Date
July 8, 2025, 11:10 a.m.
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 61.096954] ================================================================== [ 61.097386] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 61.097386] [ 61.097779] Use-after-free read at 0x(____ptrval____) (in kfence-#164): [ 61.098188] test_krealloc+0x6fc/0xbe0 [ 61.098411] kunit_try_run_case+0x1a5/0x480 [ 61.098645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.098900] kthread+0x337/0x6f0 [ 61.099078] ret_from_fork+0x116/0x1d0 [ 61.099294] ret_from_fork_asm+0x1a/0x30 [ 61.099480] [ 61.099574] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 61.099574] [ 61.099859] allocated by task 385 on cpu 0 at 61.096247s (0.003609s ago): [ 61.100189] test_alloc+0x364/0x10f0 [ 61.100468] test_krealloc+0xad/0xbe0 [ 61.100602] kunit_try_run_case+0x1a5/0x480 [ 61.100794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.101044] kthread+0x337/0x6f0 [ 61.101220] ret_from_fork+0x116/0x1d0 [ 61.101382] ret_from_fork_asm+0x1a/0x30 [ 61.101516] [ 61.101607] freed by task 385 on cpu 0 at 61.096496s (0.005109s ago): [ 61.102020] krealloc_noprof+0x108/0x340 [ 61.102180] test_krealloc+0x226/0xbe0 [ 61.102321] kunit_try_run_case+0x1a5/0x480 [ 61.102455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.102679] kthread+0x337/0x6f0 [ 61.102845] ret_from_fork+0x116/0x1d0 [ 61.103052] ret_from_fork_asm+0x1a/0x30 [ 61.103453] [ 61.103818] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 61.104830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 61.105005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.105603] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 61.009148] ================================================================== [ 61.009569] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.009569] [ 61.010926] Use-after-free read at 0x(____ptrval____) (in kfence-#163): [ 61.011297] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.011516] kunit_try_run_case+0x1a5/0x480 [ 61.011726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.012214] kthread+0x337/0x6f0 [ 61.012395] ret_from_fork+0x116/0x1d0 [ 61.012595] ret_from_fork_asm+0x1a/0x30 [ 61.013007] [ 61.013098] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 61.013098] [ 61.013627] allocated by task 383 on cpu 1 at 60.992248s (0.021376s ago): [ 61.014127] test_alloc+0x2a6/0x10f0 [ 61.014418] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 61.014634] kunit_try_run_case+0x1a5/0x480 [ 61.015254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.015507] kthread+0x337/0x6f0 [ 61.015666] ret_from_fork+0x116/0x1d0 [ 61.016068] ret_from_fork_asm+0x1a/0x30 [ 61.016365] [ 61.016450] freed by task 383 on cpu 1 at 60.992377s (0.024069s ago): [ 61.016665] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 61.016844] kunit_try_run_case+0x1a5/0x480 [ 61.016990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.017516] kthread+0x337/0x6f0 [ 61.017638] ret_from_fork+0x116/0x1d0 [ 61.017766] ret_from_fork_asm+0x1a/0x30 [ 61.018244] [ 61.018375] CPU: 1 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 61.019082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 61.019485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.020003] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 36.043012] ================================================================== [ 36.043570] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 36.043570] [ 36.044412] Invalid read at 0x(____ptrval____): [ 36.045210] test_invalid_access+0xf0/0x210 [ 36.045850] kunit_try_run_case+0x1a5/0x480 [ 36.046332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.046813] kthread+0x337/0x6f0 [ 36.047324] ret_from_fork+0x116/0x1d0 [ 36.047553] ret_from_fork_asm+0x1a/0x30 [ 36.047749] [ 36.048226] CPU: 0 UID: 0 PID: 379 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 36.048745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.049145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.049784] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 35.824409] ================================================================== [ 35.824818] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.824818] [ 35.825273] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#159): [ 35.825963] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.826220] kunit_try_run_case+0x1a5/0x480 [ 35.826435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.826684] kthread+0x337/0x6f0 [ 35.826803] ret_from_fork+0x116/0x1d0 [ 35.826972] ret_from_fork_asm+0x1a/0x30 [ 35.827209] [ 35.827338] kfence-#159: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.827338] [ 35.827754] allocated by task 373 on cpu 1 at 35.824134s (0.003617s ago): [ 35.828013] test_alloc+0x364/0x10f0 [ 35.828222] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 35.828485] kunit_try_run_case+0x1a5/0x480 [ 35.828664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.828930] kthread+0x337/0x6f0 [ 35.829092] ret_from_fork+0x116/0x1d0 [ 35.829296] ret_from_fork_asm+0x1a/0x30 [ 35.829573] [ 35.829658] freed by task 373 on cpu 1 at 35.824274s (0.005382s ago): [ 35.829963] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.830224] kunit_try_run_case+0x1a5/0x480 [ 35.830395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.830600] kthread+0x337/0x6f0 [ 35.830787] ret_from_fork+0x116/0x1d0 [ 35.830984] ret_from_fork_asm+0x1a/0x30 [ 35.831119] [ 35.831211] CPU: 1 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 35.831723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.831952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.832210] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 35.720981] ================================================================== [ 35.721392] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.721392] [ 35.721770] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#158): [ 35.722179] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.722453] kunit_try_run_case+0x1a5/0x480 [ 35.722600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.722832] kthread+0x337/0x6f0 [ 35.723031] ret_from_fork+0x116/0x1d0 [ 35.723244] ret_from_fork_asm+0x1a/0x30 [ 35.723468] [ 35.723565] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.723565] [ 35.724008] allocated by task 371 on cpu 1 at 35.720660s (0.003346s ago): [ 35.724288] test_alloc+0x364/0x10f0 [ 35.724505] test_kmalloc_aligned_oob_read+0x105/0x560 [ 35.724768] kunit_try_run_case+0x1a5/0x480 [ 35.724988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.725231] kthread+0x337/0x6f0 [ 35.725363] ret_from_fork+0x116/0x1d0 [ 35.725567] ret_from_fork_asm+0x1a/0x30 [ 35.725765] [ 35.725903] CPU: 1 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 35.726421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.726570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.726858] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 30.520354] ================================================================== [ 30.520768] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 30.520768] [ 30.521060] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#108): [ 30.521599] test_corruption+0x2d2/0x3e0 [ 30.521743] kunit_try_run_case+0x1a5/0x480 [ 30.521934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.522110] kthread+0x337/0x6f0 [ 30.522295] ret_from_fork+0x116/0x1d0 [ 30.522485] ret_from_fork_asm+0x1a/0x30 [ 30.522689] [ 30.522787] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.522787] [ 30.523160] allocated by task 359 on cpu 0 at 30.520148s (0.003010s ago): [ 30.523395] test_alloc+0x364/0x10f0 [ 30.523528] test_corruption+0xe6/0x3e0 [ 30.523656] kunit_try_run_case+0x1a5/0x480 [ 30.523795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.523978] kthread+0x337/0x6f0 [ 30.524095] ret_from_fork+0x116/0x1d0 [ 30.524221] ret_from_fork_asm+0x1a/0x30 [ 30.524438] [ 30.524535] freed by task 359 on cpu 0 at 30.520232s (0.004301s ago): [ 30.524841] test_corruption+0x2d2/0x3e0 [ 30.524982] kunit_try_run_case+0x1a5/0x480 [ 30.525119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.525314] kthread+0x337/0x6f0 [ 30.525434] ret_from_fork+0x116/0x1d0 [ 30.525561] ret_from_fork_asm+0x1a/0x30 [ 30.525707] [ 30.525827] CPU: 0 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 30.526215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.526357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.526781] ================================================================== [ 30.624365] ================================================================== [ 30.624760] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 30.624760] [ 30.625076] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#109): [ 30.625495] test_corruption+0x2df/0x3e0 [ 30.625700] kunit_try_run_case+0x1a5/0x480 [ 30.625904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.626091] kthread+0x337/0x6f0 [ 30.626215] ret_from_fork+0x116/0x1d0 [ 30.626417] ret_from_fork_asm+0x1a/0x30 [ 30.626617] [ 30.626705] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.626705] [ 30.627094] allocated by task 359 on cpu 0 at 30.624099s (0.002992s ago): [ 30.627379] test_alloc+0x364/0x10f0 [ 30.627511] test_corruption+0x1cb/0x3e0 [ 30.627701] kunit_try_run_case+0x1a5/0x480 [ 30.627899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.628154] kthread+0x337/0x6f0 [ 30.628335] ret_from_fork+0x116/0x1d0 [ 30.628488] ret_from_fork_asm+0x1a/0x30 [ 30.628692] [ 30.628766] freed by task 359 on cpu 0 at 30.624182s (0.004582s ago): [ 30.629093] test_corruption+0x2df/0x3e0 [ 30.629289] kunit_try_run_case+0x1a5/0x480 [ 30.629430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.629666] kthread+0x337/0x6f0 [ 30.629869] ret_from_fork+0x116/0x1d0 [ 30.630054] ret_from_fork_asm+0x1a/0x30 [ 30.630261] [ 30.630355] CPU: 0 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 30.630712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.630902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.631279] ================================================================== [ 31.664259] ================================================================== [ 31.664657] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 31.664657] [ 31.665007] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#119): [ 31.665472] test_corruption+0x216/0x3e0 [ 31.665669] kunit_try_run_case+0x1a5/0x480 [ 31.665867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.666121] kthread+0x337/0x6f0 [ 31.666306] ret_from_fork+0x116/0x1d0 [ 31.666479] ret_from_fork_asm+0x1a/0x30 [ 31.666690] [ 31.666785] kfence-#119: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.666785] [ 31.667223] allocated by task 361 on cpu 1 at 31.664098s (0.003122s ago): [ 31.667604] test_alloc+0x2a6/0x10f0 [ 31.667736] test_corruption+0x1cb/0x3e0 [ 31.667939] kunit_try_run_case+0x1a5/0x480 [ 31.668184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.668446] kthread+0x337/0x6f0 [ 31.668614] ret_from_fork+0x116/0x1d0 [ 31.668752] ret_from_fork_asm+0x1a/0x30 [ 31.668887] [ 31.669062] freed by task 361 on cpu 1 at 31.664155s (0.004905s ago): [ 31.669427] test_corruption+0x216/0x3e0 [ 31.669616] kunit_try_run_case+0x1a5/0x480 [ 31.669834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.670077] kthread+0x337/0x6f0 [ 31.670249] ret_from_fork+0x116/0x1d0 [ 31.670519] ret_from_fork_asm+0x1a/0x30 [ 31.670727] [ 31.670819] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 31.671618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.671806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.672220] ================================================================== [ 30.936200] ================================================================== [ 30.936595] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 30.936595] [ 30.937054] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#112): [ 30.937765] test_corruption+0x131/0x3e0 [ 30.937946] kunit_try_run_case+0x1a5/0x480 [ 30.938209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.938385] kthread+0x337/0x6f0 [ 30.938583] ret_from_fork+0x116/0x1d0 [ 30.938910] ret_from_fork_asm+0x1a/0x30 [ 30.939193] [ 30.939310] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.939310] [ 30.939720] allocated by task 361 on cpu 1 at 30.936066s (0.003651s ago): [ 30.940056] test_alloc+0x2a6/0x10f0 [ 30.940267] test_corruption+0xe6/0x3e0 [ 30.940456] kunit_try_run_case+0x1a5/0x480 [ 30.940625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.940790] kthread+0x337/0x6f0 [ 30.940968] ret_from_fork+0x116/0x1d0 [ 30.941152] ret_from_fork_asm+0x1a/0x30 [ 30.941376] [ 30.941472] freed by task 361 on cpu 1 at 30.936106s (0.005364s ago): [ 30.941785] test_corruption+0x131/0x3e0 [ 30.942005] kunit_try_run_case+0x1a5/0x480 [ 30.942205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.942392] kthread+0x337/0x6f0 [ 30.942505] ret_from_fork+0x116/0x1d0 [ 30.942627] ret_from_fork_asm+0x1a/0x30 [ 30.942834] [ 30.942976] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 30.943563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.943773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.944163] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 30.312287] ================================================================== [ 30.312668] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 30.312668] [ 30.313016] Invalid free of 0x(____ptrval____) (in kfence-#106): [ 30.313325] test_invalid_addr_free+0xfb/0x260 [ 30.313523] kunit_try_run_case+0x1a5/0x480 [ 30.313670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.313989] kthread+0x337/0x6f0 [ 30.314216] ret_from_fork+0x116/0x1d0 [ 30.314399] ret_from_fork_asm+0x1a/0x30 [ 30.314544] [ 30.314695] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.314695] [ 30.315172] allocated by task 357 on cpu 0 at 30.312142s (0.003028s ago): [ 30.315492] test_alloc+0x2a6/0x10f0 [ 30.315684] test_invalid_addr_free+0xdb/0x260 [ 30.315896] kunit_try_run_case+0x1a5/0x480 [ 30.316075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.316306] kthread+0x337/0x6f0 [ 30.316424] ret_from_fork+0x116/0x1d0 [ 30.316592] ret_from_fork_asm+0x1a/0x30 [ 30.316795] [ 30.316944] CPU: 0 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 30.317338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.317531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.317961] ================================================================== [ 30.208250] ================================================================== [ 30.208632] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 30.208632] [ 30.209058] Invalid free of 0x(____ptrval____) (in kfence-#105): [ 30.209420] test_invalid_addr_free+0x1e1/0x260 [ 30.210143] kunit_try_run_case+0x1a5/0x480 [ 30.210498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.210805] kthread+0x337/0x6f0 [ 30.211013] ret_from_fork+0x116/0x1d0 [ 30.211332] ret_from_fork_asm+0x1a/0x30 [ 30.211542] [ 30.211620] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.211620] [ 30.212267] allocated by task 355 on cpu 1 at 30.208108s (0.004156s ago): [ 30.212598] test_alloc+0x364/0x10f0 [ 30.212767] test_invalid_addr_free+0xdb/0x260 [ 30.213250] kunit_try_run_case+0x1a5/0x480 [ 30.213551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.213790] kthread+0x337/0x6f0 [ 30.214105] ret_from_fork+0x116/0x1d0 [ 30.214415] ret_from_fork_asm+0x1a/0x30 [ 30.214718] [ 30.214824] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 30.215509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.215801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.216299] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 30.104338] ================================================================== [ 30.104729] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 30.104729] [ 30.105019] Invalid free of 0x(____ptrval____) (in kfence-#104): [ 30.105377] test_double_free+0x112/0x260 [ 30.105584] kunit_try_run_case+0x1a5/0x480 [ 30.105741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.106103] kthread+0x337/0x6f0 [ 30.106282] ret_from_fork+0x116/0x1d0 [ 30.106478] ret_from_fork_asm+0x1a/0x30 [ 30.106693] [ 30.106782] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.106782] [ 30.107164] allocated by task 353 on cpu 1 at 30.104132s (0.003029s ago): [ 30.107491] test_alloc+0x2a6/0x10f0 [ 30.107622] test_double_free+0xdb/0x260 [ 30.107750] kunit_try_run_case+0x1a5/0x480 [ 30.107930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.108206] kthread+0x337/0x6f0 [ 30.108483] ret_from_fork+0x116/0x1d0 [ 30.108662] ret_from_fork_asm+0x1a/0x30 [ 30.108876] [ 30.108969] freed by task 353 on cpu 1 at 30.104193s (0.004773s ago): [ 30.109346] test_double_free+0xfa/0x260 [ 30.109483] kunit_try_run_case+0x1a5/0x480 [ 30.109617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.109798] kthread+0x337/0x6f0 [ 30.109976] ret_from_fork+0x116/0x1d0 [ 30.110176] ret_from_fork_asm+0x1a/0x30 [ 30.110407] [ 30.110547] CPU: 1 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 30.111039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.111231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.111656] ================================================================== [ 30.000401] ================================================================== [ 30.000878] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 30.000878] [ 30.001163] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 30.001400] test_double_free+0x1d3/0x260 [ 30.001548] kunit_try_run_case+0x1a5/0x480 [ 30.001818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.002095] kthread+0x337/0x6f0 [ 30.002250] ret_from_fork+0x116/0x1d0 [ 30.002379] ret_from_fork_asm+0x1a/0x30 [ 30.002515] [ 30.002580] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.002580] [ 30.002853] allocated by task 351 on cpu 0 at 30.000153s (0.002697s ago): [ 30.003064] test_alloc+0x364/0x10f0 [ 30.003189] test_double_free+0xdb/0x260 [ 30.003327] kunit_try_run_case+0x1a5/0x480 [ 30.003462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.003626] kthread+0x337/0x6f0 [ 30.003739] ret_from_fork+0x116/0x1d0 [ 30.003863] ret_from_fork_asm+0x1a/0x30 [ 30.003995] [ 30.004058] freed by task 351 on cpu 0 at 30.000249s (0.003807s ago): [ 30.004283] test_double_free+0x1e0/0x260 [ 30.004412] kunit_try_run_case+0x1a5/0x480 [ 30.005339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.005606] kthread+0x337/0x6f0 [ 30.006317] ret_from_fork+0x116/0x1d0 [ 30.006513] ret_from_fork_asm+0x1a/0x30 [ 30.006712] [ 30.006831] CPU: 0 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 30.007508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.007656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.007923] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 29.584358] ================================================================== [ 29.584801] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.584801] [ 29.585280] Use-after-free read at 0x(____ptrval____) (in kfence-#99): [ 29.585558] test_use_after_free_read+0x129/0x270 [ 29.585774] kunit_try_run_case+0x1a5/0x480 [ 29.585938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.586206] kthread+0x337/0x6f0 [ 29.586413] ret_from_fork+0x116/0x1d0 [ 29.586600] ret_from_fork_asm+0x1a/0x30 [ 29.586767] [ 29.586879] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.586879] [ 29.587179] allocated by task 343 on cpu 0 at 29.584105s (0.003071s ago): [ 29.587509] test_alloc+0x364/0x10f0 [ 29.587701] test_use_after_free_read+0xdc/0x270 [ 29.587946] kunit_try_run_case+0x1a5/0x480 [ 29.588087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.588298] kthread+0x337/0x6f0 [ 29.588467] ret_from_fork+0x116/0x1d0 [ 29.588658] ret_from_fork_asm+0x1a/0x30 [ 29.588844] [ 29.588929] freed by task 343 on cpu 0 at 29.584186s (0.004740s ago): [ 29.589202] test_use_after_free_read+0x1e7/0x270 [ 29.589412] kunit_try_run_case+0x1a5/0x480 [ 29.589596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.589845] kthread+0x337/0x6f0 [ 29.590012] ret_from_fork+0x116/0x1d0 [ 29.590175] ret_from_fork_asm+0x1a/0x30 [ 29.590345] [ 29.590441] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 29.590856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.591049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.591537] ================================================================== [ 29.688291] ================================================================== [ 29.688679] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.688679] [ 29.689070] Use-after-free read at 0x(____ptrval____) (in kfence-#100): [ 29.689391] test_use_after_free_read+0x129/0x270 [ 29.689614] kunit_try_run_case+0x1a5/0x480 [ 29.689866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.690106] kthread+0x337/0x6f0 [ 29.690271] ret_from_fork+0x116/0x1d0 [ 29.690444] ret_from_fork_asm+0x1a/0x30 [ 29.690658] [ 29.690748] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.690748] [ 29.691164] allocated by task 345 on cpu 1 at 29.688134s (0.003027s ago): [ 29.691406] test_alloc+0x2a6/0x10f0 [ 29.691555] test_use_after_free_read+0xdc/0x270 [ 29.691774] kunit_try_run_case+0x1a5/0x480 [ 29.692069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.692364] kthread+0x337/0x6f0 [ 29.692537] ret_from_fork+0x116/0x1d0 [ 29.692673] ret_from_fork_asm+0x1a/0x30 [ 29.692888] [ 29.692997] freed by task 345 on cpu 1 at 29.688188s (0.004806s ago): [ 29.693336] test_use_after_free_read+0xfb/0x270 [ 29.693569] kunit_try_run_case+0x1a5/0x480 [ 29.693757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.694101] kthread+0x337/0x6f0 [ 29.694261] ret_from_fork+0x116/0x1d0 [ 29.694439] ret_from_fork_asm+0x1a/0x30 [ 29.694640] [ 29.694808] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 29.695358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.695608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.695948] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 29.272230] ================================================================== [ 29.272657] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 29.272657] [ 29.273042] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#96): [ 29.273404] test_out_of_bounds_write+0x10d/0x260 [ 29.273593] kunit_try_run_case+0x1a5/0x480 [ 29.273740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.274227] kthread+0x337/0x6f0 [ 29.274395] ret_from_fork+0x116/0x1d0 [ 29.274528] ret_from_fork_asm+0x1a/0x30 [ 29.274734] [ 29.274823] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.274823] [ 29.275337] allocated by task 339 on cpu 1 at 29.272091s (0.003243s ago): [ 29.275607] test_alloc+0x364/0x10f0 [ 29.275751] test_out_of_bounds_write+0xd4/0x260 [ 29.275967] kunit_try_run_case+0x1a5/0x480 [ 29.276179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.276432] kthread+0x337/0x6f0 [ 29.276558] ret_from_fork+0x116/0x1d0 [ 29.276697] ret_from_fork_asm+0x1a/0x30 [ 29.276995] [ 29.277118] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 29.277647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.277798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.278173] ================================================================== [ 29.480157] ================================================================== [ 29.480574] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 29.480574] [ 29.481125] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#98): [ 29.481443] test_out_of_bounds_write+0x10d/0x260 [ 29.481680] kunit_try_run_case+0x1a5/0x480 [ 29.481941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.482122] kthread+0x337/0x6f0 [ 29.482252] ret_from_fork+0x116/0x1d0 [ 29.482380] ret_from_fork_asm+0x1a/0x30 [ 29.482518] [ 29.482585] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.482585] [ 29.482879] allocated by task 341 on cpu 1 at 29.480092s (0.002785s ago): [ 29.483184] test_alloc+0x2a6/0x10f0 [ 29.483326] test_out_of_bounds_write+0xd4/0x260 [ 29.483471] kunit_try_run_case+0x1a5/0x480 [ 29.483604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.483769] kthread+0x337/0x6f0 [ 29.483881] ret_from_fork+0x116/0x1d0 [ 29.484003] ret_from_fork_asm+0x1a/0x30 [ 29.484134] [ 29.484224] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 29.484658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.484875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.485332] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 28.128321] ================================================================== [ 28.128706] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.128706] [ 28.129163] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#85): [ 28.129528] test_out_of_bounds_read+0x216/0x4e0 [ 28.129739] kunit_try_run_case+0x1a5/0x480 [ 28.129963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.130858] kthread+0x337/0x6f0 [ 28.131011] ret_from_fork+0x116/0x1d0 [ 28.131356] ret_from_fork_asm+0x1a/0x30 [ 28.131548] [ 28.131834] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.131834] [ 28.132227] allocated by task 335 on cpu 0 at 28.128124s (0.004100s ago): [ 28.132559] test_alloc+0x364/0x10f0 [ 28.132751] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.132904] kunit_try_run_case+0x1a5/0x480 [ 28.133074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.133351] kthread+0x337/0x6f0 [ 28.133528] ret_from_fork+0x116/0x1d0 [ 28.133714] ret_from_fork_asm+0x1a/0x30 [ 28.133870] [ 28.133970] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 28.134453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.134638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.134966] ================================================================== [ 28.544131] ================================================================== [ 28.544547] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.544547] [ 28.545084] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#89): [ 28.545409] test_out_of_bounds_read+0x216/0x4e0 [ 28.546012] kunit_try_run_case+0x1a5/0x480 [ 28.546230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.546450] kthread+0x337/0x6f0 [ 28.546621] ret_from_fork+0x116/0x1d0 [ 28.546806] ret_from_fork_asm+0x1a/0x30 [ 28.547024] [ 28.547510] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.547510] [ 28.547965] allocated by task 337 on cpu 0 at 28.544073s (0.003889s ago): [ 28.548425] test_alloc+0x2a6/0x10f0 [ 28.548677] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.549010] kunit_try_run_case+0x1a5/0x480 [ 28.549211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.549574] kthread+0x337/0x6f0 [ 28.549736] ret_from_fork+0x116/0x1d0 [ 28.549977] ret_from_fork_asm+0x1a/0x30 [ 28.550274] [ 28.550378] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 28.550999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.551169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.551711] ================================================================== [ 28.025174] ================================================================== [ 28.025652] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.025652] [ 28.026612] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#84): [ 28.027073] test_out_of_bounds_read+0x126/0x4e0 [ 28.027566] kunit_try_run_case+0x1a5/0x480 [ 28.027773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.028261] kthread+0x337/0x6f0 [ 28.028538] ret_from_fork+0x116/0x1d0 [ 28.028744] ret_from_fork_asm+0x1a/0x30 [ 28.029120] [ 28.029250] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.029250] [ 28.029945] allocated by task 335 on cpu 0 at 28.024255s (0.005687s ago): [ 28.030309] test_alloc+0x364/0x10f0 [ 28.030660] test_out_of_bounds_read+0xed/0x4e0 [ 28.030900] kunit_try_run_case+0x1a5/0x480 [ 28.031076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.031494] kthread+0x337/0x6f0 [ 28.031626] ret_from_fork+0x116/0x1d0 [ 28.031866] ret_from_fork_asm+0x1a/0x30 [ 28.032261] [ 28.032390] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 28.032866] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.033212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.033648] ================================================================== [ 28.232200] ================================================================== [ 28.232604] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.232604] [ 28.233046] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#86): [ 28.233824] test_out_of_bounds_read+0x126/0x4e0 [ 28.234061] kunit_try_run_case+0x1a5/0x480 [ 28.234289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.234501] kthread+0x337/0x6f0 [ 28.234665] ret_from_fork+0x116/0x1d0 [ 28.234831] ret_from_fork_asm+0x1a/0x30 [ 28.235374] [ 28.235469] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.235469] [ 28.235969] allocated by task 337 on cpu 0 at 28.232137s (0.003828s ago): [ 28.236539] test_alloc+0x2a6/0x10f0 [ 28.236730] test_out_of_bounds_read+0xed/0x4e0 [ 28.236977] kunit_try_run_case+0x1a5/0x480 [ 28.237325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.237630] kthread+0x337/0x6f0 [ 28.237770] ret_from_fork+0x116/0x1d0 [ 28.238039] ret_from_fork_asm+0x1a/0x30 [ 28.238210] [ 28.238345] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 28.239071] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.239272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.239702] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 22.931906] ================================================================== [ 22.932412] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 22.932648] Read of size 1 at addr ffff8881026f0000 by task kunit_try_catch/202 [ 22.933373] [ 22.933615] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.933672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.933685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.933708] Call Trace: [ 22.933754] <TASK> [ 22.933776] dump_stack_lvl+0x73/0xb0 [ 22.933836] print_report+0xd1/0x610 [ 22.933861] ? __virt_addr_valid+0x1db/0x2d0 [ 22.933888] ? page_alloc_uaf+0x356/0x3d0 [ 22.933910] ? kasan_addr_to_slab+0x11/0xa0 [ 22.933930] ? page_alloc_uaf+0x356/0x3d0 [ 22.933953] kasan_report+0x141/0x180 [ 22.933976] ? page_alloc_uaf+0x356/0x3d0 [ 22.934004] __asan_report_load1_noabort+0x18/0x20 [ 22.934030] page_alloc_uaf+0x356/0x3d0 [ 22.934076] ? __pfx_page_alloc_uaf+0x10/0x10 [ 22.934129] ? __schedule+0x10cc/0x2b60 [ 22.934159] ? __pfx_read_tsc+0x10/0x10 [ 22.934185] ? ktime_get_ts64+0x86/0x230 [ 22.934235] kunit_try_run_case+0x1a5/0x480 [ 22.934296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.934316] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.934338] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.934367] ? __kthread_parkme+0x82/0x180 [ 22.934389] ? preempt_count_sub+0x50/0x80 [ 22.934443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.934465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.934503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.934530] kthread+0x337/0x6f0 [ 22.934551] ? trace_preempt_on+0x20/0xc0 [ 22.934577] ? __pfx_kthread+0x10/0x10 [ 22.934600] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.934627] ? calculate_sigpending+0x7b/0xa0 [ 22.934655] ? __pfx_kthread+0x10/0x10 [ 22.934678] ret_from_fork+0x116/0x1d0 [ 22.934698] ? __pfx_kthread+0x10/0x10 [ 22.934720] ret_from_fork_asm+0x1a/0x30 [ 22.934761] </TASK> [ 22.934773] [ 22.948922] The buggy address belongs to the physical page: [ 22.949172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026f0 [ 22.949797] flags: 0x200000000000000(node=0|zone=2) [ 22.950317] page_type: f0(buddy) [ 22.950685] raw: 0200000000000000 ffff88817fffd460 ffff88817fffd460 0000000000000000 [ 22.951196] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 22.951931] page dumped because: kasan: bad access detected [ 22.952411] [ 22.952592] Memory state around the buggy address: [ 22.952825] ffff8881026eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.953492] ffff8881026eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.953727] >ffff8881026f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.954174] ^ [ 22.954329] ffff8881026f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.954530] ffff8881026f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.954726] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 22.813391] ================================================================== [ 22.814422] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x288/0x520 [ 22.814422] [ 22.814873] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . ] (in kfence-#52): [ 22.815710] kmalloc_track_caller_oob_right+0x288/0x520 [ 22.816042] kunit_try_run_case+0x1a5/0x480 [ 22.816556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.816859] kthread+0x337/0x6f0 [ 22.817013] ret_from_fork+0x116/0x1d0 [ 22.817209] ret_from_fork_asm+0x1a/0x30 [ 22.817412] [ 22.817631] kfence-#52: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 22.817631] [ 22.818846] allocated by task 190 on cpu 0 at 22.811146s (0.007637s ago): [ 22.819421] kmalloc_track_caller_oob_right+0x19a/0x520 [ 22.819695] kunit_try_run_case+0x1a5/0x480 [ 22.819993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.820265] kthread+0x337/0x6f0 [ 22.820493] ret_from_fork+0x116/0x1d0 [ 22.820767] ret_from_fork_asm+0x1a/0x30 [ 22.821159] [ 22.821471] freed by task 190 on cpu 0 at 22.812879s (0.008435s ago): [ 22.821789] kmalloc_track_caller_oob_right+0x288/0x520 [ 22.822129] kunit_try_run_case+0x1a5/0x480 [ 22.822322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.822559] kthread+0x337/0x6f0 [ 22.822702] ret_from_fork+0x116/0x1d0 [ 22.823098] ret_from_fork_asm+0x1a/0x30 [ 22.823357] [ 22.823500] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.824201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.824365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.824710] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 27.752639] ================================================================== [ 27.753012] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 27.753343] Write of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.753649] [ 27.753761] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.754040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.754061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.754087] Call Trace: [ 27.754111] <TASK> [ 27.754134] dump_stack_lvl+0x73/0xb0 [ 27.754169] print_report+0xd1/0x610 [ 27.754391] ? __virt_addr_valid+0x1db/0x2d0 [ 27.754423] ? strncpy_from_user+0x2e/0x1d0 [ 27.754447] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.754479] ? strncpy_from_user+0x2e/0x1d0 [ 27.754504] kasan_report+0x141/0x180 [ 27.754528] ? strncpy_from_user+0x2e/0x1d0 [ 27.754557] kasan_check_range+0x10c/0x1c0 [ 27.754584] __kasan_check_write+0x18/0x20 [ 27.754611] strncpy_from_user+0x2e/0x1d0 [ 27.754635] ? __kasan_check_read+0x15/0x20 [ 27.754665] copy_user_test_oob+0x760/0x10f0 [ 27.754695] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.754720] ? finish_task_switch.isra.0+0x153/0x700 [ 27.754744] ? __switch_to+0x47/0xf50 [ 27.754775] ? __schedule+0x10cc/0x2b60 [ 27.754806] ? __pfx_read_tsc+0x10/0x10 [ 27.754851] ? ktime_get_ts64+0x86/0x230 [ 27.754880] kunit_try_run_case+0x1a5/0x480 [ 27.754905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.754927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.754949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.754980] ? __kthread_parkme+0x82/0x180 [ 27.755003] ? preempt_count_sub+0x50/0x80 [ 27.755028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.755051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.755080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.755108] kthread+0x337/0x6f0 [ 27.755131] ? trace_preempt_on+0x20/0xc0 [ 27.755158] ? __pfx_kthread+0x10/0x10 [ 27.755181] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.755210] ? calculate_sigpending+0x7b/0xa0 [ 27.755250] ? __pfx_kthread+0x10/0x10 [ 27.755275] ret_from_fork+0x116/0x1d0 [ 27.755296] ? __pfx_kthread+0x10/0x10 [ 27.755321] ret_from_fork_asm+0x1a/0x30 [ 27.755356] </TASK> [ 27.755368] [ 27.766103] Allocated by task 333: [ 27.766841] kasan_save_stack+0x45/0x70 [ 27.767459] kasan_save_track+0x18/0x40 [ 27.767971] kasan_save_alloc_info+0x3b/0x50 [ 27.768494] __kasan_kmalloc+0xb7/0xc0 [ 27.768985] __kmalloc_noprof+0x1c9/0x500 [ 27.769486] kunit_kmalloc_array+0x25/0x60 [ 27.770018] copy_user_test_oob+0xab/0x10f0 [ 27.770503] kunit_try_run_case+0x1a5/0x480 [ 27.770659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.770852] kthread+0x337/0x6f0 [ 27.771341] ret_from_fork+0x116/0x1d0 [ 27.771899] ret_from_fork_asm+0x1a/0x30 [ 27.772406] [ 27.772621] The buggy address belongs to the object at ffff8881062af800 [ 27.772621] which belongs to the cache kmalloc-128 of size 128 [ 27.773298] The buggy address is located 0 bytes inside of [ 27.773298] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.773661] [ 27.773734] The buggy address belongs to the physical page: [ 27.774148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.775288] flags: 0x200000000000000(node=0|zone=2) [ 27.775864] page_type: f5(slab) [ 27.776315] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.777130] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.777924] page dumped because: kasan: bad access detected [ 27.778199] [ 27.778493] Memory state around the buggy address: [ 27.778983] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.779206] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.779430] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.779640] ^ [ 27.779866] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.780208] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.780570] ================================================================== [ 27.781105] ================================================================== [ 27.781396] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.781675] Write of size 1 at addr ffff8881062af878 by task kunit_try_catch/333 [ 27.782293] [ 27.782422] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.782496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.782510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.782573] Call Trace: [ 27.782595] <TASK> [ 27.782614] dump_stack_lvl+0x73/0xb0 [ 27.782648] print_report+0xd1/0x610 [ 27.782672] ? __virt_addr_valid+0x1db/0x2d0 [ 27.782699] ? strncpy_from_user+0x1a5/0x1d0 [ 27.782723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.783287] ? strncpy_from_user+0x1a5/0x1d0 [ 27.783325] kasan_report+0x141/0x180 [ 27.783355] ? strncpy_from_user+0x1a5/0x1d0 [ 27.783385] __asan_report_store1_noabort+0x1b/0x30 [ 27.783415] strncpy_from_user+0x1a5/0x1d0 [ 27.783442] copy_user_test_oob+0x760/0x10f0 [ 27.783473] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.783499] ? finish_task_switch.isra.0+0x153/0x700 [ 27.783524] ? __switch_to+0x47/0xf50 [ 27.783554] ? __schedule+0x10cc/0x2b60 [ 27.783585] ? __pfx_read_tsc+0x10/0x10 [ 27.783612] ? ktime_get_ts64+0x86/0x230 [ 27.783640] kunit_try_run_case+0x1a5/0x480 [ 27.783664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.783686] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.783708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.783739] ? __kthread_parkme+0x82/0x180 [ 27.783761] ? preempt_count_sub+0x50/0x80 [ 27.783786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.783835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.783864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.783893] kthread+0x337/0x6f0 [ 27.783916] ? trace_preempt_on+0x20/0xc0 [ 27.783943] ? __pfx_kthread+0x10/0x10 [ 27.783969] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.783998] ? calculate_sigpending+0x7b/0xa0 [ 27.784027] ? __pfx_kthread+0x10/0x10 [ 27.784051] ret_from_fork+0x116/0x1d0 [ 27.784073] ? __pfx_kthread+0x10/0x10 [ 27.784097] ret_from_fork_asm+0x1a/0x30 [ 27.784132] </TASK> [ 27.784145] [ 27.798715] Allocated by task 333: [ 27.799030] kasan_save_stack+0x45/0x70 [ 27.799413] kasan_save_track+0x18/0x40 [ 27.799764] kasan_save_alloc_info+0x3b/0x50 [ 27.800072] __kasan_kmalloc+0xb7/0xc0 [ 27.800363] __kmalloc_noprof+0x1c9/0x500 [ 27.800543] kunit_kmalloc_array+0x25/0x60 [ 27.800711] copy_user_test_oob+0xab/0x10f0 [ 27.801131] kunit_try_run_case+0x1a5/0x480 [ 27.801537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.801895] kthread+0x337/0x6f0 [ 27.802181] ret_from_fork+0x116/0x1d0 [ 27.802323] ret_from_fork_asm+0x1a/0x30 [ 27.802465] [ 27.802533] The buggy address belongs to the object at ffff8881062af800 [ 27.802533] which belongs to the cache kmalloc-128 of size 128 [ 27.803134] The buggy address is located 0 bytes to the right of [ 27.803134] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.804253] [ 27.804436] The buggy address belongs to the physical page: [ 27.804944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.805629] flags: 0x200000000000000(node=0|zone=2) [ 27.805962] page_type: f5(slab) [ 27.806083] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.806319] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.806537] page dumped because: kasan: bad access detected [ 27.806701] [ 27.806764] Memory state around the buggy address: [ 27.807233] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.807868] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.808485] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.809152] ^ [ 27.809789] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.810518] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.811184] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 27.710255] ================================================================== [ 27.711414] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.712088] Write of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.712993] [ 27.713232] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.713296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.713311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.713337] Call Trace: [ 27.713370] <TASK> [ 27.713394] dump_stack_lvl+0x73/0xb0 [ 27.713439] print_report+0xd1/0x610 [ 27.713464] ? __virt_addr_valid+0x1db/0x2d0 [ 27.713491] ? copy_user_test_oob+0x557/0x10f0 [ 27.713517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.713547] ? copy_user_test_oob+0x557/0x10f0 [ 27.713573] kasan_report+0x141/0x180 [ 27.713597] ? copy_user_test_oob+0x557/0x10f0 [ 27.713628] kasan_check_range+0x10c/0x1c0 [ 27.713655] __kasan_check_write+0x18/0x20 [ 27.713683] copy_user_test_oob+0x557/0x10f0 [ 27.713720] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.713746] ? finish_task_switch.isra.0+0x153/0x700 [ 27.713773] ? __switch_to+0x47/0xf50 [ 27.713817] ? __schedule+0x10cc/0x2b60 [ 27.713850] ? __pfx_read_tsc+0x10/0x10 [ 27.713876] ? ktime_get_ts64+0x86/0x230 [ 27.713905] kunit_try_run_case+0x1a5/0x480 [ 27.713930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.713952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.713975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.714006] ? __kthread_parkme+0x82/0x180 [ 27.714038] ? preempt_count_sub+0x50/0x80 [ 27.714063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.714097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.714126] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.714154] kthread+0x337/0x6f0 [ 27.714177] ? trace_preempt_on+0x20/0xc0 [ 27.714216] ? __pfx_kthread+0x10/0x10 [ 27.714247] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.714277] ? calculate_sigpending+0x7b/0xa0 [ 27.714306] ? __pfx_kthread+0x10/0x10 [ 27.714330] ret_from_fork+0x116/0x1d0 [ 27.714352] ? __pfx_kthread+0x10/0x10 [ 27.714375] ret_from_fork_asm+0x1a/0x30 [ 27.714411] </TASK> [ 27.714424] [ 27.725927] Allocated by task 333: [ 27.726135] kasan_save_stack+0x45/0x70 [ 27.726297] kasan_save_track+0x18/0x40 [ 27.726479] kasan_save_alloc_info+0x3b/0x50 [ 27.726646] __kasan_kmalloc+0xb7/0xc0 [ 27.726808] __kmalloc_noprof+0x1c9/0x500 [ 27.726950] kunit_kmalloc_array+0x25/0x60 [ 27.727082] copy_user_test_oob+0xab/0x10f0 [ 27.727281] kunit_try_run_case+0x1a5/0x480 [ 27.727624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.727875] kthread+0x337/0x6f0 [ 27.728133] ret_from_fork+0x116/0x1d0 [ 27.728282] ret_from_fork_asm+0x1a/0x30 [ 27.728420] [ 27.728485] The buggy address belongs to the object at ffff8881062af800 [ 27.728485] which belongs to the cache kmalloc-128 of size 128 [ 27.728926] The buggy address is located 0 bytes inside of [ 27.728926] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.729447] [ 27.729562] The buggy address belongs to the physical page: [ 27.729771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.730185] flags: 0x200000000000000(node=0|zone=2) [ 27.730402] page_type: f5(slab) [ 27.730518] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.730734] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.731003] page dumped because: kasan: bad access detected [ 27.731256] [ 27.731344] Memory state around the buggy address: [ 27.731567] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.731889] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.732185] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.732469] ^ [ 27.732734] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.733070] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.733354] ================================================================== [ 27.733813] ================================================================== [ 27.734086] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.734424] Read of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.734767] [ 27.734891] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.734942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.734955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.734981] Call Trace: [ 27.734999] <TASK> [ 27.735020] dump_stack_lvl+0x73/0xb0 [ 27.735049] print_report+0xd1/0x610 [ 27.735073] ? __virt_addr_valid+0x1db/0x2d0 [ 27.735099] ? copy_user_test_oob+0x604/0x10f0 [ 27.735124] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.735154] ? copy_user_test_oob+0x604/0x10f0 [ 27.735180] kasan_report+0x141/0x180 [ 27.735204] ? copy_user_test_oob+0x604/0x10f0 [ 27.735235] kasan_check_range+0x10c/0x1c0 [ 27.735273] __kasan_check_read+0x15/0x20 [ 27.735300] copy_user_test_oob+0x604/0x10f0 [ 27.735328] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.735354] ? finish_task_switch.isra.0+0x153/0x700 [ 27.735378] ? __switch_to+0x47/0xf50 [ 27.735408] ? __schedule+0x10cc/0x2b60 [ 27.735438] ? __pfx_read_tsc+0x10/0x10 [ 27.735463] ? ktime_get_ts64+0x86/0x230 [ 27.735491] kunit_try_run_case+0x1a5/0x480 [ 27.735515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.735537] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.735560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.735590] ? __kthread_parkme+0x82/0x180 [ 27.735613] ? preempt_count_sub+0x50/0x80 [ 27.735638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.735661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.735689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.735717] kthread+0x337/0x6f0 [ 27.735740] ? trace_preempt_on+0x20/0xc0 [ 27.735765] ? __pfx_kthread+0x10/0x10 [ 27.735790] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.735825] ? calculate_sigpending+0x7b/0xa0 [ 27.735853] ? __pfx_kthread+0x10/0x10 [ 27.735878] ret_from_fork+0x116/0x1d0 [ 27.735899] ? __pfx_kthread+0x10/0x10 [ 27.735922] ret_from_fork_asm+0x1a/0x30 [ 27.735957] </TASK> [ 27.735970] [ 27.742457] Allocated by task 333: [ 27.742641] kasan_save_stack+0x45/0x70 [ 27.742858] kasan_save_track+0x18/0x40 [ 27.743038] kasan_save_alloc_info+0x3b/0x50 [ 27.743198] __kasan_kmalloc+0xb7/0xc0 [ 27.743332] __kmalloc_noprof+0x1c9/0x500 [ 27.743468] kunit_kmalloc_array+0x25/0x60 [ 27.743600] copy_user_test_oob+0xab/0x10f0 [ 27.743737] kunit_try_run_case+0x1a5/0x480 [ 27.743870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.744122] kthread+0x337/0x6f0 [ 27.744298] ret_from_fork+0x116/0x1d0 [ 27.744487] ret_from_fork_asm+0x1a/0x30 [ 27.744691] [ 27.744785] The buggy address belongs to the object at ffff8881062af800 [ 27.744785] which belongs to the cache kmalloc-128 of size 128 [ 27.745586] The buggy address is located 0 bytes inside of [ 27.745586] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.746101] [ 27.746188] The buggy address belongs to the physical page: [ 27.746413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.746702] flags: 0x200000000000000(node=0|zone=2) [ 27.746908] page_type: f5(slab) [ 27.747026] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.747359] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.747661] page dumped because: kasan: bad access detected [ 27.747819] [ 27.747880] Memory state around the buggy address: [ 27.748024] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.748226] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.749541] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.749909] ^ [ 27.750221] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.750542] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.751155] ================================================================== [ 27.676047] ================================================================== [ 27.676914] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.677174] Read of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.677418] [ 27.677508] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.677563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.677577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.677601] Call Trace: [ 27.677624] <TASK> [ 27.677646] dump_stack_lvl+0x73/0xb0 [ 27.677679] print_report+0xd1/0x610 [ 27.677703] ? __virt_addr_valid+0x1db/0x2d0 [ 27.677729] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.677755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.677784] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.677810] kasan_report+0x141/0x180 [ 27.677833] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.677863] kasan_check_range+0x10c/0x1c0 [ 27.677889] __kasan_check_read+0x15/0x20 [ 27.677915] copy_user_test_oob+0x4aa/0x10f0 [ 27.677943] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.677968] ? finish_task_switch.isra.0+0x153/0x700 [ 27.677991] ? __switch_to+0x47/0xf50 [ 27.678021] ? __schedule+0x10cc/0x2b60 [ 27.678051] ? __pfx_read_tsc+0x10/0x10 [ 27.678076] ? ktime_get_ts64+0x86/0x230 [ 27.678104] kunit_try_run_case+0x1a5/0x480 [ 27.678127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.678148] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.678172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.678201] ? __kthread_parkme+0x82/0x180 [ 27.678223] ? preempt_count_sub+0x50/0x80 [ 27.678265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.678288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.678315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.678344] kthread+0x337/0x6f0 [ 27.678366] ? trace_preempt_on+0x20/0xc0 [ 27.678392] ? __pfx_kthread+0x10/0x10 [ 27.678415] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.678443] ? calculate_sigpending+0x7b/0xa0 [ 27.678472] ? __pfx_kthread+0x10/0x10 [ 27.678497] ret_from_fork+0x116/0x1d0 [ 27.678518] ? __pfx_kthread+0x10/0x10 [ 27.678541] ret_from_fork_asm+0x1a/0x30 [ 27.678575] </TASK> [ 27.678588] [ 27.696669] Allocated by task 333: [ 27.697179] kasan_save_stack+0x45/0x70 [ 27.697516] kasan_save_track+0x18/0x40 [ 27.697808] kasan_save_alloc_info+0x3b/0x50 [ 27.697972] __kasan_kmalloc+0xb7/0xc0 [ 27.698097] __kmalloc_noprof+0x1c9/0x500 [ 27.698233] kunit_kmalloc_array+0x25/0x60 [ 27.698598] copy_user_test_oob+0xab/0x10f0 [ 27.699034] kunit_try_run_case+0x1a5/0x480 [ 27.699446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.699995] kthread+0x337/0x6f0 [ 27.700309] ret_from_fork+0x116/0x1d0 [ 27.700575] ret_from_fork_asm+0x1a/0x30 [ 27.700889] [ 27.700958] The buggy address belongs to the object at ffff8881062af800 [ 27.700958] which belongs to the cache kmalloc-128 of size 128 [ 27.701320] The buggy address is located 0 bytes inside of [ 27.701320] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.701655] [ 27.701724] The buggy address belongs to the physical page: [ 27.702040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.702722] flags: 0x200000000000000(node=0|zone=2) [ 27.703263] page_type: f5(slab) [ 27.703579] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.704411] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.705259] page dumped because: kasan: bad access detected [ 27.705810] [ 27.705970] Memory state around the buggy address: [ 27.706424] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.707067] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.707688] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.707992] ^ [ 27.708822] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.709249] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.709454] ================================================================== [ 27.655855] ================================================================== [ 27.656187] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.656511] Write of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.656788] [ 27.656923] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.656977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.656991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.657016] Call Trace: [ 27.657032] <TASK> [ 27.657065] dump_stack_lvl+0x73/0xb0 [ 27.657098] print_report+0xd1/0x610 [ 27.657124] ? __virt_addr_valid+0x1db/0x2d0 [ 27.657152] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.657178] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.657214] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.657251] kasan_report+0x141/0x180 [ 27.657276] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.657307] kasan_check_range+0x10c/0x1c0 [ 27.657333] __kasan_check_write+0x18/0x20 [ 27.657362] copy_user_test_oob+0x3fd/0x10f0 [ 27.657391] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.657417] ? finish_task_switch.isra.0+0x153/0x700 [ 27.657441] ? __switch_to+0x47/0xf50 [ 27.657472] ? __schedule+0x10cc/0x2b60 [ 27.657503] ? __pfx_read_tsc+0x10/0x10 [ 27.657529] ? ktime_get_ts64+0x86/0x230 [ 27.657558] kunit_try_run_case+0x1a5/0x480 [ 27.657582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.657604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.657628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.657659] ? __kthread_parkme+0x82/0x180 [ 27.657682] ? preempt_count_sub+0x50/0x80 [ 27.657707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.657730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.657759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.657788] kthread+0x337/0x6f0 [ 27.657811] ? trace_preempt_on+0x20/0xc0 [ 27.657848] ? __pfx_kthread+0x10/0x10 [ 27.657873] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.657901] ? calculate_sigpending+0x7b/0xa0 [ 27.657930] ? __pfx_kthread+0x10/0x10 [ 27.657956] ret_from_fork+0x116/0x1d0 [ 27.657977] ? __pfx_kthread+0x10/0x10 [ 27.658002] ret_from_fork_asm+0x1a/0x30 [ 27.658037] </TASK> [ 27.658050] [ 27.664601] Allocated by task 333: [ 27.664785] kasan_save_stack+0x45/0x70 [ 27.664999] kasan_save_track+0x18/0x40 [ 27.665184] kasan_save_alloc_info+0x3b/0x50 [ 27.665408] __kasan_kmalloc+0xb7/0xc0 [ 27.665592] __kmalloc_noprof+0x1c9/0x500 [ 27.665790] kunit_kmalloc_array+0x25/0x60 [ 27.666006] copy_user_test_oob+0xab/0x10f0 [ 27.666208] kunit_try_run_case+0x1a5/0x480 [ 27.666401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.666609] kthread+0x337/0x6f0 [ 27.666767] ret_from_fork+0x116/0x1d0 [ 27.666983] ret_from_fork_asm+0x1a/0x30 [ 27.667122] [ 27.667211] The buggy address belongs to the object at ffff8881062af800 [ 27.667211] which belongs to the cache kmalloc-128 of size 128 [ 27.667709] The buggy address is located 0 bytes inside of [ 27.667709] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.668136] [ 27.668205] The buggy address belongs to the physical page: [ 27.668387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.668625] flags: 0x200000000000000(node=0|zone=2) [ 27.668849] page_type: f5(slab) [ 27.669012] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.669356] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.669692] page dumped because: kasan: bad access detected [ 27.669960] [ 27.670045] Memory state around the buggy address: [ 27.670224] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.670447] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.670661] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.670893] ^ [ 27.671205] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.671530] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.672453] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 27.634639] ================================================================== [ 27.635097] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 27.635419] Read of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.635721] [ 27.635817] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.635878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.635892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.635918] Call Trace: [ 27.635935] <TASK> [ 27.635956] dump_stack_lvl+0x73/0xb0 [ 27.635988] print_report+0xd1/0x610 [ 27.636014] ? __virt_addr_valid+0x1db/0x2d0 [ 27.636041] ? _copy_to_user+0x3c/0x70 [ 27.636065] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.636097] ? _copy_to_user+0x3c/0x70 [ 27.636121] kasan_report+0x141/0x180 [ 27.636145] ? _copy_to_user+0x3c/0x70 [ 27.636174] kasan_check_range+0x10c/0x1c0 [ 27.636200] __kasan_check_read+0x15/0x20 [ 27.636228] _copy_to_user+0x3c/0x70 [ 27.636265] copy_user_test_oob+0x364/0x10f0 [ 27.636298] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.636328] ? finish_task_switch.isra.0+0x153/0x700 [ 27.636354] ? __switch_to+0x47/0xf50 [ 27.636385] ? __schedule+0x10cc/0x2b60 [ 27.636417] ? __pfx_read_tsc+0x10/0x10 [ 27.636444] ? ktime_get_ts64+0x86/0x230 [ 27.636472] kunit_try_run_case+0x1a5/0x480 [ 27.636496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.636518] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.636541] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.636572] ? __kthread_parkme+0x82/0x180 [ 27.636596] ? preempt_count_sub+0x50/0x80 [ 27.636621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.636645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.636673] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.636701] kthread+0x337/0x6f0 [ 27.636724] ? trace_preempt_on+0x20/0xc0 [ 27.636752] ? __pfx_kthread+0x10/0x10 [ 27.636776] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.636805] ? calculate_sigpending+0x7b/0xa0 [ 27.636845] ? __pfx_kthread+0x10/0x10 [ 27.636870] ret_from_fork+0x116/0x1d0 [ 27.636892] ? __pfx_kthread+0x10/0x10 [ 27.636916] ret_from_fork_asm+0x1a/0x30 [ 27.636952] </TASK> [ 27.636965] [ 27.643819] Allocated by task 333: [ 27.644042] kasan_save_stack+0x45/0x70 [ 27.644247] kasan_save_track+0x18/0x40 [ 27.644432] kasan_save_alloc_info+0x3b/0x50 [ 27.644630] __kasan_kmalloc+0xb7/0xc0 [ 27.644768] __kmalloc_noprof+0x1c9/0x500 [ 27.645086] kunit_kmalloc_array+0x25/0x60 [ 27.645266] copy_user_test_oob+0xab/0x10f0 [ 27.645469] kunit_try_run_case+0x1a5/0x480 [ 27.645607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.645779] kthread+0x337/0x6f0 [ 27.645952] ret_from_fork+0x116/0x1d0 [ 27.646140] ret_from_fork_asm+0x1a/0x30 [ 27.646484] [ 27.646567] The buggy address belongs to the object at ffff8881062af800 [ 27.646567] which belongs to the cache kmalloc-128 of size 128 [ 27.646920] The buggy address is located 0 bytes inside of [ 27.646920] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.647492] [ 27.647678] The buggy address belongs to the physical page: [ 27.648052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.648340] flags: 0x200000000000000(node=0|zone=2) [ 27.648501] page_type: f5(slab) [ 27.648617] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.648897] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.649235] page dumped because: kasan: bad access detected [ 27.649495] [ 27.649585] Memory state around the buggy address: [ 27.649811] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.650144] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.650422] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.650662] ^ [ 27.650870] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.651421] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.651726] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 27.608903] ================================================================== [ 27.609475] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 27.609799] Write of size 121 at addr ffff8881062af800 by task kunit_try_catch/333 [ 27.610136] [ 27.610310] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.610374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.610389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.610417] Call Trace: [ 27.610433] <TASK> [ 27.610458] dump_stack_lvl+0x73/0xb0 [ 27.610495] print_report+0xd1/0x610 [ 27.610522] ? __virt_addr_valid+0x1db/0x2d0 [ 27.610552] ? _copy_from_user+0x32/0x90 [ 27.610576] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.610608] ? _copy_from_user+0x32/0x90 [ 27.610633] kasan_report+0x141/0x180 [ 27.610657] ? _copy_from_user+0x32/0x90 [ 27.610685] kasan_check_range+0x10c/0x1c0 [ 27.610712] __kasan_check_write+0x18/0x20 [ 27.610739] _copy_from_user+0x32/0x90 [ 27.610765] copy_user_test_oob+0x2be/0x10f0 [ 27.610794] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.610834] ? finish_task_switch.isra.0+0x153/0x700 [ 27.610860] ? __switch_to+0x47/0xf50 [ 27.610892] ? __schedule+0x10cc/0x2b60 [ 27.610923] ? __pfx_read_tsc+0x10/0x10 [ 27.610951] ? ktime_get_ts64+0x86/0x230 [ 27.610982] kunit_try_run_case+0x1a5/0x480 [ 27.611005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.611027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.611051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.611082] ? __kthread_parkme+0x82/0x180 [ 27.611106] ? preempt_count_sub+0x50/0x80 [ 27.611131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.611154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.611183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.611211] kthread+0x337/0x6f0 [ 27.611248] ? trace_preempt_on+0x20/0xc0 [ 27.611276] ? __pfx_kthread+0x10/0x10 [ 27.611300] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.611329] ? calculate_sigpending+0x7b/0xa0 [ 27.611359] ? __pfx_kthread+0x10/0x10 [ 27.611384] ret_from_fork+0x116/0x1d0 [ 27.611405] ? __pfx_kthread+0x10/0x10 [ 27.611429] ret_from_fork_asm+0x1a/0x30 [ 27.611465] </TASK> [ 27.611479] [ 27.620996] Allocated by task 333: [ 27.621318] kasan_save_stack+0x45/0x70 [ 27.621529] kasan_save_track+0x18/0x40 [ 27.621854] kasan_save_alloc_info+0x3b/0x50 [ 27.622168] __kasan_kmalloc+0xb7/0xc0 [ 27.622346] __kmalloc_noprof+0x1c9/0x500 [ 27.622636] kunit_kmalloc_array+0x25/0x60 [ 27.623021] copy_user_test_oob+0xab/0x10f0 [ 27.623234] kunit_try_run_case+0x1a5/0x480 [ 27.623565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.623829] kthread+0x337/0x6f0 [ 27.624147] ret_from_fork+0x116/0x1d0 [ 27.624431] ret_from_fork_asm+0x1a/0x30 [ 27.624649] [ 27.624743] The buggy address belongs to the object at ffff8881062af800 [ 27.624743] which belongs to the cache kmalloc-128 of size 128 [ 27.625472] The buggy address is located 0 bytes inside of [ 27.625472] allocated 120-byte region [ffff8881062af800, ffff8881062af878) [ 27.626155] [ 27.626273] The buggy address belongs to the physical page: [ 27.626650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.627073] flags: 0x200000000000000(node=0|zone=2) [ 27.627388] page_type: f5(slab) [ 27.627547] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.628019] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.628311] page dumped because: kasan: bad access detected [ 27.628545] [ 27.628616] Memory state around the buggy address: [ 27.628826] ffff8881062af700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.629428] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.629783] >ffff8881062af800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.630096] ^ [ 27.630501] ffff8881062af880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.630841] ffff8881062af900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.631227] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 27.535807] ================================================================== [ 27.536724] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.536994] Read of size 8 at addr ffff8881062af778 by task kunit_try_catch/329 [ 27.537220] [ 27.537331] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.537392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.537407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.537433] Call Trace: [ 27.537449] <TASK> [ 27.537471] dump_stack_lvl+0x73/0xb0 [ 27.537507] print_report+0xd1/0x610 [ 27.537534] ? __virt_addr_valid+0x1db/0x2d0 [ 27.538122] ? copy_to_kernel_nofault+0x225/0x260 [ 27.538162] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.538195] ? copy_to_kernel_nofault+0x225/0x260 [ 27.538223] kasan_report+0x141/0x180 [ 27.538261] ? copy_to_kernel_nofault+0x225/0x260 [ 27.538292] __asan_report_load8_noabort+0x18/0x20 [ 27.538321] copy_to_kernel_nofault+0x225/0x260 [ 27.538349] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.538375] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.538399] ? finish_task_switch.isra.0+0x153/0x700 [ 27.538426] ? __schedule+0x10cc/0x2b60 [ 27.538457] ? trace_hardirqs_on+0x37/0xe0 [ 27.538487] ? unwind_next_frame+0x18f/0x8e0 [ 27.538510] ? __unwind_start+0x1fc/0x390 [ 27.538533] ? ret_from_fork_asm+0x1a/0x30 [ 27.538561] ? __kernel_text_address+0x16/0x50 [ 27.538591] ? __pfx_read_tsc+0x10/0x10 [ 27.538618] ? ktime_get_ts64+0x86/0x230 [ 27.538647] kunit_try_run_case+0x1a5/0x480 [ 27.538674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.538695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.538720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.538766] ? __kthread_parkme+0x82/0x180 [ 27.538788] ? preempt_count_sub+0x50/0x80 [ 27.538812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.538845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.538875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.538902] kthread+0x337/0x6f0 [ 27.538926] ? trace_preempt_on+0x20/0xc0 [ 27.538950] ? __pfx_kthread+0x10/0x10 [ 27.538974] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.539003] ? calculate_sigpending+0x7b/0xa0 [ 27.539033] ? __pfx_kthread+0x10/0x10 [ 27.539059] ret_from_fork+0x116/0x1d0 [ 27.539079] ? __pfx_kthread+0x10/0x10 [ 27.539104] ret_from_fork_asm+0x1a/0x30 [ 27.539140] </TASK> [ 27.539155] [ 27.557174] Allocated by task 329: [ 27.557608] kasan_save_stack+0x45/0x70 [ 27.557953] kasan_save_track+0x18/0x40 [ 27.558272] kasan_save_alloc_info+0x3b/0x50 [ 27.558610] __kasan_kmalloc+0xb7/0xc0 [ 27.558989] __kmalloc_cache_noprof+0x189/0x420 [ 27.559303] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.559466] kunit_try_run_case+0x1a5/0x480 [ 27.559607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.559818] kthread+0x337/0x6f0 [ 27.560198] ret_from_fork+0x116/0x1d0 [ 27.560387] ret_from_fork_asm+0x1a/0x30 [ 27.560529] [ 27.560597] The buggy address belongs to the object at ffff8881062af700 [ 27.560597] which belongs to the cache kmalloc-128 of size 128 [ 27.561013] The buggy address is located 0 bytes to the right of [ 27.561013] allocated 120-byte region [ffff8881062af700, ffff8881062af778) [ 27.562226] [ 27.562328] The buggy address belongs to the physical page: [ 27.562568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.563135] flags: 0x200000000000000(node=0|zone=2) [ 27.563370] page_type: f5(slab) [ 27.563546] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.564175] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.564611] page dumped because: kasan: bad access detected [ 27.564915] [ 27.565097] Memory state around the buggy address: [ 27.565485] ffff8881062af600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.565877] ffff8881062af680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.566334] >ffff8881062af700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.566626] ^ [ 27.567029] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.567389] ffff8881062af800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.567644] ================================================================== [ 27.568537] ================================================================== [ 27.569062] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.569425] Write of size 8 at addr ffff8881062af778 by task kunit_try_catch/329 [ 27.569725] [ 27.570086] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.570144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.570158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.570183] Call Trace: [ 27.570201] <TASK> [ 27.570221] dump_stack_lvl+0x73/0xb0 [ 27.570268] print_report+0xd1/0x610 [ 27.570292] ? __virt_addr_valid+0x1db/0x2d0 [ 27.570319] ? copy_to_kernel_nofault+0x99/0x260 [ 27.570346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.570376] ? copy_to_kernel_nofault+0x99/0x260 [ 27.570403] kasan_report+0x141/0x180 [ 27.570426] ? copy_to_kernel_nofault+0x99/0x260 [ 27.570457] kasan_check_range+0x10c/0x1c0 [ 27.570484] __kasan_check_write+0x18/0x20 [ 27.570512] copy_to_kernel_nofault+0x99/0x260 [ 27.570540] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.570565] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.570590] ? finish_task_switch.isra.0+0x153/0x700 [ 27.570615] ? __schedule+0x10cc/0x2b60 [ 27.570645] ? trace_hardirqs_on+0x37/0xe0 [ 27.570675] ? unwind_next_frame+0x18f/0x8e0 [ 27.570698] ? __unwind_start+0x1fc/0x390 [ 27.570719] ? ret_from_fork_asm+0x1a/0x30 [ 27.570745] ? __kernel_text_address+0x16/0x50 [ 27.571139] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 27.571172] ? __pfx_read_tsc+0x10/0x10 [ 27.571200] ? ktime_get_ts64+0x86/0x230 [ 27.571229] kunit_try_run_case+0x1a5/0x480 [ 27.571269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.571292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.571317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.571349] ? __kthread_parkme+0x82/0x180 [ 27.571370] ? preempt_count_sub+0x50/0x80 [ 27.571396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.571420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.571448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.571476] kthread+0x337/0x6f0 [ 27.571499] ? trace_preempt_on+0x20/0xc0 [ 27.571525] ? __pfx_kthread+0x10/0x10 [ 27.571549] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.571578] ? calculate_sigpending+0x7b/0xa0 [ 27.571607] ? __pfx_kthread+0x10/0x10 [ 27.571632] ret_from_fork+0x116/0x1d0 [ 27.571653] ? __pfx_kthread+0x10/0x10 [ 27.571676] ret_from_fork_asm+0x1a/0x30 [ 27.571712] </TASK> [ 27.571724] [ 27.584126] Allocated by task 329: [ 27.584342] kasan_save_stack+0x45/0x70 [ 27.584547] kasan_save_track+0x18/0x40 [ 27.584703] kasan_save_alloc_info+0x3b/0x50 [ 27.584916] __kasan_kmalloc+0xb7/0xc0 [ 27.585662] __kmalloc_cache_noprof+0x189/0x420 [ 27.585859] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.586335] kunit_try_run_case+0x1a5/0x480 [ 27.586643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.586974] kthread+0x337/0x6f0 [ 27.587220] ret_from_fork+0x116/0x1d0 [ 27.587427] ret_from_fork_asm+0x1a/0x30 [ 27.587738] [ 27.587913] The buggy address belongs to the object at ffff8881062af700 [ 27.587913] which belongs to the cache kmalloc-128 of size 128 [ 27.588744] The buggy address is located 0 bytes to the right of [ 27.588744] allocated 120-byte region [ffff8881062af700, ffff8881062af778) [ 27.589543] [ 27.589832] The buggy address belongs to the physical page: [ 27.590073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 27.590368] flags: 0x200000000000000(node=0|zone=2) [ 27.590594] page_type: f5(slab) [ 27.590808] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.591091] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.591421] page dumped because: kasan: bad access detected [ 27.591601] [ 27.591692] Memory state around the buggy address: [ 27.592014] ffff8881062af600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.592255] ffff8881062af680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.592736] >ffff8881062af700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.593008] ^ [ 27.593419] ffff8881062af780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.593763] ffff8881062af800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.594313] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 27.479957] ================================================================== [ 27.480210] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 27.480566] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.480938] [ 27.481056] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.481111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.481125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.481150] Call Trace: [ 27.481169] <TASK> [ 27.481199] dump_stack_lvl+0x73/0xb0 [ 27.481230] print_report+0xd1/0x610 [ 27.481264] ? __virt_addr_valid+0x1db/0x2d0 [ 27.481290] ? kasan_atomics_helper+0x224c/0x5450 [ 27.481321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.481351] ? kasan_atomics_helper+0x224c/0x5450 [ 27.481381] kasan_report+0x141/0x180 [ 27.481406] ? kasan_atomics_helper+0x224c/0x5450 [ 27.481440] kasan_check_range+0x10c/0x1c0 [ 27.481467] __kasan_check_write+0x18/0x20 [ 27.481495] kasan_atomics_helper+0x224c/0x5450 [ 27.481526] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.481557] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.481585] ? kasan_atomics+0x152/0x310 [ 27.481614] kasan_atomics+0x1dc/0x310 [ 27.481641] ? __pfx_kasan_atomics+0x10/0x10 [ 27.481669] ? __pfx_read_tsc+0x10/0x10 [ 27.481695] ? ktime_get_ts64+0x86/0x230 [ 27.481723] kunit_try_run_case+0x1a5/0x480 [ 27.481747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.481770] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.481794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.481825] ? __kthread_parkme+0x82/0x180 [ 27.481847] ? preempt_count_sub+0x50/0x80 [ 27.481873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.481897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.481936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.481964] kthread+0x337/0x6f0 [ 27.481987] ? trace_preempt_on+0x20/0xc0 [ 27.482014] ? __pfx_kthread+0x10/0x10 [ 27.482038] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.482068] ? calculate_sigpending+0x7b/0xa0 [ 27.482097] ? __pfx_kthread+0x10/0x10 [ 27.482122] ret_from_fork+0x116/0x1d0 [ 27.482144] ? __pfx_kthread+0x10/0x10 [ 27.482167] ret_from_fork_asm+0x1a/0x30 [ 27.482203] </TASK> [ 27.482215] [ 27.489234] Allocated by task 313: [ 27.489372] kasan_save_stack+0x45/0x70 [ 27.489510] kasan_save_track+0x18/0x40 [ 27.489686] kasan_save_alloc_info+0x3b/0x50 [ 27.489887] __kasan_kmalloc+0xb7/0xc0 [ 27.490065] __kmalloc_cache_noprof+0x189/0x420 [ 27.490292] kasan_atomics+0x95/0x310 [ 27.490466] kunit_try_run_case+0x1a5/0x480 [ 27.490609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.490785] kthread+0x337/0x6f0 [ 27.490902] ret_from_fork+0x116/0x1d0 [ 27.491097] ret_from_fork_asm+0x1a/0x30 [ 27.491299] [ 27.491392] The buggy address belongs to the object at ffff8881059cb500 [ 27.491392] which belongs to the cache kmalloc-64 of size 64 [ 27.492064] The buggy address is located 0 bytes to the right of [ 27.492064] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.492599] [ 27.492667] The buggy address belongs to the physical page: [ 27.492874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.493230] flags: 0x200000000000000(node=0|zone=2) [ 27.493481] page_type: f5(slab) [ 27.493631] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.493857] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.494404] page dumped because: kasan: bad access detected [ 27.494643] [ 27.494721] Memory state around the buggy address: [ 27.494914] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.495125] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.495348] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.495558] ^ [ 27.495949] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.496267] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.496573] ================================================================== [ 26.458946] ================================================================== [ 26.459264] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 26.459536] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.459759] [ 26.459987] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.460043] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.460057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.460081] Call Trace: [ 26.460102] <TASK> [ 26.460123] dump_stack_lvl+0x73/0xb0 [ 26.460155] print_report+0xd1/0x610 [ 26.460180] ? __virt_addr_valid+0x1db/0x2d0 [ 26.460207] ? kasan_atomics_helper+0xe78/0x5450 [ 26.460251] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.460282] ? kasan_atomics_helper+0xe78/0x5450 [ 26.460313] kasan_report+0x141/0x180 [ 26.460338] ? kasan_atomics_helper+0xe78/0x5450 [ 26.460373] kasan_check_range+0x10c/0x1c0 [ 26.460401] __kasan_check_write+0x18/0x20 [ 26.460429] kasan_atomics_helper+0xe78/0x5450 [ 26.460461] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.460492] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.460520] ? kasan_atomics+0x152/0x310 [ 26.460551] kasan_atomics+0x1dc/0x310 [ 26.460577] ? __pfx_kasan_atomics+0x10/0x10 [ 26.460605] ? __pfx_read_tsc+0x10/0x10 [ 26.460633] ? ktime_get_ts64+0x86/0x230 [ 26.460662] kunit_try_run_case+0x1a5/0x480 [ 26.460686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.460708] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.460732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.460776] ? __kthread_parkme+0x82/0x180 [ 26.460799] ? preempt_count_sub+0x50/0x80 [ 26.460864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.460892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.460921] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.460950] kthread+0x337/0x6f0 [ 26.460974] ? trace_preempt_on+0x20/0xc0 [ 26.461001] ? __pfx_kthread+0x10/0x10 [ 26.461025] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.461054] ? calculate_sigpending+0x7b/0xa0 [ 26.461083] ? __pfx_kthread+0x10/0x10 [ 26.461108] ret_from_fork+0x116/0x1d0 [ 26.461129] ? __pfx_kthread+0x10/0x10 [ 26.461153] ret_from_fork_asm+0x1a/0x30 [ 26.461189] </TASK> [ 26.461209] [ 26.476023] Allocated by task 313: [ 26.476335] kasan_save_stack+0x45/0x70 [ 26.476493] kasan_save_track+0x18/0x40 [ 26.476626] kasan_save_alloc_info+0x3b/0x50 [ 26.476875] __kasan_kmalloc+0xb7/0xc0 [ 26.477267] __kmalloc_cache_noprof+0x189/0x420 [ 26.477863] kasan_atomics+0x95/0x310 [ 26.478218] kunit_try_run_case+0x1a5/0x480 [ 26.478607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.479189] kthread+0x337/0x6f0 [ 26.479523] ret_from_fork+0x116/0x1d0 [ 26.479934] ret_from_fork_asm+0x1a/0x30 [ 26.480079] [ 26.480147] The buggy address belongs to the object at ffff8881059cb500 [ 26.480147] which belongs to the cache kmalloc-64 of size 64 [ 26.480511] The buggy address is located 0 bytes to the right of [ 26.480511] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.480885] [ 26.481028] The buggy address belongs to the physical page: [ 26.481351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.481659] flags: 0x200000000000000(node=0|zone=2) [ 26.481872] page_type: f5(slab) [ 26.481992] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.482366] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.482777] page dumped because: kasan: bad access detected [ 26.483031] [ 26.483097] Memory state around the buggy address: [ 26.483379] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.484209] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.484624] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.485142] ^ [ 26.485477] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.485945] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.486279] ================================================================== [ 26.144753] ================================================================== [ 26.145042] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 26.145350] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.145616] [ 26.145710] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.145761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.145776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.145801] Call Trace: [ 26.145823] <TASK> [ 26.145845] dump_stack_lvl+0x73/0xb0 [ 26.145877] print_report+0xd1/0x610 [ 26.145901] ? __virt_addr_valid+0x1db/0x2d0 [ 26.145926] ? kasan_atomics_helper+0x697/0x5450 [ 26.145955] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.145984] ? kasan_atomics_helper+0x697/0x5450 [ 26.146019] kasan_report+0x141/0x180 [ 26.146044] ? kasan_atomics_helper+0x697/0x5450 [ 26.146078] kasan_check_range+0x10c/0x1c0 [ 26.146104] __kasan_check_write+0x18/0x20 [ 26.146131] kasan_atomics_helper+0x697/0x5450 [ 26.146161] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.146192] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.146219] ? kasan_atomics+0x152/0x310 [ 26.146376] kasan_atomics+0x1dc/0x310 [ 26.146411] ? __pfx_kasan_atomics+0x10/0x10 [ 26.146482] ? __pfx_read_tsc+0x10/0x10 [ 26.146513] ? ktime_get_ts64+0x86/0x230 [ 26.146542] kunit_try_run_case+0x1a5/0x480 [ 26.146565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.146587] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.146612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.146642] ? __kthread_parkme+0x82/0x180 [ 26.146665] ? preempt_count_sub+0x50/0x80 [ 26.146692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.146715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.147629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.147676] kthread+0x337/0x6f0 [ 26.147703] ? trace_preempt_on+0x20/0xc0 [ 26.147733] ? __pfx_kthread+0x10/0x10 [ 26.148304] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.148335] ? calculate_sigpending+0x7b/0xa0 [ 26.148365] ? __pfx_kthread+0x10/0x10 [ 26.148390] ret_from_fork+0x116/0x1d0 [ 26.148412] ? __pfx_kthread+0x10/0x10 [ 26.148437] ret_from_fork_asm+0x1a/0x30 [ 26.148474] </TASK> [ 26.148487] [ 26.163165] Allocated by task 313: [ 26.163590] kasan_save_stack+0x45/0x70 [ 26.163922] kasan_save_track+0x18/0x40 [ 26.164323] kasan_save_alloc_info+0x3b/0x50 [ 26.164575] __kasan_kmalloc+0xb7/0xc0 [ 26.165009] __kmalloc_cache_noprof+0x189/0x420 [ 26.165383] kasan_atomics+0x95/0x310 [ 26.165528] kunit_try_run_case+0x1a5/0x480 [ 26.165671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.166358] kthread+0x337/0x6f0 [ 26.166714] ret_from_fork+0x116/0x1d0 [ 26.167167] ret_from_fork_asm+0x1a/0x30 [ 26.167557] [ 26.167714] The buggy address belongs to the object at ffff8881059cb500 [ 26.167714] which belongs to the cache kmalloc-64 of size 64 [ 26.168647] The buggy address is located 0 bytes to the right of [ 26.168647] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.169595] [ 26.169774] The buggy address belongs to the physical page: [ 26.170387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.171311] flags: 0x200000000000000(node=0|zone=2) [ 26.171672] page_type: f5(slab) [ 26.171933] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.172703] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.173432] page dumped because: kasan: bad access detected [ 26.173611] [ 26.173680] Memory state around the buggy address: [ 26.174076] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.174703] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.175442] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.176070] ^ [ 26.176250] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.176464] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.176670] ================================================================== [ 26.588298] ================================================================== [ 26.589157] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 26.589433] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.589655] [ 26.589742] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.589797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.589837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.589861] Call Trace: [ 26.589882] <TASK> [ 26.589905] dump_stack_lvl+0x73/0xb0 [ 26.589939] print_report+0xd1/0x610 [ 26.590094] ? __virt_addr_valid+0x1db/0x2d0 [ 26.590122] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.590153] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.590182] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.590212] kasan_report+0x141/0x180 [ 26.590246] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.590281] __asan_report_load4_noabort+0x18/0x20 [ 26.590309] kasan_atomics_helper+0x4a1c/0x5450 [ 26.590340] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.590371] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.590399] ? kasan_atomics+0x152/0x310 [ 26.590495] kasan_atomics+0x1dc/0x310 [ 26.590539] ? __pfx_kasan_atomics+0x10/0x10 [ 26.590566] ? __pfx_read_tsc+0x10/0x10 [ 26.590594] ? ktime_get_ts64+0x86/0x230 [ 26.590621] kunit_try_run_case+0x1a5/0x480 [ 26.590645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.590667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.590691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.590722] ? __kthread_parkme+0x82/0x180 [ 26.590753] ? preempt_count_sub+0x50/0x80 [ 26.590780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.590805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.590834] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.590863] kthread+0x337/0x6f0 [ 26.590886] ? trace_preempt_on+0x20/0xc0 [ 26.590913] ? __pfx_kthread+0x10/0x10 [ 26.590937] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.590966] ? calculate_sigpending+0x7b/0xa0 [ 26.590995] ? __pfx_kthread+0x10/0x10 [ 26.591019] ret_from_fork+0x116/0x1d0 [ 26.591040] ? __pfx_kthread+0x10/0x10 [ 26.591063] ret_from_fork_asm+0x1a/0x30 [ 26.591099] </TASK> [ 26.591112] [ 26.605943] Allocated by task 313: [ 26.606189] kasan_save_stack+0x45/0x70 [ 26.606602] kasan_save_track+0x18/0x40 [ 26.606932] kasan_save_alloc_info+0x3b/0x50 [ 26.607414] __kasan_kmalloc+0xb7/0xc0 [ 26.607581] __kmalloc_cache_noprof+0x189/0x420 [ 26.608187] kasan_atomics+0x95/0x310 [ 26.608486] kunit_try_run_case+0x1a5/0x480 [ 26.608825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.608999] kthread+0x337/0x6f0 [ 26.609118] ret_from_fork+0x116/0x1d0 [ 26.609258] ret_from_fork_asm+0x1a/0x30 [ 26.609397] [ 26.609465] The buggy address belongs to the object at ffff8881059cb500 [ 26.609465] which belongs to the cache kmalloc-64 of size 64 [ 26.609810] The buggy address is located 0 bytes to the right of [ 26.609810] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.610164] [ 26.610232] The buggy address belongs to the physical page: [ 26.610747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.611507] flags: 0x200000000000000(node=0|zone=2) [ 26.612090] page_type: f5(slab) [ 26.612418] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.613228] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.614041] page dumped because: kasan: bad access detected [ 26.614533] [ 26.614702] Memory state around the buggy address: [ 26.615252] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.615950] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.616575] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.617226] ^ [ 26.617662] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.618412] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.618844] ================================================================== [ 26.195718] ================================================================== [ 26.196180] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 26.196604] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.197015] [ 26.197157] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.197217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.197231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.197265] Call Trace: [ 26.197303] <TASK> [ 26.197323] dump_stack_lvl+0x73/0xb0 [ 26.197370] print_report+0xd1/0x610 [ 26.197407] ? __virt_addr_valid+0x1db/0x2d0 [ 26.197447] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.197490] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.197520] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.197551] kasan_report+0x141/0x180 [ 26.197576] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.197610] kasan_check_range+0x10c/0x1c0 [ 26.197637] __kasan_check_write+0x18/0x20 [ 26.197664] kasan_atomics_helper+0x7c7/0x5450 [ 26.197696] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.197727] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.197755] ? kasan_atomics+0x152/0x310 [ 26.197784] kasan_atomics+0x1dc/0x310 [ 26.197811] ? __pfx_kasan_atomics+0x10/0x10 [ 26.197848] ? __pfx_read_tsc+0x10/0x10 [ 26.197874] ? ktime_get_ts64+0x86/0x230 [ 26.197902] kunit_try_run_case+0x1a5/0x480 [ 26.197926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.197948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.197972] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.198054] ? __kthread_parkme+0x82/0x180 [ 26.198080] ? preempt_count_sub+0x50/0x80 [ 26.198105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.198129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.198178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.198220] kthread+0x337/0x6f0 [ 26.198255] ? trace_preempt_on+0x20/0xc0 [ 26.198297] ? __pfx_kthread+0x10/0x10 [ 26.198335] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.198365] ? calculate_sigpending+0x7b/0xa0 [ 26.198407] ? __pfx_kthread+0x10/0x10 [ 26.198432] ret_from_fork+0x116/0x1d0 [ 26.198454] ? __pfx_kthread+0x10/0x10 [ 26.198479] ret_from_fork_asm+0x1a/0x30 [ 26.198516] </TASK> [ 26.198530] [ 26.207807] Allocated by task 313: [ 26.208024] kasan_save_stack+0x45/0x70 [ 26.208268] kasan_save_track+0x18/0x40 [ 26.208417] kasan_save_alloc_info+0x3b/0x50 [ 26.208560] __kasan_kmalloc+0xb7/0xc0 [ 26.208685] __kmalloc_cache_noprof+0x189/0x420 [ 26.208891] kasan_atomics+0x95/0x310 [ 26.209101] kunit_try_run_case+0x1a5/0x480 [ 26.209325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.209785] kthread+0x337/0x6f0 [ 26.209984] ret_from_fork+0x116/0x1d0 [ 26.210157] ret_from_fork_asm+0x1a/0x30 [ 26.210351] [ 26.210471] The buggy address belongs to the object at ffff8881059cb500 [ 26.210471] which belongs to the cache kmalloc-64 of size 64 [ 26.211174] The buggy address is located 0 bytes to the right of [ 26.211174] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.211610] [ 26.211683] The buggy address belongs to the physical page: [ 26.211912] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.212307] flags: 0x200000000000000(node=0|zone=2) [ 26.212695] page_type: f5(slab) [ 26.213116] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.213370] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.213590] page dumped because: kasan: bad access detected [ 26.213983] [ 26.214079] Memory state around the buggy address: [ 26.214320] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.214671] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.214951] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.215273] ^ [ 26.215500] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.215906] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.216193] ================================================================== [ 26.046099] ================================================================== [ 26.046465] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 26.046880] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.047360] [ 26.047477] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.047530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.047544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.047568] Call Trace: [ 26.047591] <TASK> [ 26.047612] dump_stack_lvl+0x73/0xb0 [ 26.047646] print_report+0xd1/0x610 [ 26.047670] ? __virt_addr_valid+0x1db/0x2d0 [ 26.047697] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.047728] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.047767] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.047798] kasan_report+0x141/0x180 [ 26.047823] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.047857] __asan_report_store4_noabort+0x1b/0x30 [ 26.047886] kasan_atomics_helper+0x4b3a/0x5450 [ 26.047917] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.047948] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.047977] ? kasan_atomics+0x152/0x310 [ 26.048007] kasan_atomics+0x1dc/0x310 [ 26.048033] ? __pfx_kasan_atomics+0x10/0x10 [ 26.048062] ? __pfx_read_tsc+0x10/0x10 [ 26.048087] ? ktime_get_ts64+0x86/0x230 [ 26.048116] kunit_try_run_case+0x1a5/0x480 [ 26.048140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.048165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.048190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.048221] ? __kthread_parkme+0x82/0x180 [ 26.048255] ? preempt_count_sub+0x50/0x80 [ 26.048282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.048307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.048336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.048364] kthread+0x337/0x6f0 [ 26.048388] ? trace_preempt_on+0x20/0xc0 [ 26.048415] ? __pfx_kthread+0x10/0x10 [ 26.048440] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.048468] ? calculate_sigpending+0x7b/0xa0 [ 26.048505] ? __pfx_kthread+0x10/0x10 [ 26.048530] ret_from_fork+0x116/0x1d0 [ 26.048552] ? __pfx_kthread+0x10/0x10 [ 26.048576] ret_from_fork_asm+0x1a/0x30 [ 26.048616] </TASK> [ 26.048630] [ 26.062363] Allocated by task 313: [ 26.062510] kasan_save_stack+0x45/0x70 [ 26.062660] kasan_save_track+0x18/0x40 [ 26.062790] kasan_save_alloc_info+0x3b/0x50 [ 26.063425] __kasan_kmalloc+0xb7/0xc0 [ 26.063846] __kmalloc_cache_noprof+0x189/0x420 [ 26.064254] kasan_atomics+0x95/0x310 [ 26.065567] kunit_try_run_case+0x1a5/0x480 [ 26.065998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.066585] kthread+0x337/0x6f0 [ 