [ 27.327581] page_type: f5(slab) [ 27.327746] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.328037] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.328357] page dumped because: kasan: bad access detected [ 27.328822] [ 27.328962] Memory state around the buggy address: [ 27.329131] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.329434] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.329650] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.329860] ^ [ 27.330240] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.330567] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.330902] ================================================================== [ 27.225194] ================================================================== [ 27.225535] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.226111] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.226590] [ 27.226713] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.226773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.226788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.226814] Call Trace: [ 27.226837] <TASK> [ 27.226860] dump_stack_lvl+0x73/0xb0 [ 27.226893] print_report+0xd1/0x650 [ 27.226918] ? __virt_addr_valid+0x1db/0x2d0 [ 27.226945] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.226973] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.227002] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.227031] kasan_report+0x141/0x180 [ 27.227055] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.227088] kasan_check_range+0x10c/0x1c0 [ 27.227113] __kasan_check_write+0x18/0x20 [ 27.227139] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.227166] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.227195] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.227223] ? kasan_bitops_generic+0x92/0x1c0 [ 27.227252] kasan_bitops_generic+0x116/0x1c0 [ 27.227279] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.227307] ? __pfx_read_tsc+0x10/0x10 [ 27.227331] ? ktime_get_ts64+0x86/0x230 [ 27.227359] kunit_try_run_case+0x1a5/0x480 [ 27.227387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.227426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.227453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.227479] ? __kthread_parkme+0x82/0x180 [ 27.227503] ? preempt_count_sub+0x50/0x80 [ 27.227529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.227557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.227584] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.227611] kthread+0x337/0x6f0 [ 27.227633] ? trace_preempt_on+0x20/0xc0 [ 27.227662] ? __pfx_kthread+0x10/0x10 [ 27.227686] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.227710] ? calculate_sigpending+0x7b/0xa0 [ 27.227737] ? __pfx_kthread+0x10/0x10 [ 27.227760] ret_from_fork+0x116/0x1d0 [ 27.227782] ? __pfx_kthread+0x10/0x10 [ 27.227804] ret_from_fork_asm+0x1a/0x30 [ 27.227839] </TASK> [ 27.227852] [ 27.236863] Allocated by task 310: [ 27.237078] kasan_save_stack+0x45/0x70 [ 27.237563] kasan_save_track+0x18/0x40 [ 27.237921] kasan_save_alloc_info+0x3b/0x50 [ 27.238089] __kasan_kmalloc+0xb7/0xc0 [ 27.238234] __kmalloc_cache_noprof+0x189/0x420 [ 27.239175] kasan_bitops_generic+0x92/0x1c0 [ 27.239715] kunit_try_run_case+0x1a5/0x480 [ 27.240339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.240553] kthread+0x337/0x6f0 [ 27.240683] ret_from_fork+0x116/0x1d0 [ 27.240821] ret_from_fork_asm+0x1a/0x30 [ 27.240968] [ 27.241041] The buggy address belongs to the object at ffff88810527f2e0 [ 27.241041] which belongs to the cache kmalloc-16 of size 16 [ 27.241985] The buggy address is located 8 bytes inside of [ 27.241985] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.243996] [ 27.244133] The buggy address belongs to the physical page: [ 27.244748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.245205] flags: 0x200000000000000(node=0|zone=2) [ 27.245657] page_type: f5(slab) [ 27.245952] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.246773] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.247303] page dumped because: kasan: bad access detected [ 27.247568] [ 27.247655] Memory state around the buggy address: [ 27.247875] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.248595] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.248958] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.249447] ^ [ 27.249835] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.250360] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.250669] ================================================================== [ 27.272000] ================================================================== [ 27.272599] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.272880] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.273199] [ 27.273317] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.273371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.273385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.273454] Call Trace: [ 27.273474] <TASK> [ 27.273497] dump_stack_lvl+0x73/0xb0 [ 27.273528] print_report+0xd1/0x650 [ 27.273552] ? __virt_addr_valid+0x1db/0x2d0 [ 27.273578] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.273633] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273661] kasan_report+0x141/0x180 [ 27.273684] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273716] kasan_check_range+0x10c/0x1c0 [ 27.273741] __kasan_check_write+0x18/0x20 [ 27.273766] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.273793] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.273821] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.273848] ? kasan_bitops_generic+0x92/0x1c0 [ 27.273884] kasan_bitops_generic+0x116/0x1c0 [ 27.273909] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.273935] ? __pfx_read_tsc+0x10/0x10 [ 27.273959] ? ktime_get_ts64+0x86/0x230 [ 27.273986] kunit_try_run_case+0x1a5/0x480 [ 27.274014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.274040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.274068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.274094] ? __kthread_parkme+0x82/0x180 [ 27.274116] ? preempt_count_sub+0x50/0x80 [ 27.274142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.274169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.274195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.274222] kthread+0x337/0x6f0 [ 27.274242] ? trace_preempt_on+0x20/0xc0 [ 27.274268] ? __pfx_kthread+0x10/0x10 [ 27.274290] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.274315] ? calculate_sigpending+0x7b/0xa0 [ 27.274340] ? __pfx_kthread+0x10/0x10 [ 27.274364] ret_from_fork+0x116/0x1d0 [ 27.274384] ? __pfx_kthread+0x10/0x10 [ 27.274642] ret_from_fork_asm+0x1a/0x30 [ 27.274679] </TASK> [ 27.274692] [ 27.283282] Allocated by task 310: [ 27.283494] kasan_save_stack+0x45/0x70 [ 27.283703] kasan_save_track+0x18/0x40 [ 27.283910] kasan_save_alloc_info+0x3b/0x50 [ 27.284123] __kasan_kmalloc+0xb7/0xc0 [ 27.284320] __kmalloc_cache_noprof+0x189/0x420 [ 27.284623] kasan_bitops_generic+0x92/0x1c0 [ 27.284832] kunit_try_run_case+0x1a5/0x480 [ 27.284993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.285265] kthread+0x337/0x6f0 [ 27.285448] ret_from_fork+0x116/0x1d0 [ 27.285643] ret_from_fork_asm+0x1a/0x30 [ 27.285837] [ 27.285917] The buggy address belongs to the object at ffff88810527f2e0 [ 27.285917] which belongs to the cache kmalloc-16 of size 16 [ 27.286640] The buggy address is located 8 bytes inside of [ 27.286640] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.287254] [ 27.287350] The buggy address belongs to the physical page: [ 27.287589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.287950] flags: 0x200000000000000(node=0|zone=2) [ 27.288270] page_type: f5(slab) [ 27.288437] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.288791] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.289127] page dumped because: kasan: bad access detected [ 27.289478] [ 27.289576] Memory state around the buggy address: [ 27.289782] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.290064] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.290574] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.290913] ^ [ 27.291331] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.291679] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.291970] ================================================================== [ 27.351575] ================================================================== [ 27.352054] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.352529] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.352848] [ 27.352970] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.353024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.353037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.353063] Call Trace: [ 27.353085] <TASK> [ 27.353106] dump_stack_lvl+0x73/0xb0 [ 27.353329] print_report+0xd1/0x650 [ 27.353366] ? __virt_addr_valid+0x1db/0x2d0 [ 27.353410] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353437] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.353465] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353492] kasan_report+0x141/0x180 [ 27.353516] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353547] kasan_check_range+0x10c/0x1c0 [ 27.353571] __kasan_check_write+0x18/0x20 [ 27.353596] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.353621] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.353649] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.353676] ? kasan_bitops_generic+0x92/0x1c0 [ 27.353703] kasan_bitops_generic+0x116/0x1c0 [ 27.353728] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.353754] ? __pfx_read_tsc+0x10/0x10 [ 27.353778] ? ktime_get_ts64+0x86/0x230 [ 27.353804] kunit_try_run_case+0x1a5/0x480 [ 27.353831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.353856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.353912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.353940] ? __kthread_parkme+0x82/0x180 [ 27.353963] ? preempt_count_sub+0x50/0x80 [ 27.353989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.354016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.354042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.354070] kthread+0x337/0x6f0 [ 27.354092] ? trace_preempt_on+0x20/0xc0 [ 27.354119] ? __pfx_kthread+0x10/0x10 [ 27.354222] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.354249] ? calculate_sigpending+0x7b/0xa0 [ 27.354276] ? __pfx_kthread+0x10/0x10 [ 27.354300] ret_from_fork+0x116/0x1d0 [ 27.354322] ? __pfx_kthread+0x10/0x10 [ 27.354345] ret_from_fork_asm+0x1a/0x30 [ 27.354379] </TASK> [ 27.354402] [ 27.363216] Allocated by task 310: [ 27.363427] kasan_save_stack+0x45/0x70 [ 27.363640] kasan_save_track+0x18/0x40 [ 27.363833] kasan_save_alloc_info+0x3b/0x50 [ 27.364066] __kasan_kmalloc+0xb7/0xc0 [ 27.364332] __kmalloc_cache_noprof+0x189/0x420 [ 27.364512] kasan_bitops_generic+0x92/0x1c0 [ 27.364665] kunit_try_run_case+0x1a5/0x480 [ 27.364835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.365119] kthread+0x337/0x6f0 [ 27.365499] ret_from_fork+0x116/0x1d0 [ 27.365694] ret_from_fork_asm+0x1a/0x30 [ 27.365899] [ 27.365996] The buggy address belongs to the object at ffff88810527f2e0 [ 27.365996] which belongs to the cache kmalloc-16 of size 16 [ 27.366605] The buggy address is located 8 bytes inside of [ 27.366605] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.367113] [ 27.367285] The buggy address belongs to the physical page: [ 27.367499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.367749] flags: 0x200000000000000(node=0|zone=2) [ 27.367948] page_type: f5(slab) [ 27.368077] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.368450] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.368791] page dumped because: kasan: bad access detected [ 27.369046] [ 27.369141] Memory state around the buggy address: [ 27.369368] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.369928] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.370232] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.370540] ^ [ 27.370845] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.371256] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.371563] ================================================================== [ 27.185415] ================================================================== [ 27.185848] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.187230] Write of size 8 at addr ffff88810527f2e8 by task kunit_try_catch/310 [ 27.188471] [ 27.188590] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.188652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.188668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.188725] Call Trace: [ 27.188743] <TASK> [ 27.188768] dump_stack_lvl+0x73/0xb0 [ 27.188928] print_report+0xd1/0x650 [ 27.188957] ? __virt_addr_valid+0x1db/0x2d0 [ 27.188985] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189012] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.189042] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189070] kasan_report+0x141/0x180 [ 27.189094] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189127] kasan_check_range+0x10c/0x1c0 [ 27.189328] __kasan_check_write+0x18/0x20 [ 27.189355] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.189384] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.189426] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.189455] ? kasan_bitops_generic+0x92/0x1c0 [ 27.189486] kasan_bitops_generic+0x116/0x1c0 [ 27.189512] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.189540] ? __pfx_read_tsc+0x10/0x10 [ 27.189566] ? ktime_get_ts64+0x86/0x230 [ 27.189595] kunit_try_run_case+0x1a5/0x480 [ 27.189625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.189652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.189681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.189709] ? __kthread_parkme+0x82/0x180 [ 27.189734] ? preempt_count_sub+0x50/0x80 [ 27.189760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.189788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.189816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.189842] kthread+0x337/0x6f0 [ 27.189889] ? trace_preempt_on+0x20/0xc0 [ 27.189916] ? __pfx_kthread+0x10/0x10 [ 27.189940] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.189965] ? calculate_sigpending+0x7b/0xa0 [ 27.189992] ? __pfx_kthread+0x10/0x10 [ 27.190016] ret_from_fork+0x116/0x1d0 [ 27.190037] ? __pfx_kthread+0x10/0x10 [ 27.190062] ret_from_fork_asm+0x1a/0x30 [ 27.190099] </TASK> [ 27.190114] [ 27.210201] Allocated by task 310: [ 27.210871] kasan_save_stack+0x45/0x70 [ 27.211452] kasan_save_track+0x18/0x40 [ 27.212097] kasan_save_alloc_info+0x3b/0x50 [ 27.212448] __kasan_kmalloc+0xb7/0xc0 [ 27.212603] __kmalloc_cache_noprof+0x189/0x420 [ 27.212769] kasan_bitops_generic+0x92/0x1c0 [ 27.212946] kunit_try_run_case+0x1a5/0x480 [ 27.213286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.213812] kthread+0x337/0x6f0 [ 27.214244] ret_from_fork+0x116/0x1d0 [ 27.214644] ret_from_fork_asm+0x1a/0x30 [ 27.215144] [ 27.215477] The buggy address belongs to the object at ffff88810527f2e0 [ 27.215477] which belongs to the cache kmalloc-16 of size 16 [ 27.216304] The buggy address is located 8 bytes inside of [ 27.216304] allocated 9-byte region [ffff88810527f2e0, ffff88810527f2e9) [ 27.217081] [ 27.217295] The buggy address belongs to the physical page: [ 27.217912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 27.218602] flags: 0x200000000000000(node=0|zone=2) [ 27.218793] page_type: f5(slab) [ 27.219045] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 27.219866] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.220773] page dumped because: kasan: bad access detected [ 27.221372] [ 27.221464] Memory state around the buggy address: [ 27.221634] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.221867] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.222102] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 27.222854] ^ [ 27.223144] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.223518] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.224404] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 27.142037] ================================================================== [ 27.142631] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 27.143206] Read of size 1 at addr ffff888105abca90 by task kunit_try_catch/308 [ 27.143965] [ 27.144377] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.144471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.144528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.144557] Call Trace: [ 27.144579] <TASK> [ 27.144604] dump_stack_lvl+0x73/0xb0 [ 27.144640] print_report+0xd1/0x650 [ 27.144667] ? __virt_addr_valid+0x1db/0x2d0 [ 27.144694] ? strnlen+0x73/0x80 [ 27.144717] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.144746] ? strnlen+0x73/0x80 [ 27.144768] kasan_report+0x141/0x180 [ 27.144793] ? strnlen+0x73/0x80 [ 27.144819] __asan_report_load1_noabort+0x18/0x20 [ 27.144846] strnlen+0x73/0x80 [ 27.144893] kasan_strings+0x615/0xe80 [ 27.144916] ? trace_hardirqs_on+0x37/0xe0 [ 27.144943] ? __pfx_kasan_strings+0x10/0x10 [ 27.144965] ? finish_task_switch.isra.0+0x153/0x700 [ 27.144991] ? __switch_to+0x47/0xf50 [ 27.145019] ? __schedule+0x10cc/0x2b60 [ 27.145045] ? __pfx_read_tsc+0x10/0x10 [ 27.145070] ? ktime_get_ts64+0x86/0x230 [ 27.145097] kunit_try_run_case+0x1a5/0x480 [ 27.145126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.145160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.145186] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.145213] ? __kthread_parkme+0x82/0x180 [ 27.145237] ? preempt_count_sub+0x50/0x80 [ 27.145261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.145289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.145317] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.145344] kthread+0x337/0x6f0 [ 27.145367] ? trace_preempt_on+0x20/0xc0 [ 27.145402] ? __pfx_kthread+0x10/0x10 [ 27.145493] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.145524] ? calculate_sigpending+0x7b/0xa0 [ 27.145552] ? __pfx_kthread+0x10/0x10 [ 27.145576] ret_from_fork+0x116/0x1d0 [ 27.145599] ? __pfx_kthread+0x10/0x10 [ 27.145621] ret_from_fork_asm+0x1a/0x30 [ 27.145658] </TASK> [ 27.145671] [ 27.159499] Allocated by task 308: [ 27.160152] kasan_save_stack+0x45/0x70 [ 27.160625] kasan_save_track+0x18/0x40 [ 27.161243] kasan_save_alloc_info+0x3b/0x50 [ 27.161570] __kasan_kmalloc+0xb7/0xc0 [ 27.161980] __kmalloc_cache_noprof+0x189/0x420 [ 27.162641] kasan_strings+0xc0/0xe80 [ 27.162931] kunit_try_run_case+0x1a5/0x480 [ 27.163414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.164084] kthread+0x337/0x6f0 [ 27.164568] ret_from_fork+0x116/0x1d0 [ 27.165086] ret_from_fork_asm+0x1a/0x30 [ 27.165534] [ 27.165781] Freed by task 308: [ 27.166057] kasan_save_stack+0x45/0x70 [ 27.166380] kasan_save_track+0x18/0x40 [ 27.166596] kasan_save_free_info+0x3f/0x60 [ 27.166805] __kasan_slab_free+0x56/0x70 [ 27.167457] kfree+0x222/0x3f0 [ 27.167836] kasan_strings+0x2aa/0xe80 [ 27.168338] kunit_try_run_case+0x1a5/0x480 [ 27.168669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.169319] kthread+0x337/0x6f0 [ 27.169674] ret_from_fork+0x116/0x1d0 [ 27.170155] ret_from_fork_asm+0x1a/0x30 [ 27.170602] [ 27.170860] The buggy address belongs to the object at ffff888105abca80 [ 27.170860] which belongs to the cache kmalloc-32 of size 32 [ 27.171805] The buggy address is located 16 bytes inside of [ 27.171805] freed 32-byte region [ffff888105abca80, ffff888105abcaa0) [ 27.173169] [ 27.173319] The buggy address belongs to the physical page: [ 27.173614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 27.174291] flags: 0x200000000000000(node=0|zone=2) [ 27.174557] page_type: f5(slab) [ 27.174727] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.175495] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.176251] page dumped because: kasan: bad access detected [ 27.176699] [ 27.176807] Memory state around the buggy address: [ 27.177521] ffff888105abc980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.178036] ffff888105abca00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.178616] >ffff888105abca80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.179518] ^ [ 27.179874] ffff888105abcb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.180728] ffff888105abcb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.181370] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 27.095553] ================================================================== [ 27.096839] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 27.097379] Read of size 1 at addr ffff888105abca90 by task kunit_try_catch/308 [ 27.098379] [ 27.098641] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.098704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.098721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.098750] Call Trace: [ 27.098775] <TASK> [ 27.098798] dump_stack_lvl+0x73/0xb0 [ 27.098832] print_report+0xd1/0x650 [ 27.098860] ? __virt_addr_valid+0x1db/0x2d0 [ 27.098888] ? strlen+0x8f/0xb0 [ 27.098911] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.098941] ? strlen+0x8f/0xb0 [ 27.098964] kasan_report+0x141/0x180 [ 27.098989] ? strlen+0x8f/0xb0 [ 27.099017] __asan_report_load1_noabort+0x18/0x20 [ 27.099044] strlen+0x8f/0xb0 [ 27.099082] kasan_strings+0x57b/0xe80 [ 27.099105] ? trace_hardirqs_on+0x37/0xe0 [ 27.099145] ? __pfx_kasan_strings+0x10/0x10 [ 27.099169] ? finish_task_switch.isra.0+0x153/0x700 [ 27.099270] ? __switch_to+0x47/0xf50 [ 27.099307] ? __schedule+0x10cc/0x2b60 [ 27.099335] ? __pfx_read_tsc+0x10/0x10 [ 27.099360] ? ktime_get_ts64+0x86/0x230 [ 27.099401] kunit_try_run_case+0x1a5/0x480 [ 27.099433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099460] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.099488] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.099516] ? __kthread_parkme+0x82/0x180 [ 27.099539] ? preempt_count_sub+0x50/0x80 [ 27.099566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.099623] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.099652] kthread+0x337/0x6f0 [ 27.099675] ? trace_preempt_on+0x20/0xc0 [ 27.099700] ? __pfx_kthread+0x10/0x10 [ 27.099723] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.099749] ? calculate_sigpending+0x7b/0xa0 [ 27.099776] ? __pfx_kthread+0x10/0x10 [ 27.099801] ret_from_fork+0x116/0x1d0 [ 27.099822] ? __pfx_kthread+0x10/0x10 [ 27.099846] ret_from_fork_asm+0x1a/0x30 [ 27.099882] </TASK> [ 27.099895] [ 27.116647] Allocated by task 308: [ 27.116953] kasan_save_stack+0x45/0x70 [ 27.117802] kasan_save_track+0x18/0x40 [ 27.118003] kasan_save_alloc_info+0x3b/0x50 [ 27.118171] __kasan_kmalloc+0xb7/0xc0 [ 27.118321] __kmalloc_cache_noprof+0x189/0x420 [ 27.118506] kasan_strings+0xc0/0xe80 [ 27.119343] kunit_try_run_case+0x1a5/0x480 [ 27.119778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.121309] kthread+0x337/0x6f0 [ 27.121578] ret_from_fork+0x116/0x1d0 [ 27.121733] ret_from_fork_asm+0x1a/0x30 [ 27.121959] [ 27.123035] Freed by task 308: [ 27.123442] kasan_save_stack+0x45/0x70 [ 27.123827] kasan_save_track+0x18/0x40 [ 27.124332] kasan_save_free_info+0x3f/0x60 [ 27.124811] __kasan_slab_free+0x56/0x70 [ 27.125201] kfree+0x222/0x3f0 [ 27.125325] kasan_strings+0x2aa/0xe80 [ 27.125511] kunit_try_run_case+0x1a5/0x480 [ 27.125666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.125847] kthread+0x337/0x6f0 [ 27.125972] ret_from_fork+0x116/0x1d0 [ 27.127088] ret_from_fork_asm+0x1a/0x30 [ 27.127948] [ 27.128137] The buggy address belongs to the object at ffff888105abca80 [ 27.128137] which belongs to the cache kmalloc-32 of size 32 [ 27.130033] The buggy address is located 16 bytes inside of [ 27.130033] freed 32-byte region [ffff888105abca80, ffff888105abcaa0) [ 27.130941] [ 27.131136] The buggy address belongs to the physical page: [ 27.131691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 27.132752] flags: 0x200000000000000(node=0|zone=2) [ 27.133377] page_type: f5(slab) [ 27.133740] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.134093] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.134790] page dumped because: kasan: bad access detected [ 27.135912] [ 27.136037] Memory state around the buggy address: [ 27.136290] ffff888105abc980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.136633] ffff888105abca00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.136965] >ffff888105abca80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.137286] ^ [ 27.138284] ffff888105abcb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.139258] ffff888105abcb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.140120] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 27.069178] ================================================================== [ 27.069521] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 27.069771] Read of size 1 at addr ffff888105abca90 by task kunit_try_catch/308 [ 27.070021] [ 27.070119] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.070178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.070193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.070221] Call Trace: [ 27.070244] <TASK> [ 27.070267] dump_stack_lvl+0x73/0xb0 [ 27.070299] print_report+0xd1/0x650 [ 27.070325] ? __virt_addr_valid+0x1db/0x2d0 [ 27.070353] ? kasan_strings+0xcbc/0xe80 [ 27.070377] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.070661] ? kasan_strings+0xcbc/0xe80 [ 27.070691] kasan_report+0x141/0x180 [ 27.070718] ? kasan_strings+0xcbc/0xe80 [ 27.070749] __asan_report_load1_noabort+0x18/0x20 [ 27.070778] kasan_strings+0xcbc/0xe80 [ 27.070801] ? trace_hardirqs_on+0x37/0xe0 [ 27.070830] ? __pfx_kasan_strings+0x10/0x10 [ 27.070853] ? finish_task_switch.isra.0+0x153/0x700 [ 27.070879] ? __switch_to+0x47/0xf50 [ 27.070910] ? __schedule+0x10cc/0x2b60 [ 27.070939] ? __pfx_read_tsc+0x10/0x10 [ 27.070965] ? ktime_get_ts64+0x86/0x230 [ 27.070995] kunit_try_run_case+0x1a5/0x480 [ 27.071026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.071054] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.071082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.071111] ? __kthread_parkme+0x82/0x180 [ 27.071136] ? preempt_count_sub+0x50/0x80 [ 27.071447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.071479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.071509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.071538] kthread+0x337/0x6f0 [ 27.071562] ? trace_preempt_on+0x20/0xc0 [ 27.071589] ? __pfx_kthread+0x10/0x10 [ 27.071613] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.071641] ? calculate_sigpending+0x7b/0xa0 [ 27.071670] ? __pfx_kthread+0x10/0x10 [ 27.071696] ret_from_fork+0x116/0x1d0 [ 27.071719] ? __pfx_kthread+0x10/0x10 [ 27.071744] ret_from_fork_asm+0x1a/0x30 [ 27.071782] </TASK> [ 27.071797] [ 27.081699] Allocated by task 308: [ 27.081868] kasan_save_stack+0x45/0x70 [ 27.082107] kasan_save_track+0x18/0x40 [ 27.082545] kasan_save_alloc_info+0x3b/0x50 [ 27.082727] __kasan_kmalloc+0xb7/0xc0 [ 27.082898] __kmalloc_cache_noprof+0x189/0x420 [ 27.083153] kasan_strings+0xc0/0xe80 [ 27.083373] kunit_try_run_case+0x1a5/0x480 [ 27.083652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.083914] kthread+0x337/0x6f0 [ 27.084118] ret_from_fork+0x116/0x1d0 [ 27.084337] ret_from_fork_asm+0x1a/0x30 [ 27.084564] [ 27.084643] Freed by task 308: [ 27.084769] kasan_save_stack+0x45/0x70 [ 27.084922] kasan_save_track+0x18/0x40 [ 27.085073] kasan_save_free_info+0x3f/0x60 [ 27.085236] __kasan_slab_free+0x56/0x70 [ 27.085401] kfree+0x222/0x3f0 [ 27.085532] kasan_strings+0x2aa/0xe80 [ 27.085681] kunit_try_run_case+0x1a5/0x480 [ 27.085893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.086185] kthread+0x337/0x6f0 [ 27.086373] ret_from_fork+0x116/0x1d0 [ 27.086975] ret_from_fork_asm+0x1a/0x30 [ 27.087330] [ 27.087465] The buggy address belongs to the object at ffff888105abca80 [ 27.087465] which belongs to the cache kmalloc-32 of size 32 [ 27.088432] The buggy address is located 16 bytes inside of [ 27.088432] freed 32-byte region [ffff888105abca80, ffff888105abcaa0) [ 27.089057] [ 27.089144] The buggy address belongs to the physical page: [ 27.089380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 27.089672] flags: 0x200000000000000(node=0|zone=2) [ 27.089862] page_type: f5(slab) [ 27.090260] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.090722] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.091121] page dumped because: kasan: bad access detected [ 27.091432] [ 27.091781] Memory state around the buggy address: [ 27.092234] ffff888105abc980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.092520] ffff888105abca00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.092770] >ffff888105abca80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.093096] ^ [ 27.093310] ffff888105abcb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.093706] ffff888105abcb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.094083] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 27.044556] ================================================================== [ 27.045719] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 27.046043] Read of size 1 at addr ffff888105abca90 by task kunit_try_catch/308 [ 27.046497] [ 27.046639] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.046703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.046720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.046748] Call Trace: [ 27.046765] <TASK> [ 27.046789] dump_stack_lvl+0x73/0xb0 [ 27.046822] print_report+0xd1/0x650 [ 27.046857] ? __virt_addr_valid+0x1db/0x2d0 [ 27.046889] ? strcmp+0xb0/0xc0 [ 27.046913] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.046944] ? strcmp+0xb0/0xc0 [ 27.046968] kasan_report+0x141/0x180 [ 27.046995] ? strcmp+0xb0/0xc0 [ 27.047024] __asan_report_load1_noabort+0x18/0x20 [ 27.047052] strcmp+0xb0/0xc0 [ 27.047076] kasan_strings+0x431/0xe80 [ 27.047100] ? trace_hardirqs_on+0x37/0xe0 [ 27.047128] ? __pfx_kasan_strings+0x10/0x10 [ 27.047200] ? finish_task_switch.isra.0+0x153/0x700 [ 27.047232] ? __switch_to+0x47/0xf50 [ 27.047265] ? __schedule+0x10cc/0x2b60 [ 27.047294] ? __pfx_read_tsc+0x10/0x10 [ 27.047321] ? ktime_get_ts64+0x86/0x230 [ 27.047352] kunit_try_run_case+0x1a5/0x480 [ 27.047385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.047428] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.047457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.047486] ? __kthread_parkme+0x82/0x180 [ 27.047512] ? preempt_count_sub+0x50/0x80 [ 27.047539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.047569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.047597] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.047626] kthread+0x337/0x6f0 [ 27.047650] ? trace_preempt_on+0x20/0xc0 [ 27.047675] ? __pfx_kthread+0x10/0x10 [ 27.047700] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.047726] ? calculate_sigpending+0x7b/0xa0 [ 27.047755] ? __pfx_kthread+0x10/0x10 [ 27.047780] ret_from_fork+0x116/0x1d0 [ 27.047804] ? __pfx_kthread+0x10/0x10 [ 27.047829] ret_from_fork_asm+0x1a/0x30 [ 27.047866] </TASK> [ 27.047881] [ 27.056418] Allocated by task 308: [ 27.056847] kasan_save_stack+0x45/0x70 [ 27.057026] kasan_save_track+0x18/0x40 [ 27.057386] kasan_save_alloc_info+0x3b/0x50 [ 27.057652] __kasan_kmalloc+0xb7/0xc0 [ 27.057882] __kmalloc_cache_noprof+0x189/0x420 [ 27.058137] kasan_strings+0xc0/0xe80 [ 27.058344] kunit_try_run_case+0x1a5/0x480 [ 27.058736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.059072] kthread+0x337/0x6f0 [ 27.059207] ret_from_fork+0x116/0x1d0 [ 27.059355] ret_from_fork_asm+0x1a/0x30 [ 27.059528] [ 27.059609] Freed by task 308: [ 27.059733] kasan_save_stack+0x45/0x70 [ 27.059881] kasan_save_track+0x18/0x40 [ 27.060029] kasan_save_free_info+0x3f/0x60 [ 27.060189] __kasan_slab_free+0x56/0x70 [ 27.060346] kfree+0x222/0x3f0 [ 27.060531] kasan_strings+0x2aa/0xe80 [ 27.060738] kunit_try_run_case+0x1a5/0x480 [ 27.060968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.061415] kthread+0x337/0x6f0 [ 27.061617] ret_from_fork+0x116/0x1d0 [ 27.061824] ret_from_fork_asm+0x1a/0x30 [ 27.062094] [ 27.062232] The buggy address belongs to the object at ffff888105abca80 [ 27.062232] which belongs to the cache kmalloc-32 of size 32 [ 27.062783] The buggy address is located 16 bytes inside of [ 27.062783] freed 32-byte region [ffff888105abca80, ffff888105abcaa0) [ 27.063515] [ 27.063624] The buggy address belongs to the physical page: [ 27.063896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 27.064404] flags: 0x200000000000000(node=0|zone=2) [ 27.064606] page_type: f5(slab) [ 27.064746] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.065013] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.065384] page dumped because: kasan: bad access detected [ 27.065659] [ 27.066159] Memory state around the buggy address: [ 27.066458] ffff888105abc980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.066818] ffff888105abca00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.067182] >ffff888105abca80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.067575] ^ [ 27.067748] ffff888105abcb00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.068094] ffff888105abcb80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.068505] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 27.003072] ================================================================== [ 27.004019] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 27.004664] Read of size 1 at addr ffff888105abc998 by task kunit_try_catch/306 [ 27.005128] [ 27.005541] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 27.005749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.005766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.005794] Call Trace: [ 27.005809] <TASK> [ 27.005832] dump_stack_lvl+0x73/0xb0 [ 27.005888] print_report+0xd1/0x650 [ 27.005917] ? __virt_addr_valid+0x1db/0x2d0 [ 27.005945] ? memcmp+0x1b4/0x1d0 [ 27.005967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.005995] ? memcmp+0x1b4/0x1d0 [ 27.006017] kasan_report+0x141/0x180 [ 27.006040] ? memcmp+0x1b4/0x1d0 [ 27.006066] __asan_report_load1_noabort+0x18/0x20 [ 27.006092] memcmp+0x1b4/0x1d0 [ 27.006116] kasan_memcmp+0x18f/0x390 [ 27.006155] ? trace_hardirqs_on+0x37/0xe0 [ 27.006183] ? __pfx_kasan_memcmp+0x10/0x10 [ 27.006205] ? finish_task_switch.isra.0+0x153/0x700 [ 27.006230] ? __switch_to+0x47/0xf50 [ 27.006262] ? __pfx_read_tsc+0x10/0x10 [ 27.006287] ? ktime_get_ts64+0x86/0x230 [ 27.006314] kunit_try_run_case+0x1a5/0x480 [ 27.006344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.006369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.006407] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.006433] ? __kthread_parkme+0x82/0x180 [ 27.006457] ? preempt_count_sub+0x50/0x80 [ 27.006482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.006509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.006536] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.006562] kthread+0x337/0x6f0 [ 27.006584] ? trace_preempt_on+0x20/0xc0 [ 27.006607] ? __pfx_kthread+0x10/0x10 [ 27.006630] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.006654] ? calculate_sigpending+0x7b/0xa0 [ 27.006681] ? __pfx_kthread+0x10/0x10 [ 27.006704] ret_from_fork+0x116/0x1d0 [ 27.006726] ? __pfx_kthread+0x10/0x10 [ 27.006749] ret_from_fork_asm+0x1a/0x30 [ 27.006783] </TASK> [ 27.006797] [ 27.023027] Allocated by task 306: [ 27.023769] kasan_save_stack+0x45/0x70 [ 27.024334] kasan_save_track+0x18/0x40 [ 27.024846] kasan_save_alloc_info+0x3b/0x50 [ 27.025247] __kasan_kmalloc+0xb7/0xc0 [ 27.025474] __kmalloc_cache_noprof+0x189/0x420 [ 27.026050] kasan_memcmp+0xb7/0x390 [ 27.026220] kunit_try_run_case+0x1a5/0x480 [ 27.026798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.027608] kthread+0x337/0x6f0 [ 27.027815] ret_from_fork+0x116/0x1d0 [ 27.028001] ret_from_fork_asm+0x1a/0x30 [ 27.028432] [ 27.028630] The buggy address belongs to the object at ffff888105abc980 [ 27.028630] which belongs to the cache kmalloc-32 of size 32 [ 27.030098] The buggy address is located 0 bytes to the right of [ 27.030098] allocated 24-byte region [ffff888105abc980, ffff888105abc998) [ 27.030536] [ 27.030618] The buggy address belongs to the physical page: [ 27.030811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 27.031161] flags: 0x200000000000000(node=0|zone=2) [ 27.031656] page_type: f5(slab) [ 27.031845] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.032309] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.032705] page dumped because: kasan: bad access detected [ 27.032894] [ 27.032967] Memory state around the buggy address: [ 27.033416] ffff888105abc880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.033800] ffff888105abc900: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.034102] >ffff888105abc980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.034563] ^ [ 27.034741] ffff888105abca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.035225] ffff888105abca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.035613] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 26.973513] ================================================================== [ 26.974009] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 26.974612] Read of size 1 at addr ffff88810622fc4a by task kunit_try_catch/302 [ 26.975256] [ 26.975410] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.975472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.975487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.975513] Call Trace: [ 26.975529] <TASK> [ 26.975553] dump_stack_lvl+0x73/0xb0 [ 26.975588] print_report+0xd1/0x650 [ 26.975614] ? __virt_addr_valid+0x1db/0x2d0 [ 26.975643] ? kasan_alloca_oob_right+0x329/0x390 [ 26.975667] ? kasan_addr_to_slab+0x11/0xa0 [ 26.975695] ? kasan_alloca_oob_right+0x329/0x390 [ 26.975719] kasan_report+0x141/0x180 [ 26.975743] ? kasan_alloca_oob_right+0x329/0x390 [ 26.975773] __asan_report_load1_noabort+0x18/0x20 [ 26.975800] kasan_alloca_oob_right+0x329/0x390 [ 26.975825] ? finish_task_switch.isra.0+0x153/0x700 [ 26.975851] ? try_to_take_rt_mutex+0xfde/0xff0 [ 26.975877] ? trace_hardirqs_on+0x37/0xe0 [ 26.975906] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 26.975934] ? __schedule+0x10cc/0x2b60 [ 26.975960] ? __pfx_read_tsc+0x10/0x10 [ 26.975986] ? ktime_get_ts64+0x86/0x230 [ 26.976014] kunit_try_run_case+0x1a5/0x480 [ 26.976043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.976070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.976096] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.976124] ? __kthread_parkme+0x82/0x180 [ 26.976147] ? preempt_count_sub+0x50/0x80 [ 26.976172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.976199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.976232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.976259] kthread+0x337/0x6f0 [ 26.976281] ? trace_preempt_on+0x20/0xc0 [ 26.976304] ? __pfx_kthread+0x10/0x10 [ 26.976328] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.976352] ? calculate_sigpending+0x7b/0xa0 [ 26.976379] ? __pfx_kthread+0x10/0x10 [ 26.976413] ret_from_fork+0x116/0x1d0 [ 26.976435] ? __pfx_kthread+0x10/0x10 [ 26.976457] ret_from_fork_asm+0x1a/0x30 [ 26.976492] </TASK> [ 26.976506] [ 26.987902] The buggy address belongs to stack of task kunit_try_catch/302 [ 26.988261] [ 26.988681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622f [ 26.989022] flags: 0x200000000000000(node=0|zone=2) [ 26.989210] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.989773] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.990313] page dumped because: kasan: bad access detected [ 26.990532] [ 26.990603] Memory state around the buggy address: [ 26.990846] ffff88810622fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.991146] ffff88810622fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.991368] >ffff88810622fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.991939] ^ [ 26.992126] ffff88810622fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 26.992358] ffff88810622fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.993004] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 26.948613] ================================================================== [ 26.949521] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 26.950379] Read of size 1 at addr ffff88810613fc3f by task kunit_try_catch/300 [ 26.950779] [ 26.950877] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.950936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.950951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.950977] Call Trace: [ 26.950993] <TASK> [ 26.951016] dump_stack_lvl+0x73/0xb0 [ 26.951050] print_report+0xd1/0x650 [ 26.951075] ? __virt_addr_valid+0x1db/0x2d0 [ 26.951103] ? kasan_alloca_oob_left+0x320/0x380 [ 26.951126] ? kasan_addr_to_slab+0x11/0xa0 [ 26.951153] ? kasan_alloca_oob_left+0x320/0x380 [ 26.951177] kasan_report+0x141/0x180 [ 26.951200] ? kasan_alloca_oob_left+0x320/0x380 [ 26.951229] __asan_report_load1_noabort+0x18/0x20 [ 26.951254] kasan_alloca_oob_left+0x320/0x380 [ 26.951277] ? __kasan_check_write+0x18/0x20 [ 26.951303] ? finish_task_switch.isra.0+0x153/0x700 [ 26.951329] ? try_to_take_rt_mutex+0xfde/0xff0 [ 26.951354] ? trace_hardirqs_on+0x37/0xe0 [ 26.951383] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 26.951420] ? __schedule+0x10cc/0x2b60 [ 26.951446] ? __pfx_read_tsc+0x10/0x10 [ 26.951470] ? ktime_get_ts64+0x86/0x230 [ 26.951498] kunit_try_run_case+0x1a5/0x480 [ 26.951528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.951553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.951579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.951605] ? __kthread_parkme+0x82/0x180 [ 26.951640] ? preempt_count_sub+0x50/0x80 [ 26.951684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.951711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.951737] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.951764] kthread+0x337/0x6f0 [ 26.951786] ? trace_preempt_on+0x20/0xc0 [ 26.951808] ? __pfx_kthread+0x10/0x10 [ 26.951830] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.951854] ? calculate_sigpending+0x7b/0xa0 [ 26.951880] ? __pfx_kthread+0x10/0x10 [ 26.951904] ret_from_fork+0x116/0x1d0 [ 26.951924] ? __pfx_kthread+0x10/0x10 [ 26.951945] ret_from_fork_asm+0x1a/0x30 [ 26.951980] </TASK> [ 26.951993] [ 26.962605] The buggy address belongs to stack of task kunit_try_catch/300 [ 26.963295] [ 26.963388] The buggy address belongs to the physical page: [ 26.963588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613f [ 26.963929] flags: 0x200000000000000(node=0|zone=2) [ 