26.066928] ret_from_fork+0x116/0x1d0 [ 26.067376] ret_from_fork_asm+0x1a/0x30 [ 26.067830] [ 26.067991] The buggy address belongs to the object at ffff8881059cb500 [ 26.067991] which belongs to the cache kmalloc-64 of size 64 [ 26.068360] The buggy address is located 0 bytes to the right of [ 26.068360] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.068724] [ 26.069288] The buggy address belongs to the physical page: [ 26.069845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.070534] flags: 0x200000000000000(node=0|zone=2) [ 26.071078] page_type: f5(slab) [ 26.071282] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.071906] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.072305] page dumped because: kasan: bad access detected [ 26.072476] [ 26.072542] Memory state around the buggy address: [ 26.072695] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.073391] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.074144] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.074748] ^ [ 26.075251] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.076446] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.077170] ================================================================== [ 26.301477] ================================================================== [ 26.301941] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 26.302301] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.302638] [ 26.302868] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.302960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.302975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.302999] Call Trace: [ 26.303018] <TASK> [ 26.303039] dump_stack_lvl+0x73/0xb0 [ 26.303101] print_report+0xd1/0x610 [ 26.303126] ? __virt_addr_valid+0x1db/0x2d0 [ 26.303152] ? kasan_atomics_helper+0xac7/0x5450 [ 26.303181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.303252] ? kasan_atomics_helper+0xac7/0x5450 [ 26.303284] kasan_report+0x141/0x180 [ 26.303309] ? kasan_atomics_helper+0xac7/0x5450 [ 26.303344] kasan_check_range+0x10c/0x1c0 [ 26.303399] __kasan_check_write+0x18/0x20 [ 26.303428] kasan_atomics_helper+0xac7/0x5450 [ 26.303459] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.303490] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.303518] ? kasan_atomics+0x152/0x310 [ 26.303548] kasan_atomics+0x1dc/0x310 [ 26.303575] ? __pfx_kasan_atomics+0x10/0x10 [ 26.303603] ? __pfx_read_tsc+0x10/0x10 [ 26.303629] ? ktime_get_ts64+0x86/0x230 [ 26.303657] kunit_try_run_case+0x1a5/0x480 [ 26.303682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.303704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.303727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.303872] ? __kthread_parkme+0x82/0x180 [ 26.303895] ? preempt_count_sub+0x50/0x80 [ 26.303921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.303945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.303974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.304003] kthread+0x337/0x6f0 [ 26.304026] ? trace_preempt_on+0x20/0xc0 [ 26.304053] ? __pfx_kthread+0x10/0x10 [ 26.304077] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.304106] ? calculate_sigpending+0x7b/0xa0 [ 26.304134] ? __pfx_kthread+0x10/0x10 [ 26.304160] ret_from_fork+0x116/0x1d0 [ 26.304181] ? __pfx_kthread+0x10/0x10 [ 26.304206] ret_from_fork_asm+0x1a/0x30 [ 26.304252] </TASK> [ 26.304264] [ 26.313172] Allocated by task 313: [ 26.313384] kasan_save_stack+0x45/0x70 [ 26.313562] kasan_save_track+0x18/0x40 [ 26.313729] kasan_save_alloc_info+0x3b/0x50 [ 26.313883] __kasan_kmalloc+0xb7/0xc0 [ 26.314045] __kmalloc_cache_noprof+0x189/0x420 [ 26.314385] kasan_atomics+0x95/0x310 [ 26.314582] kunit_try_run_case+0x1a5/0x480 [ 26.314887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.315167] kthread+0x337/0x6f0 [ 26.315363] ret_from_fork+0x116/0x1d0 [ 26.315556] ret_from_fork_asm+0x1a/0x30 [ 26.315818] [ 26.315900] The buggy address belongs to the object at ffff8881059cb500 [ 26.315900] which belongs to the cache kmalloc-64 of size 64 [ 26.316321] The buggy address is located 0 bytes to the right of [ 26.316321] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.317205] [ 26.317325] The buggy address belongs to the physical page: [ 26.317568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.318010] flags: 0x200000000000000(node=0|zone=2) [ 26.318294] page_type: f5(slab) [ 26.318484] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.318941] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.319234] page dumped because: kasan: bad access detected [ 26.319523] [ 26.319598] Memory state around the buggy address: [ 26.319964] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.320207] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.320536] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.320866] ^ [ 26.321090] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.321402] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.321673] ================================================================== [ 26.364358] ================================================================== [ 26.364698] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 26.365111] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.365474] [ 26.365612] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.365666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.365680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.365704] Call Trace: [ 26.365724] <TASK> [ 26.365871] dump_stack_lvl+0x73/0xb0 [ 26.365912] print_report+0xd1/0x610 [ 26.365936] ? __virt_addr_valid+0x1db/0x2d0 [ 26.365965] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.365995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.366025] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.366055] kasan_report+0x141/0x180 [ 26.366112] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.366147] __asan_report_load4_noabort+0x18/0x20 [ 26.366176] kasan_atomics_helper+0x4a84/0x5450 [ 26.366207] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.366247] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.366277] ? kasan_atomics+0x152/0x310 [ 26.366306] kasan_atomics+0x1dc/0x310 [ 26.366361] ? __pfx_kasan_atomics+0x10/0x10 [ 26.366414] ? __pfx_read_tsc+0x10/0x10 [ 26.366441] ? ktime_get_ts64+0x86/0x230 [ 26.366470] kunit_try_run_case+0x1a5/0x480 [ 26.366494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.366517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.366541] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.366573] ? __kthread_parkme+0x82/0x180 [ 26.366595] ? preempt_count_sub+0x50/0x80 [ 26.366621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.366645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.366673] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.366703] kthread+0x337/0x6f0 [ 26.366726] ? trace_preempt_on+0x20/0xc0 [ 26.366821] ? __pfx_kthread+0x10/0x10 [ 26.366861] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.366890] ? calculate_sigpending+0x7b/0xa0 [ 26.366919] ? __pfx_kthread+0x10/0x10 [ 26.366944] ret_from_fork+0x116/0x1d0 [ 26.366966] ? __pfx_kthread+0x10/0x10 [ 26.366991] ret_from_fork_asm+0x1a/0x30 [ 26.367027] </TASK> [ 26.367040] [ 26.379514] Allocated by task 313: [ 26.379668] kasan_save_stack+0x45/0x70 [ 26.379841] kasan_save_track+0x18/0x40 [ 26.380029] kasan_save_alloc_info+0x3b/0x50 [ 26.380234] __kasan_kmalloc+0xb7/0xc0 [ 26.380430] __kmalloc_cache_noprof+0x189/0x420 [ 26.381997] kasan_atomics+0x95/0x310 [ 26.382579] kunit_try_run_case+0x1a5/0x480 [ 26.383466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.384079] kthread+0x337/0x6f0 [ 26.384520] ret_from_fork+0x116/0x1d0 [ 26.385122] ret_from_fork_asm+0x1a/0x30 [ 26.385729] [ 26.386016] The buggy address belongs to the object at ffff8881059cb500 [ 26.386016] which belongs to the cache kmalloc-64 of size 64 [ 26.387066] The buggy address is located 0 bytes to the right of [ 26.387066] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.388340] [ 26.388493] The buggy address belongs to the physical page: [ 26.388669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.388921] flags: 0x200000000000000(node=0|zone=2) [ 26.389500] page_type: f5(slab) [ 26.389889] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.390727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.391448] page dumped because: kasan: bad access detected [ 26.391828] [ 26.392056] Memory state around the buggy address: [ 26.392532] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.392748] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.393503] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.394208] ^ [ 26.394555] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.395205] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.395672] ================================================================== [ 25.920164] ================================================================== [ 25.920833] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 25.921363] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 25.921596] [ 25.921684] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.921737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.921802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.921827] Call Trace: [ 25.921844] <TASK> [ 25.921864] dump_stack_lvl+0x73/0xb0 [ 25.921897] print_report+0xd1/0x610 [ 25.921921] ? __virt_addr_valid+0x1db/0x2d0 [ 25.921946] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.921990] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.922020] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.922055] kasan_report+0x141/0x180 [ 25.922080] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.922116] __asan_report_load4_noabort+0x18/0x20 [ 25.922144] kasan_atomics_helper+0x4b88/0x5450 [ 25.922175] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.922207] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.922248] ? kasan_atomics+0x152/0x310 [ 25.922278] kasan_atomics+0x1dc/0x310 [ 25.922305] ? __pfx_kasan_atomics+0x10/0x10 [ 25.922333] ? __pfx_read_tsc+0x10/0x10 [ 25.922360] ? ktime_get_ts64+0x86/0x230 [ 25.922388] kunit_try_run_case+0x1a5/0x480 [ 25.922412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.922434] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.922457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.922488] ? __kthread_parkme+0x82/0x180 [ 25.922511] ? preempt_count_sub+0x50/0x80 [ 25.922537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.922561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.922589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.922617] kthread+0x337/0x6f0 [ 25.922641] ? trace_preempt_on+0x20/0xc0 [ 25.922667] ? __pfx_kthread+0x10/0x10 [ 25.922691] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.922719] ? calculate_sigpending+0x7b/0xa0 [ 25.922748] ? __pfx_kthread+0x10/0x10 [ 25.922786] ret_from_fork+0x116/0x1d0 [ 25.922806] ? __pfx_kthread+0x10/0x10 [ 25.922865] ret_from_fork_asm+0x1a/0x30 [ 25.922902] </TASK> [ 25.922916] [ 25.936146] Allocated by task 313: [ 25.936655] kasan_save_stack+0x45/0x70 [ 25.937408] kasan_save_track+0x18/0x40 [ 25.937788] kasan_save_alloc_info+0x3b/0x50 [ 25.938258] __kasan_kmalloc+0xb7/0xc0 [ 25.938599] __kmalloc_cache_noprof+0x189/0x420 [ 25.939112] kasan_atomics+0x95/0x310 [ 25.939435] kunit_try_run_case+0x1a5/0x480 [ 25.939579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.939940] kthread+0x337/0x6f0 [ 25.940322] ret_from_fork+0x116/0x1d0 [ 25.940665] ret_from_fork_asm+0x1a/0x30 [ 25.941109] [ 25.941283] The buggy address belongs to the object at ffff8881059cb500 [ 25.941283] which belongs to the cache kmalloc-64 of size 64 [ 25.942488] The buggy address is located 0 bytes to the right of [ 25.942488] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 25.943419] [ 25.943584] The buggy address belongs to the physical page: [ 25.944154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 25.944500] flags: 0x200000000000000(node=0|zone=2) [ 25.945000] page_type: f5(slab) [ 25.945359] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.946118] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.946359] page dumped because: kasan: bad access detected [ 25.946527] [ 25.946593] Memory state around the buggy address: [ 25.946746] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.947436] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.948387] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.949137] ^ [ 25.949648] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.950383] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.951096] ================================================================== [ 26.726103] ================================================================== [ 26.726669] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 26.727192] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.727601] [ 26.727956] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.728013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.728027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.728052] Call Trace: [ 26.728072] <TASK> [ 26.728094] dump_stack_lvl+0x73/0xb0 [ 26.728125] print_report+0xd1/0x610 [ 26.728149] ? __virt_addr_valid+0x1db/0x2d0 [ 26.728177] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.728207] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.728249] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.728279] kasan_report+0x141/0x180 [ 26.728303] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.728338] kasan_check_range+0x10c/0x1c0 [ 26.728365] __kasan_check_write+0x18/0x20 [ 26.728393] kasan_atomics_helper+0x12e6/0x5450 [ 26.728427] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.728457] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.728485] ? kasan_atomics+0x152/0x310 [ 26.728514] kasan_atomics+0x1dc/0x310 [ 26.728540] ? __pfx_kasan_atomics+0x10/0x10 [ 26.728567] ? __pfx_read_tsc+0x10/0x10 [ 26.728594] ? ktime_get_ts64+0x86/0x230 [ 26.728621] kunit_try_run_case+0x1a5/0x480 [ 26.728646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.728700] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.728725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.728824] ? __kthread_parkme+0x82/0x180 [ 26.728850] ? preempt_count_sub+0x50/0x80 [ 26.728876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.728900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.728930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.728959] kthread+0x337/0x6f0 [ 26.728982] ? trace_preempt_on+0x20/0xc0 [ 26.729009] ? __pfx_kthread+0x10/0x10 [ 26.729032] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.729061] ? calculate_sigpending+0x7b/0xa0 [ 26.729090] ? __pfx_kthread+0x10/0x10 [ 26.729115] ret_from_fork+0x116/0x1d0 [ 26.729137] ? __pfx_kthread+0x10/0x10 [ 26.729161] ret_from_fork_asm+0x1a/0x30 [ 26.729201] </TASK> [ 26.729214] [ 26.741150] Allocated by task 313: [ 26.741504] kasan_save_stack+0x45/0x70 [ 26.741699] kasan_save_track+0x18/0x40 [ 26.742279] kasan_save_alloc_info+0x3b/0x50 [ 26.742586] __kasan_kmalloc+0xb7/0xc0 [ 26.743059] __kmalloc_cache_noprof+0x189/0x420 [ 26.743293] kasan_atomics+0x95/0x310 [ 26.743463] kunit_try_run_case+0x1a5/0x480 [ 26.743650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.744316] kthread+0x337/0x6f0 [ 26.744653] ret_from_fork+0x116/0x1d0 [ 26.744979] ret_from_fork_asm+0x1a/0x30 [ 26.745168] [ 26.745277] The buggy address belongs to the object at ffff8881059cb500 [ 26.745277] which belongs to the cache kmalloc-64 of size 64 [ 26.746215] The buggy address is located 0 bytes to the right of [ 26.746215] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.746707] [ 26.747273] The buggy address belongs to the physical page: [ 26.747726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.748313] flags: 0x200000000000000(node=0|zone=2) [ 26.748545] page_type: f5(slab) [ 26.748705] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.749491] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.750201] page dumped because: kasan: bad access detected [ 26.750669] [ 26.750900] Memory state around the buggy address: [ 26.751374] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.752012] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.752779] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.753081] ^ [ 26.753305] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.753598] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.754131] ================================================================== [ 27.007708] ================================================================== [ 27.008095] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 27.008943] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.009423] [ 27.009654] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.009710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.009724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.009748] Call Trace: [ 27.009768] <TASK> [ 27.009855] dump_stack_lvl+0x73/0xb0 [ 27.009891] print_report+0xd1/0x610 [ 27.009916] ? __virt_addr_valid+0x1db/0x2d0 [ 27.009944] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.009974] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.010005] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.010036] kasan_report+0x141/0x180 [ 27.010060] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.010094] kasan_check_range+0x10c/0x1c0 [ 27.010122] __kasan_check_write+0x18/0x20 [ 27.010150] kasan_atomics_helper+0x18b1/0x5450 [ 27.010184] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.010217] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.010259] ? kasan_atomics+0x152/0x310 [ 27.010290] kasan_atomics+0x1dc/0x310 [ 27.010316] ? __pfx_kasan_atomics+0x10/0x10 [ 27.010344] ? __pfx_read_tsc+0x10/0x10 [ 27.010369] ? ktime_get_ts64+0x86/0x230 [ 27.010397] kunit_try_run_case+0x1a5/0x480 [ 27.010421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.010443] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.010466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.010497] ? __kthread_parkme+0x82/0x180 [ 27.010520] ? preempt_count_sub+0x50/0x80 [ 27.010546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.010570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.010598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.010626] kthread+0x337/0x6f0 [ 27.010649] ? trace_preempt_on+0x20/0xc0 [ 27.010675] ? __pfx_kthread+0x10/0x10 [ 27.010699] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.010727] ? calculate_sigpending+0x7b/0xa0 [ 27.010772] ? __pfx_kthread+0x10/0x10 [ 27.010798] ret_from_fork+0x116/0x1d0 [ 27.010829] ? __pfx_kthread+0x10/0x10 [ 27.010854] ret_from_fork_asm+0x1a/0x30 [ 27.010889] </TASK> [ 27.010903] [ 27.021826] Allocated by task 313: [ 27.022081] kasan_save_stack+0x45/0x70 [ 27.022257] kasan_save_track+0x18/0x40 [ 27.022429] kasan_save_alloc_info+0x3b/0x50 [ 27.022619] __kasan_kmalloc+0xb7/0xc0 [ 27.022783] __kmalloc_cache_noprof+0x189/0x420 [ 27.023335] kasan_atomics+0x95/0x310 [ 27.023510] kunit_try_run_case+0x1a5/0x480 [ 27.023693] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.024063] kthread+0x337/0x6f0 [ 27.024370] ret_from_fork+0x116/0x1d0 [ 27.024524] ret_from_fork_asm+0x1a/0x30 [ 27.024728] [ 27.024822] The buggy address belongs to the object at ffff8881059cb500 [ 27.024822] which belongs to the cache kmalloc-64 of size 64 [ 27.025603] The buggy address is located 0 bytes to the right of [ 27.025603] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.026409] [ 27.026491] The buggy address belongs to the physical page: [ 27.026717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.027054] flags: 0x200000000000000(node=0|zone=2) [ 27.027533] page_type: f5(slab) [ 27.027753] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.028104] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.028442] page dumped because: kasan: bad access detected [ 27.028671] [ 27.028749] Memory state around the buggy address: [ 27.029303] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.029576] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.030115] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.030605] ^ [ 27.030775] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.031374] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.031628] ================================================================== [ 27.056910] ================================================================== [ 27.057279] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 27.057715] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.058024] [ 27.058113] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.058164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.058178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.058407] Call Trace: [ 27.058438] <TASK> [ 27.058471] dump_stack_lvl+0x73/0xb0 [ 27.058507] print_report+0xd1/0x610 [ 27.058533] ? __virt_addr_valid+0x1db/0x2d0 [ 27.058559] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.058589] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.058619] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.058649] kasan_report+0x141/0x180 [ 27.058674] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.058709] kasan_check_range+0x10c/0x1c0 [ 27.058736] __kasan_check_write+0x18/0x20 [ 27.058994] kasan_atomics_helper+0x19e3/0x5450 [ 27.059043] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.059076] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.059288] ? kasan_atomics+0x152/0x310 [ 27.059335] kasan_atomics+0x1dc/0x310 [ 27.059365] ? __pfx_kasan_atomics+0x10/0x10 [ 27.059395] ? __pfx_read_tsc+0x10/0x10 [ 27.059423] ? ktime_get_ts64+0x86/0x230 [ 27.059452] kunit_try_run_case+0x1a5/0x480 [ 27.059478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.059501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.059525] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.059556] ? __kthread_parkme+0x82/0x180 [ 27.059578] ? preempt_count_sub+0x50/0x80 [ 27.059604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.059628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.059656] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.059685] kthread+0x337/0x6f0 [ 27.059707] ? trace_preempt_on+0x20/0xc0 [ 27.059734] ? __pfx_kthread+0x10/0x10 [ 27.059829] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.059860] ? calculate_sigpending+0x7b/0xa0 [ 27.059891] ? __pfx_kthread+0x10/0x10 [ 27.059915] ret_from_fork+0x116/0x1d0 [ 27.059938] ? __pfx_kthread+0x10/0x10 [ 27.059962] ret_from_fork_asm+0x1a/0x30 [ 27.059998] </TASK> [ 27.060011] [ 27.071746] Allocated by task 313: [ 27.072526] kasan_save_stack+0x45/0x70 [ 27.072873] kasan_save_track+0x18/0x40 [ 27.073280] kasan_save_alloc_info+0x3b/0x50 [ 27.073616] __kasan_kmalloc+0xb7/0xc0 [ 27.074126] __kmalloc_cache_noprof+0x189/0x420 [ 27.074372] kasan_atomics+0x95/0x310 [ 27.074554] kunit_try_run_case+0x1a5/0x480 [ 27.074746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.075415] kthread+0x337/0x6f0 [ 27.075587] ret_from_fork+0x116/0x1d0 [ 27.075802] ret_from_fork_asm+0x1a/0x30 [ 27.076002] [ 27.076093] The buggy address belongs to the object at ffff8881059cb500 [ 27.076093] which belongs to the cache kmalloc-64 of size 64 [ 27.076577] The buggy address is located 0 bytes to the right of [ 27.076577] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.077627] [ 27.077715] The buggy address belongs to the physical page: [ 27.078002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.078441] flags: 0x200000000000000(node=0|zone=2) [ 27.078657] page_type: f5(slab) [ 27.078888] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.079247] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.079550] page dumped because: kasan: bad access detected [ 27.079768] [ 27.079834] Memory state around the buggy address: [ 27.080076] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.080496] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.081069] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.081394] ^ [ 27.081610] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.082289] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.082533] ================================================================== [ 25.974255] ================================================================== [ 25.974590] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 25.975150] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 25.975651] [ 25.975808] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.975872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.975886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.975910] Call Trace: [ 25.975931] <TASK> [ 25.975952] dump_stack_lvl+0x73/0xb0 [ 25.975984] print_report+0xd1/0x610 [ 25.976008] ? __virt_addr_valid+0x1db/0x2d0 [ 25.976034] ? kasan_atomics_helper+0x3df/0x5450 [ 25.976064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.976095] ? kasan_atomics_helper+0x3df/0x5450 [ 25.976125] kasan_report+0x141/0x180 [ 25.976150] ? kasan_atomics_helper+0x3df/0x5450 [ 25.976185] kasan_check_range+0x10c/0x1c0 [ 25.976213] __kasan_check_read+0x15/0x20 [ 25.976255] kasan_atomics_helper+0x3df/0x5450 [ 25.976286] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.976317] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.976346] ? kasan_atomics+0x152/0x310 [ 25.976375] kasan_atomics+0x1dc/0x310 [ 25.976402] ? __pfx_kasan_atomics+0x10/0x10 [ 25.976429] ? __pfx_read_tsc+0x10/0x10 [ 25.976456] ? ktime_get_ts64+0x86/0x230 [ 25.976484] kunit_try_run_case+0x1a5/0x480 [ 25.976508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.976531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.976556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.976587] ? __kthread_parkme+0x82/0x180 [ 25.976610] ? preempt_count_sub+0x50/0x80 [ 25.976637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.976661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.976689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.976718] kthread+0x337/0x6f0 [ 25.976741] ? trace_preempt_on+0x20/0xc0 [ 25.976807] ? __pfx_kthread+0x10/0x10 [ 25.976839] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.976868] ? calculate_sigpending+0x7b/0xa0 [ 25.976898] ? __pfx_kthread+0x10/0x10 [ 25.976924] ret_from_fork+0x116/0x1d0 [ 25.976945] ? __pfx_kthread+0x10/0x10 [ 25.976970] ret_from_fork_asm+0x1a/0x30 [ 25.977006] </TASK> [ 25.977019] [ 25.984620] Allocated by task 313: [ 25.984814] kasan_save_stack+0x45/0x70 [ 25.985060] kasan_save_track+0x18/0x40 [ 25.985247] kasan_save_alloc_info+0x3b/0x50 [ 25.985438] __kasan_kmalloc+0xb7/0xc0 [ 25.985618] __kmalloc_cache_noprof+0x189/0x420 [ 25.985802] kasan_atomics+0x95/0x310 [ 25.986050] kunit_try_run_case+0x1a5/0x480 [ 25.986227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.986430] kthread+0x337/0x6f0 [ 25.986600] ret_from_fork+0x116/0x1d0 [ 25.986777] ret_from_fork_asm+0x1a/0x30 [ 25.987032] [ 25.987117] The buggy address belongs to the object at ffff8881059cb500 [ 25.987117] which belongs to the cache kmalloc-64 of size 64 [ 25.987563] The buggy address is located 0 bytes to the right of [ 25.987563] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 25.988306] [ 25.988407] The buggy address belongs to the physical page: [ 25.988656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 25.989086] flags: 0x200000000000000(node=0|zone=2) [ 25.989335] page_type: f5(slab) [ 25.989504] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.989877] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.990101] page dumped because: kasan: bad access detected [ 25.990615] [ 25.990733] Memory state around the buggy address: [ 25.991249] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.991574] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.992634] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.993591] ^ [ 25.994067] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.994427] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.994727] ================================================================== [ 26.938865] ================================================================== [ 26.939091] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 26.939455] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.939770] [ 26.939908] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.940541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.940563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.940588] Call Trace: [ 26.940608] <TASK> [ 26.940628] dump_stack_lvl+0x73/0xb0 [ 26.940660] print_report+0xd1/0x610 [ 26.940685] ? __virt_addr_valid+0x1db/0x2d0 [ 26.940711] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.940741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.941442] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.941477] kasan_report+0x141/0x180 [ 26.941504] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.941540] kasan_check_range+0x10c/0x1c0 [ 26.941567] __kasan_check_write+0x18/0x20 [ 26.941595] kasan_atomics_helper+0x16e7/0x5450 [ 26.941626] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.941658] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.941687] ? kasan_atomics+0x152/0x310 [ 26.941716] kasan_atomics+0x1dc/0x310 [ 26.941742] ? __pfx_kasan_atomics+0x10/0x10 [ 26.941786] ? __pfx_read_tsc+0x10/0x10 [ 26.941812] ? ktime_get_ts64+0x86/0x230 [ 26.941854] kunit_try_run_case+0x1a5/0x480 [ 26.941879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.941901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.941925] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.941956] ? __kthread_parkme+0x82/0x180 [ 26.941978] ? preempt_count_sub+0x50/0x80 [ 26.942004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.942028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.942057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.942085] kthread+0x337/0x6f0 [ 26.942109] ? trace_preempt_on+0x20/0xc0 [ 26.942135] ? __pfx_kthread+0x10/0x10 [ 26.942159] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.942188] ? calculate_sigpending+0x7b/0xa0 [ 26.942217] ? __pfx_kthread+0x10/0x10 [ 26.942253] ret_from_fork+0x116/0x1d0 [ 26.942275] ? __pfx_kthread+0x10/0x10 [ 26.942299] ret_from_fork_asm+0x1a/0x30 [ 26.942335] </TASK> [ 26.942348] [ 26.953498] Allocated by task 313: [ 26.954066] kasan_save_stack+0x45/0x70 [ 26.954367] kasan_save_track+0x18/0x40 [ 26.954567] kasan_save_alloc_info+0x3b/0x50 [ 26.954770] __kasan_kmalloc+0xb7/0xc0 [ 26.955210] __kmalloc_cache_noprof+0x189/0x420 [ 26.955407] kasan_atomics+0x95/0x310 [ 26.955746] kunit_try_run_case+0x1a5/0x480 [ 26.956106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.956361] kthread+0x337/0x6f0 [ 26.956651] ret_from_fork+0x116/0x1d0 [ 26.956994] ret_from_fork_asm+0x1a/0x30 [ 26.957330] [ 26.957424] The buggy address belongs to the object at ffff8881059cb500 [ 26.957424] which belongs to the cache kmalloc-64 of size 64 [ 26.958287] The buggy address is located 0 bytes to the right of [ 26.958287] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.959219] [ 26.959329] The buggy address belongs to the physical page: [ 26.959769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.960292] flags: 0x200000000000000(node=0|zone=2) [ 26.960628] page_type: f5(slab) [ 26.961012] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.961366] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.961740] page dumped because: kasan: bad access detected [ 26.962258] [ 26.962347] Memory state around the buggy address: [ 26.962697] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.963206] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.963650] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.964139] ^ [ 26.964381] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.964644] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.964939] ================================================================== [ 27.361825] ================================================================== [ 27.362456] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 27.363011] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.363422] [ 27.363602] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.363658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.363672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.363697] Call Trace: [ 27.363717] <TASK> [ 27.363738] dump_stack_lvl+0x73/0xb0 [ 27.363771] print_report+0xd1/0x610 [ 27.363835] ? __virt_addr_valid+0x1db/0x2d0 [ 27.363862] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.363904] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.363935] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.364008] kasan_report+0x141/0x180 [ 27.364033] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.364080] __asan_report_load8_noabort+0x18/0x20 [ 27.364109] kasan_atomics_helper+0x4f98/0x5450 [ 27.364141] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.364173] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.364233] ? kasan_atomics+0x152/0x310 [ 27.364308] kasan_atomics+0x1dc/0x310 [ 27.364335] ? __pfx_kasan_atomics+0x10/0x10 [ 27.364363] ? __pfx_read_tsc+0x10/0x10 [ 27.364390] ? ktime_get_ts64+0x86/0x230 [ 27.364420] kunit_try_run_case+0x1a5/0x480 [ 27.364445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.364467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.364491] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.364522] ? __kthread_parkme+0x82/0x180 [ 27.364545] ? preempt_count_sub+0x50/0x80 [ 27.364571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.364595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.364623] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.364652] kthread+0x337/0x6f0 [ 27.364674] ? trace_preempt_on+0x20/0xc0 [ 27.364701] ? __pfx_kthread+0x10/0x10 [ 27.364725] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.364754] ? calculate_sigpending+0x7b/0xa0 [ 27.364782] ? __pfx_kthread+0x10/0x10 [ 27.364807] ret_from_fork+0x116/0x1d0 [ 27.364837] ? __pfx_kthread+0x10/0x10 [ 27.364862] ret_from_fork_asm+0x1a/0x30 [ 27.364897] </TASK> [ 27.364909] [ 27.373313] Allocated by task 313: [ 27.373749] kasan_save_stack+0x45/0x70 [ 27.374038] kasan_save_track+0x18/0x40 [ 27.374249] kasan_save_alloc_info+0x3b/0x50 [ 27.374462] __kasan_kmalloc+0xb7/0xc0 [ 27.374596] __kmalloc_cache_noprof+0x189/0x420 [ 27.374748] kasan_atomics+0x95/0x310 [ 27.375046] kunit_try_run_case+0x1a5/0x480 [ 27.375405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.375646] kthread+0x337/0x6f0 [ 27.375782] ret_from_fork+0x116/0x1d0 [ 27.376121] ret_from_fork_asm+0x1a/0x30 [ 27.376350] [ 27.376421] The buggy address belongs to the object at ffff8881059cb500 [ 27.376421] which belongs to the cache kmalloc-64 of size 64 [ 27.376895] The buggy address is located 0 bytes to the right of [ 27.376895] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.377641] [ 27.377783] The buggy address belongs to the physical page: [ 27.378018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.378316] flags: 0x200000000000000(node=0|zone=2) [ 27.378668] page_type: f5(slab) [ 27.378835] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.379193] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.379530] page dumped because: kasan: bad access detected [ 27.379764] [ 27.379872] Memory state around the buggy address: [ 27.380175] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.380454] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.380813] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.381114] ^ [ 27.381345] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.381639] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.382041] ================================================================== [ 26.702152] ================================================================== [ 26.702482] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 26.703011] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.703756] [ 26.704018] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.704078] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.704093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.704125] Call Trace: [ 26.704145] <TASK> [ 26.704165] dump_stack_lvl+0x73/0xb0 [ 26.704200] print_report+0xd1/0x610 [ 26.704224] ? __virt_addr_valid+0x1db/0x2d0 [ 26.704260] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.704289] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.704319] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.704350] kasan_report+0x141/0x180 [ 26.704374] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.704409] __asan_report_load4_noabort+0x18/0x20 [ 26.704437] kasan_atomics_helper+0x49e8/0x5450 [ 26.704468] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.704499] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.704527] ? kasan_atomics+0x152/0x310 [ 26.704557] kasan_atomics+0x1dc/0x310 [ 26.704584] ? __pfx_kasan_atomics+0x10/0x10 [ 26.704612] ? __pfx_read_tsc+0x10/0x10 [ 26.704638] ? ktime_get_ts64+0x86/0x230 [ 26.704667] kunit_try_run_case+0x1a5/0x480 [ 26.704691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.704713] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.704736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.704813] ? __kthread_parkme+0x82/0x180 [ 26.704850] ? preempt_count_sub+0x50/0x80 [ 26.704876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.704900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.704929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.704957] kthread+0x337/0x6f0 [ 26.704980] ? trace_preempt_on+0x20/0xc0 [ 26.705008] ? __pfx_kthread+0x10/0x10 [ 26.705032] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.705061] ? calculate_sigpending+0x7b/0xa0 [ 26.705089] ? __pfx_kthread+0x10/0x10 [ 26.705114] ret_from_fork+0x116/0x1d0 [ 26.705135] ? __pfx_kthread+0x10/0x10 [ 26.705160] ret_from_fork_asm+0x1a/0x30 [ 26.705201] </TASK> [ 26.705214] [ 26.715265] Allocated by task 313: [ 26.715411] kasan_save_stack+0x45/0x70 [ 26.715558] kasan_save_track+0x18/0x40 [ 26.715954] kasan_save_alloc_info+0x3b/0x50 [ 26.716405] __kasan_kmalloc+0xb7/0xc0 [ 26.716569] __kmalloc_cache_noprof+0x189/0x420 [ 26.716766] kasan_atomics+0x95/0x310 [ 26.716895] kunit_try_run_case+0x1a5/0x480 [ 26.717030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.717412] kthread+0x337/0x6f0 [ 26.717583] ret_from_fork+0x116/0x1d0 [ 26.717769] ret_from_fork_asm+0x1a/0x30 [ 26.718075] [ 26.718140] The buggy address belongs to the object at ffff8881059cb500 [ 26.718140] which belongs to the cache kmalloc-64 of size 64 [ 26.718485] The buggy address is located 0 bytes to the right of [ 26.718485] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.719455] [ 26.719581] The buggy address belongs to the physical page: [ 26.720270] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.720611] flags: 0x200000000000000(node=0|zone=2) [ 26.720798] page_type: f5(slab) [ 26.720972] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.721284] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.721585] page dumped because: kasan: bad access detected [ 26.721803] [ 26.721874] Memory state around the buggy address: [ 26.722074] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.723425] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.723776] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.724077] ^ [ 26.724376] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.724841] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.725383] ================================================================== [ 26.619306] ================================================================== [ 26.619627] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 26.619914] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.620343] [ 26.620586] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.620639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.620653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.620676] Call Trace: [ 26.620698] <TASK> [ 26.620719] dump_stack_lvl+0x73/0xb0 [ 26.620759] print_report+0xd1/0x610 [ 26.620805] ? __virt_addr_valid+0x1db/0x2d0 [ 26.620854] ? kasan_atomics_helper+0x1148/0x5450 [ 26.620885] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.620915] ? kasan_atomics_helper+0x1148/0x5450 [ 26.620945] kasan_report+0x141/0x180 [ 26.620969] ? kasan_atomics_helper+0x1148/0x5450 [ 26.621004] kasan_check_range+0x10c/0x1c0 [ 26.621031] __kasan_check_write+0x18/0x20 [ 26.621059] kasan_atomics_helper+0x1148/0x5450 [ 26.621090] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.621121] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.621148] ? kasan_atomics+0x152/0x310 [ 26.621178] kasan_atomics+0x1dc/0x310 [ 26.621209] ? __pfx_kasan_atomics+0x10/0x10 [ 26.621248] ? __pfx_read_tsc+0x10/0x10 [ 26.621284] ? ktime_get_ts64+0x86/0x230 [ 26.621313] kunit_try_run_case+0x1a5/0x480 [ 26.621336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.621369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.621393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.621423] ? __kthread_parkme+0x82/0x180 [ 26.621446] ? preempt_count_sub+0x50/0x80 [ 26.621471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.621495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.621523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.621551] kthread+0x337/0x6f0 [ 26.621574] ? trace_preempt_on+0x20/0xc0 [ 26.621610] ? __pfx_kthread+0x10/0x10 [ 26.621634] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.621662] ? calculate_sigpending+0x7b/0xa0 [ 26.621703] ? __pfx_kthread+0x10/0x10 [ 26.621728] ret_from_fork+0x116/0x1d0 [ 26.621761] ? __pfx_kthread+0x10/0x10 [ 26.621786] ret_from_fork_asm+0x1a/0x30 [ 26.621823] </TASK> [ 26.621835] [ 26.635465] Allocated by task 313: [ 26.635633] kasan_save_stack+0x45/0x70 [ 26.635799] kasan_save_track+0x18/0x40 [ 26.635932] kasan_save_alloc_info+0x3b/0x50 [ 26.636082] __kasan_kmalloc+0xb7/0xc0 [ 26.636215] __kmalloc_cache_noprof+0x189/0x420 [ 26.636382] kasan_atomics+0x95/0x310 [ 26.636513] kunit_try_run_case+0x1a5/0x480 [ 26.636653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.636827] kthread+0x337/0x6f0 [ 26.636948] ret_from_fork+0x116/0x1d0 [ 26.637076] ret_from_fork_asm+0x1a/0x30 [ 26.637224] [ 26.639019] The buggy address belongs to the object at ffff8881059cb500 [ 26.639019] which belongs to the cache kmalloc-64 of size 64 [ 26.641253] The buggy address is located 0 bytes to the right of [ 26.641253] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.642582] [ 26.642929] The buggy address belongs to the physical page: [ 26.643192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.643547] flags: 0x200000000000000(node=0|zone=2) [ 26.643874] page_type: f5(slab) [ 26.644050] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.644370] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.644674] page dumped because: kasan: bad access detected [ 26.644993] [ 26.645095] Memory state around the buggy address: [ 26.645337] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.645613] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.645988] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.646324] ^ [ 26.646521] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.647057] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.647403] ================================================================== [ 26.841107] ================================================================== [ 26.841459] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 26.842076] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.842426] [ 26.842541] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.842595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.842609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.842634] Call Trace: [ 26.842654] <TASK> [ 26.842673] dump_stack_lvl+0x73/0xb0 [ 26.842705] print_report+0xd1/0x610 [ 26.842729] ? __virt_addr_valid+0x1db/0x2d0 [ 26.842860] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.842910] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.842941] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.842972] kasan_report+0x141/0x180 [ 26.842997] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.843032] __asan_report_store8_noabort+0x1b/0x30 [ 26.843062] kasan_atomics_helper+0x50d4/0x5450 [ 26.843093] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.843126] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.843154] ? kasan_atomics+0x152/0x310 [ 26.843184] kasan_atomics+0x1dc/0x310 [ 26.843210] ? __pfx_kasan_atomics+0x10/0x10 [ 26.843246] ? __pfx_read_tsc+0x10/0x10 [ 26.843274] ? ktime_get_ts64+0x86/0x230 [ 26.843303] kunit_try_run_case+0x1a5/0x480 [ 26.843329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.843354] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.843379] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.843410] ? __kthread_parkme+0x82/0x180 [ 26.843434] ? preempt_count_sub+0x50/0x80 [ 26.843459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.843483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.843511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.843540] kthread+0x337/0x6f0 [ 26.843563] ? trace_preempt_on+0x20/0xc0 [ 26.843590] ? __pfx_kthread+0x10/0x10 [ 26.843616] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.843644] ? calculate_sigpending+0x7b/0xa0 [ 26.843675] ? __pfx_kthread+0x10/0x10 [ 26.843701] ret_from_fork+0x116/0x1d0 [ 26.843723] ? __pfx_kthread+0x10/0x10 [ 26.843810] ret_from_fork_asm+0x1a/0x30 [ 26.843862] </TASK> [ 26.843876] [ 26.851855] Allocated by task 313: [ 26.852050] kasan_save_stack+0x45/0x70 [ 26.852201] kasan_save_track+0x18/0x40 [ 26.852424] kasan_save_alloc_info+0x3b/0x50 [ 26.852642] __kasan_kmalloc+0xb7/0xc0 [ 26.853139] __kmalloc_cache_noprof+0x189/0x420 [ 26.853393] kasan_atomics+0x95/0x310 [ 26.853562] kunit_try_run_case+0x1a5/0x480 [ 26.853717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.854028] kthread+0x337/0x6f0 [ 26.854202] ret_from_fork+0x116/0x1d0 [ 26.854396] ret_from_fork_asm+0x1a/0x30 [ 26.854595] [ 26.854687] The buggy address belongs to the object at ffff8881059cb500 [ 26.854687] which belongs to the cache kmalloc-64 of size 64 [ 26.855223] The buggy address is located 0 bytes to the right of [ 26.855223] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.855623] [ 26.855715] The buggy address belongs to the physical page: [ 26.856032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.856396] flags: 0x200000000000000(node=0|zone=2) [ 26.856630] page_type: f5(slab) [ 26.856854] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.857199] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.857519] page dumped because: kasan: bad access detected [ 26.857725] [ 26.858108] Memory state around the buggy address: [ 26.858339] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.858563] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.858964] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.859270] ^ [ 26.859475] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.859832] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.860115] ================================================================== [ 26.018721] ================================================================== [ 26.019212] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 26.019578] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.020119] [ 26.020213] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.020280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.020293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.020318] Call Trace: [ 26.020340] <TASK> [ 26.020361] dump_stack_lvl+0x73/0xb0 [ 26.020394] print_report+0xd1/0x610 [ 26.020419] ? __virt_addr_valid+0x1db/0x2d0 [ 26.020445] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.020475] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.020507] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.020538] kasan_report+0x141/0x180 [ 26.020562] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.020597] kasan_check_range+0x10c/0x1c0 [ 26.020624] __kasan_check_write+0x18/0x20 [ 26.020652] kasan_atomics_helper+0x4a0/0x5450 [ 26.020683] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.020739] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.020773] ? kasan_atomics+0x152/0x310 [ 26.020803] kasan_atomics+0x1dc/0x310 [ 26.020906] ? __pfx_kasan_atomics+0x10/0x10 [ 26.020942] ? __pfx_read_tsc+0x10/0x10 [ 26.020970] ? ktime_get_ts64+0x86/0x230 [ 26.021000] kunit_try_run_case+0x1a5/0x480 [ 26.021025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.021048] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.021073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.021128] ? __kthread_parkme+0x82/0x180 [ 26.021153] ? preempt_count_sub+0x50/0x80 [ 26.021179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.021211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.021250] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.021298] kthread+0x337/0x6f0 [ 26.021323] ? trace_preempt_on+0x20/0xc0 [ 26.021350] ? __pfx_kthread+0x10/0x10 [ 26.021376] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.021405] ? calculate_sigpending+0x7b/0xa0 [ 26.021434] ? __pfx_kthread+0x10/0x10 [ 26.021460] ret_from_fork+0x116/0x1d0 [ 26.021482] ? __pfx_kthread+0x10/0x10 [ 26.021506] ret_from_fork_asm+0x1a/0x30 [ 26.021542] </TASK> [ 26.021557] [ 26.031195] Allocated by task 313: [ 26.031378] kasan_save_stack+0x45/0x70 [ 26.031567] kasan_save_track+0x18/0x40 [ 26.031738] kasan_save_alloc_info+0x3b/0x50 [ 26.032051] __kasan_kmalloc+0xb7/0xc0 [ 26.032222] __kmalloc_cache_noprof+0x189/0x420 [ 26.032433] kasan_atomics+0x95/0x310 [ 26.032596] kunit_try_run_case+0x1a5/0x480 [ 26.032845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.033073] kthread+0x337/0x6f0 [ 26.033235] ret_from_fork+0x116/0x1d0 [ 26.033415] ret_from_fork_asm+0x1a/0x30 [ 26.033593] [ 26.033676] The buggy address belongs to the object at ffff8881059cb500 [ 26.033676] which belongs to the cache kmalloc-64 of size 64 [ 26.034654] The buggy address is located 0 bytes to the right of [ 26.034654] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.035777] [ 26.035886] The buggy address belongs to the physical page: [ 26.036068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.036324] flags: 0x200000000000000(node=0|zone=2) [ 26.036492] page_type: f5(slab) [ 26.036735] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.038449] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.039577] page dumped because: kasan: bad access detected [ 26.040292] [ 26.040629] Memory state around the buggy address: [ 26.041447] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.042390] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.042626] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.043470] ^ [ 26.044225] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.044657] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.045041] ================================================================== [ 26.259555] ================================================================== [ 26.260029] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 26.260340] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.260592] [ 26.260702] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.260774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.260788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.260826] Call Trace: [ 26.260861] <TASK> [ 26.260882] dump_stack_lvl+0x73/0xb0 [ 26.260940] print_report+0xd1/0x610 [ 26.261015] ? __virt_addr_valid+0x1db/0x2d0 [ 26.261047] ? kasan_atomics_helper+0x992/0x5450 [ 26.261077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.261107] ? kasan_atomics_helper+0x992/0x5450 [ 26.261137] kasan_report+0x141/0x180 [ 26.261162] ? kasan_atomics_helper+0x992/0x5450 [ 26.261203] kasan_check_range+0x10c/0x1c0 [ 26.261231] __kasan_check_write+0x18/0x20 [ 26.261271] kasan_atomics_helper+0x992/0x5450 [ 26.261303] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.261334] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.261363] ? kasan_atomics+0x152/0x310 [ 26.261392] kasan_atomics+0x1dc/0x310 [ 26.261419] ? __pfx_kasan_atomics+0x10/0x10 [ 26.261446] ? __pfx_read_tsc+0x10/0x10 [ 26.261474] ? ktime_get_ts64+0x86/0x230 [ 26.261503] kunit_try_run_case+0x1a5/0x480 [ 26.261527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.261551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.261598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.261629] ? __kthread_parkme+0x82/0x180 [ 26.261652] ? preempt_count_sub+0x50/0x80 [ 26.261696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.261720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.261749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.261787] kthread+0x337/0x6f0 [ 26.261810] ? trace_preempt_on+0x20/0xc0 [ 26.261904] ? __pfx_kthread+0x10/0x10 [ 26.261929] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.261958] ? calculate_sigpending+0x7b/0xa0 [ 26.261988] ? __pfx_kthread+0x10/0x10 [ 26.262032] ret_from_fork+0x116/0x1d0 [ 26.262055] ? __pfx_kthread+0x10/0x10 [ 26.262079] ret_from_fork_asm+0x1a/0x30 [ 26.262115] </TASK> [ 26.262128] [ 26.270960] Allocated by task 313: [ 26.271508] kasan_save_stack+0x45/0x70 [ 26.271724] kasan_save_track+0x18/0x40 [ 26.272007] kasan_save_alloc_info+0x3b/0x50 [ 26.272160] __kasan_kmalloc+0xb7/0xc0 [ 26.272298] __kmalloc_cache_noprof+0x189/0x420 [ 26.272452] kasan_atomics+0x95/0x310 [ 26.272642] kunit_try_run_case+0x1a5/0x480 [ 26.272875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.273161] kthread+0x337/0x6f0 [ 26.273431] ret_from_fork+0x116/0x1d0 [ 26.273668] ret_from_fork_asm+0x1a/0x30 [ 26.274073] [ 26.274170] The buggy address belongs to the object at ffff8881059cb500 [ 26.274170] which belongs to the cache kmalloc-64 of size 64 [ 26.274671] The buggy address is located 0 bytes to the right of [ 26.274671] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.275609] [ 26.275717] The buggy address belongs to the physical page: [ 26.275984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.276448] flags: 0x200000000000000(node=0|zone=2) [ 26.276611] page_type: f5(slab) [ 26.276725] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.277062] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.277572] page dumped because: kasan: bad access detected [ 26.277880] [ 26.277968] Memory state around the buggy address: [ 26.278197] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.278525] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.278820] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.279017] ^ [ 26.279161] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.279487] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.279957] ================================================================== [ 27.289403] ================================================================== [ 27.289739] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 27.290076] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.290414] [ 27.290521] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.290568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.290581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.290604] Call Trace: [ 27.290621] <TASK> [ 27.290639] dump_stack_lvl+0x73/0xb0 [ 27.290667] print_report+0xd1/0x610 [ 27.290690] ? __virt_addr_valid+0x1db/0x2d0 [ 27.290714] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.290744] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.290773] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.290803] kasan_report+0x141/0x180 [ 27.290827] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.290861] kasan_check_range+0x10c/0x1c0 [ 27.290887] __kasan_check_write+0x18/0x20 [ 27.290915] kasan_atomics_helper+0x1f43/0x5450 [ 27.290945] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.290974] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.291001] ? kasan_atomics+0x152/0x310 [ 27.291029] kasan_atomics+0x1dc/0x310 [ 27.291054] ? __pfx_kasan_atomics+0x10/0x10 [ 27.291081] ? __pfx_read_tsc+0x10/0x10 [ 27.291106] ? ktime_get_ts64+0x86/0x230 [ 27.291133] kunit_try_run_case+0x1a5/0x480 [ 27.291155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.291176] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.291199] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.291229] ? __kthread_parkme+0x82/0x180 [ 27.291260] ? preempt_count_sub+0x50/0x80 [ 27.291284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.291307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.291335] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.291363] kthread+0x337/0x6f0 [ 27.291401] ? trace_preempt_on+0x20/0xc0 [ 27.291429] ? __pfx_kthread+0x10/0x10 [ 27.291470] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.291499] ? calculate_sigpending+0x7b/0xa0 [ 27.291527] ? __pfx_kthread+0x10/0x10 [ 27.291552] ret_from_fork+0x116/0x1d0 [ 27.291573] ? __pfx_kthread+0x10/0x10 [ 27.291596] ret_from_fork_asm+0x1a/0x30 [ 27.291632] </TASK> [ 27.291644] [ 27.299962] Allocated by task 313: [ 27.300136] kasan_save_stack+0x45/0x70 [ 27.300321] kasan_save_track+0x18/0x40 [ 27.300526] kasan_save_alloc_info+0x3b/0x50 [ 27.300665] __kasan_kmalloc+0xb7/0xc0 [ 27.300786] __kmalloc_cache_noprof+0x189/0x420 [ 27.300933] kasan_atomics+0x95/0x310 [ 27.301059] kunit_try_run_case+0x1a5/0x480 [ 27.301189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.301367] kthread+0x337/0x6f0 [ 27.301479] ret_from_fork+0x116/0x1d0 [ 27.301599] ret_from_fork_asm+0x1a/0x30 [ 27.301893] [ 27.302016] The buggy address belongs to the object at ffff8881059cb500 [ 27.302016] which belongs to the cache kmalloc-64 of size 64 [ 27.302556] The buggy address is located 0 bytes to the right of [ 27.302556] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.303570] [ 27.303648] The buggy address belongs to the physical page: [ 27.303810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.304258] flags: 0x200000000000000(node=0|zone=2) [ 27.304411] page_type: f5(slab) [ 27.304524] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.304741] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.305382] page dumped because: kasan: bad access detected [ 27.305908] [ 27.306009] Memory state around the buggy address: [ 27.306253] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.306612] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.307014] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.307224] ^ [ 27.307675] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.308047] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.308402] ================================================================== [ 26.822397] ================================================================== [ 26.822702] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 26.823286] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.823568] [ 26.823682] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.823734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.823821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.823861] Call Trace: [ 26.823882] <TASK> [ 26.823901] dump_stack_lvl+0x73/0xb0 [ 26.823933] print_report+0xd1/0x610 [ 26.823958] ? __virt_addr_valid+0x1db/0x2d0 [ 26.823983] ? kasan_atomics_helper+0x1467/0x5450 [ 26.824013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.824044] ? kasan_atomics_helper+0x1467/0x5450 [ 26.824074] kasan_report+0x141/0x180 [ 26.824098] ? kasan_atomics_helper+0x1467/0x5450 [ 26.824133] kasan_check_range+0x10c/0x1c0 [ 26.824160] __kasan_check_write+0x18/0x20 [ 26.824189] kasan_atomics_helper+0x1467/0x5450 [ 26.824222] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.824263] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.824291] ? kasan_atomics+0x152/0x310 [ 26.824321] kasan_atomics+0x1dc/0x310 [ 26.824348] ? __pfx_kasan_atomics+0x10/0x10 [ 26.824376] ? __pfx_read_tsc+0x10/0x10 [ 26.824404] ? ktime_get_ts64+0x86/0x230 [ 26.824432] kunit_try_run_case+0x1a5/0x480 [ 26.824456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.824479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.824502] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.824534] ? __kthread_parkme+0x82/0x180 [ 26.824555] ? preempt_count_sub+0x50/0x80 [ 26.824582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.824605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.824632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.824661] kthread+0x337/0x6f0 [ 26.824683] ? trace_preempt_on+0x20/0xc0 [ 26.824710] ? __pfx_kthread+0x10/0x10 [ 26.824733] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.824825] ? calculate_sigpending+0x7b/0xa0 [ 26.824871] ? __pfx_kthread+0x10/0x10 [ 26.824897] ret_from_fork+0x116/0x1d0 [ 26.824918] ? __pfx_kthread+0x10/0x10 [ 26.824942] ret_from_fork_asm+0x1a/0x30 [ 26.824978] </TASK> [ 26.824991] [ 26.832704] Allocated by task 313: [ 26.833088] kasan_save_stack+0x45/0x70 [ 26.833312] kasan_save_track+0x18/0x40 [ 26.833500] kasan_save_alloc_info+0x3b/0x50 [ 26.833705] __kasan_kmalloc+0xb7/0xc0 [ 26.833992] __kmalloc_cache_noprof+0x189/0x420 [ 26.834218] kasan_atomics+0x95/0x310 [ 26.834417] kunit_try_run_case+0x1a5/0x480 [ 26.834616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.834951] kthread+0x337/0x6f0 [ 26.835127] ret_from_fork+0x116/0x1d0 [ 26.835277] ret_from_fork_asm+0x1a/0x30 [ 26.835416] [ 26.835484] The buggy address belongs to the object at ffff8881059cb500 [ 26.835484] which belongs to the cache kmalloc-64 of size 64 [ 26.835840] The buggy address is located 0 bytes to the right of [ 26.835840] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.836387] [ 26.836485] The buggy address belongs to the physical page: [ 26.836740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.837096] flags: 0x200000000000000(node=0|zone=2) [ 26.837409] page_type: f5(slab) [ 26.837538] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.837854] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.838190] page dumped because: kasan: bad access detected [ 26.838451] [ 26.838540] Memory state around the buggy address: [ 26.838983] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.839335] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.839582] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.839973] ^ [ 26.840185] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.840448] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.840655] ================================================================== [ 26.344157] ================================================================== [ 26.344443] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 26.344917] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.345222] [ 26.345366] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.345420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.345434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.345491] Call Trace: [ 26.345513] <TASK> [ 26.345536] dump_stack_lvl+0x73/0xb0 [ 26.345568] print_report+0xd1/0x610 [ 26.345593] ? __virt_addr_valid+0x1db/0x2d0 [ 26.345619] ? kasan_atomics_helper+0xc70/0x5450 [ 26.345681] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.345712] ? kasan_atomics_helper+0xc70/0x5450 [ 26.345838] kasan_report+0x141/0x180 [ 26.345886] ? kasan_atomics_helper+0xc70/0x5450 [ 26.345952] kasan_check_range+0x10c/0x1c0 [ 26.345980] __kasan_check_write+0x18/0x20 [ 26.346009] kasan_atomics_helper+0xc70/0x5450 [ 26.346040] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.346070] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.346099] ? kasan_atomics+0x152/0x310 [ 26.346128] kasan_atomics+0x1dc/0x310 [ 26.346154] ? __pfx_kasan_atomics+0x10/0x10 [ 26.346182] ? __pfx_read_tsc+0x10/0x10 [ 26.346209] ? ktime_get_ts64+0x86/0x230 [ 26.346248] kunit_try_run_case+0x1a5/0x480 [ 26.346273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.346295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.346319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.346350] ? __kthread_parkme+0x82/0x180 [ 26.346373] ? preempt_count_sub+0x50/0x80 [ 26.346399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.346423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.346451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.346480] kthread+0x337/0x6f0 [ 26.346503] ? trace_preempt_on+0x20/0xc0 [ 26.346529] ? __pfx_kthread+0x10/0x10 [ 26.346554] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.346582] ? calculate_sigpending+0x7b/0xa0 [ 26.346611] ? __pfx_kthread+0x10/0x10 [ 26.346635] ret_from_fork+0x116/0x1d0 [ 26.346657] ? __pfx_kthread+0x10/0x10 [ 26.346682] ret_from_fork_asm+0x1a/0x30 [ 26.346718] </TASK> [ 26.346732] [ 26.354904] Allocated by task 313: [ 26.355115] kasan_save_stack+0x45/0x70 [ 26.355342] kasan_save_track+0x18/0x40 [ 26.355535] kasan_save_alloc_info+0x3b/0x50 [ 26.356010] __kasan_kmalloc+0xb7/0xc0 [ 26.356248] __kmalloc_cache_noprof+0x189/0x420 [ 26.356491] kasan_atomics+0x95/0x310 [ 26.356684] kunit_try_run_case+0x1a5/0x480 [ 26.357034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.357299] kthread+0x337/0x6f0 [ 26.357420] ret_from_fork+0x116/0x1d0 [ 26.357564] ret_from_fork_asm+0x1a/0x30 [ 26.357969] [ 26.358101] The buggy address belongs to the object at ffff8881059cb500 [ 26.358101] which belongs to the cache kmalloc-64 of size 64 [ 26.358608] The buggy address is located 0 bytes to the right of [ 26.358608] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.359267] [ 26.359371] The buggy address belongs to the physical page: [ 26.359623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.360100] flags: 0x200000000000000(node=0|zone=2) [ 26.360350] page_type: f5(slab) [ 26.360512] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.361114] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.361435] page dumped because: kasan: bad access detected [ 26.361695] [ 26.361794] Memory state around the buggy address: [ 26.361954] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.362292] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.362607] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.362920] ^ [ 26.363126] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.363520] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.363788] ================================================================== [ 27.107116] ================================================================== [ 27.107949] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 27.108216] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.108462] [ 27.108551] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.108621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.108638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.108674] Call Trace: [ 27.108696] <TASK> [ 27.108721] dump_stack_lvl+0x73/0xb0 [ 27.108754] print_report+0xd1/0x610 [ 27.108790] ? __virt_addr_valid+0x1db/0x2d0 [ 27.108817] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.108851] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.108885] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.108918] kasan_report+0x141/0x180 [ 27.108944] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.108981] kasan_check_range+0x10c/0x1c0 [ 27.109011] __kasan_check_write+0x18/0x20 [ 27.109040] kasan_atomics_helper+0x1b22/0x5450 [ 27.109074] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.109107] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.109140] ? kasan_atomics+0x152/0x310 [ 27.109172] kasan_atomics+0x1dc/0x310 [ 27.109206] ? __pfx_kasan_atomics+0x10/0x10 [ 27.109246] ? __pfx_read_tsc+0x10/0x10 [ 27.109274] ? ktime_get_ts64+0x86/0x230 [ 27.109305] kunit_try_run_case+0x1a5/0x480 [ 27.109331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.109356] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.109383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.109417] ? __kthread_parkme+0x82/0x180 [ 27.109441] ? preempt_count_sub+0x50/0x80 [ 27.109469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.109497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.109529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.109564] kthread+0x337/0x6f0 [ 27.109587] ? trace_preempt_on+0x20/0xc0 [ 27.109616] ? __pfx_kthread+0x10/0x10 [ 27.109642] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.109672] ? calculate_sigpending+0x7b/0xa0 [ 27.109705] ? __pfx_kthread+0x10/0x10 [ 27.109732] ret_from_fork+0x116/0x1d0 [ 27.109755] ? __pfx_kthread+0x10/0x10 [ 27.109780] ret_from_fork_asm+0x1a/0x30 [ 27.109818] </TASK> [ 27.109831] [ 27.127648] Allocated by task 313: [ 27.127799] kasan_save_stack+0x45/0x70 [ 27.128256] kasan_save_track+0x18/0x40 [ 27.128629] kasan_save_alloc_info+0x3b/0x50 [ 27.129145] __kasan_kmalloc+0xb7/0xc0 [ 27.129549] __kmalloc_cache_noprof+0x189/0x420 [ 27.130054] kasan_atomics+0x95/0x310 [ 27.130489] kunit_try_run_case+0x1a5/0x480 [ 27.130889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.131488] kthread+0x337/0x6f0 [ 27.131728] ret_from_fork+0x116/0x1d0 [ 27.132051] ret_from_fork_asm+0x1a/0x30 [ 27.132523] [ 27.132717] The buggy address belongs to the object at ffff8881059cb500 [ 27.132717] which belongs to the cache kmalloc-64 of size 64 [ 27.133566] The buggy address is located 0 bytes to the right of [ 27.133566] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.134724] [ 27.134911] The buggy address belongs to the physical page: [ 27.135328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.135573] flags: 0x200000000000000(node=0|zone=2) [ 27.135735] page_type: f5(slab) [ 27.136148] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.136505] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.137538] page dumped because: kasan: bad access detected [ 27.137920] [ 27.138113] Memory state around the buggy address: [ 27.138290] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.139066] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.139784] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.140255] ^ [ 27.140408] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.140613] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.140961] ================================================================== [ 26.396227] ================================================================== [ 26.396868] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 26.397666] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.398457] [ 26.398628] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.398703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.398717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.398742] Call Trace: [ 26.398775] <TASK> [ 26.398813] dump_stack_lvl+0x73/0xb0 [ 26.398854] print_report+0xd1/0x610 [ 26.398878] ? __virt_addr_valid+0x1db/0x2d0 [ 26.398905] ? kasan_atomics_helper+0xd47/0x5450 [ 26.398935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.398965] ? kasan_atomics_helper+0xd47/0x5450 [ 26.398995] kasan_report+0x141/0x180 [ 26.399019] ? kasan_atomics_helper+0xd47/0x5450 [ 26.399054] kasan_check_range+0x10c/0x1c0 [ 26.399081] __kasan_check_write+0x18/0x20 [ 26.399109] kasan_atomics_helper+0xd47/0x5450 [ 26.399140] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.399171] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.399200] ? kasan_atomics+0x152/0x310 [ 26.399230] kasan_atomics+0x1dc/0x310 [ 26.399266] ? __pfx_kasan_atomics+0x10/0x10 [ 26.399293] ? __pfx_read_tsc+0x10/0x10 [ 26.399321] ? ktime_get_ts64+0x86/0x230 [ 26.399349] kunit_try_run_case+0x1a5/0x480 [ 26.399374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.399396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.399420] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.399450] ? __kthread_parkme+0x82/0x180 [ 26.399473] ? preempt_count_sub+0x50/0x80 [ 26.399499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.399522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.399551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.399579] kthread+0x337/0x6f0 [ 26.399602] ? trace_preempt_on+0x20/0xc0 [ 26.399628] ? __pfx_kthread+0x10/0x10 [ 26.399652] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.399680] ? calculate_sigpending+0x7b/0xa0 [ 26.399710] ? __pfx_kthread+0x10/0x10 [ 26.399735] ret_from_fork+0x116/0x1d0 [ 26.399756] ? __pfx_kthread+0x10/0x10 [ 26.399780] ret_from_fork_asm+0x1a/0x30 [ 26.399860] </TASK> [ 26.399876] [ 26.413274] Allocated by task 313: [ 26.413557] kasan_save_stack+0x45/0x70 [ 26.413710] kasan_save_track+0x18/0x40 [ 26.414064] kasan_save_alloc_info+0x3b/0x50 [ 26.414604] __kasan_kmalloc+0xb7/0xc0 [ 26.415058] __kmalloc_cache_noprof+0x189/0x420 [ 26.415510] kasan_atomics+0x95/0x310 [ 26.415913] kunit_try_run_case+0x1a5/0x480 [ 26.416101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.416291] kthread+0x337/0x6f0 [ 26.416411] ret_from_fork+0x116/0x1d0 [ 26.416540] ret_from_fork_asm+0x1a/0x30 [ 26.416678] [ 26.416745] The buggy address belongs to the object at ffff8881059cb500 [ 26.416745] which belongs to the cache kmalloc-64 of size 64 [ 26.417971] The buggy address is located 0 bytes to the right of [ 26.417971] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.419389] [ 26.419579] The buggy address belongs to the physical page: [ 26.420112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.420801] flags: 0x200000000000000(node=0|zone=2) [ 26.421396] page_type: f5(slab) [ 26.421812] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.422146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.422386] page dumped because: kasan: bad access detected [ 26.422554] [ 26.422619] Memory state around the buggy address: [ 26.422838] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.423531] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.424360] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.425206] ^ [ 26.425636] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.426394] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.427127] ================================================================== [ 25.888698] ================================================================== [ 25.889635] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 25.890574] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 25.891259] [ 25.891437] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.891491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.891503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.891526] Call Trace: [ 25.891542] <TASK> [ 25.891562] dump_stack_lvl+0x73/0xb0 [ 25.891594] print_report+0xd1/0x610 [ 25.891618] ? __virt_addr_valid+0x1db/0x2d0 [ 25.891643] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.891672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.891700] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.891729] kasan_report+0x141/0x180 [ 25.891763] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.891797] __asan_report_store4_noabort+0x1b/0x30 [ 25.891863] kasan_atomics_helper+0x4ba2/0x5450 [ 25.891909] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.891938] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.891966] ? kasan_atomics+0x152/0x310 [ 25.891994] kasan_atomics+0x1dc/0x310 [ 25.892019] ? __pfx_kasan_atomics+0x10/0x10 [ 25.892046] ? __pfx_read_tsc+0x10/0x10 [ 25.892072] ? ktime_get_ts64+0x86/0x230 [ 25.892099] kunit_try_run_case+0x1a5/0x480 [ 25.892122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.892143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.892166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.892195] ? __kthread_parkme+0x82/0x180 [ 25.892217] ? preempt_count_sub+0x50/0x80 [ 25.892304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.892329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.892356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.892384] kthread+0x337/0x6f0 [ 25.892405] ? trace_preempt_on+0x20/0xc0 [ 25.892430] ? __pfx_kthread+0x10/0x10 [ 25.892453] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.892481] ? calculate_sigpending+0x7b/0xa0 [ 25.892509] ? __pfx_kthread+0x10/0x10 [ 25.892532] ret_from_fork+0x116/0x1d0 [ 25.892552] ? __pfx_kthread+0x10/0x10 [ 25.892575] ret_from_fork_asm+0x1a/0x30 [ 25.892610] </TASK> [ 25.892621] [ 25.905283] Allocated by task 313: [ 25.905443] kasan_save_stack+0x45/0x70 [ 25.906014] kasan_save_track+0x18/0x40 [ 25.906381] kasan_save_alloc_info+0x3b/0x50 [ 25.906751] __kasan_kmalloc+0xb7/0xc0 [ 25.907147] __kmalloc_cache_noprof+0x189/0x420 [ 25.907657] kasan_atomics+0x95/0x310 [ 25.907870] kunit_try_run_case+0x1a5/0x480 [ 25.908308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.908689] kthread+0x337/0x6f0 [ 25.908848] ret_from_fork+0x116/0x1d0 [ 25.909282] ret_from_fork_asm+0x1a/0x30 [ 25.909681] [ 25.909843] The buggy address belongs to the object at ffff8881059cb500 [ 25.909843] which belongs to the cache kmalloc-64 of size 64 [ 25.910991] The buggy address is located 0 bytes to the right of [ 25.910991] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 25.911562] [ 25.911633] The buggy address belongs to the physical page: [ 25.911826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 25.912601] flags: 0x200000000000000(node=0|zone=2) [ 25.913097] page_type: f5(slab) [ 25.913459] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.914381] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.915281] page dumped because: kasan: bad access detected [ 25.915547] [ 25.915612] Memory state around the buggy address: [ 25.915827] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.916449] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.917180] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.917953] ^ [ 25.918376] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.918630] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.919208] ================================================================== [ 27.336908] ================================================================== [ 27.337235] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 27.337747] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.338281] [ 27.338628] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.338795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.338811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.338848] Call Trace: [ 27.338869] <TASK> [ 27.338892] dump_stack_lvl+0x73/0xb0 [ 27.338927] print_report+0xd1/0x610 [ 27.338951] ? __virt_addr_valid+0x1db/0x2d0 [ 27.338977] ? kasan_atomics_helper+0x2006/0x5450 [ 27.339007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.339036] ? kasan_atomics_helper+0x2006/0x5450 [ 27.339068] kasan_report+0x141/0x180 [ 27.339092] ? kasan_atomics_helper+0x2006/0x5450 [ 27.339128] kasan_check_range+0x10c/0x1c0 [ 27.339154] __kasan_check_write+0x18/0x20 [ 27.339182] kasan_atomics_helper+0x2006/0x5450 [ 27.339213] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.339255] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.339284] ? kasan_atomics+0x152/0x310 [ 27.339314] kasan_atomics+0x1dc/0x310 [ 27.339340] ? __pfx_kasan_atomics+0x10/0x10 [ 27.339367] ? __pfx_read_tsc+0x10/0x10 [ 27.339395] ? ktime_get_ts64+0x86/0x230 [ 27.339424] kunit_try_run_case+0x1a5/0x480 [ 27.339449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.339471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.339494] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.339525] ? __kthread_parkme+0x82/0x180 [ 27.339547] ? preempt_count_sub+0x50/0x80 [ 27.339572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.339596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.339624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.339651] kthread+0x337/0x6f0 [ 27.339674] ? trace_preempt_on+0x20/0xc0 [ 27.339700] ? __pfx_kthread+0x10/0x10 [ 27.339724] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.339753] ? calculate_sigpending+0x7b/0xa0 [ 27.339785] ? __pfx_kthread+0x10/0x10 [ 27.339810] ret_from_fork+0x116/0x1d0 [ 27.339843] ? __pfx_kthread+0x10/0x10 [ 27.339867] ret_from_fork_asm+0x1a/0x30 [ 27.339905] </TASK> [ 27.339917] [ 27.352317] Allocated by task 313: [ 27.352700] kasan_save_stack+0x45/0x70 [ 27.352898] kasan_save_track+0x18/0x40 [ 27.353326] kasan_save_alloc_info+0x3b/0x50 [ 27.353582] __kasan_kmalloc+0xb7/0xc0 [ 27.353712] __kmalloc_cache_noprof+0x189/0x420 [ 27.353894] kasan_atomics+0x95/0x310 [ 27.354288] kunit_try_run_case+0x1a5/0x480 [ 27.354688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.355232] kthread+0x337/0x6f0 [ 27.355589] ret_from_fork+0x116/0x1d0 [ 27.355952] ret_from_fork_asm+0x1a/0x30 [ 27.356088] [ 27.356154] The buggy address belongs to the object at ffff8881059cb500 [ 27.356154] which belongs to the cache kmalloc-64 of size 64 [ 27.356503] The buggy address is located 0 bytes to the right of [ 27.356503] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.356885] [ 27.356964] The buggy address belongs to the physical page: [ 27.357210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.357510] flags: 0x200000000000000(node=0|zone=2) [ 27.357682] page_type: f5(slab) [ 27.357844] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.358365] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.358635] page dumped because: kasan: bad access detected [ 27.358797] [ 27.358860] Memory state around the buggy address: [ 27.359006] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.359332] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.359755] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.360346] ^ [ 27.360561] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.360948] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.361163] ================================================================== [ 25.995619] ================================================================== [ 25.996307] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 25.996861] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 25.997458] [ 25.997697] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.997759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.997774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.997905] Call Trace: [ 25.997928] <TASK> [ 25.997951] dump_stack_lvl+0x73/0xb0 [ 25.997985] print_report+0xd1/0x610 [ 25.998010] ? __virt_addr_valid+0x1db/0x2d0 [ 25.998037] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.998067] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.998098] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.998129] kasan_report+0x141/0x180 [ 25.998154] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.998189] __asan_report_load4_noabort+0x18/0x20 [ 25.998217] kasan_atomics_helper+0x4b54/0x5450 [ 25.998318] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.998351] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.998381] ? kasan_atomics+0x152/0x310 [ 25.998412] kasan_atomics+0x1dc/0x310 [ 25.998438] ? __pfx_kasan_atomics+0x10/0x10 [ 25.998466] ? __pfx_read_tsc+0x10/0x10 [ 25.998494] ? ktime_get_ts64+0x86/0x230 [ 25.998522] kunit_try_run_case+0x1a5/0x480 [ 25.998547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.998570] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.998595] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.998627] ? __kthread_parkme+0x82/0x180 [ 25.998651] ? preempt_count_sub+0x50/0x80 [ 25.998677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.998701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.998730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.998797] kthread+0x337/0x6f0 [ 25.998823] ? trace_preempt_on+0x20/0xc0 [ 25.998851] ? __pfx_kthread+0x10/0x10 [ 25.998877] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.998906] ? calculate_sigpending+0x7b/0xa0 [ 25.998935] ? __pfx_kthread+0x10/0x10 [ 25.998960] ret_from_fork+0x116/0x1d0 [ 25.998982] ? __pfx_kthread+0x10/0x10 [ 25.999006] ret_from_fork_asm+0x1a/0x30 [ 25.999042] </TASK> [ 25.999056] [ 26.010297] Allocated by task 313: [ 26.010483] kasan_save_stack+0x45/0x70 [ 26.010651] kasan_save_track+0x18/0x40 [ 26.010839] kasan_save_alloc_info+0x3b/0x50 [ 26.011107] __kasan_kmalloc+0xb7/0xc0 [ 26.011265] __kmalloc_cache_noprof+0x189/0x420 [ 26.011492] kasan_atomics+0x95/0x310 [ 26.011673] kunit_try_run_case+0x1a5/0x480 [ 26.011854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.012320] kthread+0x337/0x6f0 [ 26.012459] ret_from_fork+0x116/0x1d0 [ 26.012646] ret_from_fork_asm+0x1a/0x30 [ 26.012992] [ 26.013077] The buggy address belongs to the object at ffff8881059cb500 [ 26.013077] which belongs to the cache kmalloc-64 of size 64 [ 26.013581] The buggy address is located 0 bytes to the right of [ 26.013581] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.014159] [ 26.014292] The buggy address belongs to the physical page: [ 26.014505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.014902] flags: 0x200000000000000(node=0|zone=2) [ 26.015094] page_type: f5(slab) [ 26.015272] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.015578] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.015862] page dumped because: kasan: bad access detected [ 26.016028] [ 26.016114] Memory state around the buggy address: [ 26.016429] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.016693] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.016904] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.017111] ^ [ 26.017437] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.017763] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.018078] ================================================================== [ 27.142067] ================================================================== [ 27.142852] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 27.143588] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.144363] [ 27.144606] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.144674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.144688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.144712] Call Trace: [ 27.144734] <TASK> [ 27.144756] dump_stack_lvl+0x73/0xb0 [ 27.144808] print_report+0xd1/0x610 [ 27.144833] ? __virt_addr_valid+0x1db/0x2d0 [ 27.144870] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.144901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.144952] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.144983] kasan_report+0x141/0x180 [ 27.145006] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.145041] kasan_check_range+0x10c/0x1c0 [ 27.145068] __kasan_check_write+0x18/0x20 [ 27.145095] kasan_atomics_helper+0x1c18/0x5450 [ 27.145127] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.145158] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.145186] ? kasan_atomics+0x152/0x310 [ 27.145222] kasan_atomics+0x1dc/0x310 [ 27.145258] ? __pfx_kasan_atomics+0x10/0x10 [ 27.145285] ? __pfx_read_tsc+0x10/0x10 [ 27.145311] ? ktime_get_ts64+0x86/0x230 [ 27.145340] kunit_try_run_case+0x1a5/0x480 [ 27.145363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.145385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.145409] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.145440] ? __kthread_parkme+0x82/0x180 [ 27.145462] ? preempt_count_sub+0x50/0x80 [ 27.145487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.145511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.145539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.145568] kthread+0x337/0x6f0 [ 27.145590] ? trace_preempt_on+0x20/0xc0 [ 27.145617] ? __pfx_kthread+0x10/0x10 [ 27.145640] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.145668] ? calculate_sigpending+0x7b/0xa0 [ 27.145698] ? __pfx_kthread+0x10/0x10 [ 27.145723] ret_from_fork+0x116/0x1d0 [ 27.145743] ? __pfx_kthread+0x10/0x10 [ 27.145792] ret_from_fork_asm+0x1a/0x30 [ 27.145839] </TASK> [ 27.145852] [ 27.163344] Allocated by task 313: [ 27.164081] kasan_save_stack+0x45/0x70 [ 27.164721] kasan_save_track+0x18/0x40 [ 27.165512] kasan_save_alloc_info+0x3b/0x50 [ 27.165979] __kasan_kmalloc+0xb7/0xc0 [ 27.166380] __kmalloc_cache_noprof+0x189/0x420 [ 27.166932] kasan_atomics+0x95/0x310 [ 27.167215] kunit_try_run_case+0x1a5/0x480 [ 27.167375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.167949] kthread+0x337/0x6f0 [ 27.168323] ret_from_fork+0x116/0x1d0 [ 27.168654] ret_from_fork_asm+0x1a/0x30 [ 27.168933] [ 27.169163] The buggy address belongs to the object at ffff8881059cb500 [ 27.169163] which belongs to the cache kmalloc-64 of size 64 [ 27.170083] The buggy address is located 0 bytes to the right of [ 27.170083] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.170998] [ 27.171138] The buggy address belongs to the physical page: [ 27.171510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.172086] flags: 0x200000000000000(node=0|zone=2) [ 27.172354] page_type: f5(slab) [ 27.172684] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.173136] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.173382] page dumped because: kasan: bad access detected [ 27.173554] [ 27.173621] Memory state around the buggy address: [ 27.173957] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.174426] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.174860] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.175161] ^ [ 27.175332] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.175955] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.176533] ================================================================== [ 25.860419] ================================================================== [ 25.861022] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 25.861378] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 25.861686] [ 25.861799] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.861858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.861872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.861896] Call Trace: [ 25.861911] <TASK> [ 25.861933] dump_stack_lvl+0x73/0xb0 [ 25.862174] print_report+0xd1/0x610 [ 25.862202] ? __virt_addr_valid+0x1db/0x2d0 [ 25.862230] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.862279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.862308] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.862337] kasan_report+0x141/0x180 [ 25.862360] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.862394] __asan_report_load4_noabort+0x18/0x20 [ 25.862421] kasan_atomics_helper+0x4bbc/0x5450 [ 25.862451] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.862480] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.862509] ? kasan_atomics+0x152/0x310 [ 25.862537] kasan_atomics+0x1dc/0x310 [ 25.862562] ? __pfx_kasan_atomics+0x10/0x10 [ 25.862589] ? __pfx_read_tsc+0x10/0x10 [ 25.862615] ? ktime_get_ts64+0x86/0x230 [ 25.862644] kunit_try_run_case+0x1a5/0x480 [ 25.862669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.862690] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.862713] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.862743] ? __kthread_parkme+0x82/0x180 [ 25.862765] ? preempt_count_sub+0x50/0x80 [ 25.862790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.862812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.862903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.862936] kthread+0x337/0x6f0 [ 25.862958] ? trace_preempt_on+0x20/0xc0 [ 25.862986] ? __pfx_kthread+0x10/0x10 [ 25.863008] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.863035] ? calculate_sigpending+0x7b/0xa0 [ 25.863064] ? __pfx_kthread+0x10/0x10 [ 25.863088] ret_from_fork+0x116/0x1d0 [ 25.863109] ? __pfx_kthread+0x10/0x10 [ 25.863132] ret_from_fork_asm+0x1a/0x30 [ 25.863168] </TASK> [ 25.863180] [ 25.871642] Allocated by task 313: [ 25.871791] kasan_save_stack+0x45/0x70 [ 25.871943] kasan_save_track+0x18/0x40 [ 25.872073] kasan_save_alloc_info+0x3b/0x50 [ 25.872217] __kasan_kmalloc+0xb7/0xc0 [ 25.872704] __kmalloc_cache_noprof+0x189/0x420 [ 25.873366] kasan_atomics+0x95/0x310 [ 25.873693] kunit_try_run_case+0x1a5/0x480 [ 25.874041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.874789] kthread+0x337/0x6f0 [ 25.875205] ret_from_fork+0x116/0x1d0 [ 25.875661] ret_from_fork_asm+0x1a/0x30 [ 25.876220] [ 25.876391] The buggy address belongs to the object at ffff8881059cb500 [ 25.876391] which belongs to the cache kmalloc-64 of size 64 [ 25.877920] The buggy address is located 0 bytes to the right of [ 25.877920] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 25.879502] [ 25.879665] The buggy address belongs to the physical page: [ 25.880315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 25.881341] flags: 0x200000000000000(node=0|zone=2) [ 25.881930] page_type: f5(slab) [ 25.882333] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.883089] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.883738] page dumped because: kasan: bad access detected [ 25.884208] [ 25.884371] Memory state around the buggy address: [ 25.884559] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.884849] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.885470] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.886174] ^ [ 25.886604] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.886888] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.887590] ================================================================== [ 27.227333] ================================================================== [ 27.228075] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 27.228771] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.229522] [ 27.229745] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.229800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.229832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.229857] Call Trace: [ 27.229878] <TASK> [ 27.229900] dump_stack_lvl+0x73/0xb0 [ 27.229932] print_report+0xd1/0x610 [ 27.229956] ? __virt_addr_valid+0x1db/0x2d0 [ 27.229981] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.230011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.230041] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.230071] kasan_report+0x141/0x180 [ 27.230095] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.230130] kasan_check_range+0x10c/0x1c0 [ 27.230157] __kasan_check_write+0x18/0x20 [ 27.230184] kasan_atomics_helper+0x1d7a/0x5450 [ 27.230216] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.230257] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.230286] ? kasan_atomics+0x152/0x310 [ 27.230315] kasan_atomics+0x1dc/0x310 [ 27.230342] ? __pfx_kasan_atomics+0x10/0x10 [ 27.230368] ? __pfx_read_tsc+0x10/0x10 [ 