26.964434] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.964804] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.965330] page dumped because: kasan: bad access detected [ 26.965539] [ 26.965610] Memory state around the buggy address: [ 26.965850] ffff88810613fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.966217] ffff88810613fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.966483] >ffff88810613fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.966789] ^ [ 26.967028] ffff88810613fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 26.967456] ffff88810613fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.967872] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 26.885731] ================================================================== [ 26.886261] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 26.887090] Read of size 1 at addr ffffffffae2b3ecd by task kunit_try_catch/294 [ 26.887640] [ 26.887787] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.887852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.887869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.887896] Call Trace: [ 26.887912] <TASK> [ 26.887936] dump_stack_lvl+0x73/0xb0 [ 26.887971] print_report+0xd1/0x650 [ 26.887997] ? __virt_addr_valid+0x1db/0x2d0 [ 26.888026] ? kasan_global_oob_right+0x286/0x2d0 [ 26.888054] ? kasan_addr_to_slab+0x11/0xa0 [ 26.888082] ? kasan_global_oob_right+0x286/0x2d0 [ 26.888111] kasan_report+0x141/0x180 [ 26.888136] ? kasan_global_oob_right+0x286/0x2d0 [ 26.888186] __asan_report_load1_noabort+0x18/0x20 [ 26.888213] kasan_global_oob_right+0x286/0x2d0 [ 26.888249] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 26.888280] ? __schedule+0x10cc/0x2b60 [ 26.888308] ? __pfx_read_tsc+0x10/0x10 [ 26.888334] ? ktime_get_ts64+0x86/0x230 [ 26.888365] kunit_try_run_case+0x1a5/0x480 [ 26.888410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.888437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.888465] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.888492] ? __kthread_parkme+0x82/0x180 [ 26.888517] ? preempt_count_sub+0x50/0x80 [ 26.888543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.888570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.888598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.888626] kthread+0x337/0x6f0 [ 26.888648] ? trace_preempt_on+0x20/0xc0 [ 26.888676] ? __pfx_kthread+0x10/0x10 [ 26.888700] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.888725] ? calculate_sigpending+0x7b/0xa0 [ 26.888752] ? __pfx_kthread+0x10/0x10 [ 26.888777] ret_from_fork+0x116/0x1d0 [ 26.888798] ? __pfx_kthread+0x10/0x10 [ 26.888821] ret_from_fork_asm+0x1a/0x30 [ 26.888857] </TASK> [ 26.888872] [ 26.902847] The buggy address belongs to the variable: [ 26.903068] global_array+0xd/0x40 [ 26.903237] [ 26.903329] The buggy address belongs to the physical page: [ 26.903530] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1332b3 [ 26.903873] flags: 0x200000000002000(reserved|node=0|zone=2) [ 26.904139] raw: 0200000000002000 ffffea0004ccacc8 ffffea0004ccacc8 0000000000000000 [ 26.904564] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.904931] page dumped because: kasan: bad access detected [ 26.905118] [ 26.905188] Memory state around the buggy address: [ 26.905560] ffffffffae2b3d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.906023] ffffffffae2b3e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.906503] >ffffffffae2b3e80: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 26.907236] ^ [ 26.907468] ffffffffae2b3f00: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 26.907832] ffffffffae2b3f80: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 26.908146] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 26.844794] ================================================================== [ 26.846224] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.847287] Free of addr ffff8881062d8001 by task kunit_try_catch/292 [ 26.847886] [ 26.848084] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.848150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.848165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.848194] Call Trace: [ 26.848210] <TASK> [ 26.848237] dump_stack_lvl+0x73/0xb0 [ 26.848270] print_report+0xd1/0x650 [ 26.848296] ? __virt_addr_valid+0x1db/0x2d0 [ 26.848327] ? kasan_addr_to_slab+0x11/0xa0 [ 26.848354] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848384] kasan_report_invalid_free+0x10a/0x130 [ 26.848427] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848460] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848489] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.848517] mempool_free+0x2ec/0x380 [ 26.848548] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.848587] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.848617] ? __kasan_check_write+0x18/0x20 [ 26.848643] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.848670] ? finish_task_switch.isra.0+0x153/0x700 [ 26.848701] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 26.848730] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.848760] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.848787] ? __pfx_mempool_kfree+0x10/0x10 [ 26.848814] ? __pfx_read_tsc+0x10/0x10 [ 26.848839] ? ktime_get_ts64+0x86/0x230 [ 26.848868] kunit_try_run_case+0x1a5/0x480 [ 26.848909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.848938] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.848968] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.848997] ? __kthread_parkme+0x82/0x180 [ 26.849021] ? preempt_count_sub+0x50/0x80 [ 26.849046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.849075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.849104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.849134] kthread+0x337/0x6f0 [ 26.849156] ? trace_preempt_on+0x20/0xc0 [ 26.849184] ? __pfx_kthread+0x10/0x10 [ 26.849207] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.849233] ? calculate_sigpending+0x7b/0xa0 [ 26.849262] ? __pfx_kthread+0x10/0x10 [ 26.849286] ret_from_fork+0x116/0x1d0 [ 26.849308] ? __pfx_kthread+0x10/0x10 [ 26.849332] ret_from_fork_asm+0x1a/0x30 [ 26.849368] </TASK> [ 26.849382] [ 26.865608] The buggy address belongs to the physical page: [ 26.865847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d8 [ 26.866124] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.866376] flags: 0x200000000000040(head|node=0|zone=2) [ 26.867675] page_type: f8(unknown) [ 26.867831] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.868116] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.868481] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.869259] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.870029] head: 0200000000000002 ffffea000418b601 00000000ffffffff 00000000ffffffff [ 26.871724] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.872610] page dumped because: kasan: bad access detected [ 26.873506] [ 26.873628] Memory state around the buggy address: [ 26.874315] ffff8881062d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.874858] ffff8881062d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.875776] >ffff8881062d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.876666] ^ [ 26.876846] ffff8881062d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.877642] ffff8881062d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.878460] ================================================================== [ 26.805679] ================================================================== [ 26.806324] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807008] Free of addr ffff888106258601 by task kunit_try_catch/290 [ 26.807483] [ 26.807607] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.807722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.807736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.807763] Call Trace: [ 26.807779] <TASK> [ 26.807802] dump_stack_lvl+0x73/0xb0 [ 26.807837] print_report+0xd1/0x650 [ 26.807862] ? __virt_addr_valid+0x1db/0x2d0 [ 26.807890] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.807918] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807974] kasan_report_invalid_free+0x10a/0x130 [ 26.808001] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808029] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808084] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808110] check_slab_allocation+0x11f/0x130 [ 26.808139] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.808164] mempool_free+0x2ec/0x380 [ 26.808195] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.808226] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.808252] ? update_load_avg+0x1be/0x21b0 [ 26.808280] ? dequeue_entities+0x27e/0x1740 [ 26.808308] ? finish_task_switch.isra.0+0x153/0x700 [ 26.808337] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.808362] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.808401] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.808425] ? __pfx_mempool_kfree+0x10/0x10 [ 26.808451] ? __pfx_read_tsc+0x10/0x10 [ 26.808476] ? ktime_get_ts64+0x86/0x230 [ 26.808503] kunit_try_run_case+0x1a5/0x480 [ 26.808533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.808558] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.808586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.808612] ? __kthread_parkme+0x82/0x180 [ 26.808635] ? preempt_count_sub+0x50/0x80 [ 26.808659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.808686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.808712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.808738] kthread+0x337/0x6f0 [ 26.808759] ? trace_preempt_on+0x20/0xc0 [ 26.808786] ? __pfx_kthread+0x10/0x10 [ 26.808808] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.808831] ? calculate_sigpending+0x7b/0xa0 [ 26.808858] ? __pfx_kthread+0x10/0x10 [ 26.808896] ret_from_fork+0x116/0x1d0 [ 26.808917] ? __pfx_kthread+0x10/0x10 [ 26.808939] ret_from_fork_asm+0x1a/0x30 [ 26.808973] </TASK> [ 26.808987] [ 26.823812] Allocated by task 290: [ 26.824386] kasan_save_stack+0x45/0x70 [ 26.824854] kasan_save_track+0x18/0x40 [ 26.825325] kasan_save_alloc_info+0x3b/0x50 [ 26.825986] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.826199] remove_element+0x11e/0x190 [ 26.826346] mempool_alloc_preallocated+0x4d/0x90 [ 26.827104] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 26.827881] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.828399] kunit_try_run_case+0x1a5/0x480 [ 26.829203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.829595] kthread+0x337/0x6f0 [ 26.829744] ret_from_fork+0x116/0x1d0 [ 26.830116] ret_from_fork_asm+0x1a/0x30 [ 26.830693] [ 26.831057] The buggy address belongs to the object at ffff888106258600 [ 26.831057] which belongs to the cache kmalloc-128 of size 128 [ 26.832759] The buggy address is located 1 bytes inside of [ 26.832759] 128-byte region [ffff888106258600, ffff888106258680) [ 26.833942] [ 26.834592] The buggy address belongs to the physical page: [ 26.834817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 26.835231] flags: 0x200000000000000(node=0|zone=2) [ 26.835569] page_type: f5(slab) [ 26.835712] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.836109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.837025] page dumped because: kasan: bad access detected [ 26.837606] [ 26.837772] Memory state around the buggy address: [ 26.838282] ffff888106258500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.839177] ffff888106258580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.839728] >ffff888106258600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.839970] ^ [ 26.840094] ffff888106258680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.840336] ffff888106258700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.840581] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 26.773931] ================================================================== [ 26.775093] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.776190] Free of addr ffff8881062d8000 by task kunit_try_catch/288 [ 26.776948] [ 26.777070] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.777133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.777300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.777336] Call Trace: [ 26.777355] <TASK> [ 26.777379] dump_stack_lvl+0x73/0xb0 [ 26.777467] print_report+0xd1/0x650 [ 26.777495] ? __virt_addr_valid+0x1db/0x2d0 [ 26.777523] ? kasan_addr_to_slab+0x11/0xa0 [ 26.777551] ? mempool_double_free_helper+0x184/0x370 [ 26.777578] kasan_report_invalid_free+0x10a/0x130 [ 26.777605] ? mempool_double_free_helper+0x184/0x370 [ 26.777633] ? mempool_double_free_helper+0x184/0x370 [ 26.777659] __kasan_mempool_poison_pages+0x115/0x130 [ 26.777685] mempool_free+0x290/0x380 [ 26.777716] mempool_double_free_helper+0x184/0x370 [ 26.777742] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.777768] ? __kasan_check_write+0x18/0x20 [ 26.777794] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.777818] ? finish_task_switch.isra.0+0x153/0x700 [ 26.777848] mempool_page_alloc_double_free+0xe8/0x140 [ 26.777875] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 26.777907] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.777932] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.777960] ? __pfx_read_tsc+0x10/0x10 [ 26.777984] ? ktime_get_ts64+0x86/0x230 [ 26.778013] kunit_try_run_case+0x1a5/0x480 [ 26.778043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.778068] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.778096] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.778123] ? __kthread_parkme+0x82/0x180 [ 26.778155] ? preempt_count_sub+0x50/0x80 [ 26.778180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.778207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.778234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.778261] kthread+0x337/0x6f0 [ 26.778283] ? trace_preempt_on+0x20/0xc0 [ 26.778309] ? __pfx_kthread+0x10/0x10 [ 26.778333] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.778358] ? calculate_sigpending+0x7b/0xa0 [ 26.778385] ? __pfx_kthread+0x10/0x10 [ 26.778421] ret_from_fork+0x116/0x1d0 [ 26.778443] ? __pfx_kthread+0x10/0x10 [ 26.778465] ret_from_fork_asm+0x1a/0x30 [ 26.778501] </TASK> [ 26.778515] [ 26.795649] The buggy address belongs to the physical page: [ 26.795966] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d8 [ 26.796443] flags: 0x200000000000000(node=0|zone=2) [ 26.796645] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.797107] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.797441] page dumped because: kasan: bad access detected [ 26.797774] [ 26.798082] Memory state around the buggy address: [ 26.798814] ffff8881062d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.799382] ffff8881062d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.799835] >ffff8881062d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.800333] ^ [ 26.800540] ffff8881062d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.801091] ffff8881062d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.801597] ================================================================== [ 26.703749] ================================================================== [ 26.704332] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.704758] Free of addr ffff888105aaca00 by task kunit_try_catch/284 [ 26.705173] [ 26.705281] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.705341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.705356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.705384] Call Trace: [ 26.705471] <TASK> [ 26.705496] dump_stack_lvl+0x73/0xb0 [ 26.705532] print_report+0xd1/0x650 [ 26.705558] ? __virt_addr_valid+0x1db/0x2d0 [ 26.705588] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.705618] ? mempool_double_free_helper+0x184/0x370 [ 26.705644] kasan_report_invalid_free+0x10a/0x130 [ 26.705671] ? mempool_double_free_helper+0x184/0x370 [ 26.705699] ? mempool_double_free_helper+0x184/0x370 [ 26.705724] ? mempool_double_free_helper+0x184/0x370 [ 26.705749] check_slab_allocation+0x101/0x130 [ 26.705778] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.705805] mempool_free+0x2ec/0x380 [ 26.705836] mempool_double_free_helper+0x184/0x370 [ 26.705861] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.705889] ? __kasan_check_write+0x18/0x20 [ 26.705914] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.705939] ? finish_task_switch.isra.0+0x153/0x700 [ 26.705968] mempool_kmalloc_double_free+0xed/0x140 [ 26.705993] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 26.706022] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.706047] ? __pfx_mempool_kfree+0x10/0x10 [ 26.706072] ? irqentry_exit+0x2a/0x60 [ 26.706099] ? __pfx_read_tsc+0x10/0x10 [ 26.706125] ? ktime_get_ts64+0x86/0x230 [ 26.706189] kunit_try_run_case+0x1a5/0x480 [ 26.706221] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.706250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.706277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.706310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.706339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.706367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.706405] kthread+0x337/0x6f0 [ 26.706428] ? trace_preempt_on+0x20/0xc0 [ 26.706455] ? __pfx_kthread+0x10/0x10 [ 26.706478] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.706504] ? calculate_sigpending+0x7b/0xa0 [ 26.706532] ? __pfx_kthread+0x10/0x10 [ 26.706556] ret_from_fork+0x116/0x1d0 [ 26.706577] ? __pfx_kthread+0x10/0x10 [ 26.706600] ret_from_fork_asm+0x1a/0x30 [ 26.706635] </TASK> [ 26.706649] [ 26.716813] Allocated by task 284: [ 26.716961] kasan_save_stack+0x45/0x70 [ 26.717401] kasan_save_track+0x18/0x40 [ 26.717618] kasan_save_alloc_info+0x3b/0x50 [ 26.717837] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.718761] remove_element+0x11e/0x190 [ 26.719441] mempool_alloc_preallocated+0x4d/0x90 [ 26.720214] mempool_double_free_helper+0x8a/0x370 [ 26.720486] mempool_kmalloc_double_free+0xed/0x140 [ 26.720717] kunit_try_run_case+0x1a5/0x480 [ 26.721023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.721268] kthread+0x337/0x6f0 [ 26.721467] ret_from_fork+0x116/0x1d0 [ 26.721673] ret_from_fork_asm+0x1a/0x30 [ 26.721841] [ 26.721928] Freed by task 284: [ 26.722408] kasan_save_stack+0x45/0x70 [ 26.722595] kasan_save_track+0x18/0x40 [ 26.722771] kasan_save_free_info+0x3f/0x60 [ 26.723102] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.723294] mempool_free+0x2ec/0x380 [ 26.723580] mempool_double_free_helper+0x109/0x370 [ 26.723800] mempool_kmalloc_double_free+0xed/0x140 [ 26.724613] kunit_try_run_case+0x1a5/0x480 [ 26.724804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.725016] kthread+0x337/0x6f0 [ 26.725143] ret_from_fork+0x116/0x1d0 [ 26.725565] ret_from_fork_asm+0x1a/0x30 [ 26.725990] [ 26.726250] The buggy address belongs to the object at ffff888105aaca00 [ 26.726250] which belongs to the cache kmalloc-128 of size 128 [ 26.726827] The buggy address is located 0 bytes inside of [ 26.726827] 128-byte region [ffff888105aaca00, ffff888105aaca80) [ 26.727826] [ 26.728054] The buggy address belongs to the physical page: [ 26.728629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 26.729362] flags: 0x200000000000000(node=0|zone=2) [ 26.729562] page_type: f5(slab) [ 26.729693] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.729982] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.730403] page dumped because: kasan: bad access detected [ 26.730616] [ 26.730694] Memory state around the buggy address: [ 26.731079] ffff888105aac900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.731360] ffff888105aac980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.731856] >ffff888105aaca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.732081] ^ [ 26.732453] ffff888105aaca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.732814] ffff888105aacb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.733051] ================================================================== [ 26.736556] ================================================================== [ 26.737124] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.737380] Free of addr ffff888106268000 by task kunit_try_catch/286 [ 26.737704] [ 26.737830] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.737889] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.737903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.738059] Call Trace: [ 26.738115] <TASK> [ 26.738173] dump_stack_lvl+0x73/0xb0 [ 26.738208] print_report+0xd1/0x650 [ 26.738247] ? __virt_addr_valid+0x1db/0x2d0 [ 26.738276] ? kasan_addr_to_slab+0x11/0xa0 [ 26.738303] ? mempool_double_free_helper+0x184/0x370 [ 26.738330] kasan_report_invalid_free+0x10a/0x130 [ 26.738356] ? mempool_double_free_helper+0x184/0x370 [ 26.738386] ? mempool_double_free_helper+0x184/0x370 [ 26.738421] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 26.738448] mempool_free+0x2ec/0x380 [ 26.738476] mempool_double_free_helper+0x184/0x370 [ 26.738502] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.738526] ? update_load_avg+0x1be/0x21b0 [ 26.738553] ? dequeue_entities+0x27e/0x1740 [ 26.738580] ? finish_task_switch.isra.0+0x153/0x700 [ 26.738609] mempool_kmalloc_large_double_free+0xed/0x140 [ 26.738637] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 26.738667] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.738691] ? __pfx_mempool_kfree+0x10/0x10 [ 26.738719] ? __pfx_read_tsc+0x10/0x10 [ 26.738777] ? ktime_get_ts64+0x86/0x230 [ 26.738805] kunit_try_run_case+0x1a5/0x480 [ 26.738834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.738938] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.738979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.739007] ? __kthread_parkme+0x82/0x180 [ 26.739030] ? preempt_count_sub+0x50/0x80 [ 26.739057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.739084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.739112] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.739157] kthread+0x337/0x6f0 [ 26.739180] ? trace_preempt_on+0x20/0xc0 [ 26.739206] ? __pfx_kthread+0x10/0x10 [ 26.739229] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.739254] ? calculate_sigpending+0x7b/0xa0 [ 26.739281] ? __pfx_kthread+0x10/0x10 [ 26.739304] ret_from_fork+0x116/0x1d0 [ 26.739325] ? __pfx_kthread+0x10/0x10 [ 26.739349] ret_from_fork_asm+0x1a/0x30 [ 26.739383] </TASK> [ 26.739410] [ 26.758051] The buggy address belongs to the physical page: [ 26.758537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106268 [ 26.759373] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.759968] flags: 0x200000000000040(head|node=0|zone=2) [ 26.760270] page_type: f8(unknown) [ 26.760711] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.761571] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.762240] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.762508] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.762760] head: 0200000000000002 ffffea0004189a01 00000000ffffffff 00000000ffffffff [ 26.763384] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.764228] page dumped because: kasan: bad access detected [ 26.764790] [ 26.765009] Memory state around the buggy address: [ 26.765530] ffff888106267f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.766274] ffff888106267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.766979] >ffff888106268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.767793] ^ [ 26.768100] ffff888106268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.768690] ffff888106268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.769278] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 26.585767] ================================================================== [ 26.586499] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.586840] Read of size 1 at addr ffff888106268000 by task kunit_try_catch/278 [ 26.587421] [ 26.587638] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.587703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.587718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.587746] Call Trace: [ 26.587765] <TASK> [ 26.587788] dump_stack_lvl+0x73/0xb0 [ 26.587824] print_report+0xd1/0x650 [ 26.588060] ? __virt_addr_valid+0x1db/0x2d0 [ 26.588101] ? mempool_uaf_helper+0x392/0x400 [ 26.588128] ? kasan_addr_to_slab+0x11/0xa0 [ 26.588160] ? mempool_uaf_helper+0x392/0x400 [ 26.588198] kasan_report+0x141/0x180 [ 26.588233] ? mempool_uaf_helper+0x392/0x400 [ 26.588266] __asan_report_load1_noabort+0x18/0x20 [ 26.588294] mempool_uaf_helper+0x392/0x400 [ 26.588320] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.588350] ? finish_task_switch.isra.0+0x153/0x700 [ 26.588382] mempool_kmalloc_large_uaf+0xef/0x140 [ 26.588422] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 26.588452] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.588479] ? __pfx_mempool_kfree+0x10/0x10 [ 26.588508] ? __pfx_read_tsc+0x10/0x10 [ 26.588533] ? ktime_get_ts64+0x86/0x230 [ 26.588565] kunit_try_run_case+0x1a5/0x480 [ 26.588596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.588623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.588653] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.588682] ? __kthread_parkme+0x82/0x180 [ 26.588707] ? preempt_count_sub+0x50/0x80 [ 26.588734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.588764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.588793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.588822] kthread+0x337/0x6f0 [ 26.588845] ? trace_preempt_on+0x20/0xc0 [ 26.588874] ? __pfx_kthread+0x10/0x10 [ 26.588898] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.588924] ? calculate_sigpending+0x7b/0xa0 [ 26.588953] ? __pfx_kthread+0x10/0x10 [ 26.588978] ret_from_fork+0x116/0x1d0 [ 26.589000] ? __pfx_kthread+0x10/0x10 [ 26.589026] ret_from_fork_asm+0x1a/0x30 [ 26.589062] </TASK> [ 26.589078] [ 26.602747] The buggy address belongs to the physical page: [ 26.603007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106268 [ 26.603379] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.604465] flags: 0x200000000000040(head|node=0|zone=2) [ 26.604730] page_type: f8(unknown) [ 26.604951] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.605588] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.606010] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.606403] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.607323] head: 0200000000000002 ffffea0004189a01 00000000ffffffff 00000000ffffffff [ 26.607666] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.608073] page dumped because: kasan: bad access detected [ 26.608587] [ 26.608703] Memory state around the buggy address: [ 26.608897] ffff888106267f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.609232] ffff888106267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.609686] >ffff888106268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.610102] ^ [ 26.610289] ffff888106268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.610698] ffff888106268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.611173] ================================================================== [ 26.670666] ================================================================== [ 26.671657] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.672670] Read of size 1 at addr ffff888106268000 by task kunit_try_catch/282 [ 26.673283] [ 26.673546] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.673611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.673627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.673654] Call Trace: [ 26.673671] <TASK> [ 26.673695] dump_stack_lvl+0x73/0xb0 [ 26.673729] print_report+0xd1/0x650 [ 26.673755] ? __virt_addr_valid+0x1db/0x2d0 [ 26.673783] ? mempool_uaf_helper+0x392/0x400 [ 26.673808] ? kasan_addr_to_slab+0x11/0xa0 [ 26.673836] ? mempool_uaf_helper+0x392/0x400 [ 26.673861] kasan_report+0x141/0x180 [ 26.673885] ? mempool_uaf_helper+0x392/0x400 [ 26.673914] __asan_report_load1_noabort+0x18/0x20 [ 26.673956] mempool_uaf_helper+0x392/0x400 [ 26.673980] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.674013] ? __kasan_check_write+0x18/0x20 [ 26.674040] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.674064] ? irqentry_exit+0x2a/0x60 [ 26.674090] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.674121] mempool_page_alloc_uaf+0xed/0x140 [ 26.674147] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.674175] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.674202] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.674229] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.674256] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.674285] kunit_try_run_case+0x1a5/0x480 [ 26.674314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.674341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.674368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.674404] ? __kthread_parkme+0x82/0x180 [ 26.674428] ? preempt_count_sub+0x50/0x80 [ 26.674454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.674482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.674509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.674536] kthread+0x337/0x6f0 [ 26.674559] ? trace_preempt_on+0x20/0xc0 [ 26.674584] ? __pfx_kthread+0x10/0x10 [ 26.674608] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.674632] ? calculate_sigpending+0x7b/0xa0 [ 26.674660] ? __pfx_kthread+0x10/0x10 [ 26.674683] ret_from_fork+0x116/0x1d0 [ 26.674706] ? __pfx_kthread+0x10/0x10 [ 26.674729] ret_from_fork_asm+0x1a/0x30 [ 26.674765] </TASK> [ 26.674778] [ 26.690528] The buggy address belongs to the physical page: [ 26.691406] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106268 [ 26.692040] flags: 0x200000000000000(node=0|zone=2) [ 26.692589] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.693642] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.694472] page dumped because: kasan: bad access detected [ 26.694977] [ 26.695237] Memory state around the buggy address: [ 26.695753] ffff888106267f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.696456] ffff888106267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.697126] >ffff888106268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.697738] ^ [ 26.698129] ffff888106268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.698674] ffff888106268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.699371] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 26.616647] ================================================================== [ 26.617998] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.618424] Read of size 1 at addr ffff888105abc240 by task kunit_try_catch/280 [ 26.619743] [ 26.620094] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.620163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.620180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.620209] Call Trace: [ 26.620234] <TASK> [ 26.620364] dump_stack_lvl+0x73/0xb0 [ 26.620425] print_report+0xd1/0x650 [ 26.620454] ? __virt_addr_valid+0x1db/0x2d0 [ 26.620484] ? mempool_uaf_helper+0x392/0x400 [ 26.620508] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.620539] ? mempool_uaf_helper+0x392/0x400 [ 26.620565] kasan_report+0x141/0x180 [ 26.620590] ? mempool_uaf_helper+0x392/0x400 [ 26.620620] __asan_report_load1_noabort+0x18/0x20 [ 26.620648] mempool_uaf_helper+0x392/0x400 [ 26.620674] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.620704] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.620732] ? finish_task_switch.isra.0+0x153/0x700 [ 26.620765] mempool_slab_uaf+0xea/0x140 [ 26.620792] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 26.620821] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.620850] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.620879] ? __pfx_read_tsc+0x10/0x10 [ 26.620906] ? ktime_get_ts64+0x86/0x230 [ 26.620936] kunit_try_run_case+0x1a5/0x480 [ 26.620968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.620995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.621025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.621054] ? __kthread_parkme+0x82/0x180 [ 26.621078] ? preempt_count_sub+0x50/0x80 [ 26.621104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.621133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.621160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.621191] kthread+0x337/0x6f0 [ 26.621213] ? trace_preempt_on+0x20/0xc0 [ 26.621242] ? __pfx_kthread+0x10/0x10 [ 26.621265] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.621291] ? calculate_sigpending+0x7b/0xa0 [ 26.621320] ? __pfx_kthread+0x10/0x10 [ 26.621363] ret_from_fork+0x116/0x1d0 [ 26.621385] ? __pfx_kthread+0x10/0x10 [ 26.621418] ret_from_fork_asm+0x1a/0x30 [ 26.621454] </TASK> [ 26.621470] [ 26.635869] Allocated by task 280: [ 26.636260] kasan_save_stack+0x45/0x70 [ 26.636454] kasan_save_track+0x18/0x40 [ 26.636600] kasan_save_alloc_info+0x3b/0x50 [ 26.636757] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.637141] remove_element+0x11e/0x190 [ 26.637579] mempool_alloc_preallocated+0x4d/0x90 [ 26.638480] mempool_uaf_helper+0x96/0x400 [ 26.638967] mempool_slab_uaf+0xea/0x140 [ 26.639519] kunit_try_run_case+0x1a5/0x480 [ 26.639954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.640573] kthread+0x337/0x6f0 [ 26.641013] ret_from_fork+0x116/0x1d0 [ 26.641259] ret_from_fork_asm+0x1a/0x30 [ 26.641647] [ 26.641753] Freed by task 280: [ 26.641872] kasan_save_stack+0x45/0x70 [ 26.642016] kasan_save_track+0x18/0x40 [ 26.642332] kasan_save_free_info+0x3f/0x60 [ 26.642763] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.643326] mempool_free+0x2ec/0x380 [ 26.643699] mempool_uaf_helper+0x11a/0x400 [ 26.644099] mempool_slab_uaf+0xea/0x140 [ 26.644559] kunit_try_run_case+0x1a5/0x480 [ 26.644910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.645345] kthread+0x337/0x6f0 [ 26.645582] ret_from_fork+0x116/0x1d0 [ 26.645723] ret_from_fork_asm+0x1a/0x30 [ 26.645869] [ 26.646046] The buggy address belongs to the object at ffff888105abc240 [ 26.646046] which belongs to the cache test_cache of size 123 [ 26.647496] The buggy address is located 0 bytes inside of [ 26.647496] freed 123-byte region [ffff888105abc240, ffff888105abc2bb) [ 26.648155] [ 26.648415] The buggy address belongs to the physical page: [ 26.648953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105abc [ 26.649445] flags: 0x200000000000000(node=0|zone=2) [ 26.649954] page_type: f5(slab) [ 26.650480] raw: 0200000000000000 ffff888101d9e780 dead000000000122 0000000000000000 [ 26.650788] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.651090] page dumped because: kasan: bad access detected [ 26.651671] [ 26.651850] Memory state around the buggy address: [ 26.652438] ffff888105abc100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.653334] ffff888105abc180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.654257] >ffff888105abc200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 26.654700] ^ [ 26.654894] ffff888105abc280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.655490] ffff888105abc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.656250] ================================================================== [ 26.544660] ================================================================== [ 26.545504] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.546610] Read of size 1 at addr ffff888106258200 by task kunit_try_catch/276 [ 26.547519] [ 26.547934] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.548008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.548024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.548053] Call Trace: [ 26.548072] <TASK> [ 26.548098] dump_stack_lvl+0x73/0xb0 [ 26.548147] print_report+0xd1/0x650 [ 26.548176] ? __virt_addr_valid+0x1db/0x2d0 [ 26.548206] ? mempool_uaf_helper+0x392/0x400 [ 26.548237] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.548267] ? mempool_uaf_helper+0x392/0x400 [ 26.548292] kasan_report+0x141/0x180 [ 26.548317] ? mempool_uaf_helper+0x392/0x400 [ 26.548348] __asan_report_load1_noabort+0x18/0x20 [ 26.548376] mempool_uaf_helper+0x392/0x400 [ 26.548415] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.548509] ? __kasan_check_write+0x18/0x20 [ 26.548536] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.548564] ? irqentry_exit+0x2a/0x60 [ 26.548591] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.548623] mempool_kmalloc_uaf+0xef/0x140 [ 26.548649] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 26.548677] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.548706] ? __pfx_mempool_kfree+0x10/0x10 [ 26.548734] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 26.548762] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 26.548790] kunit_try_run_case+0x1a5/0x480 [ 26.548823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.548850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.548880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.548908] ? __kthread_parkme+0x82/0x180 [ 26.548934] ? preempt_count_sub+0x50/0x80 [ 26.548962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.548994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.549024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.549054] kthread+0x337/0x6f0 [ 26.549077] ? trace_preempt_on+0x20/0xc0 [ 26.549106] ? __pfx_kthread+0x10/0x10 [ 26.549130] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.549158] ? calculate_sigpending+0x7b/0xa0 [ 26.549188] ? __pfx_kthread+0x10/0x10 [ 26.549213] ret_from_fork+0x116/0x1d0 [ 26.549238] ? __pfx_kthread+0x10/0x10 [ 26.549263] ret_from_fork_asm+0x1a/0x30 [ 26.549301] </TASK> [ 26.549316] [ 26.562764] Allocated by task 276: [ 26.563582] kasan_save_stack+0x45/0x70 [ 26.563816] kasan_save_track+0x18/0x40 [ 26.564140] kasan_save_alloc_info+0x3b/0x50 [ 26.564492] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.564769] remove_element+0x11e/0x190 [ 26.565284] mempool_alloc_preallocated+0x4d/0x90 [ 26.565544] mempool_uaf_helper+0x96/0x400 [ 26.565939] mempool_kmalloc_uaf+0xef/0x140 [ 26.566365] kunit_try_run_case+0x1a5/0x480 [ 26.566618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.567260] kthread+0x337/0x6f0 [ 26.567981] ret_from_fork+0x116/0x1d0 [ 26.568587] ret_from_fork_asm+0x1a/0x30 [ 26.569012] [ 26.569097] Freed by task 276: [ 26.569621] kasan_save_stack+0x45/0x70 [ 26.570162] kasan_save_track+0x18/0x40 [ 26.570592] kasan_save_free_info+0x3f/0x60 [ 26.570770] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.571183] mempool_free+0x2ec/0x380 [ 26.571679] mempool_uaf_helper+0x11a/0x400 [ 26.572190] mempool_kmalloc_uaf+0xef/0x140 [ 26.572972] kunit_try_run_case+0x1a5/0x480 [ 26.573200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.573417] kthread+0x337/0x6f0 [ 26.573576] ret_from_fork+0x116/0x1d0 [ 26.573735] ret_from_fork_asm+0x1a/0x30 [ 26.573956] [ 26.574048] The buggy address belongs to the object at ffff888106258200 [ 26.574048] which belongs to the cache kmalloc-128 of size 128 [ 26.574658] The buggy address is located 0 bytes inside of [ 26.574658] freed 128-byte region [ffff888106258200, ffff888106258280) [ 26.575149] [ 26.575290] The buggy address belongs to the physical page: [ 26.575754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 26.576069] flags: 0x200000000000000(node=0|zone=2) [ 26.576796] page_type: f5(slab) [ 26.577022] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.577457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.577845] page dumped because: kasan: bad access detected [ 26.578655] [ 26.578758] Memory state around the buggy address: [ 26.579001] ffff888106258100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.579474] ffff888106258180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.579821] >ffff888106258200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.580507] ^ [ 26.580654] ffff888106258280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.581276] ffff888106258300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.581731] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 26.501992] ================================================================== [ 26.502818] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.503339] Read of size 1 at addr ffff888105aba2bb by task kunit_try_catch/274 [ 26.504063] [ 26.504302] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.504366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.504382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.504423] Call Trace: [ 26.504441] <TASK> [ 26.504463] dump_stack_lvl+0x73/0xb0 [ 26.504500] print_report+0xd1/0x650 [ 26.504526] ? __virt_addr_valid+0x1db/0x2d0 [ 26.504554] ? mempool_oob_right_helper+0x318/0x380 [ 26.504580] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.504609] ? mempool_oob_right_helper+0x318/0x380 [ 26.504636] kasan_report+0x141/0x180 [ 26.504661] ? mempool_oob_right_helper+0x318/0x380 [ 26.504692] __asan_report_load1_noabort+0x18/0x20 [ 26.504720] mempool_oob_right_helper+0x318/0x380 [ 26.504746] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.504774] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.504802] ? finish_task_switch.isra.0+0x153/0x700 [ 26.504831] mempool_slab_oob_right+0xed/0x140 [ 26.504857] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 26.504885] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.504914] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.504941] ? __pfx_read_tsc+0x10/0x10 [ 26.504968] ? ktime_get_ts64+0x86/0x230 [ 26.504996] kunit_try_run_case+0x1a5/0x480 [ 26.505028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.505054] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.505083] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.505110] ? __kthread_parkme+0x82/0x180 [ 26.505133] ? preempt_count_sub+0x50/0x80 [ 26.505159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.505187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.505229] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.505257] kthread+0x337/0x6f0 [ 26.505280] ? trace_preempt_on+0x20/0xc0 [ 26.505309] ? __pfx_kthread+0x10/0x10 [ 26.505331] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.505357] ? calculate_sigpending+0x7b/0xa0 [ 26.505384] ? __pfx_kthread+0x10/0x10 [ 26.505418] ret_from_fork+0x116/0x1d0 [ 26.505440] ? __pfx_kthread+0x10/0x10 [ 26.505465] ret_from_fork_asm+0x1a/0x30 [ 26.505501] </TASK> [ 26.505516] [ 26.517816] Allocated by task 274: [ 26.518048] kasan_save_stack+0x45/0x70 [ 26.518369] kasan_save_track+0x18/0x40 [ 26.518719] kasan_save_alloc_info+0x3b/0x50 [ 26.518956] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.519524] remove_element+0x11e/0x190 [ 26.519745] mempool_alloc_preallocated+0x4d/0x90 [ 26.520211] mempool_oob_right_helper+0x8a/0x380 [ 26.520569] mempool_slab_oob_right+0xed/0x140 [ 26.520805] kunit_try_run_case+0x1a5/0x480 [ 26.521142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.521495] kthread+0x337/0x6f0 [ 26.521675] ret_from_fork+0x116/0x1d0 [ 26.521845] ret_from_fork_asm+0x1a/0x30 [ 26.522071] [ 26.522746] The buggy address belongs to the object at ffff888105aba240 [ 26.522746] which belongs to the cache test_cache of size 123 [ 26.523461] The buggy address is located 0 bytes to the right of [ 26.523461] allocated 123-byte region [ffff888105aba240, ffff888105aba2bb) [ 26.524411] [ 26.524522] The buggy address belongs to the physical page: [ 26.524717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aba [ 26.525091] flags: 0x200000000000000(node=0|zone=2) [ 26.525358] page_type: f5(slab) [ 26.525731] raw: 0200000000000000 ffff888101d9e640 dead000000000122 0000000000000000 [ 26.526174] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.526707] page dumped because: kasan: bad access detected [ 26.527583] [ 26.527693] Memory state around the buggy address: [ 26.527873] ffff888105aba180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.528243] ffff888105aba200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 26.528776] >ffff888105aba280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 26.529107] ^ [ 26.529499] ffff888105aba300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.529828] ffff888105aba380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.530088] ================================================================== [ 26.474719] ================================================================== [ 26.475764] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.476175] Read of size 1 at addr ffff8881062d6001 by task kunit_try_catch/272 [ 26.476585] [ 26.476754] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.476845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.476859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.476886] Call Trace: [ 26.476903] <TASK> [ 26.476925] dump_stack_lvl+0x73/0xb0 [ 26.476960] print_report+0xd1/0x650 [ 26.476986] ? __virt_addr_valid+0x1db/0x2d0 [ 26.477013] ? mempool_oob_right_helper+0x318/0x380 [ 26.477039] ? kasan_addr_to_slab+0x11/0xa0 [ 26.477065] ? mempool_oob_right_helper+0x318/0x380 [ 26.477091] kasan_report+0x141/0x180 [ 26.477116] ? mempool_oob_right_helper+0x318/0x380 [ 26.477147] __asan_report_load1_noabort+0x18/0x20 [ 26.477174] mempool_oob_right_helper+0x318/0x380 [ 26.477200] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.477226] ? update_load_avg+0x1be/0x21b0 [ 26.477255] ? dequeue_entities+0x27e/0x1740 [ 26.477282] ? finish_task_switch.isra.0+0x153/0x700 [ 26.477311] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 26.477338] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 26.477367] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.477406] ? __pfx_mempool_kfree+0x10/0x10 [ 26.477433] ? __pfx_read_tsc+0x10/0x10 [ 26.477459] ? ktime_get_ts64+0x86/0x230 [ 26.477486] kunit_try_run_case+0x1a5/0x480 [ 26.477518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.477544] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.477572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.477600] ? __kthread_parkme+0x82/0x180 [ 26.477623] ? preempt_count_sub+0x50/0x80 [ 26.477648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.477676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.477704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.477731] kthread+0x337/0x6f0 [ 26.477754] ? trace_preempt_on+0x20/0xc0 [ 26.477781] ? __pfx_kthread+0x10/0x10 [ 26.477804] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.477829] ? calculate_sigpending+0x7b/0xa0 [ 26.477857] ? __pfx_kthread+0x10/0x10 [ 26.477897] ret_from_fork+0x116/0x1d0 [ 26.477921] ? __pfx_kthread+0x10/0x10 [ 26.477945] ret_from_fork_asm+0x1a/0x30 [ 26.477979] </TASK> [ 26.477993] [ 26.487750] The buggy address belongs to the physical page: [ 26.488656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d4 [ 26.489273] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.489701] flags: 0x200000000000040(head|node=0|zone=2) [ 26.490068] page_type: f8(unknown) [ 26.490252] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.490576] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.491149] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.491610] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.492510] head: 0200000000000002 ffffea000418b501 00000000ffffffff 00000000ffffffff [ 26.493106] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.493707] page dumped because: kasan: bad access detected [ 26.493919] [ 26.494279] Memory state around the buggy address: [ 26.494826] ffff8881062d5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.495425] ffff8881062d5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.495656] >ffff8881062d6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.495872] ^ [ 26.495998] ffff8881062d6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.496309] ffff8881062d6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.496971] ================================================================== [ 26.440458] ================================================================== [ 26.440937] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.441898] Read of size 1 at addr ffff888105aac673 by task kunit_try_catch/270 [ 26.442528] [ 26.442676] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 26.442914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.442934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.442963] Call Trace: [ 26.442979] <TASK> [ 26.443003] dump_stack_lvl+0x73/0xb0 [ 26.443060] print_report+0xd1/0x650 [ 26.443088] ? __virt_addr_valid+0x1db/0x2d0 [ 26.443116] ? mempool_oob_right_helper+0x318/0x380 [ 26.443143] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.443193] ? mempool_oob_right_helper+0x318/0x380 [ 26.443219] kasan_report+0x141/0x180 [ 26.443243] ? mempool_oob_right_helper+0x318/0x380 [ 26.443274] __asan_report_load1_noabort+0x18/0x20 [ 26.443300] mempool_oob_right_helper+0x318/0x380 [ 26.443327] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.443355] ? __kasan_check_write+0x18/0x20 [ 26.443380] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.443421] ? finish_task_switch.isra.0+0x153/0x700 [ 26.443451] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.443477] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 26.443506] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.443533] ? __pfx_mempool_kfree+0x10/0x10 [ 26.443560] ? __pfx_read_tsc+0x10/0x10 [ 26.443587] ? ktime_get_ts64+0x86/0x230 [ 26.443615] kunit_try_run_case+0x1a5/0x480 [ 26.443647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.443672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.443702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.443729] ? __kthread_parkme+0x82/0x180 [ 26.443753] ? preempt_count_sub+0x50/0x80 [ 26.443778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.443806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.443833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.443860] kthread+0x337/0x6f0 [ 26.443882] ? trace_preempt_on+0x20/0xc0 [ 26.443909] ? __pfx_kthread+0x10/0x10 [ 26.443933] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.443957] ? calculate_sigpending+0x7b/0xa0 [ 26.443986] ? __pfx_kthread+0x10/0x10 [ 26.444011] ret_from_fork+0x116/0x1d0 [ 26.444032] ? __pfx_kthread+0x10/0x10 [ 26.444057] ret_from_fork_asm+0x1a/0x30 [ 26.444093] </TASK> [ 26.444109] [ 26.456097] Allocated by task 270: [ 26.456368] kasan_save_stack+0x45/0x70 [ 26.456577] kasan_save_track+0x18/0x40 [ 26.457315] kasan_save_alloc_info+0x3b/0x50 [ 26.457591] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.457862] remove_element+0x11e/0x190 [ 26.458313] mempool_alloc_preallocated+0x4d/0x90 [ 26.458577] mempool_oob_right_helper+0x8a/0x380 [ 26.458869] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.459317] kunit_try_run_case+0x1a5/0x480 [ 26.459680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.460376] kthread+0x337/0x6f0 [ 26.460592] ret_from_fork+0x116/0x1d0 [ 26.460803] ret_from_fork_asm+0x1a/0x30 [ 26.461037] [ 26.461252] The buggy address belongs to the object at ffff888105aac600 [ 26.461252] which belongs to the cache kmalloc-128 of size 128 [ 26.462433] The buggy address is located 0 bytes to the right of [ 26.462433] allocated 115-byte region [ffff888105aac600, ffff888105aac673) [ 26.463436] [ 26.463792] The buggy address belongs to the physical page: [ 26.464128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 26.464734] flags: 0x200000000000000(node=0|zone=2) [ 26.465248] page_type: f5(slab) [ 26.465558] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.465874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.466454] page dumped because: kasan: bad access detected [ 26.466710] [ 26.466810] Memory state around the buggy address: [ 26.467069] ffff888105aac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.467716] ffff888105aac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.468107] >ffff888105aac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.468609] ^ [ 26.468946] ffff888105aac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.469297] ffff888105aac700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.469699] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 25.853119] ================================================================== [ 25.853703] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 25.854039] Read of size 1 at addr ffff8881010bda00 by task kunit_try_catch/264 [ 25.854776] [ 25.854882] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.854943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.854957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.854984] Call Trace: [ 25.855001] <TASK> [ 25.855050] dump_stack_lvl+0x73/0xb0 [ 25.855088] print_report+0xd1/0x650 [ 25.855115] ? __virt_addr_valid+0x1db/0x2d0 [ 25.855345] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.855374] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.855418] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.855472] kasan_report+0x141/0x180 [ 25.855498] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.855528] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.855554] __kasan_check_byte+0x3d/0x50 [ 25.855577] kmem_cache_destroy+0x25/0x1d0 [ 25.855608] kmem_cache_double_destroy+0x1bf/0x380 [ 25.855656] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 25.855682] ? finish_task_switch.isra.0+0x153/0x700 [ 25.855707] ? __switch_to+0x47/0xf50 [ 25.855740] ? __pfx_read_tsc+0x10/0x10 [ 25.855766] ? ktime_get_ts64+0x86/0x230 [ 25.855794] kunit_try_run_case+0x1a5/0x480 [ 25.855826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.855852] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.855895] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.855921] ? __kthread_parkme+0x82/0x180 [ 25.855944] ? preempt_count_sub+0x50/0x80 [ 25.855969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.855997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.856024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.856052] kthread+0x337/0x6f0 [ 25.856074] ? trace_preempt_on+0x20/0xc0 [ 25.856100] ? __pfx_kthread+0x10/0x10 [ 25.856123] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.856246] ? calculate_sigpending+0x7b/0xa0 [ 25.856282] ? __pfx_kthread+0x10/0x10 [ 25.856306] ret_from_fork+0x116/0x1d0 [ 25.856328] ? __pfx_kthread+0x10/0x10 [ 25.856351] ret_from_fork_asm+0x1a/0x30 [ 25.856386] </TASK> [ 25.856414] [ 25.868384] Allocated by task 264: [ 25.868827] kasan_save_stack+0x45/0x70 [ 25.869251] kasan_save_track+0x18/0x40 [ 25.869460] kasan_save_alloc_info+0x3b/0x50 [ 25.869689] __kasan_slab_alloc+0x91/0xa0 [ 25.869895] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.870493] __kmem_cache_create_args+0x169/0x240 [ 25.870826] kmem_cache_double_destroy+0xd5/0x380 [ 25.871375] kunit_try_run_case+0x1a5/0x480 [ 25.871739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.872113] kthread+0x337/0x6f0 [ 25.872276] ret_from_fork+0x116/0x1d0 [ 25.872749] ret_from_fork_asm+0x1a/0x30 [ 25.873049] [ 25.873134] Freed by task 264: [ 25.873517] kasan_save_stack+0x45/0x70 [ 25.873724] kasan_save_track+0x18/0x40 [ 25.874267] kasan_save_free_info+0x3f/0x60 [ 25.874486] __kasan_slab_free+0x56/0x70 [ 25.874868] kmem_cache_free+0x249/0x420 [ 25.875073] slab_kmem_cache_release+0x2e/0x40 [ 25.875670] kmem_cache_release+0x16/0x20 [ 25.875958] kobject_put+0x181/0x450 [ 25.876159] sysfs_slab_release+0x16/0x20 [ 25.876644] kmem_cache_destroy+0xf0/0x1d0 [ 25.877000] kmem_cache_double_destroy+0x14e/0x380 [ 25.877228] kunit_try_run_case+0x1a5/0x480 [ 25.877718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.878184] kthread+0x337/0x6f0 [ 25.878376] ret_from_fork+0x116/0x1d0 [ 25.878576] ret_from_fork_asm+0x1a/0x30 [ 25.878769] [ 25.878872] The buggy address belongs to the object at ffff8881010bda00 [ 25.878872] which belongs to the cache kmem_cache of size 208 [ 25.879902] The buggy address is located 0 bytes inside of [ 25.879902] freed 208-byte region [ffff8881010bda00, ffff8881010bdad0) [ 25.880297] [ 25.880381] The buggy address belongs to the physical page: [ 25.880666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1010bd [ 25.881049] flags: 0x200000000000000(node=0|zone=2) [ 25.882009] page_type: f5(slab) [ 25.882173] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 25.883126] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 25.883928] page dumped because: kasan: bad access detected [ 25.884126] [ 25.884569] Memory state around the buggy address: [ 25.885211] ffff8881010bd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.885944] ffff8881010bd980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.886460] >ffff8881010bda00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.886691] ^ [ 25.886812] ffff8881010bda80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 25.887419] ffff8881010bdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.887957] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 25.788407] ================================================================== [ 25.789062] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.789968] Read of size 1 at addr ffff888105ab7000 by task kunit_try_catch/262 [ 25.790895] [ 25.791038] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.791230] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.791251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.791281] Call Trace: [ 25.791425] <TASK> [ 25.791453] dump_stack_lvl+0x73/0xb0 [ 25.791496] print_report+0xd1/0x650 [ 25.791523] ? __virt_addr_valid+0x1db/0x2d0 [ 25.791553] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.791579] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.791607] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.791633] kasan_report+0x141/0x180 [ 25.791657] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.791687] __asan_report_load1_noabort+0x18/0x20 [ 25.791713] kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.791738] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 25.791762] ? finish_task_switch.isra.0+0x153/0x700 [ 25.791787] ? __switch_to+0x47/0xf50 [ 25.791821] ? __pfx_read_tsc+0x10/0x10 [ 25.791846] ? ktime_get_ts64+0x86/0x230 [ 25.791876] kunit_try_run_case+0x1a5/0x480 [ 25.791906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.791932] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.791961] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.791987] ? __kthread_parkme+0x82/0x180 [ 25.792011] ? preempt_count_sub+0x50/0x80 [ 25.792037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.792065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.792091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.792118] kthread+0x337/0x6f0 [ 25.792140] ? trace_preempt_on+0x20/0xc0 [ 25.792169] ? __pfx_kthread+0x10/0x10 [ 25.792192] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.792216] ? calculate_sigpending+0x7b/0xa0 [ 25.792250] ? __pfx_kthread+0x10/0x10 [ 25.792273] ret_from_fork+0x116/0x1d0 [ 25.792295] ? __pfx_kthread+0x10/0x10 [ 25.792318] ret_from_fork_asm+0x1a/0x30 [ 25.792352] </TASK> [ 25.792368] [ 25.805239] Allocated by task 262: [ 25.805785] kasan_save_stack+0x45/0x70 [ 25.806127] kasan_save_track+0x18/0x40 [ 25.806273] kasan_save_alloc_info+0x3b/0x50 [ 25.806451] __kasan_slab_alloc+0x91/0xa0 [ 25.806648] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.806811] kmem_cache_rcu_uaf+0x155/0x510 [ 25.807126] kunit_try_run_case+0x1a5/0x480 [ 25.807468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.807741] kthread+0x337/0x6f0 [ 25.807892] ret_from_fork+0x116/0x1d0 [ 25.808112] ret_from_fork_asm+0x1a/0x30 [ 25.808414] [ 25.808498] Freed by task 0: [ 25.808610] kasan_save_stack+0x45/0x70 [ 25.808772] kasan_save_track+0x18/0x40 [ 25.809089] kasan_save_free_info+0x3f/0x60 [ 25.809337] __kasan_slab_free+0x56/0x70 [ 25.809971] slab_free_after_rcu_debug+0xe4/0x310 [ 25.810715] rcu_core+0x66f/0x1c40 [ 25.810888] rcu_core_si+0x12/0x20 [ 25.811042] handle_softirqs+0x209/0x730 [ 25.811434] __irq_exit_rcu+0xc9/0x110 [ 25.811611] irq_exit_rcu+0x12/0x20 [ 25.811740] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.811978] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.812325] [ 25.812445] Last potentially related work creation: [ 25.812673] kasan_save_stack+0x45/0x70 [ 25.812853] kasan_record_aux_stack+0xb2/0xc0 [ 25.813007] kmem_cache_free+0x131/0x420 [ 25.813149] kmem_cache_rcu_uaf+0x194/0x510 [ 25.813295] kunit_try_run_case+0x1a5/0x480 [ 25.813552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.813731] kthread+0x337/0x6f0 [ 25.813916] ret_from_fork+0x116/0x1d0 [ 25.814111] ret_from_fork_asm+0x1a/0x30 [ 25.814424] [ 25.814799] The buggy address belongs to the object at ffff888105ab7000 [ 25.814799] which belongs to the cache test_cache of size 200 [ 25.815338] The buggy address is located 0 bytes inside of [ 25.815338] freed 200-byte region [ffff888105ab7000, ffff888105ab70c8) [ 25.816798] [ 25.817202] The buggy address belongs to the physical page: [ 25.818692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab7 [ 25.820374] flags: 0x200000000000000(node=0|zone=2) [ 25.820740] page_type: f5(slab) [ 25.820896] raw: 0200000000000000 ffff888101d9e3c0 dead000000000122 0000000000000000 [ 25.821150] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.821407] page dumped because: kasan: bad access detected [ 25.821593] [ 25.821667] Memory state around the buggy address: [ 25.821834] ffff888105ab6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.822065] ffff888105ab6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.822294] >ffff888105ab7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.824219] ^ [ 25.824785] ffff888105ab7080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.825939] ffff888105ab7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.827018] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 25.718126] ================================================================== [ 25.719407] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 25.720447] Free of addr ffff888105ab6001 by task kunit_try_catch/260 [ 25.721080] [ 25.721334] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.721415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.721429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.721455] Call Trace: [ 25.721472] <TASK> [ 25.721496] dump_stack_lvl+0x73/0xb0 [ 25.721531] print_report+0xd1/0x650 [ 25.721555] ? __virt_addr_valid+0x1db/0x2d0 [ 25.721583] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.721609] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.721634] kasan_report_invalid_free+0x10a/0x130 [ 25.721658] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.721684] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.721709] check_slab_allocation+0x11f/0x130 [ 25.721735] __kasan_slab_pre_free+0x28/0x40 [ 25.721756] kmem_cache_free+0xed/0x420 [ 25.721781] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.721807] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.721834] kmem_cache_invalid_free+0x1d8/0x460 [ 25.721858] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 25.721882] ? finish_task_switch.isra.0+0x153/0x700 [ 25.721906] ? __switch_to+0x47/0xf50 [ 25.721937] ? __pfx_read_tsc+0x10/0x10 [ 25.721961] ? ktime_get_ts64+0x86/0x230 [ 25.721989] kunit_try_run_case+0x1a5/0x480 [ 25.722019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.722043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.722069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.722094] ? __kthread_parkme+0x82/0x180 [ 25.722117] ? preempt_count_sub+0x50/0x80 [ 25.722140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.722166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.722194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.722220] kthread+0x337/0x6f0 [ 25.722240] ? trace_preempt_on+0x20/0xc0 [ 25.722266] ? __pfx_kthread+0x10/0x10 [ 25.722288] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.722311] ? calculate_sigpending+0x7b/0xa0 [ 25.722338] ? __pfx_kthread+0x10/0x10 [ 25.722360] ret_from_fork+0x116/0x1d0 [ 25.722381] ? __pfx_kthread+0x10/0x10 [ 25.722413] ret_from_fork_asm+0x1a/0x30 [ 25.722461] </TASK> [ 25.722476] [ 25.737184] Allocated by task 260: [ 25.737562] kasan_save_stack+0x45/0x70 [ 25.737949] kasan_save_track+0x18/0x40 [ 25.738410] kasan_save_alloc_info+0x3b/0x50 [ 25.738957] __kasan_slab_alloc+0x91/0xa0 [ 25.739476] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.739650] kmem_cache_invalid_free+0x157/0x460 [ 25.739814] kunit_try_run_case+0x1a5/0x480 [ 25.740051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.740767] kthread+0x337/0x6f0 [ 25.741156] ret_from_fork+0x116/0x1d0 [ 25.741600] ret_from_fork_asm+0x1a/0x30 [ 25.742002] [ 25.742253] The buggy address belongs to the object at ffff888105ab6000 [ 25.742253] which belongs to the cache test_cache of size 200 [ 25.743112] The buggy address is located 1 bytes inside of [ 25.743112] 200-byte region [ffff888105ab6000, ffff888105ab60c8) [ 25.744267] [ 25.744462] The buggy address belongs to the physical page: [ 25.744693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab6 [ 25.745116] flags: 0x200000000000000(node=0|zone=2) [ 25.745858] page_type: f5(slab) [ 25.746279] raw: 0200000000000000 ffff888101d9e280 dead000000000122 0000000000000000 [ 25.747148] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.747800] page dumped because: kasan: bad access detected [ 25.748133] [ 25.748276] Memory state around the buggy address: [ 25.748750] ffff888105ab5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.749048] ffff888105ab5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.749595] >ffff888105ab6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.750632] ^ [ 25.750800] ffff888105ab6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.751403] ffff888105ab6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.752007] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 25.671051] ================================================================== [ 25.671567] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 25.671827] Free of addr ffff888105fc9000 by task kunit_try_catch/258 [ 25.672081] [ 25.672180] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.672241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.672255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.672338] Call Trace: [ 25.672353] <TASK> [ 25.672376] dump_stack_lvl+0x73/0xb0 [ 25.672421] print_report+0xd1/0x650 [ 25.672444] ? __virt_addr_valid+0x1db/0x2d0 [ 25.672471] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.672497] ? kmem_cache_double_free+0x1e5/0x480 [ 25.672522] kasan_report_invalid_free+0x10a/0x130 [ 25.672546] ? kmem_cache_double_free+0x1e5/0x480 [ 25.672572] ? kmem_cache_double_free+0x1e5/0x480 [ 25.672596] check_slab_allocation+0x101/0x130 [ 25.672623] __kasan_slab_pre_free+0x28/0x40 [ 25.672643] kmem_cache_free+0xed/0x420 [ 25.672668] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.672692] ? kmem_cache_double_free+0x1e5/0x480 [ 25.672719] kmem_cache_double_free+0x1e5/0x480 [ 25.672744] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 25.672767] ? finish_task_switch.isra.0+0x153/0x700 [ 25.672791] ? __switch_to+0x47/0xf50 [ 25.672825] ? __pfx_read_tsc+0x10/0x10 [ 25.672849] ? ktime_get_ts64+0x86/0x230 [ 25.672877] kunit_try_run_case+0x1a5/0x480 [ 25.672905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.672929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.672956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.672981] ? __kthread_parkme+0x82/0x180 [ 25.673003] ? preempt_count_sub+0x50/0x80 [ 25.673026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.673051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.673078] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.673102] kthread+0x337/0x6f0 [ 25.673123] ? trace_preempt_on+0x20/0xc0 [ 25.673184] ? __pfx_kthread+0x10/0x10 [ 25.673206] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.673229] ? calculate_sigpending+0x7b/0xa0 [ 25.673268] ? __pfx_kthread+0x10/0x10 [ 25.673290] ret_from_fork+0x116/0x1d0 [ 25.673310] ? __pfx_kthread+0x10/0x10 [ 25.673331] ret_from_fork_asm+0x1a/0x30 [ 25.673364] </TASK> [ 25.673378] [ 25.688803] Allocated by task 258: [ 25.689127] kasan_save_stack+0x45/0x70 [ 25.689293] kasan_save_track+0x18/0x40 [ 25.689437] kasan_save_alloc_info+0x3b/0x50 [ 25.689580] __kasan_slab_alloc+0x91/0xa0 [ 25.689712] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.689864] kmem_cache_double_free+0x14f/0x480 [ 25.690010] kunit_try_run_case+0x1a5/0x480 [ 25.690150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.690316] kthread+0x337/0x6f0 [ 25.690635] ret_from_fork+0x116/0x1d0 [ 25.690979] ret_from_fork_asm+0x1a/0x30 [ 25.691471] [ 25.691636] Freed by task 258: [ 25.691981] kasan_save_stack+0x45/0x70 [ 25.692435] kasan_save_track+0x18/0x40 [ 25.693036] kasan_save_free_info+0x3f/0x60 [ 25.693488] __kasan_slab_free+0x56/0x70 [ 25.693912] kmem_cache_free+0x249/0x420 [ 25.694406] kmem_cache_double_free+0x16a/0x480 [ 25.694964] kunit_try_run_case+0x1a5/0x480 [ 25.695531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.696088] kthread+0x337/0x6f0 [ 25.696456] ret_from_fork+0x116/0x1d0 [ 25.697062] ret_from_fork_asm+0x1a/0x30 [ 25.697564] [ 25.697742] The buggy address belongs to the object at ffff888105fc9000 [ 25.697742] which belongs to the cache test_cache of size 200 [ 25.698272] The buggy address is located 0 bytes inside of [ 25.698272] 200-byte region [ffff888105fc9000, ffff888105fc90c8) [ 25.699614] [ 25.699839] The buggy address belongs to the physical page: [ 25.700064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fc9 [ 25.700842] flags: 0x200000000000000(node=0|zone=2) [ 25.701413] page_type: f5(slab) [ 25.701875] raw: 0200000000000000 ffff8881010bd8c0 dead000000000122 0000000000000000 [ 25.702384] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.702629] page dumped because: kasan: bad access detected [ 25.702800] [ 25.702866] Memory state around the buggy address: [ 25.703024] ffff888105fc8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.703466] ffff888105fc8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.703799] >ffff888105fc9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.704056] ^ [ 25.704407] ffff888105fc9080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.704758] ffff888105fc9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.705109] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 25.620406] ================================================================== [ 25.620928] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 25.621174] Read of size 1 at addr ffff888105ab60c8 by task kunit_try_catch/256 [ 25.621413] [ 25.621509] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.621565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.621578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.621603] Call Trace: [ 25.621617] <TASK> [ 25.621640] dump_stack_lvl+0x73/0xb0 [ 25.621670] print_report+0xd1/0x650 [ 25.621693] ? __virt_addr_valid+0x1db/0x2d0 [ 25.621719] ? kmem_cache_oob+0x402/0x530 [ 25.621742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.621769] ? kmem_cache_oob+0x402/0x530 [ 25.621792] kasan_report+0x141/0x180 [ 25.621814] ? kmem_cache_oob+0x402/0x530 [ 25.621842] __asan_report_load1_noabort+0x18/0x20 [ 25.621866] kmem_cache_oob+0x402/0x530 [ 25.621887] ? trace_hardirqs_on+0x37/0xe0 [ 25.621914] ? __pfx_kmem_cache_oob+0x10/0x10 [ 25.621936] ? finish_task_switch.isra.0+0x153/0x700 [ 25.621960] ? __switch_to+0x47/0xf50 [ 25.621991] ? __pfx_read_tsc+0x10/0x10 [ 25.622014] ? ktime_get_ts64+0x86/0x230 [ 25.622041] kunit_try_run_case+0x1a5/0x480 [ 25.622069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.622094] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.622120] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.622145] ? __kthread_parkme+0x82/0x180 [ 25.622166] ? preempt_count_sub+0x50/0x80 [ 25.622190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.622216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.622242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.622267] kthread+0x337/0x6f0 [ 25.622287] ? trace_preempt_on+0x20/0xc0 [ 25.622310] ? __pfx_kthread+0x10/0x10 [ 25.622331] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.622354] ? calculate_sigpending+0x7b/0xa0 [ 25.622380] ? __pfx_kthread+0x10/0x10 [ 25.622790] ret_from_fork+0x116/0x1d0 [ 25.622815] ? __pfx_kthread+0x10/0x10 [ 25.622839] ret_from_fork_asm+0x1a/0x30 [ 25.623102] </TASK> [ 25.623123] [ 25.636559] Allocated by task 256: [ 25.636761] kasan_save_stack+0x45/0x70 [ 25.637007] kasan_save_track+0x18/0x40 [ 25.637673] kasan_save_alloc_info+0x3b/0x50 [ 25.638041] __kasan_slab_alloc+0x91/0xa0 [ 25.638429] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.638788] kmem_cache_oob+0x157/0x530 [ 25.639269] kunit_try_run_case+0x1a5/0x480 [ 25.639633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.640008] kthread+0x337/0x6f0 [ 25.640496] ret_from_fork+0x116/0x1d0 [ 25.640708] ret_from_fork_asm+0x1a/0x30 [ 25.640998] [ 25.641098] The buggy address belongs to the object at ffff888105ab6000 [ 25.641098] which belongs to the cache test_cache of size 200 [ 25.641808] The buggy address is located 0 bytes to the right of [ 25.641808] allocated 200-byte region [ffff888105ab6000, ffff888105ab60c8) [ 25.642427] [ 25.642594] The buggy address belongs to the physical page: [ 25.642844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab6 [ 25.643539] flags: 0x200000000000000(node=0|zone=2) [ 25.643764] page_type: f5(slab) [ 25.644016] raw: 0200000000000000 ffff888101d9e140 dead000000000122 0000000000000000 [ 25.644531] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.644882] page dumped because: kasan: bad access detected [ 25.645485] [ 25.645577] Memory state around the buggy address: [ 25.645960] ffff888105ab5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.646403] ffff888105ab6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.646856] >ffff888105ab6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.647310] ^ [ 25.647812] ffff888105ab6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.648241] ffff888105ab6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.648506] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 25.576309] ================================================================== [ 25.577074] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 25.577573] Read of size 8 at addr ffff888104516100 by task kunit_try_catch/249 [ 25.578146] [ 25.578602] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.578679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.578694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.578765] Call Trace: [ 25.578782] <TASK> [ 25.578806] dump_stack_lvl+0x73/0xb0 [ 25.578844] print_report+0xd1/0x650 [ 25.578870] ? __virt_addr_valid+0x1db/0x2d0 [ 25.578910] ? workqueue_uaf+0x4d6/0x560 [ 25.578932] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.578960] ? workqueue_uaf+0x4d6/0x560 [ 25.578983] kasan_report+0x141/0x180 [ 25.579007] ? workqueue_uaf+0x4d6/0x560 [ 25.579035] __asan_report_load8_noabort+0x18/0x20 [ 25.579060] workqueue_uaf+0x4d6/0x560 [ 25.579084] ? __pfx_workqueue_uaf+0x10/0x10 [ 25.579108] ? __schedule+0x10cc/0x2b60 [ 25.579134] ? __pfx_read_tsc+0x10/0x10 [ 25.579171] ? ktime_get_ts64+0x86/0x230 [ 25.579200] kunit_try_run_case+0x1a5/0x480 [ 25.579231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.579257] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.579283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.579309] ? __kthread_parkme+0x82/0x180 [ 25.579333] ? preempt_count_sub+0x50/0x80 [ 25.579359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.579386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.579424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.579450] kthread+0x337/0x6f0 [ 25.579472] ? trace_preempt_on+0x20/0xc0 [ 25.579499] ? __pfx_kthread+0x10/0x10 [ 25.579521] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.579545] ? calculate_sigpending+0x7b/0xa0 [ 25.579572] ? __pfx_kthread+0x10/0x10 [ 25.579596] ret_from_fork+0x116/0x1d0 [ 25.579617] ? __pfx_kthread+0x10/0x10 [ 25.579639] ret_from_fork_asm+0x1a/0x30 [ 25.579674] </TASK> [ 25.579689] [ 25.589790] Allocated by task 249: [ 25.590113] kasan_save_stack+0x45/0x70 [ 25.590713] kasan_save_track+0x18/0x40 [ 25.590895] kasan_save_alloc_info+0x3b/0x50 [ 25.591672] __kasan_kmalloc+0xb7/0xc0 [ 25.591903] __kmalloc_cache_noprof+0x189/0x420 [ 25.592147] workqueue_uaf+0x152/0x560 [ 25.592532] kunit_try_run_case+0x1a5/0x480 [ 25.592901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.593406] kthread+0x337/0x6f0 [ 25.593602] ret_from_fork+0x116/0x1d0 [ 25.594046] ret_from_fork_asm+0x1a/0x30 [ 25.594497] [ 25.594609] Freed by task 41: [ 25.594769] kasan_save_stack+0x45/0x70 [ 25.595185] kasan_save_track+0x18/0x40 [ 25.595530] kasan_save_free_info+0x3f/0x60 [ 25.595948] __kasan_slab_free+0x56/0x70 [ 25.596311] kfree+0x222/0x3f0 [ 25.596487] workqueue_uaf_work+0x12/0x20 [ 25.596694] process_one_work+0x5ee/0xf60 [ 25.597054] worker_thread+0x758/0x1220 [ 25.597360] kthread+0x337/0x6f0 [ 25.597516] ret_from_fork+0x116/0x1d0 [ 25.597724] ret_from_fork_asm+0x1a/0x30 [ 25.597982] [ 25.598081] Last potentially related work creation: [ 25.598313] kasan_save_stack+0x45/0x70 [ 25.598623] kasan_record_aux_stack+0xb2/0xc0 [ 25.598845] __queue_work+0x61a/0xe70 [ 25.599069] queue_work_on+0xb6/0xc0 [ 25.599222] workqueue_uaf+0x26d/0x560 [ 25.599562] kunit_try_run_case+0x1a5/0x480 [ 25.599823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.600047] kthread+0x337/0x6f0 [ 25.600324] ret_from_fork+0x116/0x1d0 [ 25.600552] ret_from_fork_asm+0x1a/0x30 [ 25.600715] [ 25.600789] The buggy address belongs to the object at ffff888104516100 [ 25.600789] which belongs to the cache kmalloc-32 of size 32 [ 25.601816] The buggy address is located 0 bytes inside of [ 25.601816] freed 32-byte region [ffff888104516100, ffff888104516120) [ 25.602453] [ 25.602594] The buggy address belongs to the physical page: [ 25.602853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104516 [ 25.603244] flags: 0x200000000000000(node=0|zone=2) [ 25.603608] page_type: f5(slab) [ 25.603810] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.604175] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.604625] page dumped because: kasan: bad access detected [ 25.604814] [ 25.604940] Memory state around the buggy address: [ 25.605423] ffff888104516000: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 25.605674] ffff888104516080: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.606258] >ffff888104516100: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 25.606651] ^ [ 25.606803] ffff888104516180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.607411] ffff888104516200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.607727] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 25.525429] ================================================================== [ 25.525954] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 25.526555] Read of size 4 at addr ffff888105ab0480 by task swapper/0/0 [ 25.526895] [ 25.527029] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.527090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.527104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.527130] Call Trace: [ 25.527163] <IRQ> [ 25.527186] dump_stack_lvl+0x73/0xb0 [ 25.527221] print_report+0xd1/0x650 [ 25.527277] ? __virt_addr_valid+0x1db/0x2d0 [ 25.527384] ? rcu_uaf_reclaim+0x50/0x60 [ 25.527422] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.527450] ? rcu_uaf_reclaim+0x50/0x60 [ 25.527473] kasan_report+0x141/0x180 [ 25.527497] ? rcu_uaf_reclaim+0x50/0x60 [ 25.527524] __asan_report_load4_noabort+0x18/0x20 [ 25.527550] rcu_uaf_reclaim+0x50/0x60 [ 25.527572] rcu_core+0x66f/0x1c40 [ 25.527605] ? __pfx_rcu_core+0x10/0x10 [ 25.527629] ? ktime_get+0x6b/0x150 [ 25.527659] rcu_core_si+0x12/0x20 [ 25.527683] handle_softirqs+0x209/0x730 [ 25.527707] ? hrtimer_interrupt+0x2fe/0x780 [ 25.527738] ? __pfx_handle_softirqs+0x10/0x10 [ 25.527766] __irq_exit_rcu+0xc9/0x110 [ 25.527789] irq_exit_rcu+0x12/0x20 [ 25.527811] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.527841] </IRQ> [ 25.527875] <TASK> [ 25.527890] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.527991] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 25.528454] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 1f 19 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 25.528556] RSP: 0000:fffffffface07dd8 EFLAGS: 00010212 [ 25.528658] RAX: ffff8881ace24000 RBX: fffffffface1cac0 RCX: ffffffffabcf9225 [ 25.528726] RDX: ffffed102b606193 RSI: 0000000000000004 RDI: 000000000011d25c [ 25.528773] RBP: fffffffface07de0 R08: 0000000000000001 R09: ffffed102b606192 [ 25.528819] R10: ffff88815b030c93 R11: 000000000004e000 R12: 0000000000000000 [ 25.528867] R13: fffffbfff59c3958 R14: ffffffffad9efad0 R15: 0000000000000000 [ 25.528931] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 25.528991] ? default_idle+0xd/0x20 [ 25.529014] arch_cpu_idle+0xd/0x20 [ 25.529036] default_idle_call+0x48/0x80 [ 25.529060] do_idle+0x379/0x4f0 [ 25.529089] ? __pfx_do_idle+0x10/0x10 [ 25.529120] cpu_startup_entry+0x5c/0x70 [ 25.529147] rest_init+0x11a/0x140 [ 25.529181] ? acpi_subsystem_init+0x5d/0x150 [ 25.529211] start_kernel+0x352/0x400 [ 25.529236] x86_64_start_reservations+0x1c/0x30 [ 25.529260] x86_64_start_kernel+0x10d/0x120 [ 25.529283] common_startup_64+0x13e/0x148 [ 25.529319] </TASK> [ 25.529334] [ 25.545417] Allocated by task 247: [ 25.545586] kasan_save_stack+0x45/0x70 [ 25.545821] kasan_save_track+0x18/0x40 [ 25.546201] kasan_save_alloc_info+0x3b/0x50 [ 25.546490] __kasan_kmalloc+0xb7/0xc0 [ 25.546635] __kmalloc_cache_noprof+0x189/0x420 [ 25.546918] rcu_uaf+0xb0/0x330 [ 25.547149] kunit_try_run_case+0x1a5/0x480 [ 25.547430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.547739] kthread+0x337/0x6f0 [ 25.547972] ret_from_fork+0x116/0x1d0 [ 25.548202] ret_from_fork_asm+0x1a/0x30 [ 25.548766] [ 25.548901] Freed by task 0: [ 25.549101] kasan_save_stack+0x45/0x70 [ 25.549448] kasan_save_track+0x18/0x40 [ 25.549662] kasan_save_free_info+0x3f/0x60 [ 25.549915] __kasan_slab_free+0x56/0x70 [ 25.550152] kfree+0x222/0x3f0 [ 25.550327] rcu_uaf_reclaim+0x1f/0x60 [ 25.550722] rcu_core+0x66f/0x1c40 [ 25.550927] rcu_core_si+0x12/0x20 [ 25.551147] handle_softirqs+0x209/0x730 [ 25.551444] __irq_exit_rcu+0xc9/0x110 [ 25.551639] irq_exit_rcu+0x12/0x20 [ 25.551907] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.552076] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.552791] [ 25.552946] Last potentially related work creation: [ 25.553160] kasan_save_stack+0x45/0x70 [ 25.553312] kasan_record_aux_stack+0xb2/0xc0 [ 25.554565] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 25.555029] call_rcu+0x12/0x20 [ 25.555182] rcu_uaf+0x168/0x330 [ 25.555310] kunit_try_run_case+0x1a5/0x480 [ 25.556490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.556691] kthread+0x337/0x6f0 [ 25.557691] ret_from_fork+0x116/0x1d0 [ 25.558062] ret_from_fork_asm+0x1a/0x30 [ 25.558888] [ 25.559023] The buggy address belongs to the object at ffff888105ab0480 [ 25.559023] which belongs to the cache kmalloc-32 of size 32 [ 25.560453] The buggy address is located 0 bytes inside of [ 25.560453] freed 32-byte region [ffff888105ab0480, ffff888105ab04a0) [ 25.561775] [ 25.561892] The buggy address belongs to the physical page: [ 25.562084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ab0 [ 25.562828] flags: 0x200000000000000(node=0|zone=2) [ 25.563761] page_type: f5(slab) [ 25.564341] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.564698] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.565467] page dumped because: kasan: bad access detected [ 25.565740] [ 25.565834] Memory state around the buggy address: [ 25.566626] ffff888105ab0380: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.567354] ffff888105ab0400: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.567973] >ffff888105ab0480: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 25.568560] ^ [ 25.568735] ffff888105ab0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.569823] ffff888105ab0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.570418] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 25.419485] ================================================================== [ 25.419981] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 25.420542] Read of size 1 at addr ffff888103d62f00 by task kunit_try_catch/245 [ 25.420832] [ 25.420942] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.421013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.421026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.421051] Call Trace: [ 25.421065] <TASK> [ 25.421086] dump_stack_lvl+0x73/0xb0 [ 25.421118] print_report+0xd1/0x650 [ 25.421142] ? __virt_addr_valid+0x1db/0x2d0 [ 25.421188] ? ksize_uaf+0x19d/0x6c0 [ 25.421210] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.421237] ? ksize_uaf+0x19d/0x6c0 [ 25.421259] kasan_report+0x141/0x180 [ 25.421282] ? ksize_uaf+0x19d/0x6c0 [ 25.421306] ? ksize_uaf+0x19d/0x6c0 [ 25.421328] __kasan_check_byte+0x3d/0x50 [ 25.421351] ksize+0x20/0x60 [ 25.421376] ksize_uaf+0x19d/0x6c0 [ 25.421413] ? __pfx_ksize_uaf+0x10/0x10 [ 25.421436] ? __schedule+0x10cc/0x2b60 [ 25.421462] ? __pfx_read_tsc+0x10/0x10 [ 25.421486] ? ktime_get_ts64+0x86/0x230 [ 25.421512] kunit_try_run_case+0x1a5/0x480 [ 25.421541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.421565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.421591] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.421616] ? __kthread_parkme+0x82/0x180 [ 25.421638] ? preempt_count_sub+0x50/0x80 [ 25.421663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.421689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.421715] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.421740] kthread+0x337/0x6f0 [ 25.421761] ? trace_preempt_on+0x20/0xc0 [ 25.421788] ? __pfx_kthread+0x10/0x10 [ 25.421810] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.421834] ? calculate_sigpending+0x7b/0xa0 [ 25.421860] ? __pfx_kthread+0x10/0x10 [ 25.421900] ret_from_fork+0x116/0x1d0 [ 25.421920] ? __pfx_kthread+0x10/0x10 [ 25.421942] ret_from_fork_asm+0x1a/0x30 [ 25.421976] </TASK> [ 25.421990] [ 25.435051] Allocated by task 245: [ 25.435591] kasan_save_stack+0x45/0x70 [ 25.435771] kasan_save_track+0x18/0x40 [ 25.435938] kasan_save_alloc_info+0x3b/0x50 [ 25.436386] __kasan_kmalloc+0xb7/0xc0 [ 25.436872] __kmalloc_cache_noprof+0x189/0x420 [ 25.437367] ksize_uaf+0xaa/0x6c0 [ 25.437790] kunit_try_run_case+0x1a5/0x480 [ 25.438317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.438805] kthread+0x337/0x6f0 [ 25.438954] ret_from_fork+0x116/0x1d0 [ 25.439096] ret_from_fork_asm+0x1a/0x30 [ 25.439265] [ 25.439711] Freed by task 245: [ 25.440028] kasan_save_stack+0x45/0x70 [ 25.440514] kasan_save_track+0x18/0x40 [ 25.441064] kasan_save_free_info+0x3f/0x60 [ 25.441964] __kasan_slab_free+0x56/0x70 [ 25.442410] kfree+0x222/0x3f0 [ 25.442781] ksize_uaf+0x12c/0x6c0 [ 25.442939] kunit_try_run_case+0x1a5/0x480 [ 25.443368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.443952] kthread+0x337/0x6f0 [ 25.444264] ret_from_fork+0x116/0x1d0 [ 25.444589] ret_from_fork_asm+0x1a/0x30 [ 25.444735] [ 25.444807] The buggy address belongs to the object at ffff888103d62f00 [ 25.444807] which belongs to the cache kmalloc-128 of size 128 [ 25.445865] The buggy address is located 0 bytes inside of [ 25.445865] freed 128-byte region [ffff888103d62f00, ffff888103d62f80) [ 25.447608] [ 25.447793] The buggy address belongs to the physical page: [ 25.448130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 25.448402] flags: 0x200000000000000(node=0|zone=2) [ 25.448906] page_type: f5(slab) [ 25.449282] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.449983] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.450900] page dumped because: kasan: bad access detected [ 25.451605] [ 25.451682] Memory state around the buggy address: [ 25.451845] ffff888103d62e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.452798] ffff888103d62e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.453607] >ffff888103d62f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.454318] ^ [ 25.454648] ffff888103d62f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.454905] ffff888103d63000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.455646] ================================================================== [ 25.456918] ================================================================== [ 25.457584] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 25.457822] Read of size 1 at addr ffff888103d62f00 by task kunit_try_catch/245 [ 25.458495] [ 25.458687] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.458740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.458752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.458776] Call Trace: [ 25.458793] <TASK> [ 25.458813] dump_stack_lvl+0x73/0xb0 [ 25.458844] print_report+0xd1/0x650 [ 25.458867] ? __virt_addr_valid+0x1db/0x2d0 [ 25.458893] ? ksize_uaf+0x5fe/0x6c0 [ 25.458917] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.458944] ? ksize_uaf+0x5fe/0x6c0 [ 25.459216] kasan_report+0x141/0x180 [ 25.459250] ? ksize_uaf+0x5fe/0x6c0 [ 25.459278] __asan_report_load1_noabort+0x18/0x20 [ 25.459304] ksize_uaf+0x5fe/0x6c0 [ 25.459327] ? __pfx_ksize_uaf+0x10/0x10 [ 25.459349] ? __schedule+0x10cc/0x2b60 [ 25.459376] ? __pfx_read_tsc+0x10/0x10 [ 25.459414] ? ktime_get_ts64+0x86/0x230 [ 25.459440] kunit_try_run_case+0x1a5/0x480 [ 25.459467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.459492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.459517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.459543] ? __kthread_parkme+0x82/0x180 [ 25.459565] ? preempt_count_sub+0x50/0x80 [ 25.459590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.459616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.459642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.459667] kthread+0x337/0x6f0 [ 25.459688] ? trace_preempt_on+0x20/0xc0 [ 25.459713] ? __pfx_kthread+0x10/0x10 [ 25.459735] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.459758] ? calculate_sigpending+0x7b/0xa0 [ 25.459784] ? __pfx_kthread+0x10/0x10 [ 25.459807] ret_from_fork+0x116/0x1d0 [ 25.459826] ? __pfx_kthread+0x10/0x10 [ 25.459848] ret_from_fork_asm+0x1a/0x30 [ 25.459881] </TASK> [ 25.459894] [ 25.472022] Allocated by task 245: [ 25.472470] kasan_save_stack+0x45/0x70 [ 25.472691] kasan_save_track+0x18/0x40 [ 25.472877] kasan_save_alloc_info+0x3b/0x50 [ 25.473074] __kasan_kmalloc+0xb7/0xc0 [ 25.473267] __kmalloc_cache_noprof+0x189/0x420 [ 25.473495] ksize_uaf+0xaa/0x6c0 [ 25.473660] kunit_try_run_case+0x1a5/0x480 [ 25.473863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.474102] kthread+0x337/0x6f0 [ 25.474268] ret_from_fork+0x116/0x1d0 [ 25.474555] ret_from_fork_asm+0x1a/0x30 [ 25.474708] [ 25.474777] Freed by task 245: [ 25.474888] kasan_save_stack+0x45/0x70 [ 25.475053] kasan_save_track+0x18/0x40 [ 25.475244] kasan_save_free_info+0x3f/0x60 [ 25.475616] __kasan_slab_free+0x56/0x70 [ 25.476306] kfree+0x222/0x3f0 [ 25.476458] ksize_uaf+0x12c/0x6c0 [ 25.477064] kunit_try_run_case+0x1a5/0x480 [ 25.477496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.477779] kthread+0x337/0x6f0 [ 25.478028] ret_from_fork+0x116/0x1d0 [ 25.478192] ret_from_fork_asm+0x1a/0x30 [ 25.478739] [ 25.478851] The buggy address belongs to the object at ffff888103d62f00 [ 25.478851] which belongs to the cache kmalloc-128 of size 128 [ 25.479697] The buggy address is located 0 bytes inside of [ 25.479697] freed 128-byte region [ffff888103d62f00, ffff888103d62f80) [ 25.480305] [ 25.480637] The buggy address belongs to the physical page: [ 25.480871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 25.481182] flags: 0x200000000000000(node=0|zone=2) [ 25.481468] page_type: f5(slab) [ 25.481629] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.482470] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.482783] page dumped because: kasan: bad access detected [ 25.483274] [ 25.483366] Memory state around the buggy address: [ 25.483800] ffff888103d62e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.484372] ffff888103d62e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.484785] >ffff888103d62f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.485529] ^ [ 25.485670] ffff888103d62f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.486322] ffff888103d63000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.486754] ================================================================== [ 25.487481] ================================================================== [ 25.488175] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 25.488602] Read of size 1 at addr ffff888103d62f78 by task kunit_try_catch/245 [ 25.489057] [ 25.489183] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.489237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.489250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.489275] Call Trace: [ 25.489298] <TASK> [ 25.489319] dump_stack_lvl+0x73/0xb0 [ 25.489351] print_report+0xd1/0x650 [ 25.489375] ? __virt_addr_valid+0x1db/0x2d0 [ 25.489415] ? ksize_uaf+0x5e4/0x6c0 [ 25.489437] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.489464] ? ksize_uaf+0x5e4/0x6c0 [ 25.489730] kasan_report+0x141/0x180 [ 25.489759] ? ksize_uaf+0x5e4/0x6c0 [ 25.489787] __asan_report_load1_noabort+0x18/0x20 [ 25.489812] ksize_uaf+0x5e4/0x6c0 [ 25.489834] ? __pfx_ksize_uaf+0x10/0x10 [ 25.489859] ? __schedule+0x10cc/0x2b60 [ 25.489885] ? __pfx_read_tsc+0x10/0x10 [ 25.489908] ? ktime_get_ts64+0x86/0x230 [ 25.489935] kunit_try_run_case+0x1a5/0x480 [ 25.489962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.489987] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.490012] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.490038] ? __kthread_parkme+0x82/0x180 [ 25.490060] ? preempt_count_sub+0x50/0x80 [ 25.490085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.490111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.490137] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.490179] kthread+0x337/0x6f0 [ 25.490200] ? trace_preempt_on+0x20/0xc0 [ 25.490226] ? __pfx_kthread+0x10/0x10 [ 25.490248] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.490273] ? calculate_sigpending+0x7b/0xa0 [ 25.490299] ? __pfx_kthread+0x10/0x10 [ 25.490322] ret_from_fork+0x116/0x1d0 [ 25.490343] ? __pfx_kthread+0x10/0x10 [ 25.490365] ret_from_fork_asm+0x1a/0x30 [ 25.490411] </TASK> [ 25.490424] [ 25.501646] Allocated by task 245: [ 25.502019] kasan_save_stack+0x45/0x70 [ 25.502201] kasan_save_track+0x18/0x40 [ 25.502606] kasan_save_alloc_info+0x3b/0x50 [ 25.502812] __kasan_kmalloc+0xb7/0xc0 [ 25.503384] __kmalloc_cache_noprof+0x189/0x420 [ 25.503629] ksize_uaf+0xaa/0x6c0 [ 25.503775] kunit_try_run_case+0x1a5/0x480 [ 25.504387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.504682] kthread+0x337/0x6f0 [ 25.504847] ret_from_fork+0x116/0x1d0 [ 25.505185] ret_from_fork_asm+0x1a/0x30 [ 25.505563] [ 25.505668] Freed by task 245: [ 25.505824] kasan_save_stack+0x45/0x70 [ 25.506021] kasan_save_track+0x18/0x40 [ 25.506255] kasan_save_free_info+0x3f/0x60 [ 25.506456] __kasan_slab_free+0x56/0x70 [ 25.506624] kfree+0x222/0x3f0 [ 25.506796] ksize_uaf+0x12c/0x6c0 [ 25.507033] kunit_try_run_case+0x1a5/0x480 [ 25.507240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.507608] kthread+0x337/0x6f0 [ 25.507777] ret_from_fork+0x116/0x1d0 [ 25.507984] ret_from_fork_asm+0x1a/0x30 [ 25.508131] [ 25.508272] The buggy address belongs to the object at ffff888103d62f00 [ 25.508272] which belongs to the cache kmalloc-128 of size 128 [ 25.508756] The buggy address is located 120 bytes inside of [ 25.508756] freed 128-byte region [ffff888103d62f00, ffff888103d62f80) [ 25.509581] [ 25.509688] The buggy address belongs to the physical page: [ 25.509988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 25.510253] flags: 0x200000000000000(node=0|zone=2) [ 25.510685] page_type: f5(slab) [ 25.510894] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.511371] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.511668] page dumped because: kasan: bad access detected [ 25.511848] [ 25.511920] Memory state around the buggy address: [ 25.512157] ffff888103d62e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.512511] ffff888103d62e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.512984] >ffff888103d62f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.513344] ^ [ 25.513622] ffff888103d62f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.513882] ffff888103d63000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.514358] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 25.395866] ================================================================== [ 25.396119] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.396447] Read of size 1 at addr ffff888105aac37f by task kunit_try_catch/243 [ 25.396771] [ 25.396880] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.396932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.396945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.396969] Call Trace: [ 25.396989] <TASK> [ 25.397009] dump_stack_lvl+0x73/0xb0 [ 25.397099] print_report+0xd1/0x650 [ 25.397129] ? __virt_addr_valid+0x1db/0x2d0 [ 25.397154] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.397178] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.397205] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.397230] kasan_report+0x141/0x180 [ 25.397254] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.397283] __asan_report_load1_noabort+0x18/0x20 [ 25.397352] ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.397381] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.397417] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.397450] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.397479] kunit_try_run_case+0x1a5/0x480 [ 25.397506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.397531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.397557] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.397582] ? __kthread_parkme+0x82/0x180 [ 25.397604] ? preempt_count_sub+0x50/0x80 [ 25.397629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.397655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.397681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.397707] kthread+0x337/0x6f0 [ 25.397728] ? trace_preempt_on+0x20/0xc0 [ 25.397754] ? __pfx_kthread+0x10/0x10 [ 25.397778] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.397802] ? calculate_sigpending+0x7b/0xa0 [ 25.397827] ? __pfx_kthread+0x10/0x10 [ 25.397850] ret_from_fork+0x116/0x1d0 [ 25.397870] ? __pfx_kthread+0x10/0x10 [ 25.397903] ret_from_fork_asm+0x1a/0x30 [ 25.397936] </TASK> [ 25.397949] [ 25.405750] Allocated by task 243: [ 25.405981] kasan_save_stack+0x45/0x70 [ 25.406195] kasan_save_track+0x18/0x40 [ 25.406404] kasan_save_alloc_info+0x3b/0x50 [ 25.406807] __kasan_kmalloc+0xb7/0xc0 [ 25.406989] __kmalloc_cache_noprof+0x189/0x420 [ 25.407362] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.407542] kunit_try_run_case+0x1a5/0x480 [ 25.407756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.408023] kthread+0x337/0x6f0 [ 25.408172] ret_from_fork+0x116/0x1d0 [ 25.408357] ret_from_fork_asm+0x1a/0x30 [ 25.408633] [ 25.408708] The buggy address belongs to the object at ffff888105aac300 [ 25.408708] which belongs to the cache kmalloc-128 of size 128 [ 25.409252] The buggy address is located 12 bytes to the right of [ 25.409252] allocated 115-byte region [ffff888105aac300, ffff888105aac373) [ 25.409896] [ 25.410000] The buggy address belongs to the physical page: [ 25.410408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 25.410672] flags: 0x200000000000000(node=0|zone=2) [ 25.410914] page_type: f5(slab) [ 25.411117] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.411580] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.411972] page dumped because: kasan: bad access detected [ 25.412247] [ 25.412331] Memory state around the buggy address: [ 25.412532] ffff888105aac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.412753] ffff888105aac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.413022] >ffff888105aac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.413341] ^ [ 25.413859] ffff888105aac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.414128] ffff888105aac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.414525] ================================================================== [ 25.364710] ================================================================== [ 25.365047] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.365298] Read of size 1 at addr ffff888105aac378 by task kunit_try_catch/243 [ 25.366103] [ 25.366348] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.366417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.366431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.366454] Call Trace: [ 25.366474] <TASK> [ 25.366493] dump_stack_lvl+0x73/0xb0 [ 25.366522] print_report+0xd1/0x650 [ 25.366545] ? __virt_addr_valid+0x1db/0x2d0 [ 25.366571] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.366594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.366620] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.366645] kasan_report+0x141/0x180 [ 25.366669] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.366698] __asan_report_load1_noabort+0x18/0x20 [ 25.366723] ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.366748] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.366771] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.366804] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.366832] kunit_try_run_case+0x1a5/0x480 [ 25.366859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.366884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.366911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.366937] ? __kthread_parkme+0x82/0x180 [ 25.366959] ? preempt_count_sub+0x50/0x80 [ 25.366984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.367011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.367037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.367062] kthread+0x337/0x6f0 [ 25.367083] ? trace_preempt_on+0x20/0xc0 [ 25.367109] ? __pfx_kthread+0x10/0x10 [ 25.367133] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.367157] ? calculate_sigpending+0x7b/0xa0 [ 25.367183] ? __pfx_kthread+0x10/0x10 [ 25.367207] ret_from_fork+0x116/0x1d0 [ 25.367229] ? __pfx_kthread+0x10/0x10 [ 25.367252] ret_from_fork_asm+0x1a/0x30 [ 25.367286] </TASK> [ 25.367298] [ 25.380769] Allocated by task 243: [ 25.380980] kasan_save_stack+0x45/0x70 [ 25.381350] kasan_save_track+0x18/0x40 [ 25.381790] kasan_save_alloc_info+0x3b/0x50 [ 25.382455] __kasan_kmalloc+0xb7/0xc0 [ 25.382887] __kmalloc_cache_noprof+0x189/0x420 [ 25.383492] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.383853] kunit_try_run_case+0x1a5/0x480 [ 25.384243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.384661] kthread+0x337/0x6f0 [ 25.384790] ret_from_fork+0x116/0x1d0 [ 25.384946] ret_from_fork_asm+0x1a/0x30 [ 25.385091] [ 25.385163] The buggy address belongs to the object at ffff888105aac300 [ 25.385163] which belongs to the cache kmalloc-128 of size 128 [ 25.385621] The buggy address is located 5 bytes to the right of [ 25.385621] allocated 115-byte region [ffff888105aac300, ffff888105aac373) [ 25.386301] [ 25.386709] The buggy address belongs to the physical page: [ 25.387487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 25.388325] flags: 0x200000000000000(node=0|zone=2) [ 25.388795] page_type: f5(slab) [ 25.389126] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.389822] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.390075] page dumped because: kasan: bad access detected [ 25.390447] [ 25.390798] Memory state around the buggy address: [ 25.391304] ffff888105aac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.392067] ffff888105aac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.392799] >ffff888105aac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.393254] ^ [ 25.393806] ffff888105aac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.394375] ffff888105aac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.395296] ================================================================== [ 25.335543] ================================================================== [ 25.336026] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 25.336503] Read of size 1 at addr ffff888105aac373 by task kunit_try_catch/243 [ 25.336818] [ 25.336930] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.336987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.337001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.337025] Call Trace: [ 25.337041] <TASK> [ 25.337063] dump_stack_lvl+0x73/0xb0 [ 25.337096] print_report+0xd1/0x650 [ 25.337121] ? __virt_addr_valid+0x1db/0x2d0 [ 25.337209] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.337238] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.337266] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.337291] kasan_report+0x141/0x180 [ 25.337316] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.337346] __asan_report_load1_noabort+0x18/0x20 [ 25.337371] ksize_unpoisons_memory+0x81c/0x9b0 [ 25.337410] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.337433] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.337466] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.337494] kunit_try_run_case+0x1a5/0x480 [ 25.337524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.337549] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.337575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.337601] ? __kthread_parkme+0x82/0x180 [ 25.337624] ? preempt_count_sub+0x50/0x80 [ 25.337649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.337676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.337702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.337728] kthread+0x337/0x6f0 [ 25.337749] ? trace_preempt_on+0x20/0xc0 [ 25.337775] ? __pfx_kthread+0x10/0x10 [ 25.337799] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.337823] ? calculate_sigpending+0x7b/0xa0 [ 25.337849] ? __pfx_kthread+0x10/0x10 [ 25.337873] ret_from_fork+0x116/0x1d0 [ 25.337894] ? __pfx_kthread+0x10/0x10 [ 25.337916] ret_from_fork_asm+0x1a/0x30 [ 25.337951] </TASK> [ 25.337966] [ 25.348756] Allocated by task 243: [ 25.349254] kasan_save_stack+0x45/0x70 [ 25.349594] kasan_save_track+0x18/0x40 [ 25.349741] kasan_save_alloc_info+0x3b/0x50 [ 25.349896] __kasan_kmalloc+0xb7/0xc0 [ 25.350433] __kmalloc_cache_noprof+0x189/0x420 [ 25.350884] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.351423] kunit_try_run_case+0x1a5/0x480 [ 25.351851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.352212] kthread+0x337/0x6f0 [ 25.352345] ret_from_fork+0x116/0x1d0 [ 25.352951] ret_from_fork_asm+0x1a/0x30 [ 25.353448] [ 25.353623] The buggy address belongs to the object at ffff888105aac300 [ 25.353623] which belongs to the cache kmalloc-128 of size 128 [ 25.354457] The buggy address is located 0 bytes to the right of [ 25.354457] allocated 115-byte region [ffff888105aac300, ffff888105aac373) [ 25.355579] [ 25.355669] The buggy address belongs to the physical page: [ 25.355855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 25.356837] flags: 0x200000000000000(node=0|zone=2) [ 25.357462] page_type: f5(slab) [ 25.357817] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.358282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.359067] page dumped because: kasan: bad access detected [ 25.359541] [ 25.359735] Memory state around the buggy address: [ 25.360254] ffff888105aac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.360697] ffff888105aac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.361048] >ffff888105aac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.361932] ^ [ 25.362442] ffff888105aac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.362946] ffff888105aac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.363563] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 25.294765] ================================================================== [ 25.296805] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 25.297246] Free of addr ffff88810527f2c0 by task kunit_try_catch/241 [ 25.298515] [ 25.298627] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.298682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.298697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.298721] Call Trace: [ 25.298737] <TASK> [ 25.298756] dump_stack_lvl+0x73/0xb0 [ 25.298787] print_report+0xd1/0x650 [ 25.298811] ? __virt_addr_valid+0x1db/0x2d0 [ 25.298837] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.299345] ? kfree_sensitive+0x2e/0x90 [ 25.299406] kasan_report_invalid_free+0x10a/0x130 [ 25.299435] ? kfree_sensitive+0x2e/0x90 [ 25.299462] ? kfree_sensitive+0x2e/0x90 [ 25.299486] check_slab_allocation+0x101/0x130 [ 25.299513] __kasan_slab_pre_free+0x28/0x40 [ 25.299534] kfree+0xf0/0x3f0 [ 25.299556] ? kfree_sensitive+0x2e/0x90 [ 25.299582] kfree_sensitive+0x2e/0x90 [ 25.299607] kmalloc_double_kzfree+0x19c/0x350 [ 25.299630] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.299655] ? __schedule+0x10cc/0x2b60 [ 25.299681] ? __pfx_read_tsc+0x10/0x10 [ 25.299704] ? ktime_get_ts64+0x86/0x230 [ 25.299730] kunit_try_run_case+0x1a5/0x480 [ 25.299756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.299780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.299805] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.299831] ? __kthread_parkme+0x82/0x180 [ 25.299852] ? preempt_count_sub+0x50/0x80 [ 25.299903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.299929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.299955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.299980] kthread+0x337/0x6f0 [ 25.300001] ? trace_preempt_on+0x20/0xc0 [ 25.300026] ? __pfx_kthread+0x10/0x10 [ 25.300048] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.300071] ? calculate_sigpending+0x7b/0xa0 [ 25.300096] ? __pfx_kthread+0x10/0x10 [ 25.300119] ret_from_fork+0x116/0x1d0 [ 25.300194] ? __pfx_kthread+0x10/0x10 [ 25.300219] ret_from_fork_asm+0x1a/0x30 [ 25.300258] </TASK> [ 25.300271] [ 25.314084] Allocated by task 241: [ 25.314529] kasan_save_stack+0x45/0x70 [ 25.314773] kasan_save_track+0x18/0x40 [ 25.315119] kasan_save_alloc_info+0x3b/0x50 [ 25.315420] __kasan_kmalloc+0xb7/0xc0 [ 25.315610] __kmalloc_cache_noprof+0x189/0x420 [ 25.315821] kmalloc_double_kzfree+0xa9/0x350 [ 25.316488] kunit_try_run_case+0x1a5/0x480 [ 25.316745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.317212] kthread+0x337/0x6f0 [ 25.317594] ret_from_fork+0x116/0x1d0 [ 25.318138] ret_from_fork_asm+0x1a/0x30 [ 25.318344] [ 25.318668] Freed by task 241: [ 25.318828] kasan_save_stack+0x45/0x70 [ 25.319386] kasan_save_track+0x18/0x40 [ 25.319724] kasan_save_free_info+0x3f/0x60 [ 25.320157] __kasan_slab_free+0x56/0x70 [ 25.320375] kfree+0x222/0x3f0 [ 25.320652] kfree_sensitive+0x67/0x90 [ 25.321022] kmalloc_double_kzfree+0x12b/0x350 [ 25.321362] kunit_try_run_case+0x1a5/0x480 [ 25.321589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.321826] kthread+0x337/0x6f0 [ 25.322373] ret_from_fork+0x116/0x1d0 [ 25.322662] ret_from_fork_asm+0x1a/0x30 [ 25.323073] [ 25.323377] The buggy address belongs to the object at ffff88810527f2c0 [ 25.323377] which belongs to the cache kmalloc-16 of size 16 [ 25.324123] The buggy address is located 0 bytes inside of [ 25.324123] 16-byte region [ffff88810527f2c0, ffff88810527f2d0) [ 25.325070] [ 25.325342] The buggy address belongs to the physical page: [ 25.325603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 25.326562] flags: 0x200000000000000(node=0|zone=2) [ 25.326926] page_type: f5(slab) [ 25.327484] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.327830] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.328358] page dumped because: kasan: bad access detected [ 25.328618] [ 25.328708] Memory state around the buggy address: [ 25.329140] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.329672] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.330127] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 25.330867] ^ [ 25.331132] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.331443] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.331735] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 25.271047] ================================================================== [ 25.271871] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 25.272592] Read of size 1 at addr ffff88810527f2c0 by task kunit_try_catch/241 [ 25.272881] [ 25.273001] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.273053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.273066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.273091] Call Trace: [ 25.273104] <TASK> [ 25.273123] dump_stack_lvl+0x73/0xb0 [ 25.273154] print_report+0xd1/0x650 [ 25.273177] ? __virt_addr_valid+0x1db/0x2d0 [ 25.273201] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.273223] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.273261] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.273285] kasan_report+0x141/0x180 [ 25.273307] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.273332] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.273355] __kasan_check_byte+0x3d/0x50 [ 25.273376] kfree_sensitive+0x22/0x90 [ 25.273416] kmalloc_double_kzfree+0x19c/0x350 [ 25.273439] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.273462] ? __schedule+0x10cc/0x2b60 [ 25.273488] ? __pfx_read_tsc+0x10/0x10 [ 25.273510] ? ktime_get_ts64+0x86/0x230 [ 25.273536] kunit_try_run_case+0x1a5/0x480 [ 25.273562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.273585] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.273609] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.273634] ? __kthread_parkme+0x82/0x180 [ 25.273654] ? preempt_count_sub+0x50/0x80 [ 25.273678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.273703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.273728] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.273752] kthread+0x337/0x6f0 [ 25.273772] ? trace_preempt_on+0x20/0xc0 [ 25.273796] ? __pfx_kthread+0x10/0x10 [ 25.273817] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.273840] ? calculate_sigpending+0x7b/0xa0 [ 25.273864] ? __pfx_kthread+0x10/0x10 [ 25.273929] ret_from_fork+0x116/0x1d0 [ 25.273954] ? __pfx_kthread+0x10/0x10 [ 25.273975] ret_from_fork_asm+0x1a/0x30 [ 25.274008] </TASK> [ 25.274022] [ 25.281966] Allocated by task 241: [ 25.282155] kasan_save_stack+0x45/0x70 [ 25.282412] kasan_save_track+0x18/0x40 [ 25.282598] kasan_save_alloc_info+0x3b/0x50 [ 25.282784] __kasan_kmalloc+0xb7/0xc0 [ 25.282978] __kmalloc_cache_noprof+0x189/0x420 [ 25.283156] kmalloc_double_kzfree+0xa9/0x350 [ 25.283382] kunit_try_run_case+0x1a5/0x480 [ 25.283791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.284091] kthread+0x337/0x6f0 [ 25.284300] ret_from_fork+0x116/0x1d0 [ 25.284446] ret_from_fork_asm+0x1a/0x30 [ 25.284586] [ 25.284654] Freed by task 241: [ 25.284765] kasan_save_stack+0x45/0x70 [ 25.284955] kasan_save_track+0x18/0x40 [ 25.285146] kasan_save_free_info+0x3f/0x60 [ 25.285402] __kasan_slab_free+0x56/0x70 [ 25.285738] kfree+0x222/0x3f0 [ 25.285967] kfree_sensitive+0x67/0x90 [ 25.286157] kmalloc_double_kzfree+0x12b/0x350 [ 25.286311] kunit_try_run_case+0x1a5/0x480 [ 25.286471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.286649] kthread+0x337/0x6f0 [ 25.286871] ret_from_fork+0x116/0x1d0 [ 25.287070] ret_from_fork_asm+0x1a/0x30 [ 25.287272] [ 25.287370] The buggy address belongs to the object at ffff88810527f2c0 [ 25.287370] which belongs to the cache kmalloc-16 of size 16 [ 25.288193] The buggy address is located 0 bytes inside of [ 25.288193] freed 16-byte region [ffff88810527f2c0, ffff88810527f2d0) [ 25.288832] [ 25.288955] The buggy address belongs to the physical page: [ 25.289137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 25.289382] flags: 0x200000000000000(node=0|zone=2) [ 25.289880] page_type: f5(slab) [ 25.290079] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.290443] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.290800] page dumped because: kasan: bad access detected [ 25.291131] [ 25.291228] Memory state around the buggy address: [ 25.291425] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.291663] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.292597] >ffff88810527f280: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 25.292843] ^ [ 25.293038] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.293376] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.293611] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 25.237755] ================================================================== [ 25.238734] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 25.239455] Read of size 1 at addr ffff888105aaaaa8 by task kunit_try_catch/237 [ 25.240024] [ 25.240146] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.240201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.240214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.240372] Call Trace: [ 25.240387] <TASK> [ 25.240420] dump_stack_lvl+0x73/0xb0 [ 25.240451] print_report+0xd1/0x650 [ 25.240475] ? __virt_addr_valid+0x1db/0x2d0 [ 25.240499] ? kmalloc_uaf2+0x4a8/0x520 [ 25.240519] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.240545] ? kmalloc_uaf2+0x4a8/0x520 [ 25.240566] kasan_report+0x141/0x180 [ 25.240587] ? kmalloc_uaf2+0x4a8/0x520 [ 25.240612] __asan_report_load1_noabort+0x18/0x20 [ 25.240637] kmalloc_uaf2+0x4a8/0x520 [ 25.240657] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 25.240677] ? finish_task_switch.isra.0+0x153/0x700 [ 25.240700] ? __switch_to+0x47/0xf50 [ 25.240728] ? __schedule+0x10cc/0x2b60 [ 25.240754] ? __pfx_read_tsc+0x10/0x10 [ 25.240776] ? ktime_get_ts64+0x86/0x230 [ 25.240802] kunit_try_run_case+0x1a5/0x480 [ 25.240829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.240853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.240879] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.240904] ? __kthread_parkme+0x82/0x180 [ 25.240925] ? preempt_count_sub+0x50/0x80 [ 25.240948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.240973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.240999] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.241023] kthread+0x337/0x6f0 [ 25.241044] ? trace_preempt_on+0x20/0xc0 [ 25.241069] ? __pfx_kthread+0x10/0x10 [ 25.241091] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.241114] ? calculate_sigpending+0x7b/0xa0 [ 25.241139] ? __pfx_kthread+0x10/0x10 [ 25.241173] ret_from_fork+0x116/0x1d0 [ 25.241193] ? __pfx_kthread+0x10/0x10 [ 25.241215] ret_from_fork_asm+0x1a/0x30 [ 25.241247] </TASK> [ 25.241260] [ 25.251581] Allocated by task 237: [ 25.251761] kasan_save_stack+0x45/0x70 [ 25.252117] kasan_save_track+0x18/0x40 [ 25.252502] kasan_save_alloc_info+0x3b/0x50 [ 25.252703] __kasan_kmalloc+0xb7/0xc0 [ 25.253090] __kmalloc_cache_noprof+0x189/0x420 [ 25.253437] kmalloc_uaf2+0xc6/0x520 [ 25.253771] kunit_try_run_case+0x1a5/0x480 [ 25.253979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.254243] kthread+0x337/0x6f0 [ 25.254634] ret_from_fork+0x116/0x1d0 [ 25.254830] ret_from_fork_asm+0x1a/0x30 [ 25.255113] [ 25.255267] Freed by task 237: [ 25.255434] kasan_save_stack+0x45/0x70 [ 25.255637] kasan_save_track+0x18/0x40 [ 25.255840] kasan_save_free_info+0x3f/0x60 [ 25.256401] __kasan_slab_free+0x56/0x70 [ 25.256607] kfree+0x222/0x3f0 [ 25.256760] kmalloc_uaf2+0x14c/0x520 [ 25.257067] kunit_try_run_case+0x1a5/0x480 [ 25.257459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.257722] kthread+0x337/0x6f0 [ 25.258062] ret_from_fork+0x116/0x1d0 [ 25.258249] ret_from_fork_asm+0x1a/0x30 [ 25.258597] [ 25.258698] The buggy address belongs to the object at ffff888105aaaa80 [ 25.258698] which belongs to the cache kmalloc-64 of size 64 [ 25.259466] The buggy address is located 40 bytes inside of [ 25.259466] freed 64-byte region [ffff888105aaaa80, ffff888105aaaac0) [ 25.259976] [ 25.260571] The buggy address belongs to the physical page: [ 25.260829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aaa [ 25.261343] flags: 0x200000000000000(node=0|zone=2) [ 25.261584] page_type: f5(slab) [ 25.261932] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.262474] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.262897] page dumped because: kasan: bad access detected [ 25.263132] [ 25.263202] Memory state around the buggy address: [ 25.263650] ffff888105aaa980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.264040] ffff888105aaaa00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.264534] >ffff888105aaaa80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.264844] ^ [ 25.265054] ffff888105aaab00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 25.265409] ffff888105aaab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.265722] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 25.203776] ================================================================== [ 25.204298] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 25.204712] Write of size 33 at addr ffff888105aaa980 by task kunit_try_catch/235 [ 25.205431] [ 25.205573] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.205630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.205643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.205667] Call Trace: [ 25.205682] <TASK> [ 25.205702] dump_stack_lvl+0x73/0xb0 [ 25.205734] print_report+0xd1/0x650 [ 25.205758] ? __virt_addr_valid+0x1db/0x2d0 [ 25.205783] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.205805] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.205831] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.205854] kasan_report+0x141/0x180 [ 25.205876] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.205904] kasan_check_range+0x10c/0x1c0 [ 25.205929] __asan_memset+0x27/0x50 [ 25.205953] kmalloc_uaf_memset+0x1a3/0x360 [ 25.205975] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 25.205999] ? __schedule+0x10cc/0x2b60 [ 25.206025] ? __pfx_read_tsc+0x10/0x10 [ 25.206050] ? ktime_get_ts64+0x86/0x230 [ 25.206077] kunit_try_run_case+0x1a5/0x480 [ 25.206104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.206129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.206154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.206180] ? __kthread_parkme+0x82/0x180 [ 25.206202] ? preempt_count_sub+0x50/0x80 [ 25.206227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.206253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.206279] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.206485] kthread+0x337/0x6f0 [ 25.206519] ? trace_preempt_on+0x20/0xc0 [ 25.206545] ? __pfx_kthread+0x10/0x10 [ 25.206567] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.206592] ? calculate_sigpending+0x7b/0xa0 [ 25.206618] ? __pfx_kthread+0x10/0x10 [ 25.206641] ret_from_fork+0x116/0x1d0 [ 25.206663] ? __pfx_kthread+0x10/0x10 [ 25.206685] ret_from_fork_asm+0x1a/0x30 [ 25.206718] </TASK> [ 25.206732] [ 25.217730] Allocated by task 235: [ 25.217881] kasan_save_stack+0x45/0x70 [ 25.218465] kasan_save_track+0x18/0x40 [ 25.218680] kasan_save_alloc_info+0x3b/0x50 [ 25.218877] __kasan_kmalloc+0xb7/0xc0 [ 25.219302] __kmalloc_cache_noprof+0x189/0x420 [ 25.219674] kmalloc_uaf_memset+0xa9/0x360 [ 25.220023] kunit_try_run_case+0x1a5/0x480 [ 25.220435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.220707] kthread+0x337/0x6f0 [ 25.220876] ret_from_fork+0x116/0x1d0 [ 25.221388] ret_from_fork_asm+0x1a/0x30 [ 25.221678] [ 25.221764] Freed by task 235: [ 25.221911] kasan_save_stack+0x45/0x70 [ 25.222523] kasan_save_track+0x18/0x40 [ 25.222722] kasan_save_free_info+0x3f/0x60 [ 25.223124] __kasan_slab_free+0x56/0x70 [ 25.223379] kfree+0x222/0x3f0 [ 25.223518] kmalloc_uaf_memset+0x12b/0x360 [ 25.223952] kunit_try_run_case+0x1a5/0x480 [ 25.224309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.224642] kthread+0x337/0x6f0 [ 25.224807] ret_from_fork+0x116/0x1d0 [ 25.225324] ret_from_fork_asm+0x1a/0x30 [ 25.225496] [ 25.225758] The buggy address belongs to the object at ffff888105aaa980 [ 25.225758] which belongs to the cache kmalloc-64 of size 64 [ 25.226654] The buggy address is located 0 bytes inside of [ 25.226654] freed 64-byte region [ffff888105aaa980, ffff888105aaa9c0) [ 25.227477] [ 25.227589] The buggy address belongs to the physical page: [ 25.227851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aaa [ 25.228426] flags: 0x200000000000000(node=0|zone=2) [ 25.228750] page_type: f5(slab) [ 25.228927] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.229549] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.229929] page dumped because: kasan: bad access detected [ 25.230238] [ 25.230322] Memory state around the buggy address: [ 25.230554] ffff888105aaa880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.230865] ffff888105aaa900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.231161] >ffff888105aaa980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.231474] ^ [ 25.231629] ffff888105aaaa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.232577] ffff888105aaaa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.232886] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 25.164676] ================================================================== [ 25.165255] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 25.165735] Read of size 1 at addr ffff888102b9b568 by task kunit_try_catch/233 [ 25.166133] [ 25.166332] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.166399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.166412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.166436] Call Trace: [ 25.166449] <TASK> [ 25.166480] dump_stack_lvl+0x73/0xb0 [ 25.166511] print_report+0xd1/0x650 [ 25.166535] ? __virt_addr_valid+0x1db/0x2d0 [ 25.166573] ? kmalloc_uaf+0x320/0x380 [ 25.166593] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.166619] ? kmalloc_uaf+0x320/0x380 [ 25.166649] kasan_report+0x141/0x180 [ 25.166672] ? kmalloc_uaf+0x320/0x380 [ 25.166697] __asan_report_load1_noabort+0x18/0x20 [ 25.166733] kmalloc_uaf+0x320/0x380 [ 25.166754] ? __pfx_kmalloc_uaf+0x10/0x10 [ 25.166775] ? __schedule+0x10cc/0x2b60 [ 25.166801] ? __pfx_read_tsc+0x10/0x10 [ 25.166824] ? ktime_get_ts64+0x86/0x230 [ 25.166851] kunit_try_run_case+0x1a5/0x480 [ 25.166878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.166904] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.166929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.166954] ? __kthread_parkme+0x82/0x180 [ 25.166976] ? preempt_count_sub+0x50/0x80 [ 25.167000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.167026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.167051] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.167077] kthread+0x337/0x6f0 [ 25.167107] ? trace_preempt_on+0x20/0xc0 [ 25.167132] ? __pfx_kthread+0x10/0x10 [ 25.167154] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.167188] ? calculate_sigpending+0x7b/0xa0 [ 25.167213] ? __pfx_kthread+0x10/0x10 [ 25.167236] ret_from_fork+0x116/0x1d0 [ 25.167268] ? __pfx_kthread+0x10/0x10 [ 25.167289] ret_from_fork_asm+0x1a/0x30 [ 25.167322] </TASK> [ 25.167335] [ 25.179293] Allocated by task 233: [ 25.179489] kasan_save_stack+0x45/0x70 [ 25.179687] kasan_save_track+0x18/0x40 [ 25.179873] kasan_save_alloc_info+0x3b/0x50 [ 25.180724] __kasan_kmalloc+0xb7/0xc0 [ 25.181069] __kmalloc_cache_noprof+0x189/0x420 [ 25.181611] kmalloc_uaf+0xaa/0x380 [ 25.181804] kunit_try_run_case+0x1a5/0x480 [ 25.182331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.182799] kthread+0x337/0x6f0 [ 25.183387] ret_from_fork+0x116/0x1d0 [ 25.183686] ret_from_fork_asm+0x1a/0x30 [ 25.184061] [ 25.184477] Freed by task 233: [ 25.184646] kasan_save_stack+0x45/0x70 [ 25.184833] kasan_save_track+0x18/0x40 [ 25.185475] kasan_save_free_info+0x3f/0x60 [ 25.185777] __kasan_slab_free+0x56/0x70 [ 25.186327] kfree+0x222/0x3f0 [ 25.186583] kmalloc_uaf+0x12c/0x380 [ 25.186757] kunit_try_run_case+0x1a5/0x480 [ 