27.230395] ? ktime_get_ts64+0x86/0x230 [ 27.230447] kunit_try_run_case+0x1a5/0x480 [ 27.230493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.230516] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.230539] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.230570] ? __kthread_parkme+0x82/0x180 [ 27.230592] ? preempt_count_sub+0x50/0x80 [ 27.230617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.230641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.230669] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.230697] kthread+0x337/0x6f0 [ 27.230719] ? trace_preempt_on+0x20/0xc0 [ 27.230762] ? __pfx_kthread+0x10/0x10 [ 27.230787] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.230830] ? calculate_sigpending+0x7b/0xa0 [ 27.230860] ? __pfx_kthread+0x10/0x10 [ 27.230885] ret_from_fork+0x116/0x1d0 [ 27.230907] ? __pfx_kthread+0x10/0x10 [ 27.230931] ret_from_fork_asm+0x1a/0x30 [ 27.230966] </TASK> [ 27.230980] [ 27.243999] Allocated by task 313: [ 27.244136] kasan_save_stack+0x45/0x70 [ 27.244301] kasan_save_track+0x18/0x40 [ 27.244480] kasan_save_alloc_info+0x3b/0x50 [ 27.244654] __kasan_kmalloc+0xb7/0xc0 [ 27.244833] __kmalloc_cache_noprof+0x189/0x420 [ 27.245027] kasan_atomics+0x95/0x310 [ 27.245200] kunit_try_run_case+0x1a5/0x480 [ 27.245375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.245552] kthread+0x337/0x6f0 [ 27.245685] ret_from_fork+0x116/0x1d0 [ 27.245887] ret_from_fork_asm+0x1a/0x30 [ 27.246135] [ 27.246216] The buggy address belongs to the object at ffff8881059cb500 [ 27.246216] which belongs to the cache kmalloc-64 of size 64 [ 27.246574] The buggy address is located 0 bytes to the right of [ 27.246574] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.247431] [ 27.247626] The buggy address belongs to the physical page: [ 27.247914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.248255] flags: 0x200000000000000(node=0|zone=2) [ 27.248435] page_type: f5(slab) [ 27.248554] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.248780] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.249502] page dumped because: kasan: bad access detected [ 27.249982] [ 27.250101] Memory state around the buggy address: [ 27.250295] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.250505] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.250734] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.251049] ^ [ 27.251287] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.251609] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.251886] ================================================================== [ 27.383349] ================================================================== [ 27.383663] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 27.384364] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.384697] [ 27.384844] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.384937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.384952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.384977] Call Trace: [ 27.385000] <TASK> [ 27.385033] dump_stack_lvl+0x73/0xb0 [ 27.385066] print_report+0xd1/0x610 [ 27.385091] ? __virt_addr_valid+0x1db/0x2d0 [ 27.385117] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.385147] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.385177] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.385256] kasan_report+0x141/0x180 [ 27.385281] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.385316] kasan_check_range+0x10c/0x1c0 [ 27.385342] __kasan_check_write+0x18/0x20 [ 27.385370] kasan_atomics_helper+0x20c8/0x5450 [ 27.385401] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.385432] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.385462] ? kasan_atomics+0x152/0x310 [ 27.385492] kasan_atomics+0x1dc/0x310 [ 27.385518] ? __pfx_kasan_atomics+0x10/0x10 [ 27.385545] ? __pfx_read_tsc+0x10/0x10 [ 27.385572] ? ktime_get_ts64+0x86/0x230 [ 27.385601] kunit_try_run_case+0x1a5/0x480 [ 27.385626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.385648] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.385672] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.385704] ? __kthread_parkme+0x82/0x180 [ 27.385727] ? preempt_count_sub+0x50/0x80 [ 27.385753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.385776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.385806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.385845] kthread+0x337/0x6f0 [ 27.385869] ? trace_preempt_on+0x20/0xc0 [ 27.385895] ? __pfx_kthread+0x10/0x10 [ 27.385919] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.385948] ? calculate_sigpending+0x7b/0xa0 [ 27.385977] ? __pfx_kthread+0x10/0x10 [ 27.386003] ret_from_fork+0x116/0x1d0 [ 27.386025] ? __pfx_kthread+0x10/0x10 [ 27.386048] ret_from_fork_asm+0x1a/0x30 [ 27.386083] </TASK> [ 27.386096] [ 27.393949] Allocated by task 313: [ 27.394085] kasan_save_stack+0x45/0x70 [ 27.394221] kasan_save_track+0x18/0x40 [ 27.394358] kasan_save_alloc_info+0x3b/0x50 [ 27.394496] __kasan_kmalloc+0xb7/0xc0 [ 27.394616] __kmalloc_cache_noprof+0x189/0x420 [ 27.394816] kasan_atomics+0x95/0x310 [ 27.395059] kunit_try_run_case+0x1a5/0x480 [ 27.395303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.395551] kthread+0x337/0x6f0 [ 27.395718] ret_from_fork+0x116/0x1d0 [ 27.395977] ret_from_fork_asm+0x1a/0x30 [ 27.396211] [ 27.396312] The buggy address belongs to the object at ffff8881059cb500 [ 27.396312] which belongs to the cache kmalloc-64 of size 64 [ 27.396862] The buggy address is located 0 bytes to the right of [ 27.396862] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.397466] [ 27.397556] The buggy address belongs to the physical page: [ 27.397831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.398179] flags: 0x200000000000000(node=0|zone=2) [ 27.398453] page_type: f5(slab) [ 27.398660] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.398986] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.399629] page dumped because: kasan: bad access detected [ 27.399915] [ 27.400004] Memory state around the buggy address: [ 27.400221] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.400546] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.400947] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.401344] ^ [ 27.401620] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.401935] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.402136] ================================================================== [ 27.083528] ================================================================== [ 27.084001] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 27.084296] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.084627] [ 27.084739] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.084804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.084819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.084844] Call Trace: [ 27.084864] <TASK> [ 27.084886] dump_stack_lvl+0x73/0xb0 [ 27.084917] print_report+0xd1/0x610 [ 27.084942] ? __virt_addr_valid+0x1db/0x2d0 [ 27.084967] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.084997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.085072] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.085107] kasan_report+0x141/0x180 [ 27.085132] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.085167] kasan_check_range+0x10c/0x1c0 [ 27.085199] __kasan_check_write+0x18/0x20 [ 27.085227] kasan_atomics_helper+0x1a7f/0x5450 [ 27.085269] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.085299] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.085328] ? kasan_atomics+0x152/0x310 [ 27.085357] kasan_atomics+0x1dc/0x310 [ 27.085384] ? __pfx_kasan_atomics+0x10/0x10 [ 27.085411] ? __pfx_read_tsc+0x10/0x10 [ 27.085437] ? ktime_get_ts64+0x86/0x230 [ 27.085465] kunit_try_run_case+0x1a5/0x480 [ 27.085489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.085511] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.085534] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.085566] ? __kthread_parkme+0x82/0x180 [ 27.085589] ? preempt_count_sub+0x50/0x80 [ 27.085614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.085638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.085667] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.085695] kthread+0x337/0x6f0 [ 27.085718] ? trace_preempt_on+0x20/0xc0 [ 27.085784] ? __pfx_kthread+0x10/0x10 [ 27.085812] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.085852] ? calculate_sigpending+0x7b/0xa0 [ 27.085881] ? __pfx_kthread+0x10/0x10 [ 27.085907] ret_from_fork+0x116/0x1d0 [ 27.085929] ? __pfx_kthread+0x10/0x10 [ 27.085953] ret_from_fork_asm+0x1a/0x30 [ 27.085989] </TASK> [ 27.086001] [ 27.094649] Allocated by task 313: [ 27.094800] kasan_save_stack+0x45/0x70 [ 27.094952] kasan_save_track+0x18/0x40 [ 27.095087] kasan_save_alloc_info+0x3b/0x50 [ 27.095274] __kasan_kmalloc+0xb7/0xc0 [ 27.095435] __kmalloc_cache_noprof+0x189/0x420 [ 27.095675] kasan_atomics+0x95/0x310 [ 27.095883] kunit_try_run_case+0x1a5/0x480 [ 27.096027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.096548] kthread+0x337/0x6f0 [ 27.096789] ret_from_fork+0x116/0x1d0 [ 27.097265] ret_from_fork_asm+0x1a/0x30 [ 27.097632] [ 27.097837] The buggy address belongs to the object at ffff8881059cb500 [ 27.097837] which belongs to the cache kmalloc-64 of size 64 [ 27.098272] The buggy address is located 0 bytes to the right of [ 27.098272] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.099308] [ 27.099508] The buggy address belongs to the physical page: [ 27.100192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.100933] flags: 0x200000000000000(node=0|zone=2) [ 27.101490] page_type: f5(slab) [ 27.101829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.102461] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.103022] page dumped because: kasan: bad access detected [ 27.103495] [ 27.103562] Memory state around the buggy address: [ 27.103720] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.103942] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.104156] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.104765] ^ [ 27.105220] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.105611] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.106173] ================================================================== [ 26.778653] ================================================================== [ 26.779006] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 26.779456] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.779981] [ 26.780070] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.780121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.780135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.780171] Call Trace: [ 26.780193] <TASK> [ 26.780212] dump_stack_lvl+0x73/0xb0 [ 26.780266] print_report+0xd1/0x610 [ 26.780290] ? __virt_addr_valid+0x1db/0x2d0 [ 26.780319] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.780358] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.780389] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.780419] kasan_report+0x141/0x180 [ 26.780453] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.780488] kasan_check_range+0x10c/0x1c0 [ 26.780524] __kasan_check_read+0x15/0x20 [ 26.780551] kasan_atomics_helper+0x13b5/0x5450 [ 26.780583] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.780624] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.780653] ? kasan_atomics+0x152/0x310 [ 26.780691] kasan_atomics+0x1dc/0x310 [ 26.780717] ? __pfx_kasan_atomics+0x10/0x10 [ 26.780744] ? __pfx_read_tsc+0x10/0x10 [ 26.780798] ? ktime_get_ts64+0x86/0x230 [ 26.780826] kunit_try_run_case+0x1a5/0x480 [ 26.780860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.780882] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.780907] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.780938] ? __kthread_parkme+0x82/0x180 [ 26.780960] ? preempt_count_sub+0x50/0x80 [ 26.780986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.781010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.781038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.781067] kthread+0x337/0x6f0 [ 26.781090] ? trace_preempt_on+0x20/0xc0 [ 26.781116] ? __pfx_kthread+0x10/0x10 [ 26.781140] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.781168] ? calculate_sigpending+0x7b/0xa0 [ 26.781200] ? __pfx_kthread+0x10/0x10 [ 26.781226] ret_from_fork+0x116/0x1d0 [ 26.781256] ? __pfx_kthread+0x10/0x10 [ 26.781279] ret_from_fork_asm+0x1a/0x30 [ 26.781316] </TASK> [ 26.781329] [ 26.792616] Allocated by task 313: [ 26.792968] kasan_save_stack+0x45/0x70 [ 26.793581] kasan_save_track+0x18/0x40 [ 26.794001] kasan_save_alloc_info+0x3b/0x50 [ 26.794166] __kasan_kmalloc+0xb7/0xc0 [ 26.794308] __kmalloc_cache_noprof+0x189/0x420 [ 26.794463] kasan_atomics+0x95/0x310 [ 26.794594] kunit_try_run_case+0x1a5/0x480 [ 26.794734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.795235] kthread+0x337/0x6f0 [ 26.796002] ret_from_fork+0x116/0x1d0 [ 26.796407] ret_from_fork_asm+0x1a/0x30 [ 26.796777] [ 26.796994] The buggy address belongs to the object at ffff8881059cb500 [ 26.796994] which belongs to the cache kmalloc-64 of size 64 [ 26.798116] The buggy address is located 0 bytes to the right of [ 26.798116] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.799298] [ 26.799458] The buggy address belongs to the physical page: [ 26.799980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.800517] flags: 0x200000000000000(node=0|zone=2) [ 26.801106] page_type: f5(slab) [ 26.801330] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.801561] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.801794] page dumped because: kasan: bad access detected [ 26.801960] [ 26.802024] Memory state around the buggy address: [ 26.802174] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.802427] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.802710] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.802926] ^ [ 26.803120] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.803464] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.803738] ================================================================== [ 26.078028] ================================================================== [ 26.078647] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 26.079268] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.079497] [ 26.079585] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.079638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.079652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.079675] Call Trace: [ 26.079699] <TASK> [ 26.079722] dump_stack_lvl+0x73/0xb0 [ 26.079799] print_report+0xd1/0x610 [ 26.079839] ? __virt_addr_valid+0x1db/0x2d0 [ 26.079866] ? kasan_atomics_helper+0x565/0x5450 [ 26.079896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.079926] ? kasan_atomics_helper+0x565/0x5450 [ 26.079957] kasan_report+0x141/0x180 [ 26.079981] ? kasan_atomics_helper+0x565/0x5450 [ 26.080015] kasan_check_range+0x10c/0x1c0 [ 26.080042] __kasan_check_write+0x18/0x20 [ 26.080071] kasan_atomics_helper+0x565/0x5450 [ 26.080101] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.080132] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.080162] ? kasan_atomics+0x152/0x310 [ 26.080191] kasan_atomics+0x1dc/0x310 [ 26.080217] ? __pfx_kasan_atomics+0x10/0x10 [ 26.080255] ? __pfx_read_tsc+0x10/0x10 [ 26.080281] ? ktime_get_ts64+0x86/0x230 [ 26.080310] kunit_try_run_case+0x1a5/0x480 [ 26.080334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.080357] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.080381] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.080412] ? __kthread_parkme+0x82/0x180 [ 26.080435] ? preempt_count_sub+0x50/0x80 [ 26.080461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.080485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.080514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.080543] kthread+0x337/0x6f0 [ 26.080565] ? trace_preempt_on+0x20/0xc0 [ 26.080592] ? __pfx_kthread+0x10/0x10 [ 26.080616] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.080645] ? calculate_sigpending+0x7b/0xa0 [ 26.080674] ? __pfx_kthread+0x10/0x10 [ 26.080699] ret_from_fork+0x116/0x1d0 [ 26.080720] ? __pfx_kthread+0x10/0x10 [ 26.080746] ret_from_fork_asm+0x1a/0x30 [ 26.080822] </TASK> [ 26.080835] [ 26.090689] Allocated by task 313: [ 26.090885] kasan_save_stack+0x45/0x70 [ 26.091256] kasan_save_track+0x18/0x40 [ 26.091598] kasan_save_alloc_info+0x3b/0x50 [ 26.091821] __kasan_kmalloc+0xb7/0xc0 [ 26.092515] __kmalloc_cache_noprof+0x189/0x420 [ 26.092721] kasan_atomics+0x95/0x310 [ 26.092906] kunit_try_run_case+0x1a5/0x480 [ 26.093086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.093578] kthread+0x337/0x6f0 [ 26.093742] ret_from_fork+0x116/0x1d0 [ 26.093873] ret_from_fork_asm+0x1a/0x30 [ 26.094009] [ 26.094078] The buggy address belongs to the object at ffff8881059cb500 [ 26.094078] which belongs to the cache kmalloc-64 of size 64 [ 26.095545] The buggy address is located 0 bytes to the right of [ 26.095545] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.097071] [ 26.097174] The buggy address belongs to the physical page: [ 26.097380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.097633] flags: 0x200000000000000(node=0|zone=2) [ 26.097823] page_type: f5(slab) [ 26.097970] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.098271] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.098558] page dumped because: kasan: bad access detected [ 26.098772] [ 26.098854] Memory state around the buggy address: [ 26.099059] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.100020] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.100258] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.101324] ^ [ 26.102043] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.103234] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.104546] ================================================================== [ 26.510202] ================================================================== [ 26.510675] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 26.511086] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.511426] [ 26.511642] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.511694] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.511708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.511732] Call Trace: [ 26.511752] <TASK> [ 26.511772] dump_stack_lvl+0x73/0xb0 [ 26.511803] print_report+0xd1/0x610 [ 26.511828] ? __virt_addr_valid+0x1db/0x2d0 [ 26.511853] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.511884] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.511913] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.511944] kasan_report+0x141/0x180 [ 26.511969] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.512004] kasan_check_range+0x10c/0x1c0 [ 26.512031] __kasan_check_write+0x18/0x20 [ 26.512068] kasan_atomics_helper+0xfa9/0x5450 [ 26.512113] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.512152] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.512192] ? kasan_atomics+0x152/0x310 [ 26.512221] kasan_atomics+0x1dc/0x310 [ 26.512256] ? __pfx_kasan_atomics+0x10/0x10 [ 26.512284] ? __pfx_read_tsc+0x10/0x10 [ 26.512310] ? ktime_get_ts64+0x86/0x230 [ 26.512339] kunit_try_run_case+0x1a5/0x480 [ 26.512363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.512386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.512410] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.512441] ? __kthread_parkme+0x82/0x180 [ 26.512465] ? preempt_count_sub+0x50/0x80 [ 26.512490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.512515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.512551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.512580] kthread+0x337/0x6f0 [ 26.512613] ? trace_preempt_on+0x20/0xc0 [ 26.512640] ? __pfx_kthread+0x10/0x10 [ 26.512664] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.512693] ? calculate_sigpending+0x7b/0xa0 [ 26.512722] ? __pfx_kthread+0x10/0x10 [ 26.512746] ret_from_fork+0x116/0x1d0 [ 26.512779] ? __pfx_kthread+0x10/0x10 [ 26.512803] ret_from_fork_asm+0x1a/0x30 [ 26.512849] </TASK> [ 26.512862] [ 26.521012] Allocated by task 313: [ 26.521142] kasan_save_stack+0x45/0x70 [ 26.521305] kasan_save_track+0x18/0x40 [ 26.521435] kasan_save_alloc_info+0x3b/0x50 [ 26.521579] __kasan_kmalloc+0xb7/0xc0 [ 26.521707] __kmalloc_cache_noprof+0x189/0x420 [ 26.521972] kasan_atomics+0x95/0x310 [ 26.522410] kunit_try_run_case+0x1a5/0x480 [ 26.522614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.522893] kthread+0x337/0x6f0 [ 26.523062] ret_from_fork+0x116/0x1d0 [ 26.523260] ret_from_fork_asm+0x1a/0x30 [ 26.523671] [ 26.523819] The buggy address belongs to the object at ffff8881059cb500 [ 26.523819] which belongs to the cache kmalloc-64 of size 64 [ 26.524400] The buggy address is located 0 bytes to the right of [ 26.524400] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.524769] [ 26.524842] The buggy address belongs to the physical page: [ 26.525231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.527443] flags: 0x200000000000000(node=0|zone=2) [ 26.528141] page_type: f5(slab) [ 26.528598] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.529570] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.530386] page dumped because: kasan: bad access detected [ 26.531133] [ 26.531448] Memory state around the buggy address: [ 26.531624] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.532277] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.533212] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.533915] ^ [ 26.534405] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.534624] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.534840] ================================================================== [ 27.497964] ================================================================== [ 27.498225] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 27.498538] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.499017] [ 27.499133] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.499184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.499198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.499224] Call Trace: [ 27.499255] <TASK> [ 27.499275] dump_stack_lvl+0x73/0xb0 [ 27.499305] print_report+0xd1/0x610 [ 27.499330] ? __virt_addr_valid+0x1db/0x2d0 [ 27.499355] ? kasan_atomics_helper+0x5115/0x5450 [ 27.499385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.499416] ? kasan_atomics_helper+0x5115/0x5450 [ 27.499446] kasan_report+0x141/0x180 [ 27.499471] ? kasan_atomics_helper+0x5115/0x5450 [ 27.499506] __asan_report_load8_noabort+0x18/0x20 [ 27.499535] kasan_atomics_helper+0x5115/0x5450 [ 27.499566] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.499598] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.499626] ? kasan_atomics+0x152/0x310 [ 27.499656] kasan_atomics+0x1dc/0x310 [ 27.499682] ? __pfx_kasan_atomics+0x10/0x10 [ 27.499712] ? __pfx_read_tsc+0x10/0x10 [ 27.499740] ? ktime_get_ts64+0x86/0x230 [ 27.499768] kunit_try_run_case+0x1a5/0x480 [ 27.499792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.499815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.499847] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.499878] ? __kthread_parkme+0x82/0x180 [ 27.499901] ? preempt_count_sub+0x50/0x80 [ 27.499927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.499951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.499980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.500010] kthread+0x337/0x6f0 [ 27.500034] ? trace_preempt_on+0x20/0xc0 [ 27.500070] ? __pfx_kthread+0x10/0x10 [ 27.500094] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.500123] ? calculate_sigpending+0x7b/0xa0 [ 27.500152] ? __pfx_kthread+0x10/0x10 [ 27.500177] ret_from_fork+0x116/0x1d0 [ 27.500199] ? __pfx_kthread+0x10/0x10 [ 27.500223] ret_from_fork_asm+0x1a/0x30 [ 27.500267] </TASK> [ 27.500279] [ 27.507291] Allocated by task 313: [ 27.507423] kasan_save_stack+0x45/0x70 [ 27.507564] kasan_save_track+0x18/0x40 [ 27.507697] kasan_save_alloc_info+0x3b/0x50 [ 27.507931] __kasan_kmalloc+0xb7/0xc0 [ 27.508116] __kmalloc_cache_noprof+0x189/0x420 [ 27.508348] kasan_atomics+0x95/0x310 [ 27.508528] kunit_try_run_case+0x1a5/0x480 [ 27.508730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.509210] kthread+0x337/0x6f0 [ 27.509387] ret_from_fork+0x116/0x1d0 [ 27.509542] ret_from_fork_asm+0x1a/0x30 [ 27.509678] [ 27.509766] The buggy address belongs to the object at ffff8881059cb500 [ 27.509766] which belongs to the cache kmalloc-64 of size 64 [ 27.510389] The buggy address is located 0 bytes to the right of [ 27.510389] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.510966] [ 27.511056] The buggy address belongs to the physical page: [ 27.511290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.511593] flags: 0x200000000000000(node=0|zone=2) [ 27.511778] page_type: f5(slab) [ 27.512035] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.512355] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.512606] page dumped because: kasan: bad access detected [ 27.512772] [ 27.512835] Memory state around the buggy address: [ 27.512988] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.513204] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.513524] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.513834] ^ [ 27.514064] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.514363] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.514573] ================================================================== [ 26.565076] ================================================================== [ 26.565361] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 26.565673] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.565989] [ 26.566075] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.566147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.566161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.566186] Call Trace: [ 26.566208] <TASK> [ 26.566227] dump_stack_lvl+0x73/0xb0 [ 26.566269] print_report+0xd1/0x610 [ 26.566294] ? __virt_addr_valid+0x1db/0x2d0 [ 26.566320] ? kasan_atomics_helper+0x1079/0x5450 [ 26.566352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.566383] ? kasan_atomics_helper+0x1079/0x5450 [ 26.566413] kasan_report+0x141/0x180 [ 26.566438] ? kasan_atomics_helper+0x1079/0x5450 [ 26.566472] kasan_check_range+0x10c/0x1c0 [ 26.566499] __kasan_check_write+0x18/0x20 [ 26.566528] kasan_atomics_helper+0x1079/0x5450 [ 26.566560] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.566590] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.566619] ? kasan_atomics+0x152/0x310 [ 26.566649] kasan_atomics+0x1dc/0x310 [ 26.566676] ? __pfx_kasan_atomics+0x10/0x10 [ 26.566703] ? __pfx_read_tsc+0x10/0x10 [ 26.566729] ? ktime_get_ts64+0x86/0x230 [ 26.566757] kunit_try_run_case+0x1a5/0x480 [ 26.566781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.566803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.566882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.566917] ? __kthread_parkme+0x82/0x180 [ 26.566940] ? preempt_count_sub+0x50/0x80 [ 26.566965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.566989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.567018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.567046] kthread+0x337/0x6f0 [ 26.567069] ? trace_preempt_on+0x20/0xc0 [ 26.567096] ? __pfx_kthread+0x10/0x10 [ 26.567120] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.567149] ? calculate_sigpending+0x7b/0xa0 [ 26.567177] ? __pfx_kthread+0x10/0x10 [ 26.567203] ret_from_fork+0x116/0x1d0 [ 26.567225] ? __pfx_kthread+0x10/0x10 [ 26.567260] ret_from_fork_asm+0x1a/0x30 [ 26.567295] </TASK> [ 26.567308] [ 26.577720] Allocated by task 313: [ 26.578143] kasan_save_stack+0x45/0x70 [ 26.578324] kasan_save_track+0x18/0x40 [ 26.578514] kasan_save_alloc_info+0x3b/0x50 [ 26.578733] __kasan_kmalloc+0xb7/0xc0 [ 26.578882] __kmalloc_cache_noprof+0x189/0x420 [ 26.579121] kasan_atomics+0x95/0x310 [ 26.579291] kunit_try_run_case+0x1a5/0x480 [ 26.579478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.579692] kthread+0x337/0x6f0 [ 26.579857] ret_from_fork+0x116/0x1d0 [ 26.580098] ret_from_fork_asm+0x1a/0x30 [ 26.580254] [ 26.580342] The buggy address belongs to the object at ffff8881059cb500 [ 26.580342] which belongs to the cache kmalloc-64 of size 64 [ 26.580947] The buggy address is located 0 bytes to the right of [ 26.580947] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.581463] [ 26.581550] The buggy address belongs to the physical page: [ 26.581780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.582641] flags: 0x200000000000000(node=0|zone=2) [ 26.582830] page_type: f5(slab) [ 26.582950] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.583168] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.583474] page dumped because: kasan: bad access detected [ 26.583722] [ 26.583811] Memory state around the buggy address: [ 26.584035] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.584784] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.585282] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.585733] ^ [ 26.586385] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.587108] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.587589] ================================================================== [ 26.755134] ================================================================== [ 26.755652] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 26.756519] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.757043] [ 26.757317] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.757393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.757407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.757432] Call Trace: [ 26.757456] <TASK> [ 26.757478] dump_stack_lvl+0x73/0xb0 [ 26.757513] print_report+0xd1/0x610 [ 26.757537] ? __virt_addr_valid+0x1db/0x2d0 [ 26.757563] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.757594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.757625] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.757655] kasan_report+0x141/0x180 [ 26.757680] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.757714] __asan_report_load4_noabort+0x18/0x20 [ 26.757741] kasan_atomics_helper+0x49ce/0x5450 [ 26.757855] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.757887] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.757916] ? kasan_atomics+0x152/0x310 [ 26.757986] kasan_atomics+0x1dc/0x310 [ 26.758013] ? __pfx_kasan_atomics+0x10/0x10 [ 26.758040] ? __pfx_read_tsc+0x10/0x10 [ 26.758069] ? ktime_get_ts64+0x86/0x230 [ 26.758097] kunit_try_run_case+0x1a5/0x480 [ 26.758122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.758145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.758169] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.758199] ? __kthread_parkme+0x82/0x180 [ 26.758222] ? preempt_count_sub+0x50/0x80 [ 26.758260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.758284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.758312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.758340] kthread+0x337/0x6f0 [ 26.758363] ? trace_preempt_on+0x20/0xc0 [ 26.758390] ? __pfx_kthread+0x10/0x10 [ 26.758413] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.758442] ? calculate_sigpending+0x7b/0xa0 [ 26.758471] ? __pfx_kthread+0x10/0x10 [ 26.758496] ret_from_fork+0x116/0x1d0 [ 26.758520] ? __pfx_kthread+0x10/0x10 [ 26.758545] ret_from_fork_asm+0x1a/0x30 [ 26.758583] </TASK> [ 26.758596] [ 26.769610] Allocated by task 313: [ 26.769826] kasan_save_stack+0x45/0x70 [ 26.770147] kasan_save_track+0x18/0x40 [ 26.770360] kasan_save_alloc_info+0x3b/0x50 [ 26.770532] __kasan_kmalloc+0xb7/0xc0 [ 26.770661] __kmalloc_cache_noprof+0x189/0x420 [ 26.770816] kasan_atomics+0x95/0x310 [ 26.771058] kunit_try_run_case+0x1a5/0x480 [ 26.771276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.771527] kthread+0x337/0x6f0 [ 26.771715] ret_from_fork+0x116/0x1d0 [ 26.771942] ret_from_fork_asm+0x1a/0x30 [ 26.772149] [ 26.772225] The buggy address belongs to the object at ffff8881059cb500 [ 26.772225] which belongs to the cache kmalloc-64 of size 64 [ 26.772626] The buggy address is located 0 bytes to the right of [ 26.772626] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.773507] [ 26.773592] The buggy address belongs to the physical page: [ 26.773944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.774270] flags: 0x200000000000000(node=0|zone=2) [ 26.774575] page_type: f5(slab) [ 26.774722] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.775125] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.775531] page dumped because: kasan: bad access detected [ 26.775803] [ 26.775901] Memory state around the buggy address: [ 26.776138] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.776532] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.776848] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.777229] ^ [ 26.777521] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.777821] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.778105] ================================================================== [ 26.804150] ================================================================== [ 26.804527] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 26.804939] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.805253] [ 26.805364] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.805418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.805433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.805458] Call Trace: [ 26.805482] <TASK> [ 26.805506] dump_stack_lvl+0x73/0xb0 [ 26.805538] print_report+0xd1/0x610 [ 26.805563] ? __virt_addr_valid+0x1db/0x2d0 [ 26.805616] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.805647] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.805677] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.805707] kasan_report+0x141/0x180 [ 26.805732] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.805774] __asan_report_load8_noabort+0x18/0x20 [ 26.805803] kasan_atomics_helper+0x4eae/0x5450 [ 26.805834] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.805865] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.805893] ? kasan_atomics+0x152/0x310 [ 26.805923] kasan_atomics+0x1dc/0x310 [ 26.805949] ? __pfx_kasan_atomics+0x10/0x10 [ 26.805976] ? __pfx_read_tsc+0x10/0x10 [ 26.806002] ? ktime_get_ts64+0x86/0x230 [ 26.806031] kunit_try_run_case+0x1a5/0x480 [ 26.806056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.806078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.806103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.806136] ? __kthread_parkme+0x82/0x180 [ 26.806159] ? preempt_count_sub+0x50/0x80 [ 26.806184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.806208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.806246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.806275] kthread+0x337/0x6f0 [ 26.806298] ? trace_preempt_on+0x20/0xc0 [ 26.806326] ? __pfx_kthread+0x10/0x10 [ 26.806349] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.806378] ? calculate_sigpending+0x7b/0xa0 [ 26.806407] ? __pfx_kthread+0x10/0x10 [ 26.806432] ret_from_fork+0x116/0x1d0 [ 26.806453] ? __pfx_kthread+0x10/0x10 [ 26.806477] ret_from_fork_asm+0x1a/0x30 [ 26.806513] </TASK> [ 26.806526] [ 26.813736] Allocated by task 313: [ 26.813902] kasan_save_stack+0x45/0x70 [ 26.814100] kasan_save_track+0x18/0x40 [ 26.814292] kasan_save_alloc_info+0x3b/0x50 [ 26.814496] __kasan_kmalloc+0xb7/0xc0 [ 26.814672] __kmalloc_cache_noprof+0x189/0x420 [ 26.814847] kasan_atomics+0x95/0x310 [ 26.814978] kunit_try_run_case+0x1a5/0x480 [ 26.815116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.815421] kthread+0x337/0x6f0 [ 26.815719] ret_from_fork+0x116/0x1d0 [ 26.816066] ret_from_fork_asm+0x1a/0x30 [ 26.816295] [ 26.816387] The buggy address belongs to the object at ffff8881059cb500 [ 26.816387] which belongs to the cache kmalloc-64 of size 64 [ 26.817089] The buggy address is located 0 bytes to the right of [ 26.817089] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.817477] [ 26.817548] The buggy address belongs to the physical page: [ 26.817718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.818081] flags: 0x200000000000000(node=0|zone=2) [ 26.818569] page_type: f5(slab) [ 26.818831] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.819153] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.819390] page dumped because: kasan: bad access detected [ 26.819572] [ 26.819661] Memory state around the buggy address: [ 26.819964] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.820295] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.820614] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.821010] ^ [ 26.821181] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.821490] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.821895] ================================================================== [ 26.487057] ================================================================== [ 26.487320] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 26.488117] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.488723] [ 26.488906] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.488960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.488975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.488999] Call Trace: [ 26.489019] <TASK> [ 26.489062] dump_stack_lvl+0x73/0xb0 [ 26.489106] print_report+0xd1/0x610 [ 26.489130] ? __virt_addr_valid+0x1db/0x2d0 [ 26.489167] ? kasan_atomics_helper+0xf10/0x5450 [ 26.489203] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.489253] ? kasan_atomics_helper+0xf10/0x5450 [ 26.489284] kasan_report+0x141/0x180 [ 26.489320] ? kasan_atomics_helper+0xf10/0x5450 [ 26.489354] kasan_check_range+0x10c/0x1c0 [ 26.489382] __kasan_check_write+0x18/0x20 [ 26.489409] kasan_atomics_helper+0xf10/0x5450 [ 26.489441] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.489471] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.489501] ? kasan_atomics+0x152/0x310 [ 26.489531] kasan_atomics+0x1dc/0x310 [ 26.489557] ? __pfx_kasan_atomics+0x10/0x10 [ 26.489587] ? __pfx_read_tsc+0x10/0x10 [ 26.489614] ? ktime_get_ts64+0x86/0x230 [ 26.489643] kunit_try_run_case+0x1a5/0x480 [ 26.489666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.489689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.489712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.489743] ? __kthread_parkme+0x82/0x180 [ 26.489792] ? preempt_count_sub+0x50/0x80 [ 26.489817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.489841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.489870] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.489899] kthread+0x337/0x6f0 [ 26.489922] ? trace_preempt_on+0x20/0xc0 [ 26.489949] ? __pfx_kthread+0x10/0x10 [ 26.489973] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.490002] ? calculate_sigpending+0x7b/0xa0 [ 26.490031] ? __pfx_kthread+0x10/0x10 [ 26.490055] ret_from_fork+0x116/0x1d0 [ 26.490077] ? __pfx_kthread+0x10/0x10 [ 26.490101] ret_from_fork_asm+0x1a/0x30 [ 26.490137] </TASK> [ 26.490149] [ 26.499990] Allocated by task 313: [ 26.500176] kasan_save_stack+0x45/0x70 [ 26.500397] kasan_save_track+0x18/0x40 [ 26.500572] kasan_save_alloc_info+0x3b/0x50 [ 26.500784] __kasan_kmalloc+0xb7/0xc0 [ 26.501345] __kmalloc_cache_noprof+0x189/0x420 [ 26.501542] kasan_atomics+0x95/0x310 [ 26.501961] kunit_try_run_case+0x1a5/0x480 [ 26.502183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.502625] kthread+0x337/0x6f0 [ 26.502786] ret_from_fork+0x116/0x1d0 [ 26.503059] ret_from_fork_asm+0x1a/0x30 [ 26.503411] [ 26.503517] The buggy address belongs to the object at ffff8881059cb500 [ 26.503517] which belongs to the cache kmalloc-64 of size 64 [ 26.504295] The buggy address is located 0 bytes to the right of [ 26.504295] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.504951] [ 26.505028] The buggy address belongs to the physical page: [ 26.505341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.505641] flags: 0x200000000000000(node=0|zone=2) [ 26.505915] page_type: f5(slab) [ 26.506067] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.506542] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.506903] page dumped because: kasan: bad access detected [ 26.507193] [ 26.507351] Memory state around the buggy address: [ 26.507608] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.507892] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.508362] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.508636] ^ [ 26.508853] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.509152] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.509586] ================================================================== [ 26.986259] ================================================================== [ 26.986598] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 26.987198] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.987471] [ 26.987560] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.987613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.987627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.987651] Call Trace: [ 26.987672] <TASK> [ 26.987693] dump_stack_lvl+0x73/0xb0 [ 26.987745] print_report+0xd1/0x610 [ 26.987769] ? __virt_addr_valid+0x1db/0x2d0 [ 26.987806] ? kasan_atomics_helper+0x1818/0x5450 [ 26.987837] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.987866] ? kasan_atomics_helper+0x1818/0x5450 [ 26.987897] kasan_report+0x141/0x180 [ 26.987921] ? kasan_atomics_helper+0x1818/0x5450 [ 26.987956] kasan_check_range+0x10c/0x1c0 [ 26.987985] __kasan_check_write+0x18/0x20 [ 26.988014] kasan_atomics_helper+0x1818/0x5450 [ 26.988045] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.988076] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.988166] ? kasan_atomics+0x152/0x310 [ 26.988198] kasan_atomics+0x1dc/0x310 [ 26.988233] ? __pfx_kasan_atomics+0x10/0x10 [ 26.988271] ? __pfx_read_tsc+0x10/0x10 [ 26.988310] ? ktime_get_ts64+0x86/0x230 [ 26.988347] kunit_try_run_case+0x1a5/0x480 [ 26.988371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.988394] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.988428] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.988460] ? __kthread_parkme+0x82/0x180 [ 26.988482] ? preempt_count_sub+0x50/0x80 [ 26.988507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.988531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.988560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.988589] kthread+0x337/0x6f0 [ 26.988612] ? trace_preempt_on+0x20/0xc0 [ 26.988648] ? __pfx_kthread+0x10/0x10 [ 26.988673] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.988711] ? calculate_sigpending+0x7b/0xa0 [ 26.988741] ? __pfx_kthread+0x10/0x10 [ 26.988812] ret_from_fork+0x116/0x1d0 [ 26.988853] ? __pfx_kthread+0x10/0x10 [ 26.988879] ret_from_fork_asm+0x1a/0x30 [ 26.988926] </TASK> [ 26.988939] [ 26.997286] Allocated by task 313: [ 26.997478] kasan_save_stack+0x45/0x70 [ 26.997708] kasan_save_track+0x18/0x40 [ 26.998104] kasan_save_alloc_info+0x3b/0x50 [ 26.998454] __kasan_kmalloc+0xb7/0xc0 [ 26.998620] __kmalloc_cache_noprof+0x189/0x420 [ 26.998774] kasan_atomics+0x95/0x310 [ 26.999092] kunit_try_run_case+0x1a5/0x480 [ 26.999317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.999595] kthread+0x337/0x6f0 [ 26.999805] ret_from_fork+0x116/0x1d0 [ 26.999955] ret_from_fork_asm+0x1a/0x30 [ 27.000095] [ 27.000164] The buggy address belongs to the object at ffff8881059cb500 [ 27.000164] which belongs to the cache kmalloc-64 of size 64 [ 27.000658] The buggy address is located 0 bytes to the right of [ 27.000658] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.001266] [ 27.001346] The buggy address belongs to the physical page: [ 27.001518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.001756] flags: 0x200000000000000(node=0|zone=2) [ 27.001959] page_type: f5(slab) [ 27.002125] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.002473] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.002818] page dumped because: kasan: bad access detected [ 27.003069] [ 27.003163] Memory state around the buggy address: [ 27.004379] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.005001] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.005331] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.005744] ^ [ 27.005939] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.006595] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.006994] ================================================================== [ 27.032328] ================================================================== [ 27.032755] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 27.033186] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.033531] [ 27.033629] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.033682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.033696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.033721] Call Trace: [ 27.033743] <TASK> [ 27.033963] dump_stack_lvl+0x73/0xb0 [ 27.034000] print_report+0xd1/0x610 [ 27.034088] ? __virt_addr_valid+0x1db/0x2d0 [ 27.034119] ? kasan_atomics_helper+0x194a/0x5450 [ 27.034149] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.034181] ? kasan_atomics_helper+0x194a/0x5450 [ 27.034332] kasan_report+0x141/0x180 [ 27.034358] ? kasan_atomics_helper+0x194a/0x5450 [ 27.034394] kasan_check_range+0x10c/0x1c0 [ 27.034422] __kasan_check_write+0x18/0x20 [ 27.034449] kasan_atomics_helper+0x194a/0x5450 [ 27.034481] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.034604] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.034633] ? kasan_atomics+0x152/0x310 [ 27.034662] kasan_atomics+0x1dc/0x310 [ 27.034689] ? __pfx_kasan_atomics+0x10/0x10 [ 27.034717] ? __pfx_read_tsc+0x10/0x10 [ 27.034745] ? ktime_get_ts64+0x86/0x230 [ 27.034804] kunit_try_run_case+0x1a5/0x480 [ 27.034836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.034858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.034882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.034913] ? __kthread_parkme+0x82/0x180 [ 27.034936] ? preempt_count_sub+0x50/0x80 [ 27.034962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.034985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.035014] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.035042] kthread+0x337/0x6f0 [ 27.035065] ? trace_preempt_on+0x20/0xc0 [ 27.035091] ? __pfx_kthread+0x10/0x10 [ 27.035115] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.035144] ? calculate_sigpending+0x7b/0xa0 [ 27.035172] ? __pfx_kthread+0x10/0x10 [ 27.035197] ret_from_fork+0x116/0x1d0 [ 27.035218] ? __pfx_kthread+0x10/0x10 [ 27.035253] ret_from_fork_asm+0x1a/0x30 [ 27.035289] </TASK> [ 27.035303] [ 27.045834] Allocated by task 313: [ 27.046250] kasan_save_stack+0x45/0x70 [ 27.046425] kasan_save_track+0x18/0x40 [ 27.046622] kasan_save_alloc_info+0x3b/0x50 [ 27.047014] __kasan_kmalloc+0xb7/0xc0 [ 27.047310] __kmalloc_cache_noprof+0x189/0x420 [ 27.047659] kasan_atomics+0x95/0x310 [ 27.047846] kunit_try_run_case+0x1a5/0x480 [ 27.048046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.048458] kthread+0x337/0x6f0 [ 27.048732] ret_from_fork+0x116/0x1d0 [ 27.048946] ret_from_fork_asm+0x1a/0x30 [ 27.049327] [ 27.049425] The buggy address belongs to the object at ffff8881059cb500 [ 27.049425] which belongs to the cache kmalloc-64 of size 64 [ 27.049831] The buggy address is located 0 bytes to the right of [ 27.049831] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.050515] [ 27.050983] The buggy address belongs to the physical page: [ 27.051218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.051549] flags: 0x200000000000000(node=0|zone=2) [ 27.051910] page_type: f5(slab) [ 27.052188] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.052601] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.053071] page dumped because: kasan: bad access detected [ 27.053376] [ 27.053593] Memory state around the buggy address: [ 27.054144] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.054423] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.054727] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.055074] ^ [ 27.055415] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.056042] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.056379] ================================================================== [ 26.322180] ================================================================== [ 26.322835] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 26.323104] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.323514] [ 26.323662] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.323716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.323730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.323831] Call Trace: [ 26.323853] <TASK> [ 26.323875] dump_stack_lvl+0x73/0xb0 [ 26.323947] print_report+0xd1/0x610 [ 26.323971] ? __virt_addr_valid+0x1db/0x2d0 [ 26.323999] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.324061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.324094] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.324125] kasan_report+0x141/0x180 [ 26.324149] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.324185] kasan_check_range+0x10c/0x1c0 [ 26.324252] __kasan_check_write+0x18/0x20 [ 26.324281] kasan_atomics_helper+0xb6a/0x5450 [ 26.324313] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.324343] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.324404] ? kasan_atomics+0x152/0x310 [ 26.324434] kasan_atomics+0x1dc/0x310 [ 26.324461] ? __pfx_kasan_atomics+0x10/0x10 [ 26.324488] ? __pfx_read_tsc+0x10/0x10 [ 26.324516] ? ktime_get_ts64+0x86/0x230 [ 26.324544] kunit_try_run_case+0x1a5/0x480 [ 26.324568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.324590] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.324643] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.324698] ? __kthread_parkme+0x82/0x180 [ 26.324721] ? preempt_count_sub+0x50/0x80 [ 26.324822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.324849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.324878] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.324907] kthread+0x337/0x6f0 [ 26.324930] ? trace_preempt_on+0x20/0xc0 [ 26.324958] ? __pfx_kthread+0x10/0x10 [ 26.324982] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.325010] ? calculate_sigpending+0x7b/0xa0 [ 26.325040] ? __pfx_kthread+0x10/0x10 [ 26.325066] ret_from_fork+0x116/0x1d0 [ 26.325088] ? __pfx_kthread+0x10/0x10 [ 26.325112] ret_from_fork_asm+0x1a/0x30 [ 26.325149] </TASK> [ 26.325162] [ 26.334338] Allocated by task 313: [ 26.334554] kasan_save_stack+0x45/0x70 [ 26.334888] kasan_save_track+0x18/0x40 [ 26.335164] kasan_save_alloc_info+0x3b/0x50 [ 26.335472] __kasan_kmalloc+0xb7/0xc0 [ 26.335656] __kmalloc_cache_noprof+0x189/0x420 [ 26.335934] kasan_atomics+0x95/0x310 [ 26.336114] kunit_try_run_case+0x1a5/0x480 [ 26.336285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.336537] kthread+0x337/0x6f0 [ 26.336678] ret_from_fork+0x116/0x1d0 [ 26.336807] ret_from_fork_asm+0x1a/0x30 [ 26.336969] [ 26.337063] The buggy address belongs to the object at ffff8881059cb500 [ 26.337063] which belongs to the cache kmalloc-64 of size 64 [ 26.337945] The buggy address is located 0 bytes to the right of [ 26.337945] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.338513] [ 26.338592] The buggy address belongs to the physical page: [ 26.338907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.339316] flags: 0x200000000000000(node=0|zone=2) [ 26.339579] page_type: f5(slab) [ 26.339727] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.340164] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.340549] page dumped because: kasan: bad access detected [ 26.340903] [ 26.341000] Memory state around the buggy address: [ 26.341224] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.341554] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.342117] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.342440] ^ [ 26.342707] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.343121] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.343420] ================================================================== [ 27.455867] ================================================================== [ 27.456161] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 27.456656] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.456900] [ 27.457052] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.457105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.457119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.457143] Call Trace: [ 27.457162] <TASK> [ 27.457181] dump_stack_lvl+0x73/0xb0 [ 27.457218] print_report+0xd1/0x610 [ 27.457254] ? __virt_addr_valid+0x1db/0x2d0 [ 27.457281] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.457311] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.457341] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.457372] kasan_report+0x141/0x180 [ 27.457396] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.457432] __asan_report_load8_noabort+0x18/0x20 [ 27.457460] kasan_atomics_helper+0x4fa5/0x5450 [ 27.457492] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.457522] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.457551] ? kasan_atomics+0x152/0x310 [ 27.457580] kasan_atomics+0x1dc/0x310 [ 27.457606] ? __pfx_kasan_atomics+0x10/0x10 [ 27.457635] ? __pfx_read_tsc+0x10/0x10 [ 27.457660] ? ktime_get_ts64+0x86/0x230 [ 27.457689] kunit_try_run_case+0x1a5/0x480 [ 27.457715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.457738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.457761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.457793] ? __kthread_parkme+0x82/0x180 [ 27.457815] ? preempt_count_sub+0x50/0x80 [ 27.457853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.457877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.457905] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.457934] kthread+0x337/0x6f0 [ 27.457957] ? trace_preempt_on+0x20/0xc0 [ 27.457983] ? __pfx_kthread+0x10/0x10 [ 27.458008] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.458038] ? calculate_sigpending+0x7b/0xa0 [ 27.458066] ? __pfx_kthread+0x10/0x10 [ 27.458092] ret_from_fork+0x116/0x1d0 [ 27.458113] ? __pfx_kthread+0x10/0x10 [ 27.458138] ret_from_fork_asm+0x1a/0x30 [ 27.458174] </TASK> [ 27.458186] [ 27.467636] Allocated by task 313: [ 27.468050] kasan_save_stack+0x45/0x70 [ 27.468366] kasan_save_track+0x18/0x40 [ 27.468565] kasan_save_alloc_info+0x3b/0x50 [ 27.468764] __kasan_kmalloc+0xb7/0xc0 [ 27.469123] __kmalloc_cache_noprof+0x189/0x420 [ 27.469538] kasan_atomics+0x95/0x310 [ 27.469723] kunit_try_run_case+0x1a5/0x480 [ 27.470191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.470495] kthread+0x337/0x6f0 [ 27.470755] ret_from_fork+0x116/0x1d0 [ 27.471079] ret_from_fork_asm+0x1a/0x30 [ 27.471276] [ 27.471366] The buggy address belongs to the object at ffff8881059cb500 [ 27.471366] which belongs to the cache kmalloc-64 of size 64 [ 27.472066] The buggy address is located 0 bytes to the right of [ 27.472066] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.472865] [ 27.473094] The buggy address belongs to the physical page: [ 27.473501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.473998] flags: 0x200000000000000(node=0|zone=2) [ 27.474295] page_type: f5(slab) [ 27.474568] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.475036] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.475356] page dumped because: kasan: bad access detected [ 27.475580] [ 27.475662] Memory state around the buggy address: [ 27.476192] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.476666] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.477209] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.477703] ^ [ 27.478090] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.478525] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.478980] ================================================================== [ 26.280976] ================================================================== [ 26.281283] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 26.281563] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.281877] [ 26.281984] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.282035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.282049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.282073] Call Trace: [ 26.282092] <TASK> [ 26.282114] dump_stack_lvl+0x73/0xb0 [ 26.282144] print_report+0xd1/0x610 [ 26.282167] ? __virt_addr_valid+0x1db/0x2d0 [ 26.282193] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.282222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.282362] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.282394] kasan_report+0x141/0x180 [ 26.282420] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.282455] kasan_check_range+0x10c/0x1c0 [ 26.282482] __kasan_check_write+0x18/0x20 [ 26.282509] kasan_atomics_helper+0xa2b/0x5450 [ 26.282541] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.282573] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.282601] ? kasan_atomics+0x152/0x310 [ 26.282631] kasan_atomics+0x1dc/0x310 [ 26.282657] ? __pfx_kasan_atomics+0x10/0x10 [ 26.282685] ? __pfx_read_tsc+0x10/0x10 [ 26.282712] ? ktime_get_ts64+0x86/0x230 [ 26.282742] kunit_try_run_case+0x1a5/0x480 [ 26.282809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.282834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.282881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.282913] ? __kthread_parkme+0x82/0x180 [ 26.282936] ? preempt_count_sub+0x50/0x80 [ 26.282979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.283003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.283039] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.283068] kthread+0x337/0x6f0 [ 26.283091] ? trace_preempt_on+0x20/0xc0 [ 26.283118] ? __pfx_kthread+0x10/0x10 [ 26.283143] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.283172] ? calculate_sigpending+0x7b/0xa0 [ 26.283201] ? __pfx_kthread+0x10/0x10 [ 26.283227] ret_from_fork+0x116/0x1d0 [ 26.283261] ? __pfx_kthread+0x10/0x10 [ 26.283286] ret_from_fork_asm+0x1a/0x30 [ 26.283322] </TASK> [ 26.283335] [ 26.291820] Allocated by task 313: [ 26.292037] kasan_save_stack+0x45/0x70 [ 26.292276] kasan_save_track+0x18/0x40 [ 26.292468] kasan_save_alloc_info+0x3b/0x50 [ 26.292703] __kasan_kmalloc+0xb7/0xc0 [ 26.293160] __kmalloc_cache_noprof+0x189/0x420 [ 26.293392] kasan_atomics+0x95/0x310 [ 26.293580] kunit_try_run_case+0x1a5/0x480 [ 26.293913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.294174] kthread+0x337/0x6f0 [ 26.294357] ret_from_fork+0x116/0x1d0 [ 26.294542] ret_from_fork_asm+0x1a/0x30 [ 26.294857] [ 26.295000] The buggy address belongs to the object at ffff8881059cb500 [ 26.295000] which belongs to the cache kmalloc-64 of size 64 [ 26.295491] The buggy address is located 0 bytes to the right of [ 26.295491] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.296105] [ 26.296235] The buggy address belongs to the physical page: [ 26.296506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.296966] flags: 0x200000000000000(node=0|zone=2) [ 26.297167] page_type: f5(slab) [ 26.297380] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.298085] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.298364] page dumped because: kasan: bad access detected [ 26.298591] [ 26.298682] Memory state around the buggy address: [ 26.298993] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.299327] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.299594] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.300004] ^ [ 26.300166] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.300494] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.300952] ================================================================== [ 26.647929] ================================================================== [ 26.648261] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 26.648601] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.648986] [ 26.649109] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.649164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.649178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.649208] Call Trace: [ 26.649231] <TASK> [ 26.649263] dump_stack_lvl+0x73/0xb0 [ 26.649298] print_report+0xd1/0x610 [ 26.649322] ? __virt_addr_valid+0x1db/0x2d0 [ 26.649349] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.649379] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.649410] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.649441] kasan_report+0x141/0x180 [ 26.649466] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.649526] __asan_report_load4_noabort+0x18/0x20 [ 26.649554] kasan_atomics_helper+0x4a02/0x5450 [ 26.649586] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.649617] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.649646] ? kasan_atomics+0x152/0x310 [ 26.649693] kasan_atomics+0x1dc/0x310 [ 26.649720] ? __pfx_kasan_atomics+0x10/0x10 [ 26.649815] ? __pfx_read_tsc+0x10/0x10 [ 26.649860] ? ktime_get_ts64+0x86/0x230 [ 26.649889] kunit_try_run_case+0x1a5/0x480 [ 26.649914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.649959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.649984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.650031] ? __kthread_parkme+0x82/0x180 [ 26.650054] ? preempt_count_sub+0x50/0x80 [ 26.650081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.650104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.650133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.650162] kthread+0x337/0x6f0 [ 26.650185] ? trace_preempt_on+0x20/0xc0 [ 26.650213] ? __pfx_kthread+0x10/0x10 [ 26.650249] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.650279] ? calculate_sigpending+0x7b/0xa0 [ 26.650308] ? __pfx_kthread+0x10/0x10 [ 26.650334] ret_from_fork+0x116/0x1d0 [ 26.650355] ? __pfx_kthread+0x10/0x10 [ 26.650380] ret_from_fork_asm+0x1a/0x30 [ 26.650417] </TASK> [ 26.650431] [ 26.661430] Allocated by task 313: [ 26.661892] kasan_save_stack+0x45/0x70 [ 26.662278] kasan_save_track+0x18/0x40 [ 26.662460] kasan_save_alloc_info+0x3b/0x50 [ 26.662653] __kasan_kmalloc+0xb7/0xc0 [ 26.662824] __kmalloc_cache_noprof+0x189/0x420 [ 26.663350] kasan_atomics+0x95/0x310 [ 26.663612] kunit_try_run_case+0x1a5/0x480 [ 26.664079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.664357] kthread+0x337/0x6f0 [ 26.664508] ret_from_fork+0x116/0x1d0 [ 26.664684] ret_from_fork_asm+0x1a/0x30 [ 26.665166] [ 26.665267] The buggy address belongs to the object at ffff8881059cb500 [ 26.665267] which belongs to the cache kmalloc-64 of size 64 [ 26.665784] The buggy address is located 0 bytes to the right of [ 26.665784] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.666486] [ 26.666567] The buggy address belongs to the physical page: [ 26.667047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.667357] flags: 0x200000000000000(node=0|zone=2) [ 26.667621] page_type: f5(slab) [ 26.667943] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.668459] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.668789] page dumped because: kasan: bad access detected [ 26.669332] [ 26.669426] Memory state around the buggy address: [ 26.669827] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.670201] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.670651] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.671183] ^ [ 26.671601] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.672091] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.672414] ================================================================== [ 26.673110] ================================================================== [ 26.673462] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 26.674177] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.674632] [ 26.674925] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.674984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.674998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.675108] Call Trace: [ 26.675131] <TASK> [ 26.675153] dump_stack_lvl+0x73/0xb0 [ 26.675187] print_report+0xd1/0x610 [ 26.675212] ? __virt_addr_valid+0x1db/0x2d0 [ 26.675251] ? kasan_atomics_helper+0x1217/0x5450 [ 26.675281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.675311] ? kasan_atomics_helper+0x1217/0x5450 [ 26.675342] kasan_report+0x141/0x180 [ 26.675366] ? kasan_atomics_helper+0x1217/0x5450 [ 26.675400] kasan_check_range+0x10c/0x1c0 [ 26.675428] __kasan_check_write+0x18/0x20 [ 26.675455] kasan_atomics_helper+0x1217/0x5450 [ 26.675486] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.675517] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.675548] ? kasan_atomics+0x152/0x310 [ 26.675578] kasan_atomics+0x1dc/0x310 [ 26.675606] ? __pfx_kasan_atomics+0x10/0x10 [ 26.675634] ? __pfx_read_tsc+0x10/0x10 [ 26.675661] ? ktime_get_ts64+0x86/0x230 [ 26.675690] kunit_try_run_case+0x1a5/0x480 [ 26.675713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.675735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.675777] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.675809] ? __kthread_parkme+0x82/0x180 [ 26.675843] ? preempt_count_sub+0x50/0x80 [ 26.675869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.675893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.675922] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.675951] kthread+0x337/0x6f0 [ 26.675975] ? trace_preempt_on+0x20/0xc0 [ 26.676001] ? __pfx_kthread+0x10/0x10 [ 26.676025] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.676054] ? calculate_sigpending+0x7b/0xa0 [ 26.676083] ? __pfx_kthread+0x10/0x10 [ 26.676109] ret_from_fork+0x116/0x1d0 [ 26.676133] ? __pfx_kthread+0x10/0x10 [ 26.676158] ret_from_fork_asm+0x1a/0x30 [ 26.676195] </TASK> [ 26.676208] [ 26.688721] Allocated by task 313: [ 26.688942] kasan_save_stack+0x45/0x70 [ 26.689350] kasan_save_track+0x18/0x40 [ 26.689537] kasan_save_alloc_info+0x3b/0x50 [ 26.689738] __kasan_kmalloc+0xb7/0xc0 [ 26.690138] __kmalloc_cache_noprof+0x189/0x420 [ 26.690419] kasan_atomics+0x95/0x310 [ 26.690616] kunit_try_run_case+0x1a5/0x480 [ 26.691058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.691534] kthread+0x337/0x6f0 [ 26.691700] ret_from_fork+0x116/0x1d0 [ 26.692070] ret_from_fork_asm+0x1a/0x30 [ 26.692371] [ 26.692479] The buggy address belongs to the object at ffff8881059cb500 [ 26.692479] which belongs to the cache kmalloc-64 of size 64 [ 26.693382] The buggy address is located 0 bytes to the right of [ 26.693382] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.694245] [ 26.694622] The buggy address belongs to the physical page: [ 26.695089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.695469] flags: 0x200000000000000(node=0|zone=2) [ 26.695702] page_type: f5(slab) [ 26.695921] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.696320] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.696704] page dumped because: kasan: bad access detected [ 26.697023] [ 26.697211] Memory state around the buggy address: [ 26.697394] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.698102] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.698623] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.699375] ^ [ 26.699922] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.700625] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.701450] ================================================================== [ 26.427882] ================================================================== [ 26.428197] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 26.428841] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.429484] [ 26.429655] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.429749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.429764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.429789] Call Trace: [ 26.429810] <TASK> [ 26.429832] dump_stack_lvl+0x73/0xb0 [ 26.429864] print_report+0xd1/0x610 [ 26.429889] ? __virt_addr_valid+0x1db/0x2d0 [ 26.429916] ? kasan_atomics_helper+0xde0/0x5450 [ 26.429946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.429977] ? kasan_atomics_helper+0xde0/0x5450 [ 26.430008] kasan_report+0x141/0x180 [ 26.430033] ? kasan_atomics_helper+0xde0/0x5450 [ 26.430067] kasan_check_range+0x10c/0x1c0 [ 26.430095] __kasan_check_write+0x18/0x20 [ 26.430123] kasan_atomics_helper+0xde0/0x5450 [ 26.430154] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.430185] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.430213] ? kasan_atomics+0x152/0x310 [ 26.430254] kasan_atomics+0x1dc/0x310 [ 26.430281] ? __pfx_kasan_atomics+0x10/0x10 [ 26.430308] ? __pfx_read_tsc+0x10/0x10 [ 26.430335] ? ktime_get_ts64+0x86/0x230 [ 26.430364] kunit_try_run_case+0x1a5/0x480 [ 26.430387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.430409] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.430433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.430464] ? __kthread_parkme+0x82/0x180 [ 26.430486] ? preempt_count_sub+0x50/0x80 [ 26.430512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.430536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.430564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.430592] kthread+0x337/0x6f0 [ 26.430615] ? trace_preempt_on+0x20/0xc0 [ 26.430641] ? __pfx_kthread+0x10/0x10 [ 26.430665] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.430695] ? calculate_sigpending+0x7b/0xa0 [ 26.430724] ? __pfx_kthread+0x10/0x10 [ 26.430767] ret_from_fork+0x116/0x1d0 [ 26.430796] ? __pfx_kthread+0x10/0x10 [ 26.430821] ret_from_fork_asm+0x1a/0x30 [ 26.430869] </TASK> [ 26.430882] [ 26.444544] Allocated by task 313: [ 26.444904] kasan_save_stack+0x45/0x70 [ 26.445383] kasan_save_track+0x18/0x40 [ 26.445824] kasan_save_alloc_info+0x3b/0x50 [ 26.446075] __kasan_kmalloc+0xb7/0xc0 [ 26.446206] __kmalloc_cache_noprof+0x189/0x420 [ 26.446371] kasan_atomics+0x95/0x310 [ 26.446501] kunit_try_run_case+0x1a5/0x480 [ 26.446640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.446982] kthread+0x337/0x6f0 [ 26.447288] ret_from_fork+0x116/0x1d0 [ 26.447762] ret_from_fork_asm+0x1a/0x30 [ 26.448301] [ 26.448465] The buggy address belongs to the object at ffff8881059cb500 [ 26.448465] which belongs to the cache kmalloc-64 of size 64 [ 26.449625] The buggy address is located 0 bytes to the right of [ 26.449625] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.450871] [ 26.451037] The buggy address belongs to the physical page: [ 26.451508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.452003] flags: 0x200000000000000(node=0|zone=2) [ 26.452174] page_type: f5(slab) [ 26.452309] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.452535] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.452930] page dumped because: kasan: bad access detected [ 26.453473] [ 26.453626] Memory state around the buggy address: [ 26.454087] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.454689] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.455333] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.456036] ^ [ 26.456471] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.457296] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.458136] ================================================================== [ 26.106494] ================================================================== [ 26.107901] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 26.109148] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.110457] [ 26.110895] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.110957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.110971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.110997] Call Trace: [ 26.111018] <TASK> [ 26.111040] dump_stack_lvl+0x73/0xb0 [ 26.111077] print_report+0xd1/0x610 [ 26.111616] ? __virt_addr_valid+0x1db/0x2d0 [ 26.111645] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.111719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.111791] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.111826] kasan_report+0x141/0x180 [ 26.111853] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.111888] kasan_check_range+0x10c/0x1c0 [ 26.111915] __kasan_check_write+0x18/0x20 [ 26.111944] kasan_atomics_helper+0x5fe/0x5450 [ 26.111976] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.112007] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.112036] ? kasan_atomics+0x152/0x310 [ 26.112066] kasan_atomics+0x1dc/0x310 [ 26.112091] ? __pfx_kasan_atomics+0x10/0x10 [ 26.112119] ? __pfx_read_tsc+0x10/0x10 [ 26.112146] ? ktime_get_ts64+0x86/0x230 [ 26.112176] kunit_try_run_case+0x1a5/0x480 [ 26.112200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.112221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.112258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.112289] ? __kthread_parkme+0x82/0x180 [ 26.112312] ? preempt_count_sub+0x50/0x80 [ 26.112339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.112363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.112391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.112420] kthread+0x337/0x6f0 [ 26.112443] ? trace_preempt_on+0x20/0xc0 [ 26.112470] ? __pfx_kthread+0x10/0x10 [ 26.112494] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.112523] ? calculate_sigpending+0x7b/0xa0 [ 26.112551] ? __pfx_kthread+0x10/0x10 [ 26.112577] ret_from_fork+0x116/0x1d0 [ 26.112599] ? __pfx_kthread+0x10/0x10 [ 26.112623] ret_from_fork_asm+0x1a/0x30 [ 26.112658] </TASK> [ 26.112672] [ 26.129979] Allocated by task 313: [ 26.130176] kasan_save_stack+0x45/0x70 [ 26.130683] kasan_save_track+0x18/0x40 [ 26.131193] kasan_save_alloc_info+0x3b/0x50 [ 26.131646] __kasan_kmalloc+0xb7/0xc0 [ 26.132041] __kmalloc_cache_noprof+0x189/0x420 [ 26.132209] kasan_atomics+0x95/0x310 [ 26.132579] kunit_try_run_case+0x1a5/0x480 [ 26.133173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.133968] kthread+0x337/0x6f0 [ 26.134222] ret_from_fork+0x116/0x1d0 [ 26.134371] ret_from_fork_asm+0x1a/0x30 [ 26.134512] [ 26.134581] The buggy address belongs to the object at ffff8881059cb500 [ 26.134581] which belongs to the cache kmalloc-64 of size 64 [ 26.135465] The buggy address is located 0 bytes to the right of [ 26.135465] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.136857] [ 26.137103] The buggy address belongs to the physical page: [ 26.138164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.138439] flags: 0x200000000000000(node=0|zone=2) [ 26.138606] page_type: f5(slab) [ 26.138727] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.139472] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.140258] page dumped because: kasan: bad access detected [ 26.140521] [ 26.140599] Memory state around the buggy address: [ 26.140767] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.141470] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.142050] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.142860] ^ [ 26.143175] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.143401] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.143610] ================================================================== [ 26.237969] ================================================================== [ 26.238502] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 26.238986] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.239510] [ 26.239623] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.239697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.239712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.239738] Call Trace: [ 26.239800] <TASK> [ 26.239824] dump_stack_lvl+0x73/0xb0 [ 26.239858] print_report+0xd1/0x610 [ 26.239884] ? __virt_addr_valid+0x1db/0x2d0 [ 26.239910] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.239963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.239995] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.240026] kasan_report+0x141/0x180 [ 26.240050] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.240085] kasan_check_range+0x10c/0x1c0 [ 26.240112] __kasan_check_write+0x18/0x20 [ 26.240140] kasan_atomics_helper+0x8f9/0x5450 [ 26.240171] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.240220] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.240262] ? kasan_atomics+0x152/0x310 [ 26.240292] kasan_atomics+0x1dc/0x310 [ 26.240338] ? __pfx_kasan_atomics+0x10/0x10 [ 26.240365] ? __pfx_read_tsc+0x10/0x10 [ 26.240392] ? ktime_get_ts64+0x86/0x230 [ 26.240421] kunit_try_run_case+0x1a5/0x480 [ 26.240445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.240467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.240508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.240540] ? __kthread_parkme+0x82/0x180 [ 26.240562] ? preempt_count_sub+0x50/0x80 [ 26.240588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.240612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.240640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.240668] kthread+0x337/0x6f0 [ 26.240692] ? trace_preempt_on+0x20/0xc0 [ 26.240718] ? __pfx_kthread+0x10/0x10 [ 26.240807] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.240840] ? calculate_sigpending+0x7b/0xa0 [ 26.240868] ? __pfx_kthread+0x10/0x10 [ 26.240904] ret_from_fork+0x116/0x1d0 [ 26.240926] ? __pfx_kthread+0x10/0x10 [ 26.240950] ret_from_fork_asm+0x1a/0x30 [ 26.240986] </TASK> [ 26.241000] [ 26.249796] Allocated by task 313: [ 26.250006] kasan_save_stack+0x45/0x70 [ 26.250206] kasan_save_track+0x18/0x40 [ 26.250404] kasan_save_alloc_info+0x3b/0x50 [ 26.250625] __kasan_kmalloc+0xb7/0xc0 [ 26.250860] __kmalloc_cache_noprof+0x189/0x420 [ 26.251078] kasan_atomics+0x95/0x310 [ 26.251211] kunit_try_run_case+0x1a5/0x480 [ 26.251433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.251710] kthread+0x337/0x6f0 [ 26.251863] ret_from_fork+0x116/0x1d0 [ 26.252089] ret_from_fork_asm+0x1a/0x30 [ 26.252351] [ 26.252446] The buggy address belongs to the object at ffff8881059cb500 [ 26.252446] which belongs to the cache kmalloc-64 of size 64 [ 26.253023] The buggy address is located 0 bytes to the right of [ 26.253023] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.253959] [ 26.254029] The buggy address belongs to the physical page: [ 26.254200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.254973] flags: 0x200000000000000(node=0|zone=2) [ 26.255249] page_type: f5(slab) [ 26.255436] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.255671] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.255978] page dumped because: kasan: bad access detected [ 26.256251] [ 26.256353] Memory state around the buggy address: [ 26.256645] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.257295] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.257836] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.258102] ^ [ 26.258273] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.258587] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.258993] ================================================================== [ 26.177103] ================================================================== [ 26.177462] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 26.177849] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.178129] [ 26.178218] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.178283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.178297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.178322] Call Trace: [ 26.178344] <TASK> [ 26.178366] dump_stack_lvl+0x73/0xb0 [ 26.178398] print_report+0xd1/0x610 [ 26.178422] ? __virt_addr_valid+0x1db/0x2d0 [ 26.178450] ? kasan_atomics_helper+0x72f/0x5450 [ 26.178480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.178510] ? kasan_atomics_helper+0x72f/0x5450 [ 26.178541] kasan_report+0x141/0x180 [ 26.178565] ? kasan_atomics_helper+0x72f/0x5450 [ 26.178600] kasan_check_range+0x10c/0x1c0 [ 26.178627] __kasan_check_write+0x18/0x20 [ 26.178655] kasan_atomics_helper+0x72f/0x5450 [ 26.178686] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.178717] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.178745] ? kasan_atomics+0x152/0x310 [ 26.178830] kasan_atomics+0x1dc/0x310 [ 26.178857] ? __pfx_kasan_atomics+0x10/0x10 [ 26.178885] ? __pfx_read_tsc+0x10/0x10 [ 26.178912] ? ktime_get_ts64+0x86/0x230 [ 26.178941] kunit_try_run_case+0x1a5/0x480 [ 26.178964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.178987] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.179011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.179041] ? __kthread_parkme+0x82/0x180 [ 26.179065] ? preempt_count_sub+0x50/0x80 [ 26.179092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.179116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.179144] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.179174] kthread+0x337/0x6f0 [ 26.179198] ? trace_preempt_on+0x20/0xc0 [ 26.179226] ? __pfx_kthread+0x10/0x10 [ 26.179263] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.179291] ? calculate_sigpending+0x7b/0xa0 [ 26.179321] ? __pfx_kthread+0x10/0x10 [ 26.179346] ret_from_fork+0x116/0x1d0 [ 26.179368] ? __pfx_kthread+0x10/0x10 [ 26.179392] ret_from_fork_asm+0x1a/0x30 [ 26.179428] </TASK> [ 26.179442] [ 26.186835] Allocated by task 313: [ 26.186968] kasan_save_stack+0x45/0x70 [ 26.187107] kasan_save_track+0x18/0x40 [ 26.187304] kasan_save_alloc_info+0x3b/0x50 [ 26.187526] __kasan_kmalloc+0xb7/0xc0 [ 26.187710] __kmalloc_cache_noprof+0x189/0x420 [ 26.187930] kasan_atomics+0x95/0x310 [ 26.188128] kunit_try_run_case+0x1a5/0x480 [ 26.188346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.188741] kthread+0x337/0x6f0 [ 26.189217] ret_from_fork+0x116/0x1d0 [ 26.189385] ret_from_fork_asm+0x1a/0x30 [ 26.189585] [ 26.189681] The buggy address belongs to the object at ffff8881059cb500 [ 26.189681] which belongs to the cache kmalloc-64 of size 64 [ 26.190407] The buggy address is located 0 bytes to the right of [ 26.190407] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.190777] [ 26.190846] The buggy address belongs to the physical page: [ 26.191091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.191748] flags: 0x200000000000000(node=0|zone=2) [ 26.191930] page_type: f5(slab) [ 26.192047] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.192280] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.192499] page dumped because: kasan: bad access detected [ 26.192945] [ 26.193043] Memory state around the buggy address: [ 26.193289] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.193606] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.193920] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.194452] ^ [ 26.194611] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.194885] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.195226] ================================================================== [ 26.860554] ================================================================== [ 26.860995] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 26.861374] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.861671] [ 26.861824] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.861898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.861912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.861937] Call Trace: [ 26.861961] <TASK> [ 26.861983] dump_stack_lvl+0x73/0xb0 [ 26.862015] print_report+0xd1/0x610 [ 26.862039] ? __virt_addr_valid+0x1db/0x2d0 [ 26.862065] ? kasan_atomics_helper+0x151d/0x5450 [ 26.862095] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.862126] ? kasan_atomics_helper+0x151d/0x5450 [ 26.862156] kasan_report+0x141/0x180 [ 26.862182] ? kasan_atomics_helper+0x151d/0x5450 [ 26.862216] kasan_check_range+0x10c/0x1c0 [ 26.862254] __kasan_check_write+0x18/0x20 [ 26.862283] kasan_atomics_helper+0x151d/0x5450 [ 26.862313] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.862344] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.862373] ? kasan_atomics+0x152/0x310 [ 26.862402] kasan_atomics+0x1dc/0x310 [ 26.862428] ? __pfx_kasan_atomics+0x10/0x10 [ 26.862456] ? __pfx_read_tsc+0x10/0x10 [ 26.862484] ? ktime_get_ts64+0x86/0x230 [ 26.862513] kunit_try_run_case+0x1a5/0x480 [ 26.862536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.862559] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.862582] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.862613] ? __kthread_parkme+0x82/0x180 [ 26.862636] ? preempt_count_sub+0x50/0x80 [ 26.862662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.862685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.862714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.862804] kthread+0x337/0x6f0 [ 26.862830] ? trace_preempt_on+0x20/0xc0 [ 26.862874] ? __pfx_kthread+0x10/0x10 [ 26.862899] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.862927] ? calculate_sigpending+0x7b/0xa0 [ 26.862957] ? __pfx_kthread+0x10/0x10 [ 26.862983] ret_from_fork+0x116/0x1d0 [ 26.863004] ? __pfx_kthread+0x10/0x10 [ 26.863028] ret_from_fork_asm+0x1a/0x30 [ 26.863064] </TASK> [ 26.863077] [ 26.871149] Allocated by task 313: [ 26.871340] kasan_save_stack+0x45/0x70 [ 26.871502] kasan_save_track+0x18/0x40 [ 26.871690] kasan_save_alloc_info+0x3b/0x50 [ 26.871991] __kasan_kmalloc+0xb7/0xc0 [ 26.872144] __kmalloc_cache_noprof+0x189/0x420 [ 26.872309] kasan_atomics+0x95/0x310 [ 26.872493] kunit_try_run_case+0x1a5/0x480 [ 26.872693] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.872982] kthread+0x337/0x6f0 [ 26.873150] ret_from_fork+0x116/0x1d0 [ 26.873349] ret_from_fork_asm+0x1a/0x30 [ 26.873542] [ 26.873610] The buggy address belongs to the object at ffff8881059cb500 [ 26.873610] which belongs to the cache kmalloc-64 of size 64 [ 26.874091] The buggy address is located 0 bytes to the right of [ 26.874091] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.874458] [ 26.874533] The buggy address belongs to the physical page: [ 26.874723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.875067] flags: 0x200000000000000(node=0|zone=2) [ 26.875308] page_type: f5(slab) [ 26.875470] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.875794] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.876062] page dumped because: kasan: bad access detected [ 26.876231] [ 26.876389] Memory state around the buggy address: [ 26.876614] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.877007] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.877347] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.877645] ^ [ 26.878106] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.878408] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.878685] ================================================================== [ 26.965579] ================================================================== [ 26.966083] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 26.966365] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.966714] [ 26.966824] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.966878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.966912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.966937] Call Trace: [ 26.966959] <TASK> [ 26.966980] dump_stack_lvl+0x73/0xb0 [ 26.967011] print_report+0xd1/0x610 [ 26.967109] ? __virt_addr_valid+0x1db/0x2d0 [ 26.967138] ? kasan_atomics_helper+0x177f/0x5450 [ 26.967176] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.967207] ? kasan_atomics_helper+0x177f/0x5450 [ 26.967253] kasan_report+0x141/0x180 [ 26.967277] ? kasan_atomics_helper+0x177f/0x5450 [ 26.967313] kasan_check_range+0x10c/0x1c0 [ 26.967341] __kasan_check_write+0x18/0x20 [ 26.967369] kasan_atomics_helper+0x177f/0x5450 [ 26.967409] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.967440] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.967479] ? kasan_atomics+0x152/0x310 [ 26.967509] kasan_atomics+0x1dc/0x310 [ 26.967536] ? __pfx_kasan_atomics+0x10/0x10 [ 26.967572] ? __pfx_read_tsc+0x10/0x10 [ 26.967598] ? ktime_get_ts64+0x86/0x230 [ 26.967637] kunit_try_run_case+0x1a5/0x480 [ 26.967662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.967684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.967710] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.967742] ? __kthread_parkme+0x82/0x180 [ 26.967800] ? preempt_count_sub+0x50/0x80 [ 26.967828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.967852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.967890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.967920] kthread+0x337/0x6f0 [ 26.967943] ? trace_preempt_on+0x20/0xc0 [ 26.967992] ? __pfx_kthread+0x10/0x10 [ 26.968016] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.968045] ? calculate_sigpending+0x7b/0xa0 [ 26.968084] ? __pfx_kthread+0x10/0x10 [ 26.968109] ret_from_fork+0x116/0x1d0 [ 26.968131] ? __pfx_kthread+0x10/0x10 [ 26.968167] ret_from_fork_asm+0x1a/0x30 [ 26.968202] </TASK> [ 26.968216] [ 26.977284] Allocated by task 313: [ 26.977473] kasan_save_stack+0x45/0x70 [ 26.977695] kasan_save_track+0x18/0x40 [ 26.977916] kasan_save_alloc_info+0x3b/0x50 [ 26.978117] __kasan_kmalloc+0xb7/0xc0 [ 26.978325] __kmalloc_cache_noprof+0x189/0x420 [ 26.978493] kasan_atomics+0x95/0x310 [ 26.978677] kunit_try_run_case+0x1a5/0x480 [ 26.978880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.979068] kthread+0x337/0x6f0 [ 26.979186] ret_from_fork+0x116/0x1d0 [ 26.979366] ret_from_fork_asm+0x1a/0x30 [ 26.979692] [ 26.979860] The buggy address belongs to the object at ffff8881059cb500 [ 26.979860] which belongs to the cache kmalloc-64 of size 64 [ 26.980346] The buggy address is located 0 bytes to the right of [ 26.980346] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.981116] [ 26.981227] The buggy address belongs to the physical page: [ 26.981469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.981963] flags: 0x200000000000000(node=0|zone=2) [ 26.982365] page_type: f5(slab) [ 26.982548] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.982979] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.983207] page dumped because: kasan: bad access detected [ 26.983384] [ 26.983451] Memory state around the buggy address: [ 26.983670] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.983996] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.984304] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.984511] ^ [ 26.984662] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.985341] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.985653] ================================================================== [ 26.879232] ================================================================== [ 26.879556] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 26.879928] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.880176] [ 26.880307] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.880361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.880374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.880399] Call Trace: [ 26.880421] <TASK> [ 26.880442] dump_stack_lvl+0x73/0xb0 [ 26.880475] print_report+0xd1/0x610 [ 26.880500] ? __virt_addr_valid+0x1db/0x2d0 [ 26.880526] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.880556] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.880586] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.880618] kasan_report+0x141/0x180 [ 26.880643] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.880678] kasan_check_range+0x10c/0x1c0 [ 26.880705] __kasan_check_write+0x18/0x20 [ 26.880733] kasan_atomics_helper+0x15b6/0x5450 [ 26.880839] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.880888] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.880918] ? kasan_atomics+0x152/0x310 [ 26.880948] kasan_atomics+0x1dc/0x310 [ 26.880974] ? __pfx_kasan_atomics+0x10/0x10 [ 26.881002] ? __pfx_read_tsc+0x10/0x10 [ 26.881029] ? ktime_get_ts64+0x86/0x230 [ 26.881058] kunit_try_run_case+0x1a5/0x480 [ 26.881082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.881104] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.881128] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.881160] ? __kthread_parkme+0x82/0x180 [ 26.881182] ? preempt_count_sub+0x50/0x80 [ 26.881215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.881248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.881277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.881306] kthread+0x337/0x6f0 [ 26.881331] ? trace_preempt_on+0x20/0xc0 [ 26.881359] ? __pfx_kthread+0x10/0x10 [ 26.881384] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.881413] ? calculate_sigpending+0x7b/0xa0 [ 26.881442] ? __pfx_kthread+0x10/0x10 [ 26.881467] ret_from_fork+0x116/0x1d0 [ 26.881488] ? __pfx_kthread+0x10/0x10 [ 26.881512] ret_from_fork_asm+0x1a/0x30 [ 26.881548] </TASK> [ 26.881561] [ 26.889336] Allocated by task 313: [ 26.889501] kasan_save_stack+0x45/0x70 [ 26.889671] kasan_save_track+0x18/0x40 [ 26.890079] kasan_save_alloc_info+0x3b/0x50 [ 26.890261] __kasan_kmalloc+0xb7/0xc0 [ 26.890447] __kmalloc_cache_noprof+0x189/0x420 [ 26.890654] kasan_atomics+0x95/0x310 [ 26.890909] kunit_try_run_case+0x1a5/0x480 [ 26.891102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.891348] kthread+0x337/0x6f0 [ 26.891480] ret_from_fork+0x116/0x1d0 [ 26.891607] ret_from_fork_asm+0x1a/0x30 [ 26.892209] [ 26.892347] The buggy address belongs to the object at ffff8881059cb500 [ 26.892347] which belongs to the cache kmalloc-64 of size 64 [ 26.894504] The buggy address is located 0 bytes to the right of [ 26.894504] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.896979] [ 26.897472] The buggy address belongs to the physical page: [ 26.897906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.899044] flags: 0x200000000000000(node=0|zone=2) [ 26.899614] page_type: f5(slab) [ 26.899992] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.901003] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.901235] page dumped because: kasan: bad access detected [ 26.901409] [ 26.901473] Memory state around the buggy address: [ 26.901620] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.903393] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.904382] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.905514] ^ [ 26.905946] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.906797] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.907400] ================================================================== [ 27.270652] ================================================================== [ 27.271001] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 27.271342] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.271706] [ 27.271795] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.271866] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.271879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.271903] Call Trace: [ 27.271922] <TASK> [ 27.271941] dump_stack_lvl+0x73/0xb0 [ 27.271973] print_report+0xd1/0x610 [ 27.271997] ? __virt_addr_valid+0x1db/0x2d0 [ 27.272023] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.272052] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.272082] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.272113] kasan_report+0x141/0x180 [ 27.272137] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.272171] kasan_check_range+0x10c/0x1c0 [ 27.272198] __kasan_check_write+0x18/0x20 [ 27.272224] kasan_atomics_helper+0x1eaa/0x5450 [ 27.272265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.272296] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.272324] ? kasan_atomics+0x152/0x310 [ 27.272353] kasan_atomics+0x1dc/0x310 [ 27.272379] ? __pfx_kasan_atomics+0x10/0x10 [ 27.272407] ? __pfx_read_tsc+0x10/0x10 [ 27.272433] ? ktime_get_ts64+0x86/0x230 [ 27.272460] kunit_try_run_case+0x1a5/0x480 [ 27.272484] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.272505] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.272528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.272559] ? __kthread_parkme+0x82/0x180 [ 27.272581] ? preempt_count_sub+0x50/0x80 [ 27.272647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.272693] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.272722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.272756] kthread+0x337/0x6f0 [ 27.272780] ? trace_preempt_on+0x20/0xc0 [ 27.272806] ? __pfx_kthread+0x10/0x10 [ 27.272830] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.272858] ? calculate_sigpending+0x7b/0xa0 [ 27.272921] ? __pfx_kthread+0x10/0x10 [ 27.272946] ret_from_fork+0x116/0x1d0 [ 27.272967] ? __pfx_kthread+0x10/0x10 [ 27.272991] ret_from_fork_asm+0x1a/0x30 [ 27.273025] </TASK> [ 27.273038] [ 27.281169] Allocated by task 313: [ 27.281371] kasan_save_stack+0x45/0x70 [ 27.281624] kasan_save_track+0x18/0x40 [ 27.281949] kasan_save_alloc_info+0x3b/0x50 [ 27.282226] __kasan_kmalloc+0xb7/0xc0 [ 27.282411] __kmalloc_cache_noprof+0x189/0x420 [ 27.282662] kasan_atomics+0x95/0x310 [ 27.282832] kunit_try_run_case+0x1a5/0x480 [ 27.283049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.283280] kthread+0x337/0x6f0 [ 27.283553] ret_from_fork+0x116/0x1d0 [ 27.283729] ret_from_fork_asm+0x1a/0x30 [ 27.283934] [ 27.284003] The buggy address belongs to the object at ffff8881059cb500 [ 27.284003] which belongs to the cache kmalloc-64 of size 64 [ 27.284535] The buggy address is located 0 bytes to the right of [ 27.284535] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.285185] [ 27.285295] The buggy address belongs to the physical page: [ 27.285505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.285932] flags: 0x200000000000000(node=0|zone=2) [ 27.286152] page_type: f5(slab) [ 27.286322] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.286636] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.287022] page dumped because: kasan: bad access detected [ 27.287254] [ 27.287345] Memory state around the buggy address: [ 27.287532] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.287866] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.288230] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.288445] ^ [ 27.288592] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.288797] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289002] ================================================================== [ 27.402601] ================================================================== [ 27.402868] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 27.403118] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.403448] [ 27.403555] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.403603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.403616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.403638] Call Trace: [ 27.403656] <TASK> [ 27.403674] dump_stack_lvl+0x73/0xb0 [ 27.403702] print_report+0xd1/0x610 [ 27.403726] ? __virt_addr_valid+0x1db/0x2d0 [ 27.403751] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.403780] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.403809] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.403839] kasan_report+0x141/0x180 [ 27.403863] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.403896] __asan_report_load8_noabort+0x18/0x20 [ 27.403924] kasan_atomics_helper+0x4fb2/0x5450 [ 27.403955] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.403984] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.404012] ? kasan_atomics+0x152/0x310 [ 27.404042] kasan_atomics+0x1dc/0x310 [ 27.404068] ? __pfx_kasan_atomics+0x10/0x10 [ 27.404094] ? __pfx_read_tsc+0x10/0x10 [ 27.404120] ? ktime_get_ts64+0x86/0x230 [ 27.404187] kunit_try_run_case+0x1a5/0x480 [ 27.404211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.404233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.404268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.404301] ? __kthread_parkme+0x82/0x180 [ 27.404333] ? preempt_count_sub+0x50/0x80 [ 27.404359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.404383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.404422] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.404452] kthread+0x337/0x6f0 [ 27.404475] ? trace_preempt_on+0x20/0xc0 [ 27.404501] ? __pfx_kthread+0x10/0x10 [ 27.404525] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.404554] ? calculate_sigpending+0x7b/0xa0 [ 27.404583] ? __pfx_kthread+0x10/0x10 [ 27.404609] ret_from_fork+0x116/0x1d0 [ 27.404630] ? __pfx_kthread+0x10/0x10 [ 27.404654] ret_from_fork_asm+0x1a/0x30 [ 27.404689] </TASK> [ 27.404702] [ 27.412410] Allocated by task 313: [ 27.413082] kasan_save_stack+0x45/0x70 [ 27.413921] kasan_save_track+0x18/0x40 [ 27.414116] kasan_save_alloc_info+0x3b/0x50 [ 27.414345] __kasan_kmalloc+0xb7/0xc0 [ 27.414516] __kmalloc_cache_noprof+0x189/0x420 [ 27.414705] kasan_atomics+0x95/0x310 [ 27.415988] kunit_try_run_case+0x1a5/0x480 [ 27.416686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.417581] kthread+0x337/0x6f0 [ 27.418269] ret_from_fork+0x116/0x1d0 [ 27.418984] ret_from_fork_asm+0x1a/0x30 [ 27.419331] [ 27.419420] The buggy address belongs to the object at ffff8881059cb500 [ 27.419420] which belongs to the cache kmalloc-64 of size 64 [ 27.419776] The buggy address is located 0 bytes to the right of [ 27.419776] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.421714] [ 27.421822] The buggy address belongs to the physical page: [ 27.422052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.422370] flags: 0x200000000000000(node=0|zone=2) [ 27.422583] page_type: f5(slab) [ 27.422736] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.423615] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.424173] page dumped because: kasan: bad access detected [ 27.424621] [ 27.424868] Memory state around the buggy address: [ 27.425367] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.425807] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.426327] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.426831] ^ [ 27.427167] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.427625] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.428251] ================================================================== [ 27.429721] ================================================================== [ 27.430119] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 27.430475] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.430779] [ 27.431174] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.431399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.431421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.431447] Call Trace: [ 27.431470] <TASK> [ 27.431494] dump_stack_lvl+0x73/0xb0 [ 27.431529] print_report+0xd1/0x610 [ 27.431555] ? __virt_addr_valid+0x1db/0x2d0 [ 27.431581] ? kasan_atomics_helper+0x218a/0x5450 [ 27.431612] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.431642] ? kasan_atomics_helper+0x218a/0x5450 [ 27.431673] kasan_report+0x141/0x180 [ 27.431697] ? kasan_atomics_helper+0x218a/0x5450 [ 27.431733] kasan_check_range+0x10c/0x1c0 [ 27.431760] __kasan_check_write+0x18/0x20 [ 27.431788] kasan_atomics_helper+0x218a/0x5450 [ 27.431829] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.431862] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.431891] ? kasan_atomics+0x152/0x310 [ 27.431921] kasan_atomics+0x1dc/0x310 [ 27.431946] ? __pfx_kasan_atomics+0x10/0x10 [ 27.431974] ? __pfx_read_tsc+0x10/0x10 [ 27.432000] ? ktime_get_ts64+0x86/0x230 [ 27.432029] kunit_try_run_case+0x1a5/0x480 [ 27.432054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.432076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.432101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.432132] ? __kthread_parkme+0x82/0x180 [ 27.432154] ? preempt_count_sub+0x50/0x80 [ 27.432182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.432205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.432234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.432277] kthread+0x337/0x6f0 [ 27.432300] ? trace_preempt_on+0x20/0xc0 [ 27.432327] ? __pfx_kthread+0x10/0x10 [ 27.432351] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.432379] ? calculate_sigpending+0x7b/0xa0 [ 27.432408] ? __pfx_kthread+0x10/0x10 [ 27.432433] ret_from_fork+0x116/0x1d0 [ 27.432454] ? __pfx_kthread+0x10/0x10 [ 27.432479] ret_from_fork_asm+0x1a/0x30 [ 27.432514] </TASK> [ 27.432526] [ 27.443509] Allocated by task 313: [ 27.443677] kasan_save_stack+0x45/0x70 [ 27.444111] kasan_save_track+0x18/0x40 [ 27.444406] kasan_save_alloc_info+0x3b/0x50 [ 27.444726] __kasan_kmalloc+0xb7/0xc0 [ 27.445164] __kmalloc_cache_noprof+0x189/0x420 [ 27.445393] kasan_atomics+0x95/0x310 [ 27.445564] kunit_try_run_case+0x1a5/0x480 [ 27.445748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.446313] kthread+0x337/0x6f0 [ 27.446524] ret_from_fork+0x116/0x1d0 [ 27.446832] ret_from_fork_asm+0x1a/0x30 [ 27.447156] [ 27.447403] The buggy address belongs to the object at ffff8881059cb500 [ 27.447403] which belongs to the cache kmalloc-64 of size 64 [ 27.448194] The buggy address is located 0 bytes to the right of [ 27.448194] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.448715] [ 27.448806] The buggy address belongs to the physical page: [ 27.449378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.449991] flags: 0x200000000000000(node=0|zone=2) [ 27.450346] page_type: f5(slab) [ 27.450659] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.451159] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.451611] page dumped because: kasan: bad access detected [ 27.452038] [ 27.452134] Memory state around the buggy address: [ 27.452581] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.453245] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.453621] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.454160] ^ [ 27.454462] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.455036] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.455342] ================================================================== [ 27.176918] ================================================================== [ 27.177583] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 27.178360] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.178726] [ 27.178853] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.178911] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.178979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.179017] Call Trace: [ 27.179040] <TASK> [ 27.179063] dump_stack_lvl+0x73/0xb0 [ 27.179108] print_report+0xd1/0x610 [ 27.179149] ? __virt_addr_valid+0x1db/0x2d0 [ 27.179189] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.179219] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.179259] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.179291] kasan_report+0x141/0x180 [ 27.179316] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.179350] __asan_report_load8_noabort+0x18/0x20 [ 27.179378] kasan_atomics_helper+0x4f30/0x5450 [ 27.179410] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.179441] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.179471] ? kasan_atomics+0x152/0x310 [ 27.179502] kasan_atomics+0x1dc/0x310 [ 27.179528] ? __pfx_kasan_atomics+0x10/0x10 [ 27.179555] ? __pfx_read_tsc+0x10/0x10 [ 27.179581] ? ktime_get_ts64+0x86/0x230 [ 27.179610] kunit_try_run_case+0x1a5/0x480 [ 27.179634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.179656] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.179680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.179711] ? __kthread_parkme+0x82/0x180 [ 27.179734] ? preempt_count_sub+0x50/0x80 [ 27.179807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.179844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.179872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.179901] kthread+0x337/0x6f0 [ 27.179924] ? trace_preempt_on+0x20/0xc0 [ 27.179952] ? __pfx_kthread+0x10/0x10 [ 27.179976] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.180006] ? calculate_sigpending+0x7b/0xa0 [ 27.180035] ? __pfx_kthread+0x10/0x10 [ 27.180060] ret_from_fork+0x116/0x1d0 [ 27.180082] ? __pfx_kthread+0x10/0x10 [ 27.180107] ret_from_fork_asm+0x1a/0x30 [ 27.180143] </TASK> [ 27.180157] [ 27.192694] Allocated by task 313: [ 27.193299] kasan_save_stack+0x45/0x70 [ 27.193490] kasan_save_track+0x18/0x40 [ 27.193875] kasan_save_alloc_info+0x3b/0x50 [ 27.194088] __kasan_kmalloc+0xb7/0xc0 [ 27.194275] __kmalloc_cache_noprof+0x189/0x420 [ 27.194485] kasan_atomics+0x95/0x310 [ 27.194658] kunit_try_run_case+0x1a5/0x480 [ 27.195156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.195580] kthread+0x337/0x6f0 [ 27.195885] ret_from_fork+0x116/0x1d0 [ 27.196039] ret_from_fork_asm+0x1a/0x30 [ 27.196634] [ 27.196712] The buggy address belongs to the object at ffff8881059cb500 [ 27.196712] which belongs to the cache kmalloc-64 of size 64 [ 27.197652] The buggy address is located 0 bytes to the right of [ 27.197652] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.198395] [ 27.198509] The buggy address belongs to the physical page: [ 27.198739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.199289] flags: 0x200000000000000(node=0|zone=2) [ 27.199626] page_type: f5(slab) [ 27.199855] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.200390] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.200809] page dumped because: kasan: bad access detected [ 27.201356] [ 27.201452] Memory state around the buggy address: [ 27.201640] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.202305] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.202724] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.203165] ^ [ 27.203409] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.204218] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.205093] ================================================================== [ 25.951741] ================================================================== [ 25.952471] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 25.953281] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 25.953997] [ 25.954208] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.954277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.954290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.954315] Call Trace: [ 25.954336] <TASK> [ 25.954358] dump_stack_lvl+0x73/0xb0 [ 25.954391] print_report+0xd1/0x610 [ 25.954415] ? __virt_addr_valid+0x1db/0x2d0 [ 25.954442] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.954472] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.954502] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.954533] kasan_report+0x141/0x180 [ 25.954557] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.954592] __asan_report_store4_noabort+0x1b/0x30 [ 25.954621] kasan_atomics_helper+0x4b6e/0x5450 [ 25.954652] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.954683] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.954712] ? kasan_atomics+0x152/0x310 [ 25.954742] kasan_atomics+0x1dc/0x310 [ 25.954813] ? __pfx_kasan_atomics+0x10/0x10 [ 25.954842] ? __pfx_read_tsc+0x10/0x10 [ 25.954869] ? ktime_get_ts64+0x86/0x230 [ 25.954898] kunit_try_run_case+0x1a5/0x480 [ 25.954922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.954944] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.954968] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.955001] ? __kthread_parkme+0x82/0x180 [ 25.955024] ? preempt_count_sub+0x50/0x80 [ 25.955060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.955084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.955114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.955143] kthread+0x337/0x6f0 [ 25.955167] ? trace_preempt_on+0x20/0xc0 [ 25.955193] ? __pfx_kthread+0x10/0x10 [ 25.955218] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.955259] ? calculate_sigpending+0x7b/0xa0 [ 25.955289] ? __pfx_kthread+0x10/0x10 [ 25.955314] ret_from_fork+0x116/0x1d0 [ 25.955335] ? __pfx_kthread+0x10/0x10 [ 25.955358] ret_from_fork_asm+0x1a/0x30 [ 25.955394] </TASK> [ 25.955407] [ 25.965905] Allocated by task 313: [ 25.966070] kasan_save_stack+0x45/0x70 [ 25.966353] kasan_save_track+0x18/0x40 [ 25.966543] kasan_save_alloc_info+0x3b/0x50 [ 25.966795] __kasan_kmalloc+0xb7/0xc0 [ 25.966947] __kmalloc_cache_noprof+0x189/0x420 [ 25.967102] kasan_atomics+0x95/0x310 [ 25.967231] kunit_try_run_case+0x1a5/0x480 [ 25.967446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.967699] kthread+0x337/0x6f0 [ 25.967910] ret_from_fork+0x116/0x1d0 [ 25.968158] ret_from_fork_asm+0x1a/0x30 [ 25.968373] [ 25.968452] The buggy address belongs to the object at ffff8881059cb500 [ 25.968452] which belongs to the cache kmalloc-64 of size 64 [ 25.969039] The buggy address is located 0 bytes to the right of [ 25.969039] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 25.969517] [ 25.969611] The buggy address belongs to the physical page: [ 25.969858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 25.970536] flags: 0x200000000000000(node=0|zone=2) [ 25.970875] page_type: f5(slab) [ 25.971023] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.971331] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.971651] page dumped because: kasan: bad access detected [ 25.971932] [ 25.972027] Memory state around the buggy address: [ 25.972187] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.972412] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.972658] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.972962] ^ [ 25.973407] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.973641] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.973849] ================================================================== [ 27.206153] ================================================================== [ 27.206930] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 27.207184] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.207424] [ 27.207515] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.207569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.207585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.207608] Call Trace: [ 27.207631] <TASK> [ 27.207653] dump_stack_lvl+0x73/0xb0 [ 27.207684] print_report+0xd1/0x610 [ 27.207709] ? __virt_addr_valid+0x1db/0x2d0 [ 27.207735] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.207767] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.207797] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.207828] kasan_report+0x141/0x180 [ 27.207852] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.207959] kasan_check_range+0x10c/0x1c0 [ 27.207988] __kasan_check_write+0x18/0x20 [ 27.208018] kasan_atomics_helper+0x1ce1/0x5450 [ 27.208049] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.208079] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.208108] ? kasan_atomics+0x152/0x310 [ 27.208138] kasan_atomics+0x1dc/0x310 [ 27.208164] ? __pfx_kasan_atomics+0x10/0x10 [ 27.208191] ? __pfx_read_tsc+0x10/0x10 [ 27.208218] ? ktime_get_ts64+0x86/0x230 [ 27.208259] kunit_try_run_case+0x1a5/0x480 [ 27.208283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.208305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.208329] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.208359] ? __kthread_parkme+0x82/0x180 [ 27.208382] ? preempt_count_sub+0x50/0x80 [ 27.208408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.208431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.208459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.208488] kthread+0x337/0x6f0 [ 27.208511] ? trace_preempt_on+0x20/0xc0 [ 27.208537] ? __pfx_kthread+0x10/0x10 [ 27.208561] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.208589] ? calculate_sigpending+0x7b/0xa0 [ 27.208618] ? __pfx_kthread+0x10/0x10 [ 27.208643] ret_from_fork+0x116/0x1d0 [ 27.208664] ? __pfx_kthread+0x10/0x10 [ 27.208689] ret_from_fork_asm+0x1a/0x30 [ 27.208724] </TASK> [ 27.208737] [ 27.217454] Allocated by task 313: [ 27.217638] kasan_save_stack+0x45/0x70 [ 27.217965] kasan_save_track+0x18/0x40 [ 27.218151] kasan_save_alloc_info+0x3b/0x50 [ 27.218356] __kasan_kmalloc+0xb7/0xc0 [ 27.218527] __kmalloc_cache_noprof+0x189/0x420 [ 27.218730] kasan_atomics+0x95/0x310 [ 27.219106] kunit_try_run_case+0x1a5/0x480 [ 27.219309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.219543] kthread+0x337/0x6f0 [ 27.219696] ret_from_fork+0x116/0x1d0 [ 27.220045] ret_from_fork_asm+0x1a/0x30 [ 27.220234] [ 27.220331] The buggy address belongs to the object at ffff8881059cb500 [ 27.220331] which belongs to the cache kmalloc-64 of size 64 [ 27.220853] The buggy address is located 0 bytes to the right of [ 27.220853] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.221359] [ 27.221450] The buggy address belongs to the physical page: [ 27.221673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.223009] flags: 0x200000000000000(node=0|zone=2) [ 27.223203] page_type: f5(slab) [ 27.223340] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.223569] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.223799] page dumped because: kasan: bad access detected [ 27.223985] [ 27.224051] Memory state around the buggy address: [ 27.224205] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.224424] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.224635] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.224900] ^ [ 27.225127] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.225891] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.226501] ================================================================== [ 26.907923] ================================================================== [ 26.908471] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 26.909320] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.910102] [ 26.910213] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.910313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.910329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.910391] Call Trace: [ 26.910415] <TASK> [ 26.910438] dump_stack_lvl+0x73/0xb0 [ 26.910484] print_report+0xd1/0x610 [ 26.910508] ? __virt_addr_valid+0x1db/0x2d0 [ 26.910537] ? kasan_atomics_helper+0x164f/0x5450 [ 26.910568] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.910599] ? kasan_atomics_helper+0x164f/0x5450 [ 26.910629] kasan_report+0x141/0x180 [ 26.910653] ? kasan_atomics_helper+0x164f/0x5450 [ 26.910688] kasan_check_range+0x10c/0x1c0 [ 26.910715] __kasan_check_write+0x18/0x20 [ 26.910743] kasan_atomics_helper+0x164f/0x5450 [ 26.910785] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.910828] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.910858] ? kasan_atomics+0x152/0x310 [ 26.910888] kasan_atomics+0x1dc/0x310 [ 26.910914] ? __pfx_kasan_atomics+0x10/0x10 [ 26.910942] ? __pfx_read_tsc+0x10/0x10 [ 26.910969] ? ktime_get_ts64+0x86/0x230 [ 26.910998] kunit_try_run_case+0x1a5/0x480 [ 26.911023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.911045] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.911069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.911100] ? __kthread_parkme+0x82/0x180 [ 26.911123] ? preempt_count_sub+0x50/0x80 [ 26.911149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.911173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.911202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.911232] kthread+0x337/0x6f0 [ 26.911264] ? trace_preempt_on+0x20/0xc0 [ 26.911291] ? __pfx_kthread+0x10/0x10 [ 26.911315] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.911344] ? calculate_sigpending+0x7b/0xa0 [ 26.911375] ? __pfx_kthread+0x10/0x10 [ 26.911401] ret_from_fork+0x116/0x1d0 [ 26.911422] ? __pfx_kthread+0x10/0x10 [ 26.911446] ret_from_fork_asm+0x1a/0x30 [ 26.911484] </TASK> [ 26.911496] [ 26.926156] Allocated by task 313: [ 26.926317] kasan_save_stack+0x45/0x70 [ 26.926483] kasan_save_track+0x18/0x40 [ 26.926906] kasan_save_alloc_info+0x3b/0x50 [ 26.927415] __kasan_kmalloc+0xb7/0xc0 [ 26.927724] __kmalloc_cache_noprof+0x189/0x420 [ 26.928196] kasan_atomics+0x95/0x310 [ 26.928492] kunit_try_run_case+0x1a5/0x480 [ 26.928636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.928803] kthread+0x337/0x6f0 [ 26.929051] ret_from_fork+0x116/0x1d0 [ 26.929465] ret_from_fork_asm+0x1a/0x30 [ 26.929718] [ 26.929934] The buggy address belongs to the object at ffff8881059cb500 [ 26.929934] which belongs to the cache kmalloc-64 of size 64 [ 26.930799] The buggy address is located 0 bytes to the right of [ 26.930799] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.931782] [ 26.931950] The buggy address belongs to the physical page: [ 26.932580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.933129] flags: 0x200000000000000(node=0|zone=2) [ 26.933493] page_type: f5(slab) [ 26.933857] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.934518] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.934735] page dumped because: kasan: bad access detected [ 26.935107] [ 26.935313] Memory state around the buggy address: [ 26.935868] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.936685] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.937404] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.937905] ^ [ 26.938056] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.938270] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.938471] ================================================================== [ 27.252377] ================================================================== [ 27.252702] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 27.253064] Write of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.253340] [ 27.253426] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.253476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.253490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.253513] Call Trace: [ 27.253532] <TASK> [ 27.253551] dump_stack_lvl+0x73/0xb0 [ 27.253582] print_report+0xd1/0x610 [ 27.253607] ? __virt_addr_valid+0x1db/0x2d0 [ 27.253632] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.253661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.253691] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.253720] kasan_report+0x141/0x180 [ 27.253768] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.253820] kasan_check_range+0x10c/0x1c0 [ 27.253847] __kasan_check_write+0x18/0x20 [ 27.253874] kasan_atomics_helper+0x1e12/0x5450 [ 27.253906] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.253936] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.253964] ? kasan_atomics+0x152/0x310 [ 27.253993] kasan_atomics+0x1dc/0x310 [ 27.254019] ? __pfx_kasan_atomics+0x10/0x10 [ 27.254046] ? __pfx_read_tsc+0x10/0x10 [ 27.254072] ? ktime_get_ts64+0x86/0x230 [ 27.254100] kunit_try_run_case+0x1a5/0x480 [ 27.254124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.254146] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.254169] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.254199] ? __kthread_parkme+0x82/0x180 [ 27.254223] ? preempt_count_sub+0x50/0x80 [ 27.254275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.254300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.254328] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.254356] kthread+0x337/0x6f0 [ 27.254378] ? trace_preempt_on+0x20/0xc0 [ 27.254404] ? __pfx_kthread+0x10/0x10 [ 27.254428] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.254456] ? calculate_sigpending+0x7b/0xa0 [ 27.254484] ? __pfx_kthread+0x10/0x10 [ 27.254509] ret_from_fork+0x116/0x1d0 [ 27.254529] ? __pfx_kthread+0x10/0x10 [ 27.254553] ret_from_fork_asm+0x1a/0x30 [ 27.254587] </TASK> [ 27.254601] [ 27.262364] Allocated by task 313: [ 27.262495] kasan_save_stack+0x45/0x70 [ 27.262632] kasan_save_track+0x18/0x40 [ 27.262764] kasan_save_alloc_info+0x3b/0x50 [ 27.262983] __kasan_kmalloc+0xb7/0xc0 [ 27.263269] __kmalloc_cache_noprof+0x189/0x420 [ 27.263485] kasan_atomics+0x95/0x310 [ 27.263665] kunit_try_run_case+0x1a5/0x480 [ 27.263881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.264135] kthread+0x337/0x6f0 [ 27.264434] ret_from_fork+0x116/0x1d0 [ 27.264615] ret_from_fork_asm+0x1a/0x30 [ 27.264835] [ 27.264925] The buggy address belongs to the object at ffff8881059cb500 [ 27.264925] which belongs to the cache kmalloc-64 of size 64 [ 27.265602] The buggy address is located 0 bytes to the right of [ 27.265602] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.265956] [ 27.266036] The buggy address belongs to the physical page: [ 27.266293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.266641] flags: 0x200000000000000(node=0|zone=2) [ 27.266876] page_type: f5(slab) [ 27.267046] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.267434] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.267778] page dumped because: kasan: bad access detected [ 27.268041] [ 27.268153] Memory state around the buggy address: [ 27.268352] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.268554] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.268791] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.269111] ^ [ 27.269339] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.269725] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.270223] ================================================================== [ 27.308869] ================================================================== [ 27.309231] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 27.309546] Read of size 8 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 27.309763] [ 27.309848] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 27.309896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.309910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.309934] Call Trace: [ 27.309954] <TASK> [ 27.309974] dump_stack_lvl+0x73/0xb0 [ 27.310002] print_report+0xd1/0x610 [ 27.310025] ? __virt_addr_valid+0x1db/0x2d0 [ 27.310050] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.310081] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.310110] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.310140] kasan_report+0x141/0x180 [ 27.310163] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.310197] __asan_report_load8_noabort+0x18/0x20 [ 27.310224] kasan_atomics_helper+0x4f71/0x5450 [ 27.310265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.310295] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.310323] ? kasan_atomics+0x152/0x310 [ 27.310363] kasan_atomics+0x1dc/0x310 [ 27.310390] ? __pfx_kasan_atomics+0x10/0x10 [ 27.310417] ? __pfx_read_tsc+0x10/0x10 [ 27.310443] ? ktime_get_ts64+0x86/0x230 [ 27.310470] kunit_try_run_case+0x1a5/0x480 [ 27.310494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.310527] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.310560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.310590] ? __kthread_parkme+0x82/0x180 [ 27.310612] ? preempt_count_sub+0x50/0x80 [ 27.310638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.310662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.310690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.310719] kthread+0x337/0x6f0 [ 27.310765] ? trace_preempt_on+0x20/0xc0 [ 27.310791] ? __pfx_kthread+0x10/0x10 [ 27.310814] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.310843] ? calculate_sigpending+0x7b/0xa0 [ 27.310872] ? __pfx_kthread+0x10/0x10 [ 27.310896] ret_from_fork+0x116/0x1d0 [ 27.310917] ? __pfx_kthread+0x10/0x10 [ 27.310941] ret_from_fork_asm+0x1a/0x30 [ 27.310977] </TASK> [ 27.310989] [ 27.323893] Allocated by task 313: [ 27.324301] kasan_save_stack+0x45/0x70 [ 27.324616] kasan_save_track+0x18/0x40 [ 27.324875] kasan_save_alloc_info+0x3b/0x50 [ 27.325258] __kasan_kmalloc+0xb7/0xc0 [ 27.325544] __kmalloc_cache_noprof+0x189/0x420 [ 27.325961] kasan_atomics+0x95/0x310 [ 27.326273] kunit_try_run_case+0x1a5/0x480 [ 27.326571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.327062] kthread+0x337/0x6f0 [ 27.327365] ret_from_fork+0x116/0x1d0 [ 27.327662] ret_from_fork_asm+0x1a/0x30 [ 27.328002] [ 27.328126] The buggy address belongs to the object at ffff8881059cb500 [ 27.328126] which belongs to the cache kmalloc-64 of size 64 [ 27.328848] The buggy address is located 0 bytes to the right of [ 27.328848] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 27.329609] [ 27.329717] The buggy address belongs to the physical page: [ 27.330216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 27.330623] flags: 0x200000000000000(node=0|zone=2) [ 27.331006] page_type: f5(slab) [ 27.331300] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.331721] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.332094] page dumped because: kasan: bad access detected [ 27.332336] [ 27.332417] Memory state around the buggy address: [ 27.332646] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.333210] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.333589] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.333997] ^ [ 27.334381] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.334735] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.335197] ================================================================== [ 26.216719] ================================================================== [ 26.217356] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 26.217590] Write of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.218042] [ 26.218281] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.218337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.218368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.218393] Call Trace: [ 26.218428] <TASK> [ 26.218463] dump_stack_lvl+0x73/0xb0 [ 26.218508] print_report+0xd1/0x610 [ 26.218533] ? __virt_addr_valid+0x1db/0x2d0 [ 26.218558] ? kasan_atomics_helper+0x860/0x5450 [ 26.218588] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.218619] ? kasan_atomics_helper+0x860/0x5450 [ 26.218649] kasan_report+0x141/0x180 [ 26.218673] ? kasan_atomics_helper+0x860/0x5450 [ 26.218708] kasan_check_range+0x10c/0x1c0 [ 26.218735] __kasan_check_write+0x18/0x20 [ 26.218763] kasan_atomics_helper+0x860/0x5450 [ 26.218794] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.218825] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.218853] ? kasan_atomics+0x152/0x310 [ 26.218884] kasan_atomics+0x1dc/0x310 [ 26.218912] ? __pfx_kasan_atomics+0x10/0x10 [ 26.218959] ? __pfx_read_tsc+0x10/0x10 [ 26.218987] ? ktime_get_ts64+0x86/0x230 [ 26.219016] kunit_try_run_case+0x1a5/0x480 [ 26.219040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.219114] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.219142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.219193] ? __kthread_parkme+0x82/0x180 [ 26.219217] ? preempt_count_sub+0x50/0x80 [ 26.219255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.219279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.219307] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.219353] kthread+0x337/0x6f0 [ 26.219389] ? trace_preempt_on+0x20/0xc0 [ 26.219415] ? __pfx_kthread+0x10/0x10 [ 26.219439] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.219482] ? calculate_sigpending+0x7b/0xa0 [ 26.219524] ? __pfx_kthread+0x10/0x10 [ 26.219549] ret_from_fork+0x116/0x1d0 [ 26.219570] ? __pfx_kthread+0x10/0x10 [ 26.219594] ret_from_fork_asm+0x1a/0x30 [ 26.219630] </TASK> [ 26.219644] [ 26.227867] Allocated by task 313: [ 26.228126] kasan_save_stack+0x45/0x70 [ 26.228426] kasan_save_track+0x18/0x40 [ 26.228857] kasan_save_alloc_info+0x3b/0x50 [ 26.229063] __kasan_kmalloc+0xb7/0xc0 [ 26.229275] __kmalloc_cache_noprof+0x189/0x420 [ 26.229505] kasan_atomics+0x95/0x310 [ 26.229724] kunit_try_run_case+0x1a5/0x480 [ 26.230045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.230351] kthread+0x337/0x6f0 [ 26.230477] ret_from_fork+0x116/0x1d0 [ 26.230608] ret_from_fork_asm+0x1a/0x30 [ 26.230745] [ 26.230838] The buggy address belongs to the object at ffff8881059cb500 [ 26.230838] which belongs to the cache kmalloc-64 of size 64 [ 26.231438] The buggy address is located 0 bytes to the right of [ 26.231438] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.232177] [ 26.232310] The buggy address belongs to the physical page: [ 26.232662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.232898] flags: 0x200000000000000(node=0|zone=2) [ 26.233056] page_type: f5(slab) [ 26.233173] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.233412] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.234140] page dumped because: kasan: bad access detected [ 26.234603] [ 26.234724] Memory state around the buggy address: [ 26.234968] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.235410] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.235701] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.236463] ^ [ 26.236710] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.237132] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.237369] ================================================================== [ 26.535272] ================================================================== [ 26.535508] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 26.535749] Read of size 4 at addr ffff8881059cb530 by task kunit_try_catch/313 [ 26.535965] [ 26.536051] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 26.536101] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.536115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.536138] Call Trace: [ 26.536157] <TASK> [ 26.536176] dump_stack_lvl+0x73/0xb0 [ 26.536206] print_report+0xd1/0x610 [ 26.536229] ? __virt_addr_valid+0x1db/0x2d0 [ 26.536719] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.536753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.536784] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.537276] kasan_report+0x141/0x180 [ 26.537310] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.537348] __asan_report_load4_noabort+0x18/0x20 [ 26.537378] kasan_atomics_helper+0x4a36/0x5450 [ 26.537410] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.537440] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.537468] ? kasan_atomics+0x152/0x310 [ 26.537498] kasan_atomics+0x1dc/0x310 [ 26.537524] ? __pfx_kasan_atomics+0x10/0x10 [ 26.537551] ? __pfx_read_tsc+0x10/0x10 [ 26.537579] ? ktime_get_ts64+0x86/0x230 [ 26.537607] kunit_try_run_case+0x1a5/0x480 [ 26.537631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.537653] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.537677] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.537707] ? __kthread_parkme+0x82/0x180 [ 26.537729] ? preempt_count_sub+0x50/0x80 [ 26.537790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.537833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.537864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.537893] kthread+0x337/0x6f0 [ 26.537916] ? trace_preempt_on+0x20/0xc0 [ 26.537943] ? __pfx_kthread+0x10/0x10 [ 26.537967] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.537996] ? calculate_sigpending+0x7b/0xa0 [ 26.538025] ? __pfx_kthread+0x10/0x10 [ 26.538051] ret_from_fork+0x116/0x1d0 [ 26.538072] ? __pfx_kthread+0x10/0x10 [ 26.538096] ret_from_fork_asm+0x1a/0x30 [ 26.538132] </TASK> [ 26.538145] [ 26.552604] Allocated by task 313: [ 26.552932] kasan_save_stack+0x45/0x70 [ 26.553307] kasan_save_track+0x18/0x40 [ 26.553649] kasan_save_alloc_info+0x3b/0x50 [ 26.554057] __kasan_kmalloc+0xb7/0xc0 [ 26.554389] __kmalloc_cache_noprof+0x189/0x420 [ 26.554774] kasan_atomics+0x95/0x310 [ 26.555177] kunit_try_run_case+0x1a5/0x480 [ 26.555983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.556255] kthread+0x337/0x6f0 [ 26.556552] ret_from_fork+0x116/0x1d0 [ 26.556714] ret_from_fork_asm+0x1a/0x30 [ 26.556924] [ 26.557019] The buggy address belongs to the object at ffff8881059cb500 [ 26.557019] which belongs to the cache kmalloc-64 of size 64 [ 26.558268] The buggy address is located 0 bytes to the right of [ 26.558268] allocated 48-byte region [ffff8881059cb500, ffff8881059cb530) [ 26.558739] [ 26.559399] The buggy address belongs to the physical page: [ 26.559634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cb [ 26.559916] flags: 0x200000000000000(node=0|zone=2) [ 26.560101] page_type: f5(slab) [ 26.560340] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.560751] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.561231] page dumped because: kasan: bad access detected [ 26.561480] [ 26.561554] Memory state around the buggy address: [ 26.561760] ffff8881059cb400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.562404] ffff8881059cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.562808] >ffff8881059cb500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.563361] ^ [ 26.563582] ffff8881059cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.564122] ffff8881059cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.564399] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 25.758161] ================================================================== [ 25.758495] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.759108] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.759453] [ 25.759549] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.759602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.759615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.759638] Call Trace: [ 25.759653] <TASK> [ 25.759683] dump_stack_lvl+0x73/0xb0 [ 25.759718] print_report+0xd1/0x610 [ 25.759754] ? __virt_addr_valid+0x1db/0x2d0 [ 25.759781] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.759812] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.759863] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.759894] kasan_report+0x141/0x180 [ 25.759931] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.759966] kasan_check_range+0x10c/0x1c0 [ 25.759994] __kasan_check_write+0x18/0x20 [ 25.760022] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.760053] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.760085] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.760114] ? trace_hardirqs_on+0x37/0xe0 [ 25.760139] ? kasan_bitops_generic+0x92/0x1c0 [ 25.760170] kasan_bitops_generic+0x121/0x1c0 [ 25.760197] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.760225] ? __pfx_read_tsc+0x10/0x10 [ 25.760262] ? ktime_get_ts64+0x86/0x230 [ 25.760290] kunit_try_run_case+0x1a5/0x480 [ 25.760314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.760337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.760360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.760391] ? __kthread_parkme+0x82/0x180 [ 25.760414] ? preempt_count_sub+0x50/0x80 [ 25.760440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.760464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.760492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.760520] kthread+0x337/0x6f0 [ 25.760543] ? trace_preempt_on+0x20/0xc0 [ 25.760568] ? __pfx_kthread+0x10/0x10 [ 25.760592] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.760620] ? calculate_sigpending+0x7b/0xa0 [ 25.760649] ? __pfx_kthread+0x10/0x10 [ 25.760674] ret_from_fork+0x116/0x1d0 [ 25.760696] ? __pfx_kthread+0x10/0x10 [ 25.760721] ret_from_fork_asm+0x1a/0x30 [ 25.760757] </TASK> [ 25.760769] [ 25.770161] Allocated by task 309: [ 25.770369] kasan_save_stack+0x45/0x70 [ 25.770603] kasan_save_track+0x18/0x40 [ 25.770773] kasan_save_alloc_info+0x3b/0x50 [ 25.771105] __kasan_kmalloc+0xb7/0xc0 [ 25.771312] __kmalloc_cache_noprof+0x189/0x420 [ 25.771469] kasan_bitops_generic+0x92/0x1c0 [ 25.771617] kunit_try_run_case+0x1a5/0x480 [ 25.771792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.772055] kthread+0x337/0x6f0 [ 25.772234] ret_from_fork+0x116/0x1d0 [ 25.772415] ret_from_fork_asm+0x1a/0x30 [ 25.772553] [ 25.772619] The buggy address belongs to the object at ffff88810598a260 [ 25.772619] which belongs to the cache kmalloc-16 of size 16 [ 25.773519] The buggy address is located 8 bytes inside of [ 25.773519] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.774055] [ 25.774164] The buggy address belongs to the physical page: [ 25.774411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.774720] flags: 0x200000000000000(node=0|zone=2) [ 25.775048] page_type: f5(slab) [ 25.775202] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.775540] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.775800] page dumped because: kasan: bad access detected [ 25.776079] [ 25.776164] Memory state around the buggy address: [ 25.776369] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.776667] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.776983] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.777284] ^ [ 25.777562] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.777892] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.778182] ================================================================== [ 25.651258] ================================================================== [ 25.651578] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.652497] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.653225] [ 25.653363] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.653418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.653431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.653455] Call Trace: [ 25.653477] <TASK> [ 25.653497] dump_stack_lvl+0x73/0xb0 [ 25.653532] print_report+0xd1/0x610 [ 25.653557] ? __virt_addr_valid+0x1db/0x2d0 [ 25.653584] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.653614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.653645] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.653676] kasan_report+0x141/0x180 [ 25.653700] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.653736] kasan_check_range+0x10c/0x1c0 [ 25.653762] __kasan_check_write+0x18/0x20 [ 25.653790] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.653821] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.653852] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.653910] ? trace_hardirqs_on+0x37/0xe0 [ 25.653936] ? kasan_bitops_generic+0x92/0x1c0 [ 25.653967] kasan_bitops_generic+0x121/0x1c0 [ 25.653994] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.654023] ? __pfx_read_tsc+0x10/0x10 [ 25.654050] ? ktime_get_ts64+0x86/0x230 [ 25.654078] kunit_try_run_case+0x1a5/0x480 [ 25.654103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.654125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.654148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.654179] ? __kthread_parkme+0x82/0x180 [ 25.654204] ? preempt_count_sub+0x50/0x80 [ 25.654230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.654265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.654293] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.654322] kthread+0x337/0x6f0 [ 25.654345] ? trace_preempt_on+0x20/0xc0 [ 25.654370] ? __pfx_kthread+0x10/0x10 [ 25.654394] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.654424] ? calculate_sigpending+0x7b/0xa0 [ 25.654453] ? __pfx_kthread+0x10/0x10 [ 25.654480] ret_from_fork+0x116/0x1d0 [ 25.654502] ? __pfx_kthread+0x10/0x10 [ 25.654526] ret_from_fork_asm+0x1a/0x30 [ 25.654562] </TASK> [ 25.654574] [ 25.662254] Allocated by task 309: [ 25.662424] kasan_save_stack+0x45/0x70 [ 25.662616] kasan_save_track+0x18/0x40 [ 25.662802] kasan_save_alloc_info+0x3b/0x50 [ 25.662982] __kasan_kmalloc+0xb7/0xc0 [ 25.663176] __kmalloc_cache_noprof+0x189/0x420 [ 25.663341] kasan_bitops_generic+0x92/0x1c0 [ 25.663541] kunit_try_run_case+0x1a5/0x480 [ 25.663738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.664007] kthread+0x337/0x6f0 [ 25.664124] ret_from_fork+0x116/0x1d0 [ 25.664260] ret_from_fork_asm+0x1a/0x30 [ 25.664393] [ 25.664457] The buggy address belongs to the object at ffff88810598a260 [ 25.664457] which belongs to the cache kmalloc-16 of size 16 [ 25.664925] The buggy address is located 8 bytes inside of [ 25.664925] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.665674] [ 25.665742] The buggy address belongs to the physical page: [ 25.665903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.666131] flags: 0x200000000000000(node=0|zone=2) [ 25.666418] page_type: f5(slab) [ 25.666584] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.667051] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.667415] page dumped because: kasan: bad access detected [ 25.667642] [ 25.667740] Memory state around the buggy address: [ 25.667973] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.668254] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.668464] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.668709] ^ [ 25.668988] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.669453] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.669687] ================================================================== [ 25.800720] ================================================================== [ 25.801029] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.801406] Read of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.801692] [ 25.801803] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.801855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.801867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.801890] Call Trace: [ 25.801909] <TASK> [ 25.801928] dump_stack_lvl+0x73/0xb0 [ 25.801959] print_report+0xd1/0x610 [ 25.801984] ? __virt_addr_valid+0x1db/0x2d0 [ 25.802011] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.802041] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.802071] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.802101] kasan_report+0x141/0x180 [ 25.802125] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.802160] kasan_check_range+0x10c/0x1c0 [ 25.802187] __kasan_check_read+0x15/0x20 [ 25.802213] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.802676] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.802721] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.802749] ? trace_hardirqs_on+0x37/0xe0 [ 25.802791] ? kasan_bitops_generic+0x92/0x1c0 [ 25.802823] kasan_bitops_generic+0x121/0x1c0 [ 25.802851] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.802879] ? __pfx_read_tsc+0x10/0x10 [ 25.802904] ? ktime_get_ts64+0x86/0x230 [ 25.802933] kunit_try_run_case+0x1a5/0x480 [ 25.802957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.802979] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.803003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.803033] ? __kthread_parkme+0x82/0x180 [ 25.803055] ? preempt_count_sub+0x50/0x80 [ 25.803081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.803106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.803134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.803163] kthread+0x337/0x6f0 [ 25.803186] ? trace_preempt_on+0x20/0xc0 [ 25.803211] ? __pfx_kthread+0x10/0x10 [ 25.803235] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.803278] ? calculate_sigpending+0x7b/0xa0 [ 25.803307] ? __pfx_kthread+0x10/0x10 [ 25.803332] ret_from_fork+0x116/0x1d0 [ 25.803354] ? __pfx_kthread+0x10/0x10 [ 25.803378] ret_from_fork_asm+0x1a/0x30 [ 25.803414] </TASK> [ 25.803427] [ 25.812661] Allocated by task 309: [ 25.812809] kasan_save_stack+0x45/0x70 [ 25.813253] kasan_save_track+0x18/0x40 [ 25.813528] kasan_save_alloc_info+0x3b/0x50 [ 25.813732] __kasan_kmalloc+0xb7/0xc0 [ 25.814048] __kmalloc_cache_noprof+0x189/0x420 [ 25.814349] kasan_bitops_generic+0x92/0x1c0 [ 25.814677] kunit_try_run_case+0x1a5/0x480 [ 25.814985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.815228] kthread+0x337/0x6f0 [ 25.815401] ret_from_fork+0x116/0x1d0 [ 25.815576] ret_from_fork_asm+0x1a/0x30 [ 25.815756] [ 25.815823] The buggy address belongs to the object at ffff88810598a260 [ 25.815823] which belongs to the cache kmalloc-16 of size 16 [ 25.816563] The buggy address is located 8 bytes inside of [ 25.816563] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.817209] [ 25.817317] The buggy address belongs to the physical page: [ 25.817508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.817990] flags: 0x200000000000000(node=0|zone=2) [ 25.818166] page_type: f5(slab) [ 25.818339] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.818669] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.818967] page dumped because: kasan: bad access detected [ 25.819184] [ 25.819281] Memory state around the buggy address: [ 25.819501] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.819742] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.820052] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.820585] ^ [ 25.821185] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.821519] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.821812] ================================================================== [ 25.779190] ================================================================== [ 25.779758] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.780155] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.780468] [ 25.780596] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.780648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.780660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.780683] Call Trace: [ 25.780712] <TASK> [ 25.780731] dump_stack_lvl+0x73/0xb0 [ 25.780764] print_report+0xd1/0x610 [ 25.780801] ? __virt_addr_valid+0x1db/0x2d0 [ 25.780837] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.780877] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.780908] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.780949] kasan_report+0x141/0x180 [ 25.780974] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.781009] kasan_check_range+0x10c/0x1c0 [ 25.781037] __kasan_check_write+0x18/0x20 [ 25.781065] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.781104] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.781136] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.781174] ? trace_hardirqs_on+0x37/0xe0 [ 25.781203] ? kasan_bitops_generic+0x92/0x1c0 [ 25.781234] kasan_bitops_generic+0x121/0x1c0 [ 25.781281] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.781310] ? __pfx_read_tsc+0x10/0x10 [ 25.781336] ? ktime_get_ts64+0x86/0x230 [ 25.781375] kunit_try_run_case+0x1a5/0x480 [ 25.781399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.781421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.781444] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.781475] ? __kthread_parkme+0x82/0x180 [ 25.781498] ? preempt_count_sub+0x50/0x80 [ 25.781525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.781549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.781586] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.781615] kthread+0x337/0x6f0 [ 25.781638] ? trace_preempt_on+0x20/0xc0 [ 25.781674] ? __pfx_kthread+0x10/0x10 [ 25.781698] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.781727] ? calculate_sigpending+0x7b/0xa0 [ 25.781756] ? __pfx_kthread+0x10/0x10 [ 25.781781] ret_from_fork+0x116/0x1d0 [ 25.781812] ? __pfx_kthread+0x10/0x10 [ 25.781845] ret_from_fork_asm+0x1a/0x30 [ 25.781891] </TASK> [ 25.781904] [ 25.790141] Allocated by task 309: [ 25.790294] kasan_save_stack+0x45/0x70 [ 25.790512] kasan_save_track+0x18/0x40 [ 25.790699] kasan_save_alloc_info+0x3b/0x50 [ 25.790903] __kasan_kmalloc+0xb7/0xc0 [ 25.791087] __kmalloc_cache_noprof+0x189/0x420 [ 25.791320] kasan_bitops_generic+0x92/0x1c0 [ 25.791496] kunit_try_run_case+0x1a5/0x480 [ 25.791636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.791965] kthread+0x337/0x6f0 [ 25.792133] ret_from_fork+0x116/0x1d0 [ 25.792309] ret_from_fork_asm+0x1a/0x30 [ 25.792515] [ 25.792604] The buggy address belongs to the object at ffff88810598a260 [ 25.792604] which belongs to the cache kmalloc-16 of size 16 [ 25.793233] The buggy address is located 8 bytes inside of [ 25.793233] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.793715] [ 25.793828] The buggy address belongs to the physical page: [ 25.794107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.794449] flags: 0x200000000000000(node=0|zone=2) [ 25.794681] page_type: f5(slab) [ 25.794833] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.795168] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.795446] page dumped because: kasan: bad access detected [ 25.795615] [ 25.795678] Memory state around the buggy address: [ 25.795831] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.796046] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.797061] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.797944] ^ [ 25.798683] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.799552] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.800114] ================================================================== [ 25.823550] ================================================================== [ 25.823812] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.824085] Read of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.824313] [ 25.824398] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.824451] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.824463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.824486] Call Trace: [ 25.824506] <TASK> [ 25.824803] dump_stack_lvl+0x73/0xb0 [ 25.824857] print_report+0xd1/0x610 [ 25.825108] ? __virt_addr_valid+0x1db/0x2d0 [ 25.825137] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.825168] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.825204] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.825248] kasan_report+0x141/0x180 [ 25.825273] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.825308] __asan_report_load8_noabort+0x18/0x20 [ 25.825336] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.825367] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.825398] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.825426] ? trace_hardirqs_on+0x37/0xe0 [ 25.825451] ? kasan_bitops_generic+0x92/0x1c0 [ 25.825481] kasan_bitops_generic+0x121/0x1c0 [ 25.825508] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.825536] ? __pfx_read_tsc+0x10/0x10 [ 25.825562] ? ktime_get_ts64+0x86/0x230 [ 25.825591] kunit_try_run_case+0x1a5/0x480 [ 25.825615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.825638] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.825662] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.825692] ? __kthread_parkme+0x82/0x180 [ 25.825715] ? preempt_count_sub+0x50/0x80 [ 25.825741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.825764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.825793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.825821] kthread+0x337/0x6f0 [ 25.825844] ? trace_preempt_on+0x20/0xc0 [ 25.825871] ? __pfx_kthread+0x10/0x10 [ 25.825895] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.825923] ? calculate_sigpending+0x7b/0xa0 [ 25.825951] ? __pfx_kthread+0x10/0x10 [ 25.825975] ret_from_fork+0x116/0x1d0 [ 25.825997] ? __pfx_kthread+0x10/0x10 [ 25.826020] ret_from_fork_asm+0x1a/0x30 [ 25.826055] </TASK> [ 25.826067] [ 25.839535] Allocated by task 309: [ 25.839710] kasan_save_stack+0x45/0x70 [ 25.839909] kasan_save_track+0x18/0x40 [ 25.840320] kasan_save_alloc_info+0x3b/0x50 [ 25.840628] __kasan_kmalloc+0xb7/0xc0 [ 25.840778] __kmalloc_cache_noprof+0x189/0x420 [ 25.841186] kasan_bitops_generic+0x92/0x1c0 [ 25.841411] kunit_try_run_case+0x1a5/0x480 [ 25.841742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.842108] kthread+0x337/0x6f0 [ 25.842256] ret_from_fork+0x116/0x1d0 [ 25.842611] ret_from_fork_asm+0x1a/0x30 [ 25.842777] [ 25.842972] The buggy address belongs to the object at ffff88810598a260 [ 25.842972] which belongs to the cache kmalloc-16 of size 16 [ 25.843528] The buggy address is located 8 bytes inside of [ 25.843528] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.843915] [ 25.844035] The buggy address belongs to the physical page: [ 25.844305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.844577] flags: 0x200000000000000(node=0|zone=2) [ 25.844835] page_type: f5(slab) [ 25.844987] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.845260] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.845762] page dumped because: kasan: bad access detected [ 25.846029] [ 25.846279] Memory state around the buggy address: [ 25.846620] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.847130] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.847537] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.847937] ^ [ 25.848294] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.848644] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.849031] ================================================================== [ 25.688908] ================================================================== [ 25.689280] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.689689] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.690475] [ 25.690738] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.690791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.690804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.690860] Call Trace: [ 25.690880] <TASK> [ 25.690898] dump_stack_lvl+0x73/0xb0 [ 25.690949] print_report+0xd1/0x610 [ 25.690975] ? __virt_addr_valid+0x1db/0x2d0 [ 25.691002] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.691033] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.691064] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.691095] kasan_report+0x141/0x180 [ 25.691138] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.691173] kasan_check_range+0x10c/0x1c0 [ 25.691200] __kasan_check_write+0x18/0x20 [ 25.691228] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.691273] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.691321] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.691349] ? trace_hardirqs_on+0x37/0xe0 [ 25.691373] ? kasan_bitops_generic+0x92/0x1c0 [ 25.691404] kasan_bitops_generic+0x121/0x1c0 [ 25.691431] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.691460] ? __pfx_read_tsc+0x10/0x10 [ 25.691485] ? ktime_get_ts64+0x86/0x230 [ 25.691513] kunit_try_run_case+0x1a5/0x480 [ 25.691537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.691560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.691583] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.691614] ? __kthread_parkme+0x82/0x180 [ 25.691636] ? preempt_count_sub+0x50/0x80 [ 25.691662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.691686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.691715] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.691743] kthread+0x337/0x6f0 [ 25.691766] ? trace_preempt_on+0x20/0xc0 [ 25.691791] ? __pfx_kthread+0x10/0x10 [ 25.691815] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.691844] ? calculate_sigpending+0x7b/0xa0 [ 25.691872] ? __pfx_kthread+0x10/0x10 [ 25.691898] ret_from_fork+0x116/0x1d0 [ 25.691919] ? __pfx_kthread+0x10/0x10 [ 25.691943] ret_from_fork_asm+0x1a/0x30 [ 25.691979] </TASK> [ 25.691990] [ 25.700339] Allocated by task 309: [ 25.700498] kasan_save_stack+0x45/0x70 [ 25.700698] kasan_save_track+0x18/0x40 [ 25.700932] kasan_save_alloc_info+0x3b/0x50 [ 25.702257] __kasan_kmalloc+0xb7/0xc0 [ 25.702420] __kmalloc_cache_noprof+0x189/0x420 [ 25.702573] kasan_bitops_generic+0x92/0x1c0 [ 25.703526] kunit_try_run_case+0x1a5/0x480 [ 25.703764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.704023] kthread+0x337/0x6f0 [ 25.704173] ret_from_fork+0x116/0x1d0 [ 25.704362] ret_from_fork_asm+0x1a/0x30 [ 25.704541] [ 25.704615] The buggy address belongs to the object at ffff88810598a260 [ 25.704615] which belongs to the cache kmalloc-16 of size 16 [ 25.705101] The buggy address is located 8 bytes inside of [ 25.705101] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.705593] [ 25.705689] The buggy address belongs to the physical page: [ 25.705933] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.706260] flags: 0x200000000000000(node=0|zone=2) [ 25.706440] page_type: f5(slab) [ 25.706556] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.706782] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.707053] page dumped because: kasan: bad access detected [ 25.707316] [ 25.707406] Memory state around the buggy address: [ 25.707634] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.707972] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.708310] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.708623] ^ [ 25.708942] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.709202] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.709452] ================================================================== [ 25.733563] ================================================================== [ 25.733986] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.734375] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.734694] [ 25.734789] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.734840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.734852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.734875] Call Trace: [ 25.734895] <TASK> [ 25.734914] dump_stack_lvl+0x73/0xb0 [ 25.734946] print_report+0xd1/0x610 [ 25.734971] ? __virt_addr_valid+0x1db/0x2d0 [ 25.734996] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.735028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.735059] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.735090] kasan_report+0x141/0x180 [ 25.735114] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.735150] kasan_check_range+0x10c/0x1c0 [ 25.735177] __kasan_check_write+0x18/0x20 [ 25.735204] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.735235] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.735278] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.735305] ? trace_hardirqs_on+0x37/0xe0 [ 25.735330] ? kasan_bitops_generic+0x92/0x1c0 [ 25.735361] kasan_bitops_generic+0x121/0x1c0 [ 25.735389] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.735418] ? __pfx_read_tsc+0x10/0x10 [ 25.735444] ? ktime_get_ts64+0x86/0x230 [ 25.735472] kunit_try_run_case+0x1a5/0x480 [ 25.735496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.735518] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.735542] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.735573] ? __kthread_parkme+0x82/0x180 [ 25.735595] ? preempt_count_sub+0x50/0x80 [ 25.735620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.735644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.735672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.735701] kthread+0x337/0x6f0 [ 25.735724] ? trace_preempt_on+0x20/0xc0 [ 25.735749] ? __pfx_kthread+0x10/0x10 [ 25.735773] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.735802] ? calculate_sigpending+0x7b/0xa0 [ 25.735850] ? __pfx_kthread+0x10/0x10 [ 25.735876] ret_from_fork+0x116/0x1d0 [ 25.735898] ? __pfx_kthread+0x10/0x10 [ 25.735922] ret_from_fork_asm+0x1a/0x30 [ 25.735958] </TASK> [ 25.735971] [ 25.743733] Allocated by task 309: [ 25.743863] kasan_save_stack+0x45/0x70 [ 25.744320] kasan_save_track+0x18/0x40 [ 25.744535] kasan_save_alloc_info+0x3b/0x50 [ 25.744733] __kasan_kmalloc+0xb7/0xc0 [ 25.745425] __kmalloc_cache_noprof+0x189/0x420 [ 25.745840] kasan_bitops_generic+0x92/0x1c0 [ 25.746359] kunit_try_run_case+0x1a5/0x480 [ 25.746770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.747164] kthread+0x337/0x6f0 [ 25.747350] ret_from_fork+0x116/0x1d0 [ 25.747529] ret_from_fork_asm+0x1a/0x30 [ 25.747709] [ 25.747794] The buggy address belongs to the object at ffff88810598a260 [ 25.747794] which belongs to the cache kmalloc-16 of size 16 [ 25.748263] The buggy address is located 8 bytes inside of [ 25.748263] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.748721] [ 25.748805] The buggy address belongs to the physical page: [ 25.749013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.749812] flags: 0x200000000000000(node=0|zone=2) [ 25.750232] page_type: f5(slab) [ 25.750625] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.751145] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.751664] page dumped because: kasan: bad access detected [ 25.752104] [ 25.752334] Memory state around the buggy address: [ 25.752824] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.753294] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.753604] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.754213] ^ [ 25.754634] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.755423] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.755899] ================================================================== [ 25.670460] ================================================================== [ 25.670914] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.671304] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.671543] [ 25.671627] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.671678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.671691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.671713] Call Trace: [ 25.671728] <TASK> [ 25.671745] dump_stack_lvl+0x73/0xb0 [ 25.671776] print_report+0xd1/0x610 [ 25.671800] ? __virt_addr_valid+0x1db/0x2d0 [ 25.671827] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.671879] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.671909] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.671940] kasan_report+0x141/0x180 [ 25.671964] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.672002] kasan_check_range+0x10c/0x1c0 [ 25.672029] __kasan_check_write+0x18/0x20 [ 25.672057] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.672088] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.672119] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.672147] ? trace_hardirqs_on+0x37/0xe0 [ 25.672172] ? kasan_bitops_generic+0x92/0x1c0 [ 25.672203] kasan_bitops_generic+0x121/0x1c0 [ 25.672230] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.672269] ? __pfx_read_tsc+0x10/0x10 [ 25.672295] ? ktime_get_ts64+0x86/0x230 [ 25.672323] kunit_try_run_case+0x1a5/0x480 [ 25.672347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.672386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.672410] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.672453] ? __kthread_parkme+0x82/0x180 [ 25.672475] ? preempt_count_sub+0x50/0x80 [ 25.672501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.672525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.672553] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.672582] kthread+0x337/0x6f0 [ 25.672604] ? trace_preempt_on+0x20/0xc0 [ 25.672631] ? __pfx_kthread+0x10/0x10 [ 25.672655] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.672683] ? calculate_sigpending+0x7b/0xa0 [ 25.672712] ? __pfx_kthread+0x10/0x10 [ 25.672737] ret_from_fork+0x116/0x1d0 [ 25.672758] ? __pfx_kthread+0x10/0x10 [ 25.672782] ret_from_fork_asm+0x1a/0x30 [ 25.672818] </TASK> [ 25.672841] [ 25.680687] Allocated by task 309: [ 25.680813] kasan_save_stack+0x45/0x70 [ 25.681024] kasan_save_track+0x18/0x40 [ 25.681207] kasan_save_alloc_info+0x3b/0x50 [ 25.681420] __kasan_kmalloc+0xb7/0xc0 [ 25.681603] __kmalloc_cache_noprof+0x189/0x420 [ 25.681814] kasan_bitops_generic+0x92/0x1c0 [ 25.681980] kunit_try_run_case+0x1a5/0x480 [ 25.682187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.682391] kthread+0x337/0x6f0 [ 25.682506] ret_from_fork+0x116/0x1d0 [ 25.682628] ret_from_fork_asm+0x1a/0x30 [ 25.682759] [ 25.682835] The buggy address belongs to the object at ffff88810598a260 [ 25.682835] which belongs to the cache kmalloc-16 of size 16 [ 25.683346] The buggy address is located 8 bytes inside of [ 25.683346] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.683870] [ 25.683960] The buggy address belongs to the physical page: [ 25.684177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.684415] flags: 0x200000000000000(node=0|zone=2) [ 25.684590] page_type: f5(slab) [ 25.684771] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.685338] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.685607] page dumped because: kasan: bad access detected [ 25.685839] [ 25.685939] Memory state around the buggy address: [ 25.686101] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.686313] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.686517] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.686818] ^ [ 25.687099] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.687412] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.687784] ================================================================== [ 25.710000] ================================================================== [ 25.710360] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.710767] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.711040] [ 25.711152] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.711202] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.711215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.711608] Call Trace: [ 25.711637] <TASK> [ 25.711658] dump_stack_lvl+0x73/0xb0 [ 25.711691] print_report+0xd1/0x610 [ 25.711715] ? __virt_addr_valid+0x1db/0x2d0 [ 25.711742] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.711772] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.711827] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.711858] kasan_report+0x141/0x180 [ 25.711882] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.711918] kasan_check_range+0x10c/0x1c0 [ 25.711945] __kasan_check_write+0x18/0x20 [ 25.711974] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.712006] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.712038] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.712065] ? trace_hardirqs_on+0x37/0xe0 [ 25.712091] ? kasan_bitops_generic+0x92/0x1c0 [ 25.712121] kasan_bitops_generic+0x121/0x1c0 [ 25.712149] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.712179] ? __pfx_read_tsc+0x10/0x10 [ 25.712205] ? ktime_get_ts64+0x86/0x230 [ 25.712233] kunit_try_run_case+0x1a5/0x480 [ 25.712268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.712290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.712314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.712345] ? __kthread_parkme+0x82/0x180 [ 25.712368] ? preempt_count_sub+0x50/0x80 [ 25.712395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.712418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.712447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.712476] kthread+0x337/0x6f0 [ 25.712498] ? trace_preempt_on+0x20/0xc0 [ 25.712523] ? __pfx_kthread+0x10/0x10 [ 25.712548] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.712576] ? calculate_sigpending+0x7b/0xa0 [ 25.712604] ? __pfx_kthread+0x10/0x10 [ 25.712629] ret_from_fork+0x116/0x1d0 [ 25.712651] ? __pfx_kthread+0x10/0x10 [ 25.712675] ret_from_fork_asm+0x1a/0x30 [ 25.712711] </TASK> [ 25.712723] [ 25.722808] Allocated by task 309: [ 25.723263] kasan_save_stack+0x45/0x70 [ 25.723511] kasan_save_track+0x18/0x40 [ 25.723754] kasan_save_alloc_info+0x3b/0x50 [ 25.724120] __kasan_kmalloc+0xb7/0xc0 [ 25.724283] __kmalloc_cache_noprof+0x189/0x420 [ 25.724641] kasan_bitops_generic+0x92/0x1c0 [ 25.724854] kunit_try_run_case+0x1a5/0x480 [ 25.725035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.725286] kthread+0x337/0x6f0 [ 25.725449] ret_from_fork+0x116/0x1d0 [ 25.725634] ret_from_fork_asm+0x1a/0x30 [ 25.726142] [ 25.726249] The buggy address belongs to the object at ffff88810598a260 [ 25.726249] which belongs to the cache kmalloc-16 of size 16 [ 25.726704] The buggy address is located 8 bytes inside of [ 25.726704] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.727427] [ 25.727524] The buggy address belongs to the physical page: [ 25.727973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.728376] flags: 0x200000000000000(node=0|zone=2) [ 25.728553] page_type: f5(slab) [ 25.728782] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.729160] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.729485] page dumped because: kasan: bad access detected [ 25.729710] [ 25.729778] Memory state around the buggy address: [ 25.729967] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.730574] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.730981] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.731250] ^ [ 25.731623] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.732032] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.732347] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 25.618516] ================================================================== [ 25.619255] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.619747] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.620670] [ 25.620883] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.620938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.620950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.620973] Call Trace: [ 25.620995] <TASK> [ 25.621015] dump_stack_lvl+0x73/0xb0 [ 25.621048] print_report+0xd1/0x610 [ 25.621073] ? __virt_addr_valid+0x1db/0x2d0 [ 25.621099] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.621159] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621187] kasan_report+0x141/0x180 [ 25.621217] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621260] kasan_check_range+0x10c/0x1c0 [ 25.621287] __kasan_check_write+0x18/0x20 [ 25.621315] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.621344] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.621373] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.621402] ? trace_hardirqs_on+0x37/0xe0 [ 25.621427] ? kasan_bitops_generic+0x92/0x1c0 [ 25.621457] kasan_bitops_generic+0x116/0x1c0 [ 25.621484] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.621512] ? __pfx_read_tsc+0x10/0x10 [ 25.621539] ? ktime_get_ts64+0x86/0x230 [ 25.621566] kunit_try_run_case+0x1a5/0x480 [ 25.621590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.621612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.621637] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.621669] ? __kthread_parkme+0x82/0x180 [ 25.621692] ? preempt_count_sub+0x50/0x80 [ 25.621718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.621741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.621770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.621799] kthread+0x337/0x6f0 [ 25.621976] ? trace_preempt_on+0x20/0xc0 [ 25.622004] ? __pfx_kthread+0x10/0x10 [ 25.622029] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.622057] ? calculate_sigpending+0x7b/0xa0 [ 25.622086] ? __pfx_kthread+0x10/0x10 [ 25.622111] ret_from_fork+0x116/0x1d0 [ 25.622132] ? __pfx_kthread+0x10/0x10 [ 25.622156] ret_from_fork_asm+0x1a/0x30 [ 25.622192] </TASK> [ 25.622204] [ 25.637441] Allocated by task 309: [ 25.637782] kasan_save_stack+0x45/0x70 [ 25.638214] kasan_save_track+0x18/0x40 [ 25.638655] kasan_save_alloc_info+0x3b/0x50 [ 25.639192] __kasan_kmalloc+0xb7/0xc0 [ 25.639564] __kmalloc_cache_noprof+0x189/0x420 [ 25.640048] kasan_bitops_generic+0x92/0x1c0 [ 25.640378] kunit_try_run_case+0x1a5/0x480 [ 25.640526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.640698] kthread+0x337/0x6f0 [ 25.641070] ret_from_fork+0x116/0x1d0 [ 25.641442] ret_from_fork_asm+0x1a/0x30 [ 25.641911] [ 25.642094] The buggy address belongs to the object at ffff88810598a260 [ 25.642094] which belongs to the cache kmalloc-16 of size 16 [ 25.643343] The buggy address is located 8 bytes inside of [ 25.643343] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.644136] [ 25.644331] The buggy address belongs to the physical page: [ 25.644991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.645629] flags: 0x200000000000000(node=0|zone=2) [ 25.645994] page_type: f5(slab) [ 25.646323] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.647029] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.647274] page dumped because: kasan: bad access detected [ 25.647450] [ 25.647516] Memory state around the buggy address: [ 25.647667] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.648031] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.648284] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.648568] ^ [ 25.648873] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.649203] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.649709] ================================================================== [ 25.509032] ================================================================== [ 25.509391] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.509711] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.510093] [ 25.510192] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.510254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.510267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.510290] Call Trace: [ 25.510310] <TASK> [ 25.510328] dump_stack_lvl+0x73/0xb0 [ 25.510361] print_report+0xd1/0x610 [ 25.510386] ? __virt_addr_valid+0x1db/0x2d0 [ 25.510411] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.510471] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510500] kasan_report+0x141/0x180 [ 25.510525] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510558] kasan_check_range+0x10c/0x1c0 [ 25.510585] __kasan_check_write+0x18/0x20 [ 25.510613] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.510642] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.510672] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.510698] ? trace_hardirqs_on+0x37/0xe0 [ 25.510722] ? kasan_bitops_generic+0x92/0x1c0 [ 25.510753] kasan_bitops_generic+0x116/0x1c0 [ 25.510779] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.510808] ? __pfx_read_tsc+0x10/0x10 [ 25.510890] ? ktime_get_ts64+0x86/0x230 [ 25.510921] kunit_try_run_case+0x1a5/0x480 [ 25.510945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.510967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.510989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.511020] ? __kthread_parkme+0x82/0x180 [ 25.511043] ? preempt_count_sub+0x50/0x80 [ 25.511069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.511093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.511120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.511149] kthread+0x337/0x6f0 [ 25.511172] ? trace_preempt_on+0x20/0xc0 [ 25.511196] ? __pfx_kthread+0x10/0x10 [ 25.511220] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.511260] ? calculate_sigpending+0x7b/0xa0 [ 25.511288] ? __pfx_kthread+0x10/0x10 [ 25.511313] ret_from_fork+0x116/0x1d0 [ 25.511334] ? __pfx_kthread+0x10/0x10 [ 25.511358] ret_from_fork_asm+0x1a/0x30 [ 25.511394] </TASK> [ 25.511405] [ 25.519245] Allocated by task 309: [ 25.519652] kasan_save_stack+0x45/0x70 [ 25.520012] kasan_save_track+0x18/0x40 [ 25.520170] kasan_save_alloc_info+0x3b/0x50 [ 25.520328] __kasan_kmalloc+0xb7/0xc0 [ 25.520454] __kmalloc_cache_noprof+0x189/0x420 [ 25.520770] kasan_bitops_generic+0x92/0x1c0 [ 25.521229] kunit_try_run_case+0x1a5/0x480 [ 25.521445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.521666] kthread+0x337/0x6f0 [ 25.521783] ret_from_fork+0x116/0x1d0 [ 25.521909] ret_from_fork_asm+0x1a/0x30 [ 25.522046] [ 25.522110] The buggy address belongs to the object at ffff88810598a260 [ 25.522110] which belongs to the cache kmalloc-16 of size 16 [ 25.522982] The buggy address is located 8 bytes inside of [ 25.522982] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.523336] [ 25.523401] The buggy address belongs to the physical page: [ 25.523567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.523979] flags: 0x200000000000000(node=0|zone=2) [ 25.524217] page_type: f5(slab) [ 25.524396] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.524738] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.525078] page dumped because: kasan: bad access detected [ 25.525342] [ 25.525432] Memory state around the buggy address: [ 25.525654] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.525947] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.526223] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.526555] ^ [ 25.527130] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.527394] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.527604] ================================================================== [ 25.566719] ================================================================== [ 25.567174] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.567523] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.567904] [ 25.568018] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.568069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.568082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.568104] Call Trace: [ 25.568126] <TASK> [ 25.568146] dump_stack_lvl+0x73/0xb0 [ 25.568179] print_report+0xd1/0x610 [ 25.568202] ? __virt_addr_valid+0x1db/0x2d0 [ 25.568228] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.568298] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568327] kasan_report+0x141/0x180 [ 25.568351] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568385] kasan_check_range+0x10c/0x1c0 [ 25.568413] __kasan_check_write+0x18/0x20 [ 25.568440] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.568469] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.568498] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.568526] ? trace_hardirqs_on+0x37/0xe0 [ 25.568551] ? kasan_bitops_generic+0x92/0x1c0 [ 25.568581] kasan_bitops_generic+0x116/0x1c0 [ 25.568608] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.568636] ? __pfx_read_tsc+0x10/0x10 [ 25.568662] ? ktime_get_ts64+0x86/0x230 [ 25.568690] kunit_try_run_case+0x1a5/0x480 [ 25.568714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.568736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.568806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.568839] ? __kthread_parkme+0x82/0x180 [ 25.568863] ? preempt_count_sub+0x50/0x80 [ 25.568888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.568914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.568942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.568971] kthread+0x337/0x6f0 [ 25.568995] ? trace_preempt_on+0x20/0xc0 [ 25.569020] ? __pfx_kthread+0x10/0x10 [ 25.569044] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.569073] ? calculate_sigpending+0x7b/0xa0 [ 25.569103] ? __pfx_kthread+0x10/0x10 [ 25.569130] ret_from_fork+0x116/0x1d0 [ 25.569152] ? __pfx_kthread+0x10/0x10 [ 25.569177] ret_from_fork_asm+0x1a/0x30 [ 25.569221] </TASK> [ 25.569233] [ 25.578295] Allocated by task 309: [ 25.578551] kasan_save_stack+0x45/0x70 [ 25.579043] kasan_save_track+0x18/0x40 [ 25.579399] kasan_save_alloc_info+0x3b/0x50 [ 25.579621] __kasan_kmalloc+0xb7/0xc0 [ 25.580311] __kmalloc_cache_noprof+0x189/0x420 [ 25.580623] kasan_bitops_generic+0x92/0x1c0 [ 25.581068] kunit_try_run_case+0x1a5/0x480 [ 25.581292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.581523] kthread+0x337/0x6f0 [ 25.581677] ret_from_fork+0x116/0x1d0 [ 25.582334] ret_from_fork_asm+0x1a/0x30 [ 25.582513] [ 25.582598] The buggy address belongs to the object at ffff88810598a260 [ 25.582598] which belongs to the cache kmalloc-16 of size 16 [ 25.583671] The buggy address is located 8 bytes inside of [ 25.583671] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.584346] [ 25.584442] The buggy address belongs to the physical page: [ 25.584669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.585512] flags: 0x200000000000000(node=0|zone=2) [ 25.585740] page_type: f5(slab) [ 25.586214] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.586664] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.587034] page dumped because: kasan: bad access detected [ 25.587274] [ 25.587356] Memory state around the buggy address: [ 25.587546] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.588175] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.588457] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.588738] ^ [ 25.589068] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.589370] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.589647] ================================================================== [ 25.482832] ================================================================== [ 25.483288] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.483650] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.483943] [ 25.484056] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.484110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.484124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.484147] Call Trace: [ 25.484162] <TASK> [ 25.484182] dump_stack_lvl+0x73/0xb0 [ 25.484215] print_report+0xd1/0x610 [ 25.484260] ? __virt_addr_valid+0x1db/0x2d0 [ 25.484286] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484325] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.484357] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484394] kasan_report+0x141/0x180 [ 25.484439] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484482] kasan_check_range+0x10c/0x1c0 [ 25.484510] __kasan_check_write+0x18/0x20 [ 25.484548] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.484576] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.484606] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.484634] ? trace_hardirqs_on+0x37/0xe0 [ 25.484658] ? kasan_bitops_generic+0x92/0x1c0 [ 25.484689] kasan_bitops_generic+0x116/0x1c0 [ 25.484716] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.484744] ? __pfx_read_tsc+0x10/0x10 [ 25.484786] ? ktime_get_ts64+0x86/0x230 [ 25.484821] kunit_try_run_case+0x1a5/0x480 [ 25.484845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.484867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.484891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.484930] ? __kthread_parkme+0x82/0x180 [ 25.484953] ? preempt_count_sub+0x50/0x80 [ 25.484984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.485008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.485036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.485064] kthread+0x337/0x6f0 [ 25.485087] ? trace_preempt_on+0x20/0xc0 [ 25.485113] ? __pfx_kthread+0x10/0x10 [ 25.485137] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.485165] ? calculate_sigpending+0x7b/0xa0 [ 25.485199] ? __pfx_kthread+0x10/0x10 [ 25.485224] ret_from_fork+0x116/0x1d0 [ 25.485253] ? __pfx_kthread+0x10/0x10 [ 25.485277] ret_from_fork_asm+0x1a/0x30 [ 25.485314] </TASK> [ 25.485326] [ 25.499787] Allocated by task 309: [ 25.500111] kasan_save_stack+0x45/0x70 [ 25.500476] kasan_save_track+0x18/0x40 [ 25.500857] kasan_save_alloc_info+0x3b/0x50 [ 25.501265] __kasan_kmalloc+0xb7/0xc0 [ 25.501406] __kmalloc_cache_noprof+0x189/0x420 [ 25.501559] kasan_bitops_generic+0x92/0x1c0 [ 25.501705] kunit_try_run_case+0x1a5/0x480 [ 25.501920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.502210] kthread+0x337/0x6f0 [ 25.502386] ret_from_fork+0x116/0x1d0 [ 25.502516] ret_from_fork_asm+0x1a/0x30 [ 25.502709] [ 25.502999] The buggy address belongs to the object at ffff88810598a260 [ 25.502999] which belongs to the cache kmalloc-16 of size 16 [ 25.503461] The buggy address is located 8 bytes inside of [ 25.503461] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.504037] [ 25.504117] The buggy address belongs to the physical page: [ 25.504361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.504676] flags: 0x200000000000000(node=0|zone=2) [ 25.504961] page_type: f5(slab) [ 25.505123] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.505457] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.505725] page dumped because: kasan: bad access detected [ 25.505967] [ 25.506040] Memory state around the buggy address: [ 25.506189] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.506554] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.506978] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.507189] ^ [ 25.507928] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.508294] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.508554] ================================================================== [ 25.546827] ================================================================== [ 25.547503] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548199] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.548445] [ 25.548527] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.548578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.548590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.548613] Call Trace: [ 25.548631] <TASK> [ 25.548649] dump_stack_lvl+0x73/0xb0 [ 25.548681] print_report+0xd1/0x610 [ 25.548705] ? __virt_addr_valid+0x1db/0x2d0 [ 25.548731] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.548789] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548819] kasan_report+0x141/0x180 [ 25.548916] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.548951] kasan_check_range+0x10c/0x1c0 [ 25.548978] __kasan_check_write+0x18/0x20 [ 25.549005] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.549035] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.549065] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.549092] ? trace_hardirqs_on+0x37/0xe0 [ 25.549116] ? kasan_bitops_generic+0x92/0x