25.187203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.187658] kthread+0x337/0x6f0 [ 25.188134] ret_from_fork+0x116/0x1d0 [ 25.188721] ret_from_fork_asm+0x1a/0x30 [ 25.189181] [ 25.189412] The buggy address belongs to the object at ffff888102b9b560 [ 25.189412] which belongs to the cache kmalloc-16 of size 16 [ 25.190502] The buggy address is located 8 bytes inside of [ 25.190502] freed 16-byte region [ffff888102b9b560, ffff888102b9b570) [ 25.191463] [ 25.191663] The buggy address belongs to the physical page: [ 25.192368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b9b [ 25.192818] flags: 0x200000000000000(node=0|zone=2) [ 25.193550] page_type: f5(slab) [ 25.194202] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.194555] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.194854] page dumped because: kasan: bad access detected [ 25.195086] [ 25.195796] Memory state around the buggy address: [ 25.196136] ffff888102b9b400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.196918] ffff888102b9b480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.198168] >ffff888102b9b500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.198598] ^ [ 25.198879] ffff888102b9b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.199472] ffff888102b9b600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.199940] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.139513] ================================================================== [ 25.140717] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.141347] Read of size 64 at addr ffff888104512104 by task kunit_try_catch/231 [ 25.141665] [ 25.142109] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.142168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.142182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.142208] Call Trace: [ 25.142234] <TASK> [ 25.142259] dump_stack_lvl+0x73/0xb0 [ 25.142300] print_report+0xd1/0x650 [ 25.142324] ? __virt_addr_valid+0x1db/0x2d0 [ 25.142351] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.142375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.142413] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.142438] kasan_report+0x141/0x180 [ 25.142460] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.142489] kasan_check_range+0x10c/0x1c0 [ 25.142513] __asan_memmove+0x27/0x70 [ 25.142536] kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.142560] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.142584] ? __schedule+0x10cc/0x2b60 [ 25.142610] ? __pfx_read_tsc+0x10/0x10 [ 25.142632] ? ktime_get_ts64+0x86/0x230 [ 25.142660] kunit_try_run_case+0x1a5/0x480 [ 25.142688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.142711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.142736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.142760] ? __kthread_parkme+0x82/0x180 [ 25.142782] ? preempt_count_sub+0x50/0x80 [ 25.142806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.142831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.142856] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.142881] kthread+0x337/0x6f0 [ 25.142901] ? trace_preempt_on+0x20/0xc0 [ 25.142927] ? __pfx_kthread+0x10/0x10 [ 25.142948] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.142971] ? calculate_sigpending+0x7b/0xa0 [ 25.142996] ? __pfx_kthread+0x10/0x10 [ 25.143018] ret_from_fork+0x116/0x1d0 [ 25.143037] ? __pfx_kthread+0x10/0x10 [ 25.143058] ret_from_fork_asm+0x1a/0x30 [ 25.143090] </TASK> [ 25.143104] [ 25.150888] Allocated by task 231: [ 25.151086] kasan_save_stack+0x45/0x70 [ 25.151284] kasan_save_track+0x18/0x40 [ 25.151676] kasan_save_alloc_info+0x3b/0x50 [ 25.151845] __kasan_kmalloc+0xb7/0xc0 [ 25.151978] __kmalloc_cache_noprof+0x189/0x420 [ 25.152252] kmalloc_memmove_invalid_size+0xac/0x330 [ 25.152535] kunit_try_run_case+0x1a5/0x480 [ 25.152774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.153071] kthread+0x337/0x6f0 [ 25.153330] ret_from_fork+0x116/0x1d0 [ 25.153562] ret_from_fork_asm+0x1a/0x30 [ 25.153705] [ 25.153799] The buggy address belongs to the object at ffff888104512100 [ 25.153799] which belongs to the cache kmalloc-64 of size 64 [ 25.154430] The buggy address is located 4 bytes inside of [ 25.154430] allocated 64-byte region [ffff888104512100, ffff888104512140) [ 25.154983] [ 25.155078] The buggy address belongs to the physical page: [ 25.155282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104512 [ 25.156185] flags: 0x200000000000000(node=0|zone=2) [ 25.156444] page_type: f5(slab) [ 25.156638] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.156976] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.157327] page dumped because: kasan: bad access detected [ 25.157624] [ 25.157697] Memory state around the buggy address: [ 25.157853] ffff888104512000: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 25.158071] ffff888104512080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.158559] >ffff888104512100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.158889] ^ [ 25.159132] ffff888104512180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.159468] ffff888104512200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.159728] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.102975] ================================================================== [ 25.104427] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 25.105297] Read of size 18446744073709551614 at addr ffff888105aaa684 by task kunit_try_catch/229 [ 25.105885] [ 25.105991] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.106051] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.106066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.106091] Call Trace: [ 25.106108] <TASK> [ 25.106131] dump_stack_lvl+0x73/0xb0 [ 25.106179] print_report+0xd1/0x650 [ 25.106207] ? __virt_addr_valid+0x1db/0x2d0 [ 25.106235] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.106263] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.106292] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.106341] kasan_report+0x141/0x180 [ 25.106366] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.106411] kasan_check_range+0x10c/0x1c0 [ 25.106437] __asan_memmove+0x27/0x70 [ 25.106463] kmalloc_memmove_negative_size+0x171/0x330 [ 25.106490] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.106517] ? __schedule+0x10cc/0x2b60 [ 25.106547] ? __pfx_read_tsc+0x10/0x10 [ 25.106573] ? ktime_get_ts64+0x86/0x230 [ 25.106603] kunit_try_run_case+0x1a5/0x480 [ 25.106635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.106663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.106690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.106717] ? __kthread_parkme+0x82/0x180 [ 25.106741] ? preempt_count_sub+0x50/0x80 [ 25.106768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.106796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.106825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.106853] kthread+0x337/0x6f0 [ 25.106875] ? trace_preempt_on+0x20/0xc0 [ 25.106904] ? __pfx_kthread+0x10/0x10 [ 25.106928] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.106954] ? calculate_sigpending+0x7b/0xa0 [ 25.106982] ? __pfx_kthread+0x10/0x10 [ 25.107006] ret_from_fork+0x116/0x1d0 [ 25.107028] ? __pfx_kthread+0x10/0x10 [ 25.107052] ret_from_fork_asm+0x1a/0x30 [ 25.107088] </TASK> [ 25.107103] [ 25.122269] Allocated by task 229: [ 25.122762] kasan_save_stack+0x45/0x70 [ 25.123221] kasan_save_track+0x18/0x40 [ 25.123654] kasan_save_alloc_info+0x3b/0x50 [ 25.124115] __kasan_kmalloc+0xb7/0xc0 [ 25.124519] __kmalloc_cache_noprof+0x189/0x420 [ 25.124690] kmalloc_memmove_negative_size+0xac/0x330 [ 25.124865] kunit_try_run_case+0x1a5/0x480 [ 25.125427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.125968] kthread+0x337/0x6f0 [ 25.126309] ret_from_fork+0x116/0x1d0 [ 25.126719] ret_from_fork_asm+0x1a/0x30 [ 25.127115] [ 25.127332] The buggy address belongs to the object at ffff888105aaa680 [ 25.127332] which belongs to the cache kmalloc-64 of size 64 [ 25.127882] The buggy address is located 4 bytes inside of [ 25.127882] 64-byte region [ffff888105aaa680, ffff888105aaa6c0) [ 25.128250] [ 25.128329] The buggy address belongs to the physical page: [ 25.128896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aaa [ 25.129821] flags: 0x200000000000000(node=0|zone=2) [ 25.130357] page_type: f5(slab) [ 25.130680] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.131098] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.131913] page dumped because: kasan: bad access detected [ 25.132450] [ 25.132610] Memory state around the buggy address: [ 25.132835] ffff888105aaa580: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 25.133617] ffff888105aaa600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.134059] >ffff888105aaa680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.134588] ^ [ 25.134890] ffff888105aaa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.135564] ffff888105aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.136031] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.071050] ================================================================== [ 25.072498] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 25.073048] Write of size 16 at addr ffff888105aac269 by task kunit_try_catch/227 [ 25.073429] [ 25.073635] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.073696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.073711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.073737] Call Trace: [ 25.073753] <TASK> [ 25.073776] dump_stack_lvl+0x73/0xb0 [ 25.073811] print_report+0xd1/0x650 [ 25.073837] ? __virt_addr_valid+0x1db/0x2d0 [ 25.073864] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.073888] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.073917] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.073961] kasan_report+0x141/0x180 [ 25.073986] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.074016] kasan_check_range+0x10c/0x1c0 [ 25.074042] __asan_memset+0x27/0x50 [ 25.074068] kmalloc_oob_memset_16+0x166/0x330 [ 25.074094] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.074119] ? __schedule+0x10cc/0x2b60 [ 25.074147] ? __pfx_read_tsc+0x10/0x10 [ 25.074184] ? ktime_get_ts64+0x86/0x230 [ 25.074214] kunit_try_run_case+0x1a5/0x480 [ 25.074245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.074272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.074300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.074327] ? __kthread_parkme+0x82/0x180 [ 25.074351] ? preempt_count_sub+0x50/0x80 [ 25.074378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.074419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.074448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.074475] kthread+0x337/0x6f0 [ 25.074498] ? trace_preempt_on+0x20/0xc0 [ 25.074528] ? __pfx_kthread+0x10/0x10 [ 25.074554] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.074582] ? calculate_sigpending+0x7b/0xa0 [ 25.074610] ? __pfx_kthread+0x10/0x10 [ 25.074634] ret_from_fork+0x116/0x1d0 [ 25.074657] ? __pfx_kthread+0x10/0x10 [ 25.074681] ret_from_fork_asm+0x1a/0x30 [ 25.074718] </TASK> [ 25.074733] [ 25.084309] Allocated by task 227: [ 25.084534] kasan_save_stack+0x45/0x70 [ 25.084767] kasan_save_track+0x18/0x40 [ 25.085680] kasan_save_alloc_info+0x3b/0x50 [ 25.086088] __kasan_kmalloc+0xb7/0xc0 [ 25.086263] __kmalloc_cache_noprof+0x189/0x420 [ 25.086447] kmalloc_oob_memset_16+0xac/0x330 [ 25.086609] kunit_try_run_case+0x1a5/0x480 [ 25.086766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.086953] kthread+0x337/0x6f0 [ 25.087079] ret_from_fork+0x116/0x1d0 [ 25.087219] ret_from_fork_asm+0x1a/0x30 [ 25.087367] [ 25.087553] The buggy address belongs to the object at ffff888105aac200 [ 25.087553] which belongs to the cache kmalloc-128 of size 128 [ 25.088665] The buggy address is located 105 bytes inside of [ 25.088665] allocated 120-byte region [ffff888105aac200, ffff888105aac278) [ 25.090085] [ 25.090263] The buggy address belongs to the physical page: [ 25.090877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 25.091740] flags: 0x200000000000000(node=0|zone=2) [ 25.092274] page_type: f5(slab) [ 25.092632] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.093524] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.094271] page dumped because: kasan: bad access detected [ 25.094965] [ 25.095344] Memory state around the buggy address: [ 25.095588] ffff888105aac100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.095822] ffff888105aac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.096494] >ffff888105aac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.097247] ^ [ 25.097947] ffff888105aac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.098762] ffff888105aac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.099628] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.027112] ================================================================== [ 25.027630] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 25.028007] Write of size 8 at addr ffff888105aac171 by task kunit_try_catch/225 [ 25.028350] [ 25.028470] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.028554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.028568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.028593] Call Trace: [ 25.028608] <TASK> [ 25.028630] dump_stack_lvl+0x73/0xb0 [ 25.028662] print_report+0xd1/0x650 [ 25.028687] ? __virt_addr_valid+0x1db/0x2d0 [ 25.028713] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.028735] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.028763] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.028787] kasan_report+0x141/0x180 [ 25.028812] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.028840] kasan_check_range+0x10c/0x1c0 [ 25.028865] __asan_memset+0x27/0x50 [ 25.028890] kmalloc_oob_memset_8+0x166/0x330 [ 25.028914] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.028938] ? __schedule+0x10cc/0x2b60 [ 25.028966] ? __pfx_read_tsc+0x10/0x10 [ 25.028990] ? ktime_get_ts64+0x86/0x230 [ 25.029018] kunit_try_run_case+0x1a5/0x480 [ 25.029047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.029072] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.029098] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.029124] ? __kthread_parkme+0x82/0x180 [ 25.029147] ? preempt_count_sub+0x50/0x80 [ 25.029172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.029200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.029226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.029266] kthread+0x337/0x6f0 [ 25.029288] ? trace_preempt_on+0x20/0xc0 [ 25.029314] ? __pfx_kthread+0x10/0x10 [ 25.029336] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.029360] ? calculate_sigpending+0x7b/0xa0 [ 25.029386] ? __pfx_kthread+0x10/0x10 [ 25.029421] ret_from_fork+0x116/0x1d0 [ 25.029442] ? __pfx_kthread+0x10/0x10 [ 25.029465] ret_from_fork_asm+0x1a/0x30 [ 25.029499] </TASK> [ 25.029513] [ 25.045812] Allocated by task 225: [ 25.046628] kasan_save_stack+0x45/0x70 [ 25.047185] kasan_save_track+0x18/0x40 [ 25.047583] kasan_save_alloc_info+0x3b/0x50 [ 25.047764] __kasan_kmalloc+0xb7/0xc0 [ 25.047990] __kmalloc_cache_noprof+0x189/0x420 [ 25.048927] kmalloc_oob_memset_8+0xac/0x330 [ 25.049700] kunit_try_run_case+0x1a5/0x480 [ 25.050197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.050781] kthread+0x337/0x6f0 [ 25.051471] ret_from_fork+0x116/0x1d0 [ 25.052004] ret_from_fork_asm+0x1a/0x30 [ 25.052602] [ 25.052693] The buggy address belongs to the object at ffff888105aac100 [ 25.052693] which belongs to the cache kmalloc-128 of size 128 [ 25.054268] The buggy address is located 113 bytes inside of [ 25.054268] allocated 120-byte region [ffff888105aac100, ffff888105aac178) [ 25.055093] [ 25.055442] The buggy address belongs to the physical page: [ 25.056099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 25.057069] flags: 0x200000000000000(node=0|zone=2) [ 25.057682] page_type: f5(slab) [ 25.057936] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.058614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.058881] page dumped because: kasan: bad access detected [ 25.059073] [ 25.059211] Memory state around the buggy address: [ 25.059720] ffff888105aac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.060587] ffff888105aac080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.061540] >ffff888105aac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.062495] ^ [ 25.063335] ffff888105aac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.063811] ffff888105aac200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.064522] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.003353] ================================================================== [ 25.003836] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 25.004217] Write of size 4 at addr ffff888103d62e75 by task kunit_try_catch/223 [ 25.004975] [ 25.005082] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 25.005149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.005174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.005198] Call Trace: [ 25.005212] <TASK> [ 25.005232] dump_stack_lvl+0x73/0xb0 [ 25.005262] print_report+0xd1/0x650 [ 25.005286] ? __virt_addr_valid+0x1db/0x2d0 [ 25.005312] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.005334] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.005360] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.005383] kasan_report+0x141/0x180 [ 25.005421] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.005448] kasan_check_range+0x10c/0x1c0 [ 25.005474] __asan_memset+0x27/0x50 [ 25.005498] kmalloc_oob_memset_4+0x166/0x330 [ 25.005521] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.005546] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.005573] kunit_try_run_case+0x1a5/0x480 [ 25.005600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.005624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.005650] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.005675] ? __kthread_parkme+0x82/0x180 [ 25.005697] ? preempt_count_sub+0x50/0x80 [ 25.005721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.005747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.005772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.005797] kthread+0x337/0x6f0 [ 25.005817] ? trace_preempt_on+0x20/0xc0 [ 25.005843] ? __pfx_kthread+0x10/0x10 [ 25.005864] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.005901] ? calculate_sigpending+0x7b/0xa0 [ 25.005926] ? __pfx_kthread+0x10/0x10 [ 25.005948] ret_from_fork+0x116/0x1d0 [ 25.005969] ? __pfx_kthread+0x10/0x10 [ 25.005990] ret_from_fork_asm+0x1a/0x30 [ 25.006023] </TASK> [ 25.006036] [ 25.013523] Allocated by task 223: [ 25.013679] kasan_save_stack+0x45/0x70 [ 25.013934] kasan_save_track+0x18/0x40 [ 25.014143] kasan_save_alloc_info+0x3b/0x50 [ 25.014366] __kasan_kmalloc+0xb7/0xc0 [ 25.014628] __kmalloc_cache_noprof+0x189/0x420 [ 25.014875] kmalloc_oob_memset_4+0xac/0x330 [ 25.015184] kunit_try_run_case+0x1a5/0x480 [ 25.015463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.015653] kthread+0x337/0x6f0 [ 25.015827] ret_from_fork+0x116/0x1d0 [ 25.016027] ret_from_fork_asm+0x1a/0x30 [ 25.016575] [ 25.016666] The buggy address belongs to the object at ffff888103d62e00 [ 25.016666] which belongs to the cache kmalloc-128 of size 128 [ 25.017158] The buggy address is located 117 bytes inside of [ 25.017158] allocated 120-byte region [ffff888103d62e00, ffff888103d62e78) [ 25.017756] [ 25.017834] The buggy address belongs to the physical page: [ 25.018100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 25.018516] flags: 0x200000000000000(node=0|zone=2) [ 25.018692] page_type: f5(slab) [ 25.018818] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.019180] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.019571] page dumped because: kasan: bad access detected [ 25.019808] [ 25.019878] Memory state around the buggy address: [ 25.020118] ffff888103d62d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.020471] ffff888103d62d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.020703] >ffff888103d62e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.020925] ^ [ 25.021515] ffff888103d62e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.021863] ffff888103d62f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.022337] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 24.979012] ================================================================== [ 24.979494] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 24.979874] Write of size 2 at addr ffff888105aac077 by task kunit_try_catch/221 [ 24.980216] [ 24.980343] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.980413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.980427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.980452] Call Trace: [ 24.980467] <TASK> [ 24.980489] dump_stack_lvl+0x73/0xb0 [ 24.980522] print_report+0xd1/0x650 [ 24.980547] ? __virt_addr_valid+0x1db/0x2d0 [ 24.980574] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.980596] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.980624] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.980646] kasan_report+0x141/0x180 [ 24.980669] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.980697] kasan_check_range+0x10c/0x1c0 [ 24.980722] __asan_memset+0x27/0x50 [ 24.980746] kmalloc_oob_memset_2+0x166/0x330 [ 24.980770] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 24.980794] ? __schedule+0x10cc/0x2b60 [ 24.980820] ? __pfx_read_tsc+0x10/0x10 [ 24.980845] ? ktime_get_ts64+0x86/0x230 [ 24.980873] kunit_try_run_case+0x1a5/0x480 [ 24.980979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.981005] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.981032] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.981058] ? __kthread_parkme+0x82/0x180 [ 24.981082] ? preempt_count_sub+0x50/0x80 [ 24.981170] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.981201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.981228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.981254] kthread+0x337/0x6f0 [ 24.981276] ? trace_preempt_on+0x20/0xc0 [ 24.981303] ? __pfx_kthread+0x10/0x10 [ 24.981325] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.981349] ? calculate_sigpending+0x7b/0xa0 [ 24.981376] ? __pfx_kthread+0x10/0x10 [ 24.981411] ret_from_fork+0x116/0x1d0 [ 24.981432] ? __pfx_kthread+0x10/0x10 [ 24.981454] ret_from_fork_asm+0x1a/0x30 [ 24.981489] </TASK> [ 24.981502] [ 24.989825] Allocated by task 221: [ 24.989965] kasan_save_stack+0x45/0x70 [ 24.990348] kasan_save_track+0x18/0x40 [ 24.990582] kasan_save_alloc_info+0x3b/0x50 [ 24.990808] __kasan_kmalloc+0xb7/0xc0 [ 24.991113] __kmalloc_cache_noprof+0x189/0x420 [ 24.991269] kmalloc_oob_memset_2+0xac/0x330 [ 24.991426] kunit_try_run_case+0x1a5/0x480 [ 24.991774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.992240] kthread+0x337/0x6f0 [ 24.992429] ret_from_fork+0x116/0x1d0 [ 24.992634] ret_from_fork_asm+0x1a/0x30 [ 24.992835] [ 24.992981] The buggy address belongs to the object at ffff888105aac000 [ 24.992981] which belongs to the cache kmalloc-128 of size 128 [ 24.993546] The buggy address is located 119 bytes inside of [ 24.993546] allocated 120-byte region [ffff888105aac000, ffff888105aac078) [ 24.994082] [ 24.994355] The buggy address belongs to the physical page: [ 24.994611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105aac [ 24.994871] flags: 0x200000000000000(node=0|zone=2) [ 24.995039] page_type: f5(slab) [ 24.995162] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.995473] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.995903] page dumped because: kasan: bad access detected [ 24.996159] [ 24.996296] Memory state around the buggy address: [ 24.996620] ffff888105aabf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.996847] ffff888105aabf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.997534] >ffff888105aac000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.997871] ^ [ 24.998334] ffff888105aac080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.998642] ffff888105aac100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.999009] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 24.942840] ================================================================== [ 24.943734] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 24.944781] Write of size 128 at addr ffff888103d62d00 by task kunit_try_catch/219 [ 24.945498] [ 24.945607] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.945664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.945679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.945704] Call Trace: [ 24.945720] <TASK> [ 24.945740] dump_stack_lvl+0x73/0xb0 [ 24.945771] print_report+0xd1/0x650 [ 24.945796] ? __virt_addr_valid+0x1db/0x2d0 [ 24.945823] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.945846] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.945874] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.945897] kasan_report+0x141/0x180 [ 24.945920] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.945949] kasan_check_range+0x10c/0x1c0 [ 24.945973] __asan_memset+0x27/0x50 [ 24.946028] kmalloc_oob_in_memset+0x15f/0x320 [ 24.946081] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.946110] ? __schedule+0x10cc/0x2b60 [ 24.946149] ? __pfx_read_tsc+0x10/0x10 [ 24.946173] ? ktime_get_ts64+0x86/0x230 [ 24.946199] kunit_try_run_case+0x1a5/0x480 [ 24.946227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.946252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.946277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.946303] ? __kthread_parkme+0x82/0x180 [ 24.946338] ? preempt_count_sub+0x50/0x80 [ 24.946363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.946400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.946426] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.946452] kthread+0x337/0x6f0 [ 24.946472] ? trace_preempt_on+0x20/0xc0 [ 24.946498] ? __pfx_kthread+0x10/0x10 [ 24.946520] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.946544] ? calculate_sigpending+0x7b/0xa0 [ 24.946569] ? __pfx_kthread+0x10/0x10 [ 24.946592] ret_from_fork+0x116/0x1d0 [ 24.946613] ? __pfx_kthread+0x10/0x10 [ 24.946634] ret_from_fork_asm+0x1a/0x30 [ 24.946668] </TASK> [ 24.946682] [ 24.959824] Allocated by task 219: [ 24.960106] kasan_save_stack+0x45/0x70 [ 24.960295] kasan_save_track+0x18/0x40 [ 24.960446] kasan_save_alloc_info+0x3b/0x50 [ 24.960672] __kasan_kmalloc+0xb7/0xc0 [ 24.961094] __kmalloc_cache_noprof+0x189/0x420 [ 24.961485] kmalloc_oob_in_memset+0xac/0x320 [ 24.962112] kunit_try_run_case+0x1a5/0x480 [ 24.962457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.962646] kthread+0x337/0x6f0 [ 24.962782] ret_from_fork+0x116/0x1d0 [ 24.963051] ret_from_fork_asm+0x1a/0x30 [ 24.963258] [ 24.963471] The buggy address belongs to the object at ffff888103d62d00 [ 24.963471] which belongs to the cache kmalloc-128 of size 128 [ 24.964187] The buggy address is located 0 bytes inside of [ 24.964187] allocated 120-byte region [ffff888103d62d00, ffff888103d62d78) [ 24.965298] [ 24.965421] The buggy address belongs to the physical page: [ 24.965678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.966487] flags: 0x200000000000000(node=0|zone=2) [ 24.966781] page_type: f5(slab) [ 24.967263] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.967755] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.968657] page dumped because: kasan: bad access detected [ 24.969096] [ 24.969226] Memory state around the buggy address: [ 24.969697] ffff888103d62c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.970348] ffff888103d62c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.970682] >ffff888103d62d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.971349] ^ [ 24.971837] ffff888103d62d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.972507] ffff888103d62e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.973010] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 24.911536] ================================================================== [ 24.912011] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 24.912534] Read of size 16 at addr ffff88810527f2a0 by task kunit_try_catch/217 [ 24.913169] [ 24.913306] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.913362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.913376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.913414] Call Trace: [ 24.913428] <TASK> [ 24.913448] dump_stack_lvl+0x73/0xb0 [ 24.913478] print_report+0xd1/0x650 [ 24.913503] ? __virt_addr_valid+0x1db/0x2d0 [ 24.913530] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.913553] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.913581] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.913603] kasan_report+0x141/0x180 [ 24.913627] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.913654] __asan_report_load16_noabort+0x18/0x20 [ 24.913680] kmalloc_uaf_16+0x47b/0x4c0 [ 24.913703] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 24.913726] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.913754] ? trace_hardirqs_on+0x37/0xe0 [ 24.913781] ? __pfx_read_tsc+0x10/0x10 [ 24.913805] ? ktime_get_ts64+0x86/0x230 [ 24.913832] kunit_try_run_case+0x1a5/0x480 [ 24.913861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.914042] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.914081] ? __kthread_parkme+0x82/0x180 [ 24.914106] ? preempt_count_sub+0x50/0x80 [ 24.914133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.914214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.914243] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.914271] kthread+0x337/0x6f0 [ 24.914293] ? trace_preempt_on+0x20/0xc0 [ 24.914319] ? __pfx_kthread+0x10/0x10 [ 24.914342] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.914367] ? calculate_sigpending+0x7b/0xa0 [ 24.914406] ? __pfx_kthread+0x10/0x10 [ 24.914430] ret_from_fork+0x116/0x1d0 [ 24.914452] ? __pfx_kthread+0x10/0x10 [ 24.914475] ret_from_fork_asm+0x1a/0x30 [ 24.914510] </TASK> [ 24.914524] [ 24.925481] Allocated by task 217: [ 24.925691] kasan_save_stack+0x45/0x70 [ 24.926265] kasan_save_track+0x18/0x40 [ 24.926481] kasan_save_alloc_info+0x3b/0x50 [ 24.926800] __kasan_kmalloc+0xb7/0xc0 [ 24.927023] __kmalloc_cache_noprof+0x189/0x420 [ 24.927434] kmalloc_uaf_16+0x15b/0x4c0 [ 24.927635] kunit_try_run_case+0x1a5/0x480 [ 24.927819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.928422] kthread+0x337/0x6f0 [ 24.928722] ret_from_fork+0x116/0x1d0 [ 24.929039] ret_from_fork_asm+0x1a/0x30 [ 24.929269] [ 24.929512] Freed by task 217: [ 24.929644] kasan_save_stack+0x45/0x70 [ 24.930058] kasan_save_track+0x18/0x40 [ 24.930353] kasan_save_free_info+0x3f/0x60 [ 24.930533] __kasan_slab_free+0x56/0x70 [ 24.930977] kfree+0x222/0x3f0 [ 24.931360] kmalloc_uaf_16+0x1d6/0x4c0 [ 24.931571] kunit_try_run_case+0x1a5/0x480 [ 24.931727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.932133] kthread+0x337/0x6f0 [ 24.932443] ret_from_fork+0x116/0x1d0 [ 24.932592] ret_from_fork_asm+0x1a/0x30 [ 24.932801] [ 24.932894] The buggy address belongs to the object at ffff88810527f2a0 [ 24.932894] which belongs to the cache kmalloc-16 of size 16 [ 24.934078] The buggy address is located 0 bytes inside of [ 24.934078] freed 16-byte region [ffff88810527f2a0, ffff88810527f2b0) [ 24.934888] [ 24.935004] The buggy address belongs to the physical page: [ 24.935239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 24.935598] flags: 0x200000000000000(node=0|zone=2) [ 24.935818] page_type: f5(slab) [ 24.935963] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.936354] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.936887] page dumped because: kasan: bad access detected [ 24.937118] [ 24.937277] Memory state around the buggy address: [ 24.937469] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.937806] ffff88810527f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.938132] >ffff88810527f280: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 24.938502] ^ [ 24.938710] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.938939] ffff88810527f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.939495] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 24.885831] ================================================================== [ 24.886458] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 24.886815] Write of size 16 at addr ffff88810527f240 by task kunit_try_catch/215 [ 24.887141] [ 24.887292] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.887352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.887366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.887406] Call Trace: [ 24.887422] <TASK> [ 24.887444] dump_stack_lvl+0x73/0xb0 [ 24.887477] print_report+0xd1/0x650 [ 24.887503] ? __virt_addr_valid+0x1db/0x2d0 [ 24.887532] ? kmalloc_oob_16+0x452/0x4a0 [ 24.887555] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.887584] ? kmalloc_oob_16+0x452/0x4a0 [ 24.887608] kasan_report+0x141/0x180 [ 24.887632] ? kmalloc_oob_16+0x452/0x4a0 [ 24.887661] __asan_report_store16_noabort+0x1b/0x30 [ 24.887688] kmalloc_oob_16+0x452/0x4a0 [ 24.887712] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 24.887736] ? __schedule+0x10cc/0x2b60 [ 24.887765] ? __pfx_read_tsc+0x10/0x10 [ 24.887790] ? ktime_get_ts64+0x86/0x230 [ 24.887820] kunit_try_run_case+0x1a5/0x480 [ 24.887851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.887877] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.887965] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.887994] ? __kthread_parkme+0x82/0x180 [ 24.888019] ? preempt_count_sub+0x50/0x80 [ 24.888048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.888076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.888104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.888133] kthread+0x337/0x6f0 [ 24.888189] ? trace_preempt_on+0x20/0xc0 [ 24.888220] ? __pfx_kthread+0x10/0x10 [ 24.888251] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.888278] ? calculate_sigpending+0x7b/0xa0 [ 24.888307] ? __pfx_kthread+0x10/0x10 [ 24.888331] ret_from_fork+0x116/0x1d0 [ 24.888354] ? __pfx_kthread+0x10/0x10 [ 24.888378] ret_from_fork_asm+0x1a/0x30 [ 24.888426] </TASK> [ 24.888440] [ 24.896688] Allocated by task 215: [ 24.896843] kasan_save_stack+0x45/0x70 [ 24.897000] kasan_save_track+0x18/0x40 [ 24.897145] kasan_save_alloc_info+0x3b/0x50 [ 24.897304] __kasan_kmalloc+0xb7/0xc0 [ 24.897515] __kmalloc_cache_noprof+0x189/0x420 [ 24.897822] kmalloc_oob_16+0xa8/0x4a0 [ 24.898235] kunit_try_run_case+0x1a5/0x480 [ 24.898461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.898678] kthread+0x337/0x6f0 [ 24.898807] ret_from_fork+0x116/0x1d0 [ 24.899075] ret_from_fork_asm+0x1a/0x30 [ 24.899386] [ 24.899642] The buggy address belongs to the object at ffff88810527f240 [ 24.899642] which belongs to the cache kmalloc-16 of size 16 [ 24.900174] The buggy address is located 0 bytes inside of [ 24.900174] allocated 13-byte region [ffff88810527f240, ffff88810527f24d) [ 24.900671] [ 24.900773] The buggy address belongs to the physical page: [ 24.901053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 24.901483] flags: 0x200000000000000(node=0|zone=2) [ 24.901750] page_type: f5(slab) [ 24.902014] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.902452] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.902707] page dumped because: kasan: bad access detected [ 24.902961] [ 24.903064] Memory state around the buggy address: [ 24.903498] ffff88810527f100: 00 06 fc fc 00 06 fc fc fa fb fc fc 00 00 fc fc [ 24.903840] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.904134] >ffff88810527f200: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 24.904509] ^ [ 24.904762] ffff88810527f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.905093] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.905323] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 24.852939] ================================================================== [ 24.853292] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 24.853856] Read of size 1 at addr ffff888105d7ea00 by task kunit_try_catch/213 [ 24.854177] [ 24.854323] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.854378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.854406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.854431] Call Trace: [ 24.854453] <TASK> [ 24.854474] dump_stack_lvl+0x73/0xb0 [ 24.854506] print_report+0xd1/0x650 [ 24.854531] ? __virt_addr_valid+0x1db/0x2d0 [ 24.854557] ? krealloc_uaf+0x53c/0x5e0 [ 24.854581] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.854610] ? krealloc_uaf+0x53c/0x5e0 [ 24.854634] kasan_report+0x141/0x180 [ 24.854833] ? krealloc_uaf+0x53c/0x5e0 [ 24.854876] __asan_report_load1_noabort+0x18/0x20 [ 24.854904] krealloc_uaf+0x53c/0x5e0 [ 24.854928] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.854953] ? __kasan_check_write+0x18/0x20 [ 24.854979] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.855007] ? irqentry_exit+0x2a/0x60 [ 24.855033] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.855062] ? trace_hardirqs_on+0x37/0xe0 [ 24.855089] ? __pfx_read_tsc+0x10/0x10 [ 24.855114] ? ktime_get_ts64+0x86/0x230 [ 24.855153] kunit_try_run_case+0x1a5/0x480 [ 24.855184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.855212] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.855239] ? __kthread_parkme+0x82/0x180 [ 24.855262] ? preempt_count_sub+0x50/0x80 [ 24.855289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.855318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.855345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.855373] kthread+0x337/0x6f0 [ 24.855411] ? trace_preempt_on+0x20/0xc0 [ 24.855436] ? __pfx_kthread+0x10/0x10 [ 24.855459] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.855485] ? calculate_sigpending+0x7b/0xa0 [ 24.855512] ? __pfx_kthread+0x10/0x10 [ 24.855537] ret_from_fork+0x116/0x1d0 [ 24.855559] ? __pfx_kthread+0x10/0x10 [ 24.855582] ret_from_fork_asm+0x1a/0x30 [ 24.855619] </TASK> [ 24.855632] [ 24.864785] Allocated by task 213: [ 24.864937] kasan_save_stack+0x45/0x70 [ 24.865133] kasan_save_track+0x18/0x40 [ 24.865403] kasan_save_alloc_info+0x3b/0x50 [ 24.865637] __kasan_kmalloc+0xb7/0xc0 [ 24.866005] __kmalloc_cache_noprof+0x189/0x420 [ 24.866488] krealloc_uaf+0xbb/0x5e0 [ 24.866718] kunit_try_run_case+0x1a5/0x480 [ 24.866975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.867209] kthread+0x337/0x6f0 [ 24.867420] ret_from_fork+0x116/0x1d0 [ 24.867599] ret_from_fork_asm+0x1a/0x30 [ 24.867783] [ 24.867871] Freed by task 213: [ 24.868068] kasan_save_stack+0x45/0x70 [ 24.868255] kasan_save_track+0x18/0x40 [ 24.868414] kasan_save_free_info+0x3f/0x60 [ 24.868575] __kasan_slab_free+0x56/0x70 [ 24.868725] kfree+0x222/0x3f0 [ 24.868895] krealloc_uaf+0x13d/0x5e0 [ 24.869269] kunit_try_run_case+0x1a5/0x480 [ 24.869696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.870062] kthread+0x337/0x6f0 [ 24.870641] ret_from_fork+0x116/0x1d0 [ 24.870845] ret_from_fork_asm+0x1a/0x30 [ 24.871041] [ 24.871145] The buggy address belongs to the object at ffff888105d7ea00 [ 24.871145] which belongs to the cache kmalloc-256 of size 256 [ 24.871722] The buggy address is located 0 bytes inside of [ 24.871722] freed 256-byte region [ffff888105d7ea00, ffff888105d7eb00) [ 24.872270] [ 24.872378] The buggy address belongs to the physical page: [ 24.872726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.873120] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.873539] flags: 0x200000000000040(head|node=0|zone=2) [ 24.873750] page_type: f5(slab) [ 24.873885] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.874154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.874554] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.874949] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.875739] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.876305] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.876673] page dumped because: kasan: bad access detected [ 24.876919] [ 24.877026] Memory state around the buggy address: [ 24.877381] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.877654] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.877898] >ffff888105d7ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.878218] ^ [ 24.878414] ffff888105d7ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.878776] ffff888105d7eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.879341] ================================================================== [ 24.810620] ================================================================== [ 24.811131] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 24.811715] Read of size 1 at addr ffff888105d7ea00 by task kunit_try_catch/213 [ 24.812061] [ 24.812364] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.812439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.812453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.812478] Call Trace: [ 24.812493] <TASK> [ 24.812514] dump_stack_lvl+0x73/0xb0 [ 24.812548] print_report+0xd1/0x650 [ 24.812572] ? __virt_addr_valid+0x1db/0x2d0 [ 24.812599] ? krealloc_uaf+0x1b8/0x5e0 [ 24.812621] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.812649] ? krealloc_uaf+0x1b8/0x5e0 [ 24.812671] kasan_report+0x141/0x180 [ 24.812695] ? krealloc_uaf+0x1b8/0x5e0 [ 24.812720] ? krealloc_uaf+0x1b8/0x5e0 [ 24.812742] __kasan_check_byte+0x3d/0x50 [ 24.812765] krealloc_noprof+0x3f/0x340 [ 24.812794] krealloc_uaf+0x1b8/0x5e0 [ 24.812817] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.812840] ? __kasan_check_write+0x18/0x20 [ 24.812864] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.812891] ? irqentry_exit+0x2a/0x60 [ 24.812916] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.812943] ? trace_hardirqs_on+0x37/0xe0 [ 24.812970] ? __pfx_read_tsc+0x10/0x10 [ 24.812994] ? ktime_get_ts64+0x86/0x230 [ 24.813023] kunit_try_run_case+0x1a5/0x480 [ 24.813052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.813080] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.813105] ? __kthread_parkme+0x82/0x180 [ 24.813129] ? preempt_count_sub+0x50/0x80 [ 24.813155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.813182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.813208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.813234] kthread+0x337/0x6f0 [ 24.813256] ? trace_preempt_on+0x20/0xc0 [ 24.813279] ? __pfx_kthread+0x10/0x10 [ 24.813301] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.813325] ? calculate_sigpending+0x7b/0xa0 [ 24.813351] ? __pfx_kthread+0x10/0x10 [ 24.813374] ret_from_fork+0x116/0x1d0 [ 24.813405] ? __pfx_kthread+0x10/0x10 [ 24.813427] ret_from_fork_asm+0x1a/0x30 [ 24.813461] </TASK> [ 24.813475] [ 24.828757] Allocated by task 213: [ 24.829410] kasan_save_stack+0x45/0x70 [ 24.829826] kasan_save_track+0x18/0x40 [ 24.830225] kasan_save_alloc_info+0x3b/0x50 [ 24.830500] __kasan_kmalloc+0xb7/0xc0 [ 24.830650] __kmalloc_cache_noprof+0x189/0x420 [ 24.830814] krealloc_uaf+0xbb/0x5e0 [ 24.831292] kunit_try_run_case+0x1a5/0x480 [ 24.831738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.832411] kthread+0x337/0x6f0 [ 24.832803] ret_from_fork+0x116/0x1d0 [ 24.833258] ret_from_fork_asm+0x1a/0x30 [ 24.833664] [ 24.833835] Freed by task 213: [ 24.834327] kasan_save_stack+0x45/0x70 [ 24.834614] kasan_save_track+0x18/0x40 [ 24.834759] kasan_save_free_info+0x3f/0x60 [ 24.834985] __kasan_slab_free+0x56/0x70 [ 24.835490] kfree+0x222/0x3f0 [ 24.835810] krealloc_uaf+0x13d/0x5e0 [ 24.836273] kunit_try_run_case+0x1a5/0x480 [ 24.836706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.837258] kthread+0x337/0x6f0 [ 24.837509] ret_from_fork+0x116/0x1d0 [ 24.837659] ret_from_fork_asm+0x1a/0x30 [ 24.837805] [ 24.837879] The buggy address belongs to the object at ffff888105d7ea00 [ 24.837879] which belongs to the cache kmalloc-256 of size 256 [ 24.838741] The buggy address is located 0 bytes inside of [ 24.838741] freed 256-byte region [ffff888105d7ea00, ffff888105d7eb00) [ 24.840037] [ 24.840231] The buggy address belongs to the physical page: [ 24.840848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.841858] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.842825] flags: 0x200000000000040(head|node=0|zone=2) [ 24.843509] page_type: f5(slab) [ 24.843716] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.844155] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.844933] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.845623] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.845894] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.846810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.847736] page dumped because: kasan: bad access detected [ 24.848350] [ 24.848489] Memory state around the buggy address: [ 24.848662] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.848917] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.849642] >ffff888105d7ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.850417] ^ [ 24.850920] ffff888105d7ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.851702] ffff888105d7eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.852304] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 24.785465] ================================================================== [ 24.785790] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786107] Write of size 1 at addr ffff8881060720eb by task kunit_try_catch/211 [ 24.786349] [ 24.786493] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.786546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.786559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.786582] Call Trace: [ 24.786618] <TASK> [ 24.786639] dump_stack_lvl+0x73/0xb0 [ 24.786667] print_report+0xd1/0x650 [ 24.786692] ? __virt_addr_valid+0x1db/0x2d0 [ 24.786717] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786742] ? kasan_addr_to_slab+0x11/0xa0 [ 24.786769] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786795] kasan_report+0x141/0x180 [ 24.786819] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786849] __asan_report_store1_noabort+0x1b/0x30 [ 24.786876] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.786971] ? __perf_event_task_sched_in+0x151/0x360 [ 24.787003] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.787028] ? finish_task_switch.isra.0+0x153/0x700 [ 24.787053] ? __switch_to+0x47/0xf50 [ 24.787081] ? __schedule+0x10cc/0x2b60 [ 24.787107] ? __pfx_read_tsc+0x10/0x10 [ 24.787135] krealloc_large_less_oob+0x1c/0x30 [ 24.787214] kunit_try_run_case+0x1a5/0x480 [ 24.787246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.787272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.787298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.787325] ? __kthread_parkme+0x82/0x180 [ 24.787347] ? preempt_count_sub+0x50/0x80 [ 24.787372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.787422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.787449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.787475] kthread+0x337/0x6f0 [ 24.787497] ? trace_preempt_on+0x20/0xc0 [ 24.787523] ? __pfx_kthread+0x10/0x10 [ 24.787545] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.787569] ? calculate_sigpending+0x7b/0xa0 [ 24.787595] ? __pfx_kthread+0x10/0x10 [ 24.787618] ret_from_fork+0x116/0x1d0 [ 24.787640] ? __pfx_kthread+0x10/0x10 [ 24.787662] ret_from_fork_asm+0x1a/0x30 [ 24.787696] </TASK> [ 24.787710] [ 24.796373] The buggy address belongs to the physical page: [ 24.796585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.796984] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.797756] flags: 0x200000000000040(head|node=0|zone=2) [ 24.798239] page_type: f8(unknown) [ 24.798435] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.798753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.799120] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.799471] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.799722] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.800007] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.800376] page dumped because: kasan: bad access detected [ 24.800650] [ 24.800724] Memory state around the buggy address: [ 24.800886] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.801117] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.801823] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.802430] ^ [ 24.802766] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.803109] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.803450] ================================================================== [ 24.761732] ================================================================== [ 24.762075] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.762469] Write of size 1 at addr ffff8881060720ea by task kunit_try_catch/211 [ 24.762751] [ 24.762865] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.762914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.762927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.762949] Call Trace: [ 24.762965] <TASK> [ 24.762983] dump_stack_lvl+0x73/0xb0 [ 24.763010] print_report+0xd1/0x650 [ 24.763033] ? __virt_addr_valid+0x1db/0x2d0 [ 24.763057] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763081] ? kasan_addr_to_slab+0x11/0xa0 [ 24.763107] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763131] kasan_report+0x141/0x180 [ 24.763155] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763184] __asan_report_store1_noabort+0x1b/0x30 [ 24.763210] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.763233] ? __perf_event_task_sched_in+0x151/0x360 [ 24.763261] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.763286] ? finish_task_switch.isra.0+0x153/0x700 [ 24.763308] ? __switch_to+0x47/0xf50 [ 24.763348] ? __schedule+0x10cc/0x2b60 [ 24.763373] ? __pfx_read_tsc+0x10/0x10 [ 24.763408] krealloc_large_less_oob+0x1c/0x30 [ 24.763432] kunit_try_run_case+0x1a5/0x480 [ 24.763459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.763484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.763509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.763534] ? __kthread_parkme+0x82/0x180 [ 24.763556] ? preempt_count_sub+0x50/0x80 [ 24.763580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.763606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.763632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.763658] kthread+0x337/0x6f0 [ 24.763678] ? trace_preempt_on+0x20/0xc0 [ 24.763703] ? __pfx_kthread+0x10/0x10 [ 24.763725] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.763749] ? calculate_sigpending+0x7b/0xa0 [ 24.763774] ? __pfx_kthread+0x10/0x10 [ 24.763797] ret_from_fork+0x116/0x1d0 [ 24.763817] ? __pfx_kthread+0x10/0x10 [ 24.763839] ret_from_fork_asm+0x1a/0x30 [ 24.763872] </TASK> [ 24.763886] [ 24.777504] The buggy address belongs to the physical page: [ 24.777717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.778255] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.778535] flags: 0x200000000000040(head|node=0|zone=2) [ 24.778758] page_type: f8(unknown) [ 24.778943] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.779311] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.779700] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.780020] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.780367] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.781769] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.782031] page dumped because: kasan: bad access detected [ 24.782328] [ 24.782413] Memory state around the buggy address: [ 24.782679] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.783077] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.783492] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.783850] ^ [ 24.784147] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.784512] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.784840] ================================================================== [ 24.743638] ================================================================== [ 24.743895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.744271] Write of size 1 at addr ffff8881060720da by task kunit_try_catch/211 [ 24.744633] [ 24.744923] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.744976] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.744990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.745012] Call Trace: [ 24.745031] <TASK> [ 24.745048] dump_stack_lvl+0x73/0xb0 [ 24.745077] print_report+0xd1/0x650 [ 24.745101] ? __virt_addr_valid+0x1db/0x2d0 [ 24.745126] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745150] ? kasan_addr_to_slab+0x11/0xa0 [ 24.745177] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745202] kasan_report+0x141/0x180 [ 24.745225] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745254] __asan_report_store1_noabort+0x1b/0x30 [ 24.745344] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.745369] ? __perf_event_task_sched_in+0x151/0x360 [ 24.745412] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.745437] ? finish_task_switch.isra.0+0x153/0x700 [ 24.745461] ? __switch_to+0x47/0xf50 [ 24.745488] ? __schedule+0x10cc/0x2b60 [ 24.745514] ? __pfx_read_tsc+0x10/0x10 [ 24.745541] krealloc_large_less_oob+0x1c/0x30 [ 24.745564] kunit_try_run_case+0x1a5/0x480 [ 24.745592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.745617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.745642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.745669] ? __kthread_parkme+0x82/0x180 [ 24.745690] ? preempt_count_sub+0x50/0x80 [ 24.745715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.745741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.745768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.745794] kthread+0x337/0x6f0 [ 24.745815] ? trace_preempt_on+0x20/0xc0 [ 24.745841] ? __pfx_kthread+0x10/0x10 [ 24.745864] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.745901] ? calculate_sigpending+0x7b/0xa0 [ 24.745927] ? __pfx_kthread+0x10/0x10 [ 24.745951] ret_from_fork+0x116/0x1d0 [ 24.745971] ? __pfx_kthread+0x10/0x10 [ 24.745994] ret_from_fork_asm+0x1a/0x30 [ 24.746027] </TASK> [ 24.746040] [ 24.754830] The buggy address belongs to the physical page: [ 24.755079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.755448] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.755810] flags: 0x200000000000040(head|node=0|zone=2) [ 24.756065] page_type: f8(unknown) [ 24.756196] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.756693] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.757106] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.757498] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.757840] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.758301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.758610] page dumped because: kasan: bad access detected [ 24.758834] [ 24.758955] Memory state around the buggy address: [ 24.759257] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.759576] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.759817] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.760404] ^ [ 24.760681] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.761025] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.761308] ================================================================== [ 24.725901] ================================================================== [ 24.726147] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.726744] Write of size 1 at addr ffff8881060720d0 by task kunit_try_catch/211 [ 24.727083] [ 24.727175] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.727225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.727238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.727332] Call Trace: [ 24.727352] <TASK> [ 24.727371] dump_stack_lvl+0x73/0xb0 [ 24.727411] print_report+0xd1/0x650 [ 24.727435] ? __virt_addr_valid+0x1db/0x2d0 [ 24.727460] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727484] ? kasan_addr_to_slab+0x11/0xa0 [ 24.727509] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727533] kasan_report+0x141/0x180 [ 24.727557] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727586] __asan_report_store1_noabort+0x1b/0x30 [ 24.727611] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.727634] ? __perf_event_task_sched_in+0x151/0x360 [ 24.727662] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.727686] ? finish_task_switch.isra.0+0x153/0x700 [ 24.727708] ? __switch_to+0x47/0xf50 [ 24.727735] ? __schedule+0x10cc/0x2b60 [ 24.727760] ? __pfx_read_tsc+0x10/0x10 [ 24.727786] krealloc_large_less_oob+0x1c/0x30 [ 24.727809] kunit_try_run_case+0x1a5/0x480 [ 24.727835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.727859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.727884] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.727909] ? __kthread_parkme+0x82/0x180 [ 24.727940] ? preempt_count_sub+0x50/0x80 [ 24.727964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.727990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.728015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.728041] kthread+0x337/0x6f0 [ 24.728062] ? trace_preempt_on+0x20/0xc0 [ 24.728087] ? __pfx_kthread+0x10/0x10 [ 24.728110] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.728134] ? calculate_sigpending+0x7b/0xa0 [ 24.728159] ? __pfx_kthread+0x10/0x10 [ 24.728182] ret_from_fork+0x116/0x1d0 [ 24.728203] ? __pfx_kthread+0x10/0x10 [ 24.728232] ret_from_fork_asm+0x1a/0x30 [ 24.728266] </TASK> [ 24.728278] [ 24.736631] The buggy address belongs to the physical page: [ 24.736863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.737289] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.737825] flags: 0x200000000000040(head|node=0|zone=2) [ 24.738022] page_type: f8(unknown) [ 24.738226] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.738605] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.738894] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.739353] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.739683] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.739949] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.740511] page dumped because: kasan: bad access detected [ 24.740776] [ 24.740858] Memory state around the buggy address: [ 24.741045] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.741405] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.741752] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.742089] ^ [ 24.742472] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.742732] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.743284] ================================================================== [ 24.624740] ================================================================== [ 24.625116] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.625568] Write of size 1 at addr ffff888105d7e8eb by task kunit_try_catch/207 [ 24.625804] [ 24.625890] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.625938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.625950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.625971] Call Trace: [ 24.625989] <TASK> [ 24.626007] dump_stack_lvl+0x73/0xb0 [ 24.626034] print_report+0xd1/0x650 [ 24.626057] ? __virt_addr_valid+0x1db/0x2d0 [ 24.626081] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626104] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.626130] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626154] kasan_report+0x141/0x180 [ 24.626176] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626205] __asan_report_store1_noabort+0x1b/0x30 [ 24.626230] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.626255] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.626279] ? finish_task_switch.isra.0+0x153/0x700 [ 24.626302] ? __switch_to+0x47/0xf50 [ 24.626329] ? __schedule+0x10cc/0x2b60 [ 24.626432] ? __pfx_read_tsc+0x10/0x10 [ 24.626459] krealloc_less_oob+0x1c/0x30 [ 24.626481] kunit_try_run_case+0x1a5/0x480 [ 24.626507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.626531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.626555] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.626580] ? __kthread_parkme+0x82/0x180 [ 24.626601] ? preempt_count_sub+0x50/0x80 [ 24.626624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.626650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.626675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.626700] kthread+0x337/0x6f0 [ 24.626720] ? trace_preempt_on+0x20/0xc0 [ 24.626745] ? __pfx_kthread+0x10/0x10 [ 24.626766] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.626790] ? calculate_sigpending+0x7b/0xa0 [ 24.626814] ? __pfx_kthread+0x10/0x10 [ 24.626836] ret_from_fork+0x116/0x1d0 [ 24.626855] ? __pfx_kthread+0x10/0x10 [ 24.626878] ret_from_fork_asm+0x1a/0x30 [ 24.626909] </TASK> [ 24.626921] [ 24.634968] Allocated by task 207: [ 24.635152] kasan_save_stack+0x45/0x70 [ 24.635297] kasan_save_track+0x18/0x40 [ 24.635441] kasan_save_alloc_info+0x3b/0x50 [ 24.635815] __kasan_krealloc+0x190/0x1f0 [ 24.636036] krealloc_noprof+0xf3/0x340 [ 24.636235] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.636588] krealloc_less_oob+0x1c/0x30 [ 24.636790] kunit_try_run_case+0x1a5/0x480 [ 24.637200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.637407] kthread+0x337/0x6f0 [ 24.637580] ret_from_fork+0x116/0x1d0 [ 24.637751] ret_from_fork_asm+0x1a/0x30 [ 24.637993] [ 24.638062] The buggy address belongs to the object at ffff888105d7e800 [ 24.638062] which belongs to the cache kmalloc-256 of size 256 [ 24.638721] The buggy address is located 34 bytes to the right of [ 24.638721] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.639499] [ 24.639586] The buggy address belongs to the physical page: [ 24.639827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.640134] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.640512] flags: 0x200000000000040(head|node=0|zone=2) [ 24.640746] page_type: f5(slab) [ 24.640899] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.641202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.641536] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.641809] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.642222] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.642596] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.642888] page dumped because: kasan: bad access detected [ 24.643120] [ 24.643492] Memory state around the buggy address: [ 24.643662] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.643881] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.644212] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.644560] ^ [ 24.645000] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.645428] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.645708] ================================================================== [ 24.699298] ================================================================== [ 24.699823] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.700274] Write of size 1 at addr ffff8881060720c9 by task kunit_try_catch/211 [ 24.701380] [ 24.701529] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.701589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.701604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.701630] Call Trace: [ 24.701645] <TASK> [ 24.701665] dump_stack_lvl+0x73/0xb0 [ 24.701829] print_report+0xd1/0x650 [ 24.701862] ? __virt_addr_valid+0x1db/0x2d0 [ 24.701908] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.701934] ? kasan_addr_to_slab+0x11/0xa0 [ 24.701962] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.701988] kasan_report+0x141/0x180 [ 24.702013] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.702044] __asan_report_store1_noabort+0x1b/0x30 [ 24.702071] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.702095] ? __perf_event_task_sched_in+0x151/0x360 [ 24.702127] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.702153] ? finish_task_switch.isra.0+0x153/0x700 [ 24.702180] ? __switch_to+0x47/0xf50 [ 24.702210] ? __schedule+0x10cc/0x2b60 [ 24.702238] ? __pfx_read_tsc+0x10/0x10 [ 24.702267] krealloc_large_less_oob+0x1c/0x30 [ 24.702292] kunit_try_run_case+0x1a5/0x480 [ 24.702321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.702347] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.702373] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.702414] ? __kthread_parkme+0x82/0x180 [ 24.702437] ? preempt_count_sub+0x50/0x80 [ 24.702463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.702492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.702520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.702547] kthread+0x337/0x6f0 [ 24.702569] ? trace_preempt_on+0x20/0xc0 [ 24.702596] ? __pfx_kthread+0x10/0x10 [ 24.702620] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.702645] ? calculate_sigpending+0x7b/0xa0 [ 24.702672] ? __pfx_kthread+0x10/0x10 [ 24.702697] ret_from_fork+0x116/0x1d0 [ 24.702718] ? __pfx_kthread+0x10/0x10 [ 24.702741] ret_from_fork_asm+0x1a/0x30 [ 24.702775] </TASK> [ 24.702790] [ 24.715778] The buggy address belongs to the physical page: [ 24.716364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106070 [ 24.716835] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.717415] flags: 0x200000000000040(head|node=0|zone=2) [ 24.717803] page_type: f8(unknown) [ 24.718089] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.718537] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.718849] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.719536] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.720018] head: 0200000000000002 ffffea0004181c01 00000000ffffffff 00000000ffffffff [ 24.720671] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.721294] page dumped because: kasan: bad access detected [ 24.721650] [ 24.721741] Memory state around the buggy address: [ 24.722049] ffff888106071f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.722621] ffff888106072000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.723046] >ffff888106072080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.723616] ^ [ 24.723995] ffff888106072100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.724565] ffff888106072180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.725049] ================================================================== [ 24.519096] ================================================================== [ 24.519975] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.520371] Write of size 1 at addr ffff888105d7e8c9 by task kunit_try_catch/207 [ 24.520784] [ 24.520961] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.521021] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.521036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.521089] Call Trace: [ 24.521105] <TASK> [ 24.521128] dump_stack_lvl+0x73/0xb0 [ 24.521162] print_report+0xd1/0x650 [ 24.521188] ? __virt_addr_valid+0x1db/0x2d0 [ 24.521425] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521456] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.521485] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521512] kasan_report+0x141/0x180 [ 24.521536] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521567] __asan_report_store1_noabort+0x1b/0x30 [ 24.521594] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.521623] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.521650] ? finish_task_switch.isra.0+0x153/0x700 [ 24.521676] ? __switch_to+0x47/0xf50 [ 24.521706] ? __schedule+0x10cc/0x2b60 [ 24.521734] ? __pfx_read_tsc+0x10/0x10 [ 24.521763] krealloc_less_oob+0x1c/0x30 [ 24.521787] kunit_try_run_case+0x1a5/0x480 [ 24.521817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.521844] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.521870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.521914] ? __kthread_parkme+0x82/0x180 [ 24.521938] ? preempt_count_sub+0x50/0x80 [ 24.521963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.521991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.522018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.522045] kthread+0x337/0x6f0 [ 24.522067] ? trace_preempt_on+0x20/0xc0 [ 24.522095] ? __pfx_kthread+0x10/0x10 [ 24.522118] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.522143] ? calculate_sigpending+0x7b/0xa0 [ 24.522179] ? __pfx_kthread+0x10/0x10 [ 24.522204] ret_from_fork+0x116/0x1d0 [ 24.522225] ? __pfx_kthread+0x10/0x10 [ 24.522248] ret_from_fork_asm+0x1a/0x30 [ 24.522283] </TASK> [ 24.522298] [ 24.530756] Allocated by task 207: [ 24.531047] kasan_save_stack+0x45/0x70 [ 24.531254] kasan_save_track+0x18/0x40 [ 24.531406] kasan_save_alloc_info+0x3b/0x50 [ 24.531559] __kasan_krealloc+0x190/0x1f0 [ 24.531702] krealloc_noprof+0xf3/0x340 [ 24.531844] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.532008] krealloc_less_oob+0x1c/0x30 [ 24.532462] kunit_try_run_case+0x1a5/0x480 [ 24.532882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.533185] kthread+0x337/0x6f0 [ 24.533450] ret_from_fork+0x116/0x1d0 [ 24.533660] ret_from_fork_asm+0x1a/0x30 [ 24.533852] [ 24.533950] The buggy address belongs to the object at ffff888105d7e800 [ 24.533950] which belongs to the cache kmalloc-256 of size 256 [ 24.534518] The buggy address is located 0 bytes to the right of [ 24.534518] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.534894] [ 24.534965] The buggy address belongs to the physical page: [ 24.535143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.535770] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.536319] flags: 0x200000000000040(head|node=0|zone=2) [ 24.536514] page_type: f5(slab) [ 24.536638] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.536871] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.537103] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.537411] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.537784] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.538289] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.538765] page dumped because: kasan: bad access detected [ 24.539258] [ 24.539334] Memory state around the buggy address: [ 24.539511] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.539765] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.540085] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.540420] ^ [ 24.540741] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.541066] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.541770] ================================================================== [ 24.542341] ================================================================== [ 24.542667] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543211] Write of size 1 at addr ffff888105d7e8d0 by task kunit_try_catch/207 [ 24.543544] [ 24.543662] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.543712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.543725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.543749] Call Trace: [ 24.543767] <TASK> [ 24.543785] dump_stack_lvl+0x73/0xb0 [ 24.543813] print_report+0xd1/0x650 [ 24.543837] ? __virt_addr_valid+0x1db/0x2d0 [ 24.543862] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.543913] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543938] kasan_report+0x141/0x180 [ 24.543961] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.543991] __asan_report_store1_noabort+0x1b/0x30 [ 24.544017] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.544043] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.544068] ? finish_task_switch.isra.0+0x153/0x700 [ 24.544091] ? __switch_to+0x47/0xf50 [ 24.544118] ? __schedule+0x10cc/0x2b60 [ 24.544144] ? __pfx_read_tsc+0x10/0x10 [ 24.544229] krealloc_less_oob+0x1c/0x30 [ 24.544252] kunit_try_run_case+0x1a5/0x480 [ 24.544279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.544304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.544330] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.544357] ? __kthread_parkme+0x82/0x180 [ 24.544378] ? preempt_count_sub+0x50/0x80 [ 24.544413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.544440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.544466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.544492] kthread+0x337/0x6f0 [ 24.544513] ? trace_preempt_on+0x20/0xc0 [ 24.544538] ? __pfx_kthread+0x10/0x10 [ 24.544560] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.544584] ? calculate_sigpending+0x7b/0xa0 [ 24.544609] ? __pfx_kthread+0x10/0x10 [ 24.544632] ret_from_fork+0x116/0x1d0 [ 24.544652] ? __pfx_kthread+0x10/0x10 [ 24.544674] ret_from_fork_asm+0x1a/0x30 [ 24.544707] </TASK> [ 24.544720] [ 24.555927] Allocated by task 207: [ 24.556359] kasan_save_stack+0x45/0x70 [ 24.556579] kasan_save_track+0x18/0x40 [ 24.556784] kasan_save_alloc_info+0x3b/0x50 [ 24.557263] __kasan_krealloc+0x190/0x1f0 [ 24.557481] krealloc_noprof+0xf3/0x340 [ 24.557820] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.558147] krealloc_less_oob+0x1c/0x30 [ 24.558638] kunit_try_run_case+0x1a5/0x480 [ 24.558959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.559277] kthread+0x337/0x6f0 [ 24.559602] ret_from_fork+0x116/0x1d0 [ 24.559756] ret_from_fork_asm+0x1a/0x30 [ 24.559970] [ 24.560190] The buggy address belongs to the object at ffff888105d7e800 [ 24.560190] which belongs to the cache kmalloc-256 of size 256 [ 24.561075] The buggy address is located 7 bytes to the right of [ 24.561075] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.561764] [ 24.561872] The buggy address belongs to the physical page: [ 24.562197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.562677] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.563036] flags: 0x200000000000040(head|node=0|zone=2) [ 24.563594] page_type: f5(slab) [ 24.563753] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.564258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.564697] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.565093] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.565608] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.565914] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.566252] page dumped because: kasan: bad access detected [ 24.566660] [ 24.566755] Memory state around the buggy address: [ 24.567003] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.567463] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.568169] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.568589] ^ [ 24.568831] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.569514] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.569805] ================================================================== [ 24.602524] ================================================================== [ 24.602864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.603676] Write of size 1 at addr ffff888105d7e8ea by task kunit_try_catch/207 [ 24.604214] [ 24.604460] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.604513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.604527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.604549] Call Trace: [ 24.604569] <TASK> [ 24.604588] dump_stack_lvl+0x73/0xb0 [ 24.604617] print_report+0xd1/0x650 [ 24.604640] ? __virt_addr_valid+0x1db/0x2d0 [ 24.604665] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.604716] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604741] kasan_report+0x141/0x180 [ 24.604764] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604793] __asan_report_store1_noabort+0x1b/0x30 [ 24.604818] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.604845] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.604871] ? finish_task_switch.isra.0+0x153/0x700 [ 24.604894] ? __switch_to+0x47/0xf50 [ 24.604921] ? __schedule+0x10cc/0x2b60 [ 24.604947] ? __pfx_read_tsc+0x10/0x10 [ 24.604972] krealloc_less_oob+0x1c/0x30 [ 24.604995] kunit_try_run_case+0x1a5/0x480 [ 24.605021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.605046] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.605071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.605097] ? __kthread_parkme+0x82/0x180 [ 24.605121] ? preempt_count_sub+0x50/0x80 [ 24.605145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.605195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.605221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.605246] kthread+0x337/0x6f0 [ 24.605267] ? trace_preempt_on+0x20/0xc0 [ 24.605292] ? __pfx_kthread+0x10/0x10 [ 24.605314] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.605338] ? calculate_sigpending+0x7b/0xa0 [ 24.605363] ? __pfx_kthread+0x10/0x10 [ 24.605387] ret_from_fork+0x116/0x1d0 [ 24.605418] ? __pfx_kthread+0x10/0x10 [ 24.605440] ret_from_fork_asm+0x1a/0x30 [ 24.605473] </TASK> [ 24.605485] [ 24.613681] Allocated by task 207: [ 24.613832] kasan_save_stack+0x45/0x70 [ 24.614165] kasan_save_track+0x18/0x40 [ 24.614410] kasan_save_alloc_info+0x3b/0x50 [ 24.614588] __kasan_krealloc+0x190/0x1f0 [ 24.614731] krealloc_noprof+0xf3/0x340 [ 24.614944] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.615379] krealloc_less_oob+0x1c/0x30 [ 24.615614] kunit_try_run_case+0x1a5/0x480 [ 24.615915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.616160] kthread+0x337/0x6f0 [ 24.616342] ret_from_fork+0x116/0x1d0 [ 24.616492] ret_from_fork_asm+0x1a/0x30 [ 24.616634] [ 24.616703] The buggy address belongs to the object at ffff888105d7e800 [ 24.616703] which belongs to the cache kmalloc-256 of size 256 [ 24.617149] The buggy address is located 33 bytes to the right of [ 24.617149] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.617782] [ 24.617874] The buggy address belongs to the physical page: [ 24.618185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.618521] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.618758] flags: 0x200000000000040(head|node=0|zone=2) [ 24.618940] page_type: f5(slab) [ 24.619065] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.619727] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.620104] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.620719] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.621028] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.621270] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.621522] page dumped because: kasan: bad access detected [ 24.621980] [ 24.622102] Memory state around the buggy address: [ 24.622336] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.622686] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.623117] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.623407] ^ [ 24.623628] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.623873] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.624206] ================================================================== [ 24.570526] ================================================================== [ 24.570990] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.571250] Write of size 1 at addr ffff888105d7e8da by task kunit_try_catch/207 [ 24.571663] [ 24.571781] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.571831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.571844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.571865] Call Trace: [ 24.571882] <TASK> [ 24.571901] dump_stack_lvl+0x73/0xb0 [ 24.571928] print_report+0xd1/0x650 [ 24.571951] ? __virt_addr_valid+0x1db/0x2d0 [ 24.571976] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572000] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.572027] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572051] kasan_report+0x141/0x180 [ 24.572073] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572103] __asan_report_store1_noabort+0x1b/0x30 [ 24.572128] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.572155] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.572179] ? finish_task_switch.isra.0+0x153/0x700 [ 24.572202] ? __switch_to+0x47/0xf50 [ 24.572236] ? __schedule+0x10cc/0x2b60 [ 24.572262] ? __pfx_read_tsc+0x10/0x10 [ 24.572289] krealloc_less_oob+0x1c/0x30 [ 24.572311] kunit_try_run_case+0x1a5/0x480 [ 24.572338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.572363] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.572388] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.572424] ? __kthread_parkme+0x82/0x180 [ 24.572446] ? preempt_count_sub+0x50/0x80 [ 24.572470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.572496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.572521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.572546] kthread+0x337/0x6f0 [ 24.572567] ? trace_preempt_on+0x20/0xc0 [ 24.572591] ? __pfx_kthread+0x10/0x10 [ 24.572612] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.572636] ? calculate_sigpending+0x7b/0xa0 [ 24.572660] ? __pfx_kthread+0x10/0x10 [ 24.572683] ret_from_fork+0x116/0x1d0 [ 24.572702] ? __pfx_kthread+0x10/0x10 [ 24.572724] ret_from_fork_asm+0x1a/0x30 [ 24.572756] </TASK> [ 24.572768] [ 24.583864] Allocated by task 207: [ 24.584218] kasan_save_stack+0x45/0x70 [ 24.584637] kasan_save_track+0x18/0x40 [ 24.585032] kasan_save_alloc_info+0x3b/0x50 [ 24.585361] __kasan_krealloc+0x190/0x1f0 [ 24.585705] krealloc_noprof+0xf3/0x340 [ 24.586082] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.586504] krealloc_less_oob+0x1c/0x30 [ 24.586704] kunit_try_run_case+0x1a5/0x480 [ 24.587090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.587463] kthread+0x337/0x6f0 [ 24.587828] ret_from_fork+0x116/0x1d0 [ 24.588147] ret_from_fork_asm+0x1a/0x30 [ 24.588447] [ 24.588543] The buggy address belongs to the object at ffff888105d7e800 [ 24.588543] which belongs to the cache kmalloc-256 of size 256 [ 24.589468] The buggy address is located 17 bytes to the right of [ 24.589468] allocated 201-byte region [ffff888105d7e800, ffff888105d7e8c9) [ 24.590401] [ 24.590506] The buggy address belongs to the physical page: [ 24.590754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105d7e [ 24.591944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.592631] flags: 0x200000000000040(head|node=0|zone=2) [ 24.593084] page_type: f5(slab) [ 24.593480] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.594110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.595022] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.595708] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.596269] head: 0200000000000001 ffffea0004175f81 00000000ffffffff 00000000ffffffff [ 24.596863] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.597353] page dumped because: kasan: bad access detected [ 24.597806] [ 24.598054] Memory state around the buggy address: [ 24.598400] ffff888105d7e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.598716] ffff888105d7e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.599367] >ffff888105d7e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.599884] ^ [ 24.600375] ffff888105d7e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.600838] ffff888105d7e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.601465] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 24.455958] ================================================================== [ 24.456970] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.457748] Write of size 1 at addr ffff88810099e0eb by task kunit_try_catch/205 [ 24.458510] [ 24.458738] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.458798] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.458813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.458840] Call Trace: [ 24.458855] <TASK> [ 24.458900] dump_stack_lvl+0x73/0xb0 [ 24.458933] print_report+0xd1/0x650 [ 24.458960] ? __virt_addr_valid+0x1db/0x2d0 [ 24.458988] ? krealloc_more_oob_helper+0x821/0x930 [ 24.459013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.459042] ? krealloc_more_oob_helper+0x821/0x930 [ 24.459068] kasan_report+0x141/0x180 [ 24.459092] ? krealloc_more_oob_helper+0x821/0x930 [ 24.459122] __asan_report_store1_noabort+0x1b/0x30 [ 24.459157] krealloc_more_oob_helper+0x821/0x930 [ 24.459181] ? __schedule+0x10cc/0x2b60 [ 24.459209] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.459236] ? finish_task_switch.isra.0+0x153/0x700 [ 24.459260] ? __switch_to+0x47/0xf50 [ 24.459291] ? __schedule+0x10cc/0x2b60 [ 24.459316] ? __pfx_read_tsc+0x10/0x10 [ 24.459344] krealloc_more_oob+0x1c/0x30 [ 24.459368] kunit_try_run_case+0x1a5/0x480 [ 24.459407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.459433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.459459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.459486] ? __kthread_parkme+0x82/0x180 [ 24.459510] ? preempt_count_sub+0x50/0x80 [ 24.459535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.459563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.459590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.459616] kthread+0x337/0x6f0 [ 24.459638] ? trace_preempt_on+0x20/0xc0 [ 24.459666] ? __pfx_kthread+0x10/0x10 [ 24.459689] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.459714] ? calculate_sigpending+0x7b/0xa0 [ 24.459741] ? __pfx_kthread+0x10/0x10 [ 24.459765] ret_from_fork+0x116/0x1d0 [ 24.459786] ? __pfx_kthread+0x10/0x10 [ 24.459809] ret_from_fork_asm+0x1a/0x30 [ 24.459844] </TASK> [ 24.459859] [ 24.471451] Allocated by task 205: [ 24.471660] kasan_save_stack+0x45/0x70 [ 24.471848] kasan_save_track+0x18/0x40 [ 24.472042] kasan_save_alloc_info+0x3b/0x50 [ 24.472207] __kasan_krealloc+0x190/0x1f0 [ 24.472365] krealloc_noprof+0xf3/0x340 [ 24.472544] krealloc_more_oob_helper+0x1a9/0x930 [ 24.472794] krealloc_more_oob+0x1c/0x30 [ 24.473009] kunit_try_run_case+0x1a5/0x480 [ 24.473251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.473480] kthread+0x337/0x6f0 [ 24.473612] ret_from_fork+0x116/0x1d0 [ 24.473755] ret_from_fork_asm+0x1a/0x30 [ 24.473974] [ 24.474207] The buggy address belongs to the object at ffff88810099e000 [ 24.474207] which belongs to the cache kmalloc-256 of size 256 [ 24.474847] The buggy address is located 0 bytes to the right of [ 24.474847] allocated 235-byte region [ffff88810099e000, ffff88810099e0eb) [ 24.476073] [ 24.476180] The buggy address belongs to the physical page: [ 24.476383] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10099e [ 24.477363] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.477657] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.478056] page_type: f5(slab) [ 24.478293] raw: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003 [ 24.478641] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.479204] head: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003 [ 24.479660] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.480168] head: 0200000000000001 ffffea0004026781 00000000ffffffff 00000000ffffffff [ 24.480675] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.481210] page dumped because: kasan: bad access detected [ 24.481557] [ 24.481632] Memory state around the buggy address: [ 24.482333] ffff88810099df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.483094] ffff88810099e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.483410] >ffff88810099e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.484273] ^ [ 24.484974] ffff88810099e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.485814] ffff88810099e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.486557] ================================================================== [ 24.669956] ================================================================== [ 24.670724] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.671175] Write of size 1 at addr ffff8881062c20f0 by task kunit_try_catch/209 [ 24.671483] [ 24.671600] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.671649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.671663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.671685] Call Trace: [ 24.671699] <TASK> [ 24.671716] dump_stack_lvl+0x73/0xb0 [ 24.671744] print_report+0xd1/0x650 [ 24.671769] ? __virt_addr_valid+0x1db/0x2d0 [ 24.671795] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.671821] ? kasan_addr_to_slab+0x11/0xa0 [ 24.671848] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.671874] kasan_report+0x141/0x180 [ 24.671898] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.671929] __asan_report_store1_noabort+0x1b/0x30 [ 24.671956] krealloc_more_oob_helper+0x7eb/0x930 [ 24.671980] ? __schedule+0x10cc/0x2b60 [ 24.672007] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.672033] ? finish_task_switch.isra.0+0x153/0x700 [ 24.672057] ? __switch_to+0x47/0xf50 [ 24.672085] ? __schedule+0x10cc/0x2b60 [ 24.672110] ? __pfx_read_tsc+0x10/0x10 [ 24.672138] krealloc_large_more_oob+0x1c/0x30 [ 24.672163] kunit_try_run_case+0x1a5/0x480 [ 24.672191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.672217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.672250] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.672279] ? __kthread_parkme+0x82/0x180 [ 24.672302] ? preempt_count_sub+0x50/0x80 [ 24.672327] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.672355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.672382] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.672420] kthread+0x337/0x6f0 [ 24.672442] ? trace_preempt_on+0x20/0xc0 [ 24.672468] ? __pfx_kthread+0x10/0x10 [ 24.672491] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.672516] ? calculate_sigpending+0x7b/0xa0 [ 24.672543] ? __pfx_kthread+0x10/0x10 [ 24.672568] ret_from_fork+0x116/0x1d0 [ 24.672588] ? __pfx_kthread+0x10/0x10 [ 24.672611] ret_from_fork_asm+0x1a/0x30 [ 24.672646] </TASK> [ 24.672659] [ 24.680782] The buggy address belongs to the physical page: [ 24.680973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062c0 [ 24.681234] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.682896] flags: 0x200000000000040(head|node=0|zone=2) [ 24.683559] page_type: f8(unknown) [ 24.684071] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.685136] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.685627] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.686836] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.687741] head: 0200000000000002 ffffea000418b001 00000000ffffffff 00000000ffffffff [ 24.688683] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.689253] page dumped because: kasan: bad access detected [ 24.689898] [ 24.690343] Memory state around the buggy address: [ 24.691216] ffff8881062c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.691745] ffff8881062c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.692767] >ffff8881062c2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.693645] ^ [ 24.694380] ffff8881062c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.694641] ffff8881062c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.695161] ================================================================== [ 24.487511] ================================================================== [ 24.487847] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.488376] Write of size 1 at addr ffff88810099e0f0 by task kunit_try_catch/205 [ 24.488637] [ 24.488755] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.488810] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.488825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.488849] Call Trace: [ 24.488868] <TASK> [ 24.488888] dump_stack_lvl+0x73/0xb0 [ 24.488917] print_report+0xd1/0x650 [ 24.488941] ? __virt_addr_valid+0x1db/0x2d0 [ 24.488967] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.488992] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.489021] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.489046] kasan_report+0x141/0x180 [ 24.489070] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.489100] __asan_report_store1_noabort+0x1b/0x30 [ 24.489126] krealloc_more_oob_helper+0x7eb/0x930 [ 24.489149] ? __schedule+0x10cc/0x2b60 [ 24.489175] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.489588] ? finish_task_switch.isra.0+0x153/0x700 [ 24.489625] ? __switch_to+0x47/0xf50 [ 24.489655] ? __schedule+0x10cc/0x2b60 [ 24.489681] ? __pfx_read_tsc+0x10/0x10 [ 24.489708] krealloc_more_oob+0x1c/0x30 [ 24.489732] kunit_try_run_case+0x1a5/0x480 [ 24.489760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.489785] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.489811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.489837] ? __kthread_parkme+0x82/0x180 [ 24.489859] ? preempt_count_sub+0x50/0x80 [ 24.489883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.489910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.489937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.489963] kthread+0x337/0x6f0 [ 24.489984] ? trace_preempt_on+0x20/0xc0 [ 24.490011] ? __pfx_kthread+0x10/0x10 [ 24.490033] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.490058] ? calculate_sigpending+0x7b/0xa0 [ 24.490084] ? __pfx_kthread+0x10/0x10 [ 24.490107] ret_from_fork+0x116/0x1d0 [ 24.490128] ? __pfx_kthread+0x10/0x10 [ 24.490150] ret_from_fork_asm+0x1a/0x30 [ 24.490184] </TASK> [ 24.490197] [ 24.498481] Allocated by task 205: [ 24.498672] kasan_save_stack+0x45/0x70 [ 24.498822] kasan_save_track+0x18/0x40 [ 24.499077] kasan_save_alloc_info+0x3b/0x50 [ 24.499227] __kasan_krealloc+0x190/0x1f0 [ 24.499367] krealloc_noprof+0xf3/0x340 [ 24.499775] krealloc_more_oob_helper+0x1a9/0x930 [ 24.500230] krealloc_more_oob+0x1c/0x30 [ 24.500405] kunit_try_run_case+0x1a5/0x480 [ 24.500558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.500740] kthread+0x337/0x6f0 [ 24.500969] ret_from_fork+0x116/0x1d0 [ 24.501192] ret_from_fork_asm+0x1a/0x30 [ 24.501638] [ 24.501740] The buggy address belongs to the object at ffff88810099e000 [ 24.501740] which belongs to the cache kmalloc-256 of size 256 [ 24.502469] The buggy address is located 5 bytes to the right of [ 24.502469] allocated 235-byte region [ffff88810099e000, ffff88810099e0eb) [ 24.503083] [ 24.503159] The buggy address belongs to the physical page: [ 24.504429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10099e [ 24.504853] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.505669] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.505883] page_type: f5(slab) [ 24.506016] raw: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003 [ 24.506269] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.506656] head: 0200000000000040 ffff888100041b40 ffffea0004026700 dead000000000003 [ 24.507956] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.508210] head: 0200000000000001 ffffea0004026781 00000000ffffffff 00000000ffffffff [ 24.508483] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.508721] page dumped because: kasan: bad access detected [ 24.508897] [ 24.509033] Memory state around the buggy address: [ 24.509254] ffff88810099df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.509568] ffff88810099e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.509951] >ffff88810099e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.510430] ^ [ 24.513214] ffff88810099e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.513493] ffff88810099e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.513760] ================================================================== [ 24.653126] ================================================================== [ 24.653743] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.654068] Write of size 1 at addr ffff8881062c20eb by task kunit_try_catch/209 [ 24.654423] [ 24.654528] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.654583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.654596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.654620] Call Trace: [ 24.654635] <TASK> [ 24.654655] dump_stack_lvl+0x73/0xb0 [ 24.654684] print_report+0xd1/0x650 [ 24.654709] ? __virt_addr_valid+0x1db/0x2d0 [ 24.654736] ? krealloc_more_oob_helper+0x821/0x930 [ 24.654760] ? kasan_addr_to_slab+0x11/0xa0 [ 24.654786] ? krealloc_more_oob_helper+0x821/0x930 [ 24.654811] kasan_report+0x141/0x180 [ 24.654834] ? krealloc_more_oob_helper+0x821/0x930 [ 24.654863] __asan_report_store1_noabort+0x1b/0x30 [ 24.654889] krealloc_more_oob_helper+0x821/0x930 [ 24.654913] ? __schedule+0x10cc/0x2b60 [ 24.654939] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.654964] ? finish_task_switch.isra.0+0x153/0x700 [ 24.654988] ? __switch_to+0x47/0xf50 [ 24.655016] ? __schedule+0x10cc/0x2b60 [ 24.655040] ? __pfx_read_tsc+0x10/0x10 [ 24.655067] krealloc_large_more_oob+0x1c/0x30 [ 24.655106] kunit_try_run_case+0x1a5/0x480 [ 24.655137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.655161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.655187] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.655213] ? __kthread_parkme+0x82/0x180 [ 24.655236] ? preempt_count_sub+0x50/0x80 [ 24.655261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.655287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.655313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.655339] kthread+0x337/0x6f0 [ 24.655361] ? trace_preempt_on+0x20/0xc0 [ 24.655387] ? __pfx_kthread+0x10/0x10 [ 24.655421] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.655444] ? calculate_sigpending+0x7b/0xa0 [ 24.655470] ? __pfx_kthread+0x10/0x10 [ 24.655492] ret_from_fork+0x116/0x1d0 [ 24.655513] ? __pfx_kthread+0x10/0x10 [ 24.655536] ret_from_fork_asm+0x1a/0x30 [ 24.655569] </TASK> [ 24.655583] [ 24.663372] The buggy address belongs to the physical page: [ 24.663629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062c0 [ 24.663968] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.664324] flags: 0x200000000000040(head|node=0|zone=2) [ 24.664562] page_type: f8(unknown) [ 24.664743] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.665142] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.665486] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.665796] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.666127] head: 0200000000000002 ffffea000418b001 00000000ffffffff 00000000ffffffff [ 24.666465] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.666741] page dumped because: kasan: bad access detected [ 24.666990] [ 24.667099] Memory state around the buggy address: [ 24.667316] ffff8881062c1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.667587] ffff8881062c2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.667987] >ffff8881062c2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.668301] ^ [ 24.668597] ffff8881062c2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.668896] ffff8881062c2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.669212] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 24.431502] ================================================================== [ 24.432159] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 24.432501] Read of size 1 at addr ffff8881060e0000 by task kunit_try_catch/203 [ 24.432792] [ 24.432926] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.432985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.432999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.433025] Call Trace: [ 24.433041] <TASK> [ 24.433064] dump_stack_lvl+0x73/0xb0 [ 24.433096] print_report+0xd1/0x650 [ 24.433121] ? __virt_addr_valid+0x1db/0x2d0 [ 24.433149] ? page_alloc_uaf+0x356/0x3d0 [ 24.433173] ? kasan_addr_to_slab+0x11/0xa0 [ 24.433200] ? page_alloc_uaf+0x356/0x3d0 [ 24.433224] kasan_report+0x141/0x180 [ 24.433248] ? page_alloc_uaf+0x356/0x3d0 [ 24.433277] __asan_report_load1_noabort+0x18/0x20 [ 24.433305] page_alloc_uaf+0x356/0x3d0 [ 24.433328] ? __pfx_page_alloc_uaf+0x10/0x10 [ 24.433354] ? __schedule+0x10cc/0x2b60 [ 24.433382] ? __pfx_read_tsc+0x10/0x10 [ 24.433448] ? ktime_get_ts64+0x86/0x230 [ 24.433479] kunit_try_run_case+0x1a5/0x480 [ 24.433511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.433538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.433564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.433592] ? __kthread_parkme+0x82/0x180 [ 24.433616] ? preempt_count_sub+0x50/0x80 [ 24.433643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.433672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.433700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.433728] kthread+0x337/0x6f0 [ 24.433750] ? trace_preempt_on+0x20/0xc0 [ 24.433777] ? __pfx_kthread+0x10/0x10 [ 24.433801] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.433825] ? calculate_sigpending+0x7b/0xa0 [ 24.433853] ? __pfx_kthread+0x10/0x10 [ 24.433897] ret_from_fork+0x116/0x1d0 [ 24.433919] ? __pfx_kthread+0x10/0x10 [ 24.433942] ret_from_fork_asm+0x1a/0x30 [ 24.433978] </TASK> [ 24.433992] [ 24.443890] The buggy address belongs to the physical page: [ 24.444569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060e0 [ 24.445222] flags: 0x200000000000000(node=0|zone=2) [ 24.445850] page_type: f0(buddy) [ 24.446056] raw: 0200000000000000 ffff88817fffc4a8 ffff88817fffc4a8 0000000000000000 [ 24.446717] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 24.447547] page dumped because: kasan: bad access detected [ 24.447914] [ 24.448013] Memory state around the buggy address: [ 24.448442] ffff8881060dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.449040] ffff8881060dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.449883] >ffff8881060e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.450477] ^ [ 24.450784] ffff8881060e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.451445] ffff8881060e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.451774] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 24.401773] ================================================================== [ 24.403577] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 24.404738] Free of addr ffff88810623c001 by task kunit_try_catch/199 [ 24.404985] [ 24.405085] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.405144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.405159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.405184] Call Trace: [ 24.405200] <TASK> [ 24.405222] dump_stack_lvl+0x73/0xb0 [ 24.405253] print_report+0xd1/0x650 [ 24.405278] ? __virt_addr_valid+0x1db/0x2d0 [ 24.405306] ? kasan_addr_to_slab+0x11/0xa0 [ 24.405332] ? kfree+0x274/0x3f0 [ 24.405355] kasan_report_invalid_free+0x10a/0x130 [ 24.405381] ? kfree+0x274/0x3f0 [ 24.405671] ? kfree+0x274/0x3f0 [ 24.405698] __kasan_kfree_large+0x86/0xd0 [ 24.405722] free_large_kmalloc+0x52/0x110 [ 24.405749] kfree+0x274/0x3f0 [ 24.405776] kmalloc_large_invalid_free+0x120/0x2b0 [ 24.406101] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 24.406128] ? __schedule+0x10cc/0x2b60 [ 24.406183] ? __pfx_read_tsc+0x10/0x10 [ 24.406211] ? ktime_get_ts64+0x86/0x230 [ 24.406240] kunit_try_run_case+0x1a5/0x480 [ 24.406270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.406296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.406322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.406348] ? __kthread_parkme+0x82/0x180 [ 24.406370] ? preempt_count_sub+0x50/0x80 [ 24.406406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.406433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.406459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.406485] kthread+0x337/0x6f0 [ 24.406507] ? trace_preempt_on+0x20/0xc0 [ 24.406534] ? __pfx_kthread+0x10/0x10 [ 24.406556] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.406580] ? calculate_sigpending+0x7b/0xa0 [ 24.406605] ? __pfx_kthread+0x10/0x10 [ 24.406628] ret_from_fork+0x116/0x1d0 [ 24.406649] ? __pfx_kthread+0x10/0x10 [ 24.406671] ret_from_fork_asm+0x1a/0x30 [ 24.406705] </TASK> [ 24.406719] [ 24.417548] The buggy address belongs to the physical page: [ 24.417746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623c [ 24.418597] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.418989] flags: 0x200000000000040(head|node=0|zone=2) [ 24.419373] page_type: f8(unknown) [ 24.419574] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.419905] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.420179] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.420441] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.420741] head: 0200000000000002 ffffea0004188f01 00000000ffffffff 00000000ffffffff [ 24.421199] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.421522] page dumped because: kasan: bad access detected [ 24.421701] [ 24.421772] Memory state around the buggy address: [ 24.421937] ffff88810623bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.422163] ffff88810623bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.422899] >ffff88810623c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.423734] ^ [ 24.423930] ffff88810623c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.424163] ffff88810623c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.425125] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 24.368432] ================================================================== [ 24.369688] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 24.370544] Read of size 1 at addr ffff88810623c000 by task kunit_try_catch/197 [ 24.371347] [ 24.371607] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.371664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.371677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.371700] Call Trace: [ 24.371714] <TASK> [ 24.371734] dump_stack_lvl+0x73/0xb0 [ 24.371763] print_report+0xd1/0x650 [ 24.371786] ? __virt_addr_valid+0x1db/0x2d0 [ 24.371812] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.371832] ? kasan_addr_to_slab+0x11/0xa0 [ 24.371874] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.371895] kasan_report+0x141/0x180 [ 24.371917] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.371943] __asan_report_load1_noabort+0x18/0x20 [ 24.371967] kmalloc_large_uaf+0x2f1/0x340 [ 24.371988] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 24.372009] ? __schedule+0x10cc/0x2b60 [ 24.372036] ? __pfx_read_tsc+0x10/0x10 [ 24.372059] ? ktime_get_ts64+0x86/0x230 [ 24.372085] kunit_try_run_case+0x1a5/0x480 [ 24.372112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.372136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.372161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.372186] ? __kthread_parkme+0x82/0x180 [ 24.372208] ? preempt_count_sub+0x50/0x80 [ 24.372236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.372262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.372287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.372312] kthread+0x337/0x6f0 [ 24.372332] ? trace_preempt_on+0x20/0xc0 [ 24.372356] ? __pfx_kthread+0x10/0x10 [ 24.372378] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.372410] ? calculate_sigpending+0x7b/0xa0 [ 24.372434] ? __pfx_kthread+0x10/0x10 [ 24.372466] ret_from_fork+0x116/0x1d0 [ 24.372486] ? __pfx_kthread+0x10/0x10 [ 24.372508] ret_from_fork_asm+0x1a/0x30 [ 24.372552] </TASK> [ 24.372565] [ 24.385340] The buggy address belongs to the physical page: [ 24.386709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623c [ 24.387749] flags: 0x200000000000000(node=0|zone=2) [ 24.388626] raw: 0200000000000000 ffffea000418b008 ffff88815b039fc0 0000000000000000 [ 24.389734] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.390856] page dumped because: kasan: bad access detected [ 24.391890] [ 24.392081] Memory state around the buggy address: [ 24.392789] ffff88810623bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.393803] ffff88810623bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.395382] >ffff88810623c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.396280] ^ [ 24.396434] ffff88810623c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.396664] ffff88810623c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.397235] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 24.336645] ================================================================== [ 24.337103] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 24.337375] Write of size 1 at addr ffff88810606e00a by task kunit_try_catch/195 [ 24.337746] [ 24.337872] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.337988] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.338004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.338181] Call Trace: [ 24.338203] <TASK> [ 24.338226] dump_stack_lvl+0x73/0xb0 [ 24.338261] print_report+0xd1/0x650 [ 24.338287] ? __virt_addr_valid+0x1db/0x2d0 [ 24.338315] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.338338] ? kasan_addr_to_slab+0x11/0xa0 [ 24.338365] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.338401] kasan_report+0x141/0x180 [ 24.338906] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.338941] __asan_report_store1_noabort+0x1b/0x30 [ 24.338969] kmalloc_large_oob_right+0x2e9/0x330 [ 24.338993] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 24.339018] ? __schedule+0x10cc/0x2b60 [ 24.339047] ? __pfx_read_tsc+0x10/0x10 [ 24.339072] ? ktime_get_ts64+0x86/0x230 [ 24.339102] kunit_try_run_case+0x1a5/0x480 [ 24.339132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.339180] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.339206] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.339233] ? __kthread_parkme+0x82/0x180 [ 24.339257] ? preempt_count_sub+0x50/0x80 [ 24.339284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.339311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.339338] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.339365] kthread+0x337/0x6f0 [ 24.339386] ? trace_preempt_on+0x20/0xc0 [ 24.339425] ? __pfx_kthread+0x10/0x10 [ 24.339448] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.339473] ? calculate_sigpending+0x7b/0xa0 [ 24.339500] ? __pfx_kthread+0x10/0x10 [ 24.339523] ret_from_fork+0x116/0x1d0 [ 24.339544] ? __pfx_kthread+0x10/0x10 [ 24.339567] ret_from_fork_asm+0x1a/0x30 [ 24.339602] </TASK> [ 24.339617] [ 24.354049] The buggy address belongs to the physical page: [ 24.354531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10606c [ 24.355449] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.355940] flags: 0x200000000000040(head|node=0|zone=2) [ 24.356373] page_type: f8(unknown) [ 24.356760] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.357685] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.358523] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.359302] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.359969] head: 0200000000000002 ffffea0004181b01 00000000ffffffff 00000000ffffffff [ 24.360250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.361245] page dumped because: kasan: bad access detected [ 24.361785] [ 24.361951] Memory state around the buggy address: [ 24.362323] ffff88810606df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.362783] ffff88810606df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.363168] >ffff88810606e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.363991] ^ [ 24.364482] ffff88810606e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.364889] ffff88810606e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.365111] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 24.304323] ================================================================== [ 24.304906] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 24.305279] Write of size 1 at addr ffff888106091f00 by task kunit_try_catch/193 [ 24.305647] [ 24.305766] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.305823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.305836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.305863] Call Trace: [ 24.305877] <TASK> [ 24.305898] dump_stack_lvl+0x73/0xb0 [ 24.305928] print_report+0xd1/0x650 [ 24.305953] ? __virt_addr_valid+0x1db/0x2d0 [ 24.305980] ? kmalloc_big_oob_right+0x316/0x370 [ 24.306004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.306032] ? kmalloc_big_oob_right+0x316/0x370 [ 24.306057] kasan_report+0x141/0x180 [ 24.306081] ? kmalloc_big_oob_right+0x316/0x370 [ 24.306111] __asan_report_store1_noabort+0x1b/0x30 [ 24.306589] kmalloc_big_oob_right+0x316/0x370 [ 24.306621] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 24.306648] ? __schedule+0x10cc/0x2b60 [ 24.306677] ? __pfx_read_tsc+0x10/0x10 [ 24.306702] ? ktime_get_ts64+0x86/0x230 [ 24.306731] kunit_try_run_case+0x1a5/0x480 [ 24.306761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.306787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.306814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.306841] ? __kthread_parkme+0x82/0x180 [ 24.306865] ? preempt_count_sub+0x50/0x80 [ 24.306892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.306920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.306948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.306975] kthread+0x337/0x6f0 [ 24.306998] ? trace_preempt_on+0x20/0xc0 [ 24.307026] ? __pfx_kthread+0x10/0x10 [ 24.307050] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.307075] ? calculate_sigpending+0x7b/0xa0 [ 24.307103] ? __pfx_kthread+0x10/0x10 [ 24.307128] ret_from_fork+0x116/0x1d0 [ 24.307149] ? __pfx_kthread+0x10/0x10 [ 24.307172] ret_from_fork_asm+0x1a/0x30 [ 24.307210] </TASK> [ 24.307225] [ 24.319206] Allocated by task 193: [ 24.319674] kasan_save_stack+0x45/0x70 [ 24.319966] kasan_save_track+0x18/0x40 [ 24.320214] kasan_save_alloc_info+0x3b/0x50 [ 24.320417] __kasan_kmalloc+0xb7/0xc0 [ 24.320574] __kmalloc_cache_noprof+0x189/0x420 [ 24.321088] kmalloc_big_oob_right+0xa9/0x370 [ 24.321342] kunit_try_run_case+0x1a5/0x480 [ 24.321850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.322127] kthread+0x337/0x6f0 [ 24.322474] ret_from_fork+0x116/0x1d0 [ 24.322747] ret_from_fork_asm+0x1a/0x30 [ 24.323028] [ 24.323135] The buggy address belongs to the object at ffff888106090000 [ 24.323135] which belongs to the cache kmalloc-8k of size 8192 [ 24.323722] The buggy address is located 0 bytes to the right of [ 24.323722] allocated 7936-byte region [ffff888106090000, ffff888106091f00) [ 24.324383] [ 24.324513] The buggy address belongs to the physical page: [ 24.324926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106090 [ 24.325314] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.325789] flags: 0x200000000000040(head|node=0|zone=2) [ 24.326097] page_type: f5(slab) [ 24.326590] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 24.327053] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.327566] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 24.327989] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.328416] head: 0200000000000003 ffffea0004182401 00000000ffffffff 00000000ffffffff [ 24.328760] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.329202] page dumped because: kasan: bad access detected [ 24.329627] [ 24.329701] Memory state around the buggy address: [ 24.330128] ffff888106091e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.330778] ffff888106091e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.331528] >ffff888106091f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.331883] ^ [ 24.332014] ffff888106091f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.332459] ffff888106092000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.333012] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 24.268921] ================================================================== [ 24.269197] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.269524] Write of size 1 at addr ffff888103d62c78 by task kunit_try_catch/191 [ 24.269777] [ 24.269977] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.270031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.270045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.270069] Call Trace: [ 24.270084] <TASK> [ 24.270106] dump_stack_lvl+0x73/0xb0 [ 24.270136] print_report+0xd1/0x650 [ 24.270160] ? __virt_addr_valid+0x1db/0x2d0 [ 24.270186] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270212] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.270241] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270268] kasan_report+0x141/0x180 [ 24.270292] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270324] __asan_report_store1_noabort+0x1b/0x30 [ 24.270351] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.270377] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.270419] ? __schedule+0x10cc/0x2b60 [ 24.270447] ? __pfx_read_tsc+0x10/0x10 [ 24.270471] ? ktime_get_ts64+0x86/0x230 [ 24.270499] kunit_try_run_case+0x1a5/0x480 [ 24.270527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.270553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.270579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.270606] ? __kthread_parkme+0x82/0x180 [ 24.270629] ? preempt_count_sub+0x50/0x80 [ 24.270655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.270682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.270709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.270736] kthread+0x337/0x6f0 [ 24.270757] ? trace_preempt_on+0x20/0xc0 [ 24.270784] ? __pfx_kthread+0x10/0x10 [ 24.270807] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.270832] ? calculate_sigpending+0x7b/0xa0 [ 24.270858] ? __pfx_kthread+0x10/0x10 [ 24.270882] ret_from_fork+0x116/0x1d0 [ 24.270911] ? __pfx_kthread+0x10/0x10 [ 24.270934] ret_from_fork_asm+0x1a/0x30 [ 24.270969] </TASK> [ 24.270982] [ 24.284540] Allocated by task 191: [ 24.284947] kasan_save_stack+0x45/0x70 [ 24.285104] kasan_save_track+0x18/0x40 [ 24.285268] kasan_save_alloc_info+0x3b/0x50 [ 24.285437] __kasan_kmalloc+0xb7/0xc0 [ 24.285731] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.286409] kmalloc_track_caller_oob_right+0x19a/0x520 [ 24.287027] kunit_try_run_case+0x1a5/0x480 [ 24.287553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.288185] kthread+0x337/0x6f0 [ 24.288635] ret_from_fork+0x116/0x1d0 [ 24.288860] ret_from_fork_asm+0x1a/0x30 [ 24.289322] [ 24.289539] The buggy address belongs to the object at ffff888103d62c00 [ 24.289539] which belongs to the cache kmalloc-128 of size 128 [ 24.290401] The buggy address is located 0 bytes to the right of [ 24.290401] allocated 120-byte region [ffff888103d62c00, ffff888103d62c78) [ 24.290807] [ 24.290893] The buggy address belongs to the physical page: [ 24.291488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.292418] flags: 0x200000000000000(node=0|zone=2) [ 24.293500] page_type: f5(slab) [ 24.293847] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.294713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.295732] page dumped because: kasan: bad access detected [ 24.296470] [ 24.296667] Memory state around the buggy address: [ 24.296837] ffff888103d62b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.297146] ffff888103d62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.298143] >ffff888103d62c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.298891] ^ [ 24.299617] ffff888103d62c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.300005] ffff888103d62d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.300304] ================================================================== [ 24.235154] ================================================================== [ 24.236475] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.237170] Write of size 1 at addr ffff888103d62b78 by task kunit_try_catch/191 [ 24.237895] [ 24.238147] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.238203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.238217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.238241] Call Trace: [ 24.238256] <TASK> [ 24.238276] dump_stack_lvl+0x73/0xb0 [ 24.238306] print_report+0xd1/0x650 [ 24.238330] ? __virt_addr_valid+0x1db/0x2d0 [ 24.238354] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238378] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.238416] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238441] kasan_report+0x141/0x180 [ 24.238463] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238492] __asan_report_store1_noabort+0x1b/0x30 [ 24.238516] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.238541] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.238566] ? __schedule+0x10cc/0x2b60 [ 24.238591] ? __pfx_read_tsc+0x10/0x10 [ 24.238614] ? ktime_get_ts64+0x86/0x230 [ 24.238639] kunit_try_run_case+0x1a5/0x480 [ 24.238667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.238690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.238715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.238739] ? __kthread_parkme+0x82/0x180 [ 24.238761] ? preempt_count_sub+0x50/0x80 [ 24.238785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.238811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.238835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.238860] kthread+0x337/0x6f0 [ 24.238880] ? trace_preempt_on+0x20/0xc0 [ 24.238905] ? __pfx_kthread+0x10/0x10 [ 24.238926] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.238948] ? calculate_sigpending+0x7b/0xa0 [ 24.238972] ? __pfx_kthread+0x10/0x10 [ 24.238994] ret_from_fork+0x116/0x1d0 [ 24.239014] ? __pfx_kthread+0x10/0x10 [ 24.239035] ret_from_fork_asm+0x1a/0x30 [ 24.239067] </TASK> [ 24.239080] [ 24.251007] Allocated by task 191: [ 24.251156] kasan_save_stack+0x45/0x70 [ 24.251310] kasan_save_track+0x18/0x40 [ 24.251457] kasan_save_alloc_info+0x3b/0x50 [ 24.251604] __kasan_kmalloc+0xb7/0xc0 [ 24.251737] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.251919] kmalloc_track_caller_oob_right+0x99/0x520 [ 24.252086] kunit_try_run_case+0x1a5/0x480 [ 24.252234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.253059] kthread+0x337/0x6f0 [ 24.253715] ret_from_fork+0x116/0x1d0 [ 24.254544] ret_from_fork_asm+0x1a/0x30 [ 24.255065] [ 24.255452] The buggy address belongs to the object at ffff888103d62b00 [ 24.255452] which belongs to the cache kmalloc-128 of size 128 [ 24.257162] The buggy address is located 0 bytes to the right of [ 24.257162] allocated 120-byte region [ffff888103d62b00, ffff888103d62b78) [ 24.258848] [ 24.259167] The buggy address belongs to the physical page: [ 24.260038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.261095] flags: 0x200000000000000(node=0|zone=2) [ 24.261467] page_type: f5(slab) [ 24.261601] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.261844] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.262537] page dumped because: kasan: bad access detected [ 24.263168] [ 24.263344] Memory state around the buggy address: [ 24.263952] ffff888103d62a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.264673] ffff888103d62a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.265431] >ffff888103d62b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.265874] ^ [ 24.266645] ffff888103d62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.266934] ffff888103d62c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.267610] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 24.208524] ================================================================== [ 24.208940] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 24.209209] Read of size 1 at addr ffff8881062ab000 by task kunit_try_catch/189 [ 24.209723] [ 24.209847] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.209906] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.209919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.209943] Call Trace: [ 24.209958] <TASK> [ 24.209980] dump_stack_lvl+0x73/0xb0 [ 24.210011] print_report+0xd1/0x650 [ 24.210034] ? __virt_addr_valid+0x1db/0x2d0 [ 24.210060] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.210082] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.210108] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.210131] kasan_report+0x141/0x180 [ 24.210428] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.210468] __asan_report_load1_noabort+0x18/0x20 [ 24.210493] kmalloc_node_oob_right+0x369/0x3c0 [ 24.210517] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 24.210543] ? __schedule+0x10cc/0x2b60 [ 24.210569] ? __pfx_read_tsc+0x10/0x10 [ 24.210591] ? ktime_get_ts64+0x86/0x230 [ 24.210617] kunit_try_run_case+0x1a5/0x480 [ 24.210645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.210669] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.210694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.210718] ? __kthread_parkme+0x82/0x180 [ 24.210740] ? preempt_count_sub+0x50/0x80 [ 24.210764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.210789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.210813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.210837] kthread+0x337/0x6f0 [ 24.210857] ? trace_preempt_on+0x20/0xc0 [ 24.210882] ? __pfx_kthread+0x10/0x10 [ 24.210902] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.210925] ? calculate_sigpending+0x7b/0xa0 [ 24.210950] ? __pfx_kthread+0x10/0x10 [ 24.210971] ret_from_fork+0x116/0x1d0 [ 24.210990] ? __pfx_kthread+0x10/0x10 [ 24.211011] ret_from_fork_asm+0x1a/0x30 [ 24.211043] </TASK> [ 24.211056] [ 24.221580] Allocated by task 189: [ 24.221773] kasan_save_stack+0x45/0x70 [ 24.222033] kasan_save_track+0x18/0x40 [ 24.222272] kasan_save_alloc_info+0x3b/0x50 [ 24.222465] __kasan_kmalloc+0xb7/0xc0 [ 24.222599] __kmalloc_cache_node_noprof+0x188/0x420 [ 24.222758] kmalloc_node_oob_right+0xab/0x3c0 [ 24.222971] kunit_try_run_case+0x1a5/0x480 [ 24.223301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.223509] kthread+0x337/0x6f0 [ 24.223628] ret_from_fork+0x116/0x1d0 [ 24.223757] ret_from_fork_asm+0x1a/0x30 [ 24.223933] [ 24.224032] The buggy address belongs to the object at ffff8881062aa000 [ 24.224032] which belongs to the cache kmalloc-4k of size 4096 [ 24.224597] The buggy address is located 0 bytes to the right of [ 24.224597] allocated 4096-byte region [ffff8881062aa000, ffff8881062ab000) [ 24.225188] [ 24.225287] The buggy address belongs to the physical page: [ 24.225525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062a8 [ 24.226256] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.226625] flags: 0x200000000000040(head|node=0|zone=2) [ 24.226971] page_type: f5(slab) [ 24.227132] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 24.227412] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.227807] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 24.228142] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.228513] head: 0200000000000003 ffffea000418aa01 00000000ffffffff 00000000ffffffff [ 24.228850] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.229272] page dumped because: kasan: bad access detected [ 24.229531] [ 24.229602] Memory state around the buggy address: [ 24.229757] ffff8881062aaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.229973] ffff8881062aaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.230219] >ffff8881062ab000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.230638] ^ [ 24.230887] ffff8881062ab080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.231105] ffff8881062ab100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.231322] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 24.166527] ================================================================== [ 24.167774] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 24.168467] Read of size 1 at addr ffff88810527f21f by task kunit_try_catch/187 [ 24.169110] [ 24.169212] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.169264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.169276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.169300] Call Trace: [ 24.169314] <TASK> [ 24.169334] dump_stack_lvl+0x73/0xb0 [ 24.169363] print_report+0xd1/0x650 [ 24.169386] ? __virt_addr_valid+0x1db/0x2d0 [ 24.169423] ? kmalloc_oob_left+0x361/0x3c0 [ 24.169444] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.169470] ? kmalloc_oob_left+0x361/0x3c0 [ 24.169491] kasan_report+0x141/0x180 [ 24.169513] ? kmalloc_oob_left+0x361/0x3c0 [ 24.169539] __asan_report_load1_noabort+0x18/0x20 [ 24.169564] kmalloc_oob_left+0x361/0x3c0 [ 24.169585] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 24.169608] ? __schedule+0x10cc/0x2b60 [ 24.169633] ? __pfx_read_tsc+0x10/0x10 [ 24.169656] ? ktime_get_ts64+0x86/0x230 [ 24.169681] kunit_try_run_case+0x1a5/0x480 [ 24.169708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.169731] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.169756] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.169781] ? __kthread_parkme+0x82/0x180 [ 24.169802] ? preempt_count_sub+0x50/0x80 [ 24.169826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.169852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.169877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.169902] kthread+0x337/0x6f0 [ 24.169921] ? trace_preempt_on+0x20/0xc0 [ 24.169946] ? __pfx_kthread+0x10/0x10 [ 24.169967] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.169990] ? calculate_sigpending+0x7b/0xa0 [ 24.170015] ? __pfx_kthread+0x10/0x10 [ 24.170036] ret_from_fork+0x116/0x1d0 [ 24.170056] ? __pfx_kthread+0x10/0x10 [ 24.170076] ret_from_fork_asm+0x1a/0x30 [ 24.170110] </TASK> [ 24.170123] [ 24.184181] Allocated by task 21: [ 24.184546] kasan_save_stack+0x45/0x70 [ 24.185044] kasan_save_track+0x18/0x40 [ 24.185431] kasan_save_alloc_info+0x3b/0x50 [ 24.185582] __kasan_kmalloc+0xb7/0xc0 [ 24.185714] __kmalloc_cache_node_noprof+0x188/0x420 [ 24.185872] build_sched_domains+0x38c/0x5dd0 [ 24.186022] partition_sched_domains+0x471/0x9c0 [ 24.186233] rebuild_sched_domains_locked+0x97d/0xd50 [ 24.186530] cpuset_update_active_cpus+0x80f/0x1a90 [ 24.186727] sched_cpu_activate+0x2bf/0x330 [ 24.186871] cpuhp_invoke_callback+0x2a1/0xf00 [ 24.187212] cpuhp_thread_fun+0x2ce/0x5c0 [ 24.187447] smpboot_thread_fn+0x2bc/0x730 [ 24.187668] kthread+0x337/0x6f0 [ 24.188520] ret_from_fork+0x116/0x1d0 [ 24.188732] ret_from_fork_asm+0x1a/0x30 [ 24.188972] [ 24.189144] Freed by task 21: [ 24.189411] kasan_save_stack+0x45/0x70 [ 24.189570] kasan_save_track+0x18/0x40 [ 24.189990] kasan_save_free_info+0x3f/0x60 [ 24.190238] __kasan_slab_free+0x56/0x70 [ 24.190430] kfree+0x222/0x3f0 [ 24.190675] build_sched_domains+0x1fff/0x5dd0 [ 24.190872] partition_sched_domains+0x471/0x9c0 [ 24.191425] rebuild_sched_domains_locked+0x97d/0xd50 [ 24.191895] cpuset_update_active_cpus+0x80f/0x1a90 [ 24.192064] sched_cpu_activate+0x2bf/0x330 [ 24.192523] cpuhp_invoke_callback+0x2a1/0xf00 [ 24.193041] cpuhp_thread_fun+0x2ce/0x5c0 [ 24.193521] smpboot_thread_fn+0x2bc/0x730 [ 24.194060] kthread+0x337/0x6f0 [ 24.194227] ret_from_fork+0x116/0x1d0 [ 24.194637] ret_from_fork_asm+0x1a/0x30 [ 24.194810] [ 24.194895] The buggy address belongs to the object at ffff88810527f200 [ 24.194895] which belongs to the cache kmalloc-16 of size 16 [ 24.196319] The buggy address is located 15 bytes to the right of [ 24.196319] allocated 16-byte region [ffff88810527f200, ffff88810527f210) [ 24.197279] [ 24.197568] The buggy address belongs to the physical page: [ 24.198066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10527f [ 24.198451] flags: 0x200000000000000(node=0|zone=2) [ 24.198614] page_type: f5(slab) [ 24.198734] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.199342] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.200200] page dumped because: kasan: bad access detected [ 24.200774] [ 24.200955] Memory state around the buggy address: [ 24.201547] ffff88810527f100: 00 06 fc fc 00 06 fc fc fa fb fc fc 00 00 fc fc [ 24.202290] ffff88810527f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.202682] >ffff88810527f200: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 24.202907] ^ [ 24.203037] ffff88810527f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.203663] ffff88810527f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.204477] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 24.136245] ================================================================== [ 24.136551] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 24.136885] Read of size 1 at addr ffff888103d62a80 by task kunit_try_catch/185 [ 24.137418] [ 24.137544] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.137598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.137613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.137637] Call Trace: [ 24.137656] <TASK> [ 24.137675] dump_stack_lvl+0x73/0xb0 [ 24.137706] print_report+0xd1/0x650 [ 24.137732] ? __virt_addr_valid+0x1db/0x2d0 [ 24.137760] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.137783] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.137813] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.137838] kasan_report+0x141/0x180 [ 24.137863] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.137892] __asan_report_load1_noabort+0x18/0x20 [ 24.137920] kmalloc_oob_right+0x68a/0x7f0 [ 24.137945] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.137971] ? __schedule+0x10cc/0x2b60 [ 24.137999] ? __pfx_read_tsc+0x10/0x10 [ 24.138024] ? ktime_get_ts64+0x86/0x230 [ 24.138053] kunit_try_run_case+0x1a5/0x480 [ 24.138083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.138110] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.138138] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.138166] ? __kthread_parkme+0x82/0x180 [ 24.138190] ? preempt_count_sub+0x50/0x80 [ 24.138218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.138247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.138275] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.138303] kthread+0x337/0x6f0 [ 24.138326] ? trace_preempt_on+0x20/0xc0 [ 24.138353] ? __pfx_kthread+0x10/0x10 [ 24.138409] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.138437] ? calculate_sigpending+0x7b/0xa0 [ 24.138466] ? __pfx_kthread+0x10/0x10 [ 24.138491] ret_from_fork+0x116/0x1d0 [ 24.138514] ? __pfx_kthread+0x10/0x10 [ 24.138538] ret_from_fork_asm+0x1a/0x30 [ 24.138576] </TASK> [ 24.138590] [ 24.150154] Allocated by task 185: [ 24.150469] kasan_save_stack+0x45/0x70 [ 24.150662] kasan_save_track+0x18/0x40 [ 24.151089] kasan_save_alloc_info+0x3b/0x50 [ 24.151385] __kasan_kmalloc+0xb7/0xc0 [ 24.151537] __kmalloc_cache_noprof+0x189/0x420 [ 24.151699] kmalloc_oob_right+0xa9/0x7f0 [ 24.151844] kunit_try_run_case+0x1a5/0x480 [ 24.152284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.152807] kthread+0x337/0x6f0 [ 24.153153] ret_from_fork+0x116/0x1d0 [ 24.153522] ret_from_fork_asm+0x1a/0x30 [ 24.153918] [ 24.154112] The buggy address belongs to the object at ffff888103d62a00 [ 24.154112] which belongs to the cache kmalloc-128 of size 128 [ 24.155083] The buggy address is located 13 bytes to the right of [ 24.155083] allocated 115-byte region [ffff888103d62a00, ffff888103d62a73) [ 24.155481] [ 24.155555] The buggy address belongs to the physical page: [ 24.155733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.156260] flags: 0x200000000000000(node=0|zone=2) [ 24.156738] page_type: f5(slab) [ 24.157078] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.157749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.158435] page dumped because: kasan: bad access detected [ 24.158959] [ 24.159140] Memory state around the buggy address: [ 24.159595] ffff888103d62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.160248] ffff888103d62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.160708] >ffff888103d62a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.161080] ^ [ 24.161398] ffff888103d62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.162037] ffff888103d62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.162502] ================================================================== [ 24.117188] ================================================================== [ 24.117461] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 24.117845] Write of size 1 at addr ffff888103d62a78 by task kunit_try_catch/185 [ 24.118213] [ 24.118326] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.118382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.118408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.118432] Call Trace: [ 24.118453] <TASK> [ 24.118473] dump_stack_lvl+0x73/0xb0 [ 24.118505] print_report+0xd1/0x650 [ 24.118533] ? __virt_addr_valid+0x1db/0x2d0 [ 24.118560] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.118584] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.118612] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.118636] kasan_report+0x141/0x180 [ 24.118661] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.118690] __asan_report_store1_noabort+0x1b/0x30 [ 24.118717] kmalloc_oob_right+0x6bd/0x7f0 [ 24.118741] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.118766] ? __schedule+0x10cc/0x2b60 [ 24.118793] ? __pfx_read_tsc+0x10/0x10 [ 24.118818] ? ktime_get_ts64+0x86/0x230 [ 24.118846] kunit_try_run_case+0x1a5/0x480 [ 24.118874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.118912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.118938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.118966] ? __kthread_parkme+0x82/0x180 [ 24.118989] ? preempt_count_sub+0x50/0x80 [ 24.119016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.119044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.119071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.119099] kthread+0x337/0x6f0 [ 24.119121] ? trace_preempt_on+0x20/0xc0 [ 24.119148] ? __pfx_kthread+0x10/0x10 [ 24.119171] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.119196] ? calculate_sigpending+0x7b/0xa0 [ 24.119223] ? __pfx_kthread+0x10/0x10 [ 24.119247] ret_from_fork+0x116/0x1d0 [ 24.119269] ? __pfx_kthread+0x10/0x10 [ 24.119293] ret_from_fork_asm+0x1a/0x30 [ 24.119329] </TASK> [ 24.119342] [ 24.126842] Allocated by task 185: [ 24.126983] kasan_save_stack+0x45/0x70 [ 24.127136] kasan_save_track+0x18/0x40 [ 24.127335] kasan_save_alloc_info+0x3b/0x50 [ 24.127575] __kasan_kmalloc+0xb7/0xc0 [ 24.127783] __kmalloc_cache_noprof+0x189/0x420 [ 24.128239] kmalloc_oob_right+0xa9/0x7f0 [ 24.128460] kunit_try_run_case+0x1a5/0x480 [ 24.128663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.128980] kthread+0x337/0x6f0 [ 24.129116] ret_from_fork+0x116/0x1d0 [ 24.129262] ret_from_fork_asm+0x1a/0x30 [ 24.129427] [ 24.129503] The buggy address belongs to the object at ffff888103d62a00 [ 24.129503] which belongs to the cache kmalloc-128 of size 128 [ 24.130416] The buggy address is located 5 bytes to the right of [ 24.130416] allocated 115-byte region [ffff888103d62a00, ffff888103d62a73) [ 24.130885] [ 24.130961] The buggy address belongs to the physical page: [ 24.131152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.131606] flags: 0x200000000000000(node=0|zone=2) [ 24.131866] page_type: f5(slab) [ 24.132050] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.132597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.132858] page dumped because: kasan: bad access detected [ 24.133139] [ 24.133240] Memory state around the buggy address: [ 24.133496] ffff888103d62900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.133836] ffff888103d62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.134118] >ffff888103d62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.134357] ^ [ 24.134723] ffff888103d62a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.135085] ffff888103d62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.135483] ================================================================== [ 24.089011] ================================================================== [ 24.089715] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 24.090523] Write of size 1 at addr ffff888103d62a73 by task kunit_try_catch/185 [ 24.090942] [ 24.092128] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 24.092548] Tainted: [N]=TEST [ 24.092584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.092862] Call Trace: [ 24.092944] <TASK> [ 24.093120] dump_stack_lvl+0x73/0xb0 [ 24.093220] print_report+0xd1/0x650 [ 24.093254] ? __virt_addr_valid+0x1db/0x2d0 [ 24.093284] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.093308] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.093337] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.093362] kasan_report+0x141/0x180 [ 24.093388] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.093430] __asan_report_store1_noabort+0x1b/0x30 [ 24.093458] kmalloc_oob_right+0x6f0/0x7f0 [ 24.093483] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.093508] ? __schedule+0x10cc/0x2b60 [ 24.093537] ? __pfx_read_tsc+0x10/0x10 [ 24.093563] ? ktime_get_ts64+0x86/0x230 [ 24.093593] kunit_try_run_case+0x1a5/0x480 [ 24.093625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.093651] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.093678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.093706] ? __kthread_parkme+0x82/0x180 [ 24.093731] ? preempt_count_sub+0x50/0x80 [ 24.093758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.093786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.093814] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.093841] kthread+0x337/0x6f0 [ 24.093864] ? trace_preempt_on+0x20/0xc0 [ 24.093893] ? __pfx_kthread+0x10/0x10 [ 24.093917] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.093942] ? calculate_sigpending+0x7b/0xa0 [ 24.093971] ? __pfx_kthread+0x10/0x10 [ 24.093995] ret_from_fork+0x116/0x1d0 [ 24.094017] ? __pfx_kthread+0x10/0x10 [ 24.094041] ret_from_fork_asm+0x1a/0x30 [ 24.094106] </TASK> [ 24.094182] [ 24.101991] Allocated by task 185: [ 24.102591] kasan_save_stack+0x45/0x70 [ 24.102908] kasan_save_track+0x18/0x40 [ 24.103148] kasan_save_alloc_info+0x3b/0x50 [ 24.103309] __kasan_kmalloc+0xb7/0xc0 [ 24.103470] __kmalloc_cache_noprof+0x189/0x420 [ 24.103737] kmalloc_oob_right+0xa9/0x7f0 [ 24.103974] kunit_try_run_case+0x1a5/0x480 [ 24.104488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.105505] kthread+0x337/0x6f0 [ 24.105684] ret_from_fork+0x116/0x1d0 [ 24.105913] ret_from_fork_asm+0x1a/0x30 [ 24.106236] [ 24.106771] The buggy address belongs to the object at ffff888103d62a00 [ 24.106771] which belongs to the cache kmalloc-128 of size 128 [ 24.107475] The buggy address is located 0 bytes to the right of [ 24.107475] allocated 115-byte region [ffff888103d62a00, ffff888103d62a73) [ 24.108490] [ 24.108826] The buggy address belongs to the physical page: [ 24.109510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d62 [ 24.110182] flags: 0x200000000000000(node=0|zone=2) [ 24.110879] page_type: f5(slab) [ 24.111509] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.111842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.112352] page dumped because: kasan: bad access detected [ 24.112590] [ 24.112705] Memory state around the buggy address: [ 24.113320] ffff888103d62900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.113698] ffff888103d62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.114046] >ffff888103d62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.114533] ^ [ 24.114925] ffff888103d62a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.115288] ffff888103d62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.115647] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 201.240936] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2883 [ 201.241305] Modules linked in: [ 201.241907] CPU: 0 UID: 0 PID: 2883 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 201.243796] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 201.244697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 201.245625] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 201.246383] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 80 bf 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 201.248109] RSP: 0000:ffff88810459fc78 EFLAGS: 00010286 [ 201.249066] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 201.249879] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffac25eb74 [ 201.250708] RBP: ffff88810459fca0 R08: 0000000000000000 R09: ffffed1020e65600 [ 201.251460] R10: ffff88810732b007 R11: 0000000000000000 R12: ffffffffac25eb60 [ 201.252574] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810459fd38 [ 201.253104] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 201.254285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.254822] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 201.255075] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 201.255307] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 201.255552] Call Trace: [ 201.255660] <TASK> [ 201.255779] drm_test_rect_calc_vscale+0x108/0x270 [ 201.256051] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 201.256286] ? __schedule+0x10cc/0x2b60 [ 201.256618] ? __pfx_read_tsc+0x10/0x10 [ 201.256846] ? ktime_get_ts64+0x86/0x230 [ 201.257094] kunit_try_run_case+0x1a5/0x480 [ 201.257481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.257663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 201.258020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 201.258559] ? __kthread_parkme+0x82/0x180 [ 201.258806] ? preempt_count_sub+0x50/0x80 [ 201.259055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.259392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 201.259672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 201.260035] kthread+0x337/0x6f0 [ 201.260286] ? trace_preempt_on+0x20/0xc0 [ 201.260582] ? __pfx_kthread+0x10/0x10 [ 201.260786] ? _raw_spin_unlock_irq+0x47/0x80 [ 201.261046] ? calculate_sigpending+0x7b/0xa0 [ 201.261339] ? __pfx_kthread+0x10/0x10 [ 201.261605] ret_from_fork+0x116/0x1d0 [ 201.261844] ? __pfx_kthread+0x10/0x10 [ 201.262085] ret_from_fork_asm+0x1a/0x30 [ 201.262566] </TASK> [ 201.262736] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 201.217856] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2881 [ 201.218488] Modules linked in: [ 201.218721] CPU: 0 UID: 0 PID: 2881 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 201.219297] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 201.219616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 201.220079] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 201.220490] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 80 bf 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 201.221472] RSP: 0000:ffff8881046efc78 EFLAGS: 00010286 [ 201.221719] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 201.222430] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffac25eb3c [ 201.222904] RBP: ffff8881046efca0 R08: 0000000000000000 R09: ffffed1020e663c0 [ 201.223700] R10: ffff888107331e07 R11: 0000000000000000 R12: ffffffffac25eb28 [ 201.224038] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881046efd38 [ 201.224705] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 201.225512] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.225953] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 201.226205] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 201.226453] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 201.227122] Call Trace: [ 201.227295] <TASK> [ 201.227554] drm_test_rect_calc_vscale+0x108/0x270 [ 201.227795] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 201.228224] ? __schedule+0x10cc/0x2b60 [ 201.228951] ? __pfx_read_tsc+0x10/0x10 [ 201.229614] ? ktime_get_ts64+0x86/0x230 [ 201.229994] kunit_try_run_case+0x1a5/0x480 [ 201.230455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.230736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 201.231206] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 201.231749] ? __kthread_parkme+0x82/0x180 [ 201.232113] ? preempt_count_sub+0x50/0x80 [ 201.232629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.232874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 201.233548] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 201.233855] kthread+0x337/0x6f0 [ 201.234036] ? trace_preempt_on+0x20/0xc0 [ 201.234574] ? __pfx_kthread+0x10/0x10 [ 201.234884] ? _raw_spin_unlock_irq+0x47/0x80 [ 201.235131] ? calculate_sigpending+0x7b/0xa0 [ 201.235686] ? __pfx_kthread+0x10/0x10 [ 201.235987] ret_from_fork+0x116/0x1d0 [ 201.236457] ? __pfx_kthread+0x10/0x10 [ 201.236671] ret_from_fork_asm+0x1a/0x30 [ 201.236878] </TASK> [ 201.237047] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 201.181083] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2871 [ 201.181953] Modules linked in: [ 201.182605] CPU: 0 UID: 0 PID: 2871 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 201.183670] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 201.183874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 201.184930] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 201.185569] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 201.187408] RSP: 0000:ffff888103eefc78 EFLAGS: 00010286 [ 201.187651] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 201.187879] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffac25eb78 [ 201.188109] RBP: ffff888103eefca0 R08: 0000000000000000 R09: ffffed1020e66320 [ 201.188340] R10: ffff888107331907 R11: 0000000000000000 R12: ffffffffac25eb60 [ 201.188578] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103eefd38 [ 201.188813] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 201.189064] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.189251] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 201.189658] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 201.190355] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 201.191058] Call Trace: [ 201.191477] <TASK> [ 201.191742] drm_test_rect_calc_hscale+0x108/0x270 [ 201.192381] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 201.193040] ? __schedule+0x10cc/0x2b60 [ 201.193547] ? __pfx_read_tsc+0x10/0x10 [ 201.194014] ? ktime_get_ts64+0x86/0x230 [ 201.194584] kunit_try_run_case+0x1a5/0x480 [ 201.195207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.195817] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 201.196432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 201.197038] ? __kthread_parkme+0x82/0x180 [ 201.197566] ? preempt_count_sub+0x50/0x80 [ 201.198022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.198610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 201.199258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 201.199962] kthread+0x337/0x6f0 [ 201.200395] ? trace_preempt_on+0x20/0xc0 [ 201.200867] ? __pfx_kthread+0x10/0x10 [ 201.201327] ? _raw_spin_unlock_irq+0x47/0x80 [ 201.201561] ? calculate_sigpending+0x7b/0xa0 [ 201.201733] ? __pfx_kthread+0x10/0x10 [ 201.201884] ret_from_fork+0x116/0x1d0 [ 201.202034] ? __pfx_kthread+0x10/0x10 [ 201.202182] ret_from_fork_asm+0x1a/0x30 [ 201.202348] </TASK> [ 201.202470] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 201.152767] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2869 [ 201.153625] Modules linked in: [ 201.153813] CPU: 0 UID: 0 PID: 2869 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 201.154512] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 201.155291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 201.156465] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 201.157127] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 201.159055] RSP: 0000:ffff888104307c78 EFLAGS: 00010286 [ 201.159734] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 201.160236] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffac25eb40 [ 201.161105] RBP: ffff888104307ca0 R08: 0000000000000000 R09: ffffed1020e66300 [ 201.161879] R10: ffff888107331807 R11: 0000000000000000 R12: ffffffffac25eb28 [ 201.162112] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888104307d38 [ 201.163125] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 201.164232] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.165028] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 201.165873] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 201.166655] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 201.166906] Call Trace: [ 201.167016] <TASK> [ 201.167128] drm_test_rect_calc_hscale+0x108/0x270 [ 201.167738] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 201.168613] ? __schedule+0x10cc/0x2b60 [ 201.169235] ? __pfx_read_tsc+0x10/0x10 [ 201.169673] ? ktime_get_ts64+0x86/0x230 [ 201.169883] kunit_try_run_case+0x1a5/0x480 [ 201.170054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.170443] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 201.170926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 201.171529] ? __kthread_parkme+0x82/0x180 [ 201.171966] ? preempt_count_sub+0x50/0x80 [ 201.172130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 201.172802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 201.173240] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 201.173670] kthread+0x337/0x6f0 [ 201.173806] ? trace_preempt_on+0x20/0xc0 [ 201.174021] ? __pfx_kthread+0x10/0x10 [ 201.174487] ? _raw_spin_unlock_irq+0x47/0x80 [ 201.174928] ? calculate_sigpending+0x7b/0xa0 [ 201.175485] ? __pfx_kthread+0x10/0x10 [ 201.175718] ret_from_fork+0x116/0x1d0 [ 201.175866] ? __pfx_kthread+0x10/0x10 [ 201.176109] ret_from_fork_asm+0x1a/0x30 [ 201.176758] </TASK> [ 201.177037] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 200.336436] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 200.336566] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2674 [ 200.339516] Modules linked in: [ 200.339718] CPU: 0 UID: 0 PID: 2674 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 200.340569] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 200.341593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 200.342785] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 200.343222] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 ad ce 81 00 48 c7 c1 60 2a 21 ac 4c 89 f2 48 c7 c7 80 26 21 ac 48 89 c6 e8 94 c6 72 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 200.343798] RSP: 0000:ffff888104797d18 EFLAGS: 00010286 [ 200.344024] RAX: 0000000000000000 RBX: ffff888107e36000 RCX: 1ffffffff59e4ad4 [ 200.344964] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 200.345754] RBP: ffff888104797d48 R08: 0000000000000000 R09: fffffbfff59e4ad4 [ 200.346647] R10: 0000000000000003 R11: 000000000003b6a0 R12: ffff888104503800 [ 200.347205] R13: ffff888107e360f8 R14: ffff8881050d6700 R15: ffff8881003c7b48 [ 200.347455] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 200.347710] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.347898] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 200.348123] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 200.348604] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 200.348967] Call Trace: [ 200.349080] <TASK> [ 200.349236] ? trace_preempt_on+0x20/0xc0 [ 200.349693] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 200.350111] drm_gem_shmem_free_wrapper+0x12/0x20 [ 200.350434] __kunit_action_free+0x57/0x70 [ 200.350624] kunit_remove_resource+0x133/0x200 [ 200.350857] ? preempt_count_sub+0x50/0x80 [ 200.351078] kunit_cleanup+0x7a/0x120 [ 200.351523] kunit_try_run_case_cleanup+0xbd/0xf0 [ 200.351830] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 200.352153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 200.352532] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 200.352877] kthread+0x337/0x6f0 [ 200.353086] ? trace_preempt_on+0x20/0xc0 [ 200.353715] ? __pfx_kthread+0x10/0x10 [ 200.353913] ? _raw_spin_unlock_irq+0x47/0x80 [ 200.354608] ? calculate_sigpending+0x7b/0xa0 [ 200.354845] ? __pfx_kthread+0x10/0x10 [ 200.355091] ret_from_fork+0x116/0x1d0 [ 200.355564] ? __pfx_kthread+0x10/0x10 [ 200.355772] ret_from_fork_asm+0x1a/0x30 [ 200.356285] </TASK> [ 200.356555] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 200.175549] WARNING: drivers/gpu/drm/drm_framebuffer.c:867 at drm_framebuffer_init+0x44/0x300, CPU#0: kunit_try_catch/2655 [ 200.176007] Modules linked in: [ 200.176924] CPU: 0 UID: 0 PID: 2655 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 200.177654] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 200.178214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 200.178765] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 200.179525] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 200.180347] RSP: 0000:ffff88810495fb30 EFLAGS: 00010246 [ 200.180931] RAX: dffffc0000000000 RBX: ffff88810495fc28 RCX: 0000000000000000 [ 200.181208] RDX: 1ffff1102092bf8e RSI: ffff88810495fc28 RDI: ffff88810495fc70 [ 200.181825] RBP: ffff88810495fb70 R08: ffff888105c76000 R09: ffffffffac202bc0 [ 200.182052] R10: 0000000000000003 R11: 0000000049915fd0 R12: ffff888105c76000 [ 200.182259] R13: ffff8881003c7ae8 R14: ffff88810495fba8 R15: 0000000000000000 [ 200.182614] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 200.183491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.183841] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 200.184466] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 200.184957] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 200.185581] Call Trace: [ 200.185702] <TASK> [ 200.185832] ? add_dr+0xc1/0x1d0 [ 200.186119] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 200.186685] ? add_dr+0x148/0x1d0 [ 200.186858] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 200.187517] ? __drmm_add_action+0x1a4/0x280 [ 200.187911] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 200.188464] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 200.188910] ? __drmm_add_action_or_reset+0x22/0x50 [ 200.189651] ? __schedule+0x10cc/0x2b60 [ 200.189880] ? __pfx_read_tsc+0x10/0x10 [ 200.190063] ? ktime_get_ts64+0x86/0x230 [ 200.190552] kunit_try_run_case+0x1a5/0x480 [ 200.190899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 200.191446] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 200.191690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 200.192090] ? __kthread_parkme+0x82/0x180 [ 200.192532] ? preempt_count_sub+0x50/0x80 [ 200.192740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 200.193277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 200.193654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 200.194078] kthread+0x337/0x6f0 [ 200.194463] ? trace_preempt_on+0x20/0xc0 [ 200.195265] ? __pfx_kthread+0x10/0x10 [ 200.195514] ? _raw_spin_unlock_irq+0x47/0x80 [ 200.195753] ? calculate_sigpending+0x7b/0xa0 [ 200.196079] ? __pfx_kthread+0x10/0x10 [ 200.196383] ret_from_fork+0x116/0x1d0 [ 200.196605] ? __pfx_kthread+0x10/0x10 [ 200.196807] ret_from_fork_asm+0x1a/0x30 [ 200.197016] </TASK> [ 200.197318] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 200.137525] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 200.137675] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#1: kunit_try_catch/2651 [ 200.138761] Modules linked in: [ 200.138976] CPU: 1 UID: 0 PID: 2651 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 200.139921] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 200.140131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 200.140818] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 200.141247] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 3b f5 88 00 48 c7 c1 a0 da 1f ac 4c 89 fa 48 c7 c7 00 db 1f ac 48 89 c6 e8 22 ed 79 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 200.143216] RSP: 0000:ffff888105db7b68 EFLAGS: 00010282 [ 200.143758] RAX: 0000000000000000 RBX: ffff888105db7c40 RCX: 1ffffffff59e4ad4 [ 200.143998] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 200.144228] RBP: ffff888105db7b90 R08: 0000000000000000 R09: fffffbfff59e4ad4 [ 200.144480] R10: 0000000000000003 R11: 0000000000039d78 R12: ffff888105db7c18 [ 200.144745] R13: ffff888105ef8800 R14: ffff88810493c000 R15: ffff88810972bf00 [ 200.145360] FS: 0000000000000000(0000) GS:ffff8881acf24000(0000) knlGS:0000000000000000 [ 200.145789] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.146359] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 200.146730] DR0: ffffffffae2a2484 DR1: ffffffffae2a2489 DR2: ffffffffae2a248a [ 200.147059] DR3: ffffffffae2a248b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 200.147469] Call Trace: [ 200.147713] <TASK> [ 200.147937] drm_test_framebuffer_free+0x1ab/0x610 [ 200.148325] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 200.148676] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 200.148904] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 200.149264] ? __drmm_add_action_or_reset+0x22/0x50 [ 200.149579] ? __schedule+0x10cc/0x2b60 [ 200.149824] ? __pfx_read_tsc+0x10/0x10 [ 200.150245] ? ktime_get_ts64+0x86/0x230 [ 200.150568] kunit_try_run_case+0x1a5/0x480 [ 200.150834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 200.151076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 200.151384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 200.151718] ? __kthread_parkme+0x82/0x180 [ 200.151936] ? preempt_count_sub+0x50/0x80 [ 200.152170] ? __pfx_kunit_try_run_case+0x10/0x10 [ 200.152661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 200.152947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 200.153442] kthread+0x337/0x6f0 [ 200.153703] ? trace_preempt_on+0x20/0xc0 [ 200.154023] ? __pfx_kthread+0x10/0x10 [ 200.154199] ? _raw_spin_unlock_irq+0x47/0x80 [ 200.154555] ? calculate_sigpending+0x7b/0xa0 [ 200.154722] ? __pfx_kthread+0x10/0x10 [ 200.155123] ret_from_fork+0x116/0x1d0 [ 200.155671] ? __pfx_kthread+0x10/0x10 [ 200.155895] ret_from_fork_asm+0x1a/0x30 [ 200.156095] </TASK> [ 200.156686] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 198.555207] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2091 [ 198.556471] Modules linked in: [ 198.556651] CPU: 0 UID: 0 PID: 2091 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 198.557027] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.557208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.557630] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 198.557854] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 198.558690] RSP: 0000:ffff88810a3a7c90 EFLAGS: 00010246 [ 198.558892] RAX: dffffc0000000000 RBX: ffff888105cf8000 RCX: 0000000000000000 [ 198.559365] RDX: 1ffff11020b9f034 RSI: ffffffffa9400ac8 RDI: ffff888105cf81a0 [ 198.560170] RBP: ffff88810a3a7ca0 R08: 1ffff11020078f6a R09: ffffed1021474f65 [ 198.560649] R10: 0000000000000003 R11: ffffffffa8981dd8 R12: 0000000000000000 [ 198.560936] R13: ffff88810a3a7d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 198.561282] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 198.561748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.562031] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 198.562356] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 198.563087] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.563512] Call Trace: [ 198.563647] <TASK> [ 198.563785] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 198.564528] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 198.564902] ? __schedule+0x10cc/0x2b60 [ 198.565061] ? __pfx_read_tsc+0x10/0x10 [ 198.565737] ? ktime_get_ts64+0x86/0x230 [ 198.565991] kunit_try_run_case+0x1a5/0x480 [ 198.566181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.566696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.566895] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.567188] ? __kthread_parkme+0x82/0x180 [ 198.568068] ? preempt_count_sub+0x50/0x80 [ 198.568341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.568537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.568754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.568945] kthread+0x337/0x6f0 [ 198.569067] ? trace_preempt_on+0x20/0xc0 [ 198.569211] ? __pfx_kthread+0x10/0x10 [ 198.569345] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.569592] ? calculate_sigpending+0x7b/0xa0 [ 198.569755] ? __pfx_kthread+0x10/0x10 [ 198.569890] ret_from_fork+0x116/0x1d0 [ 198.570922] ? __pfx_kthread+0x10/0x10 [ 198.571546] ret_from_fork_asm+0x1a/0x30 [ 198.571727] </TASK> [ 198.571836] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 198.665970] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2099 [ 198.666808] Modules linked in: [ 198.667086] CPU: 1 UID: 0 PID: 2099 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 198.668401] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.668705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.669263] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 198.670035] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 198.671052] RSP: 0000:ffff888105c6fc90 EFLAGS: 00010246 [ 198.671457] RAX: dffffc0000000000 RBX: ffff888105c40000 RCX: 0000000000000000 [ 198.671788] RDX: 1ffff11020b88034 RSI: ffffffffa9400ac8 RDI: ffff888105c401a0 [ 198.672033] RBP: ffff888105c6fca0 R08: 1ffff11020078f6a R09: ffffed1020b8df65 [ 198.672276] R10: 0000000000000003 R11: ffffffffa7e0496a R12: 0000000000000000 [ 198.672524] R13: ffff888105c6fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 198.672764] FS: 0000000000000000(0000) GS:ffff8881acf24000(0000) knlGS:0000000000000000 [ 198.673030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.673227] CR2: 00007ffff7ffe000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 198.673489] DR0: ffffffffae2a2484 DR1: ffffffffae2a2489 DR2: ffffffffae2a248a [ 198.674653] DR3: ffffffffae2a248b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.675082] Call Trace: [ 198.675250] <TASK> [ 198.675982] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 198.676281] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 198.676552] ? __schedule+0x10cc/0x2b60 [ 198.676719] ? __pfx_read_tsc+0x10/0x10 [ 198.676878] ? ktime_get_ts64+0x86/0x230 [ 198.677040] kunit_try_run_case+0x1a5/0x480 [ 198.677772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.678613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.679100] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.679694] ? __kthread_parkme+0x82/0x180 [ 198.680087] ? preempt_count_sub+0x50/0x80 [ 198.680405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.681101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.681764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.682375] kthread+0x337/0x6f0 [ 198.682763] ? trace_preempt_on+0x20/0xc0 [ 198.683148] ? __pfx_kthread+0x10/0x10 [ 198.683671] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.683988] ? calculate_sigpending+0x7b/0xa0 [ 198.684170] ? __pfx_kthread+0x10/0x10 [ 198.684329] ret_from_fork+0x116/0x1d0 [ 198.684494] ? __pfx_kthread+0x10/0x10 [ 198.684644] ret_from_fork_asm+0x1a/0x30 [ 198.684809] </TASK> [ 198.684908] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 135.677587] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/707 [ 135.677982] Modules linked in: [ 135.678905] CPU: 0 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 135.679594] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 135.680102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 135.680847] RIP: 0010:intlog10+0x2a/0x40 [ 135.681287] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 135.682570] RSP: 0000:ffff888103127cb0 EFLAGS: 00010246 [ 135.682842] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020624fb4 [ 135.683484] RDX: 1ffffffff58130f4 RSI: 1ffff11020624fb3 RDI: 0000000000000000 [ 135.683834] RBP: ffff888103127d60 R08: 0000000000000000 R09: ffffed10205638c0 [ 135.684371] R10: ffff888102b1c607 R11: 0000000000000000 R12: 1ffff11020624f97 [ 135.684704] R13: ffffffffac0987a0 R14: 0000000000000000 R15: ffff888103127d38 [ 135.685039] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 135.685792] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.686229] CR2: dffffc0000000000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 135.686610] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 135.686942] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 135.687213] Call Trace: [ 135.687448] <TASK> [ 135.687730] ? intlog10_test+0xf2/0x220 [ 135.687994] ? __pfx_intlog10_test+0x10/0x10 [ 135.688450] ? __schedule+0x10cc/0x2b60 [ 135.689101] ? __pfx_read_tsc+0x10/0x10 [ 135.689357] ? ktime_get_ts64+0x86/0x230 [ 135.689583] kunit_try_run_case+0x1a5/0x480 [ 135.689812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 135.690283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 135.690493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 135.690755] ? __kthread_parkme+0x82/0x180 [ 135.691005] ? preempt_count_sub+0x50/0x80 [ 135.691252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 135.691601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 135.691867] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 135.692301] kthread+0x337/0x6f0 [ 135.692554] ? trace_preempt_on+0x20/0xc0 [ 135.692719] ? __pfx_kthread+0x10/0x10 [ 135.692947] ? _raw_spin_unlock_irq+0x47/0x80 [ 135.693345] ? calculate_sigpending+0x7b/0xa0 [ 135.693726] ? __pfx_kthread+0x10/0x10 [ 135.693963] ret_from_fork+0x116/0x1d0 [ 135.694253] ? __pfx_kthread+0x10/0x10 [ 135.694501] ret_from_fork_asm+0x1a/0x30 [ 135.694688] </TASK> [ 135.694829] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 135.640576] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/689 [ 135.641114] Modules linked in: [ 135.641485] CPU: 0 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 135.642060] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 135.642561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 135.642919] RIP: 0010:intlog2+0xdf/0x110 [ 135.643099] Code: 09 ac c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 17 3c 8f 02 89 45 e4 e8 ff ec 55 ff 8b 45 e4 eb [ 135.644218] RSP: 0000:ffff88810317fcb0 EFLAGS: 00010246 [ 135.644538] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff1102062ffb4 [ 135.644850] RDX: 1ffffffff5813148 RSI: 1ffff1102062ffb3 RDI: 0000000000000000 [ 135.645303] RBP: ffff88810317fd60 R08: 0000000000000000 R09: ffffed102066e520 [ 135.645552] R10: ffff888103372907 R11: 0000000000000000 R12: 1ffff1102062ff97 [ 135.645906] R13: ffffffffac098a40 R14: 0000000000000000 R15: ffff88810317fd38 [ 135.646290] FS: 0000000000000000(0000) GS:ffff8881ace24000(0000) knlGS:0000000000000000 [ 135.646690] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.646962] CR2: dffffc0000000000 CR3: 0000000131ebc000 CR4: 00000000000006f0 [ 135.647262] DR0: ffffffffae2a2480 DR1: ffffffffae2a2481 DR2: ffffffffae2a2483 [ 135.647619] DR3: ffffffffae2a2485 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 135.648334] Call Trace: [ 135.648471] <TASK> [ 135.648577] ? intlog2_test+0xf2/0x220 [ 135.648909] ? __pfx_intlog2_test+0x10/0x10 [ 135.649135] ? __schedule+0x10cc/0x2b60 [ 135.649451] ? __pfx_read_tsc+0x10/0x10 [ 135.649668] ? ktime_get_ts64+0x86/0x230 [ 135.649850] kunit_try_run_case+0x1a5/0x480 [ 135.650102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 135.650365] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 135.650786] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 135.651071] ? __kthread_parkme+0x82/0x180 [ 135.651301] ? preempt_count_sub+0x50/0x80 [ 135.651798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 135.652028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 135.652474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 135.652793] kthread+0x337/0x6f0 [ 135.652982] ? trace_preempt_on+0x20/0xc0 [ 135.653198] ? __pfx_kthread+0x10/0x10 [ 135.653555] ? _raw_spin_unlock_irq+0x47/0x80 [ 135.653766] ? calculate_sigpending+0x7b/0xa0 [ 135.654010] ? __pfx_kthread+0x10/0x10 [ 135.654328] ret_from_fork+0x116/0x1d0 [ 135.654497] ? __pfx_kthread+0x10/0x10 [ 135.654723] ret_from_fork_asm+0x1a/0x30 [ 135.655007] </TASK> [ 135.655199] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 135.009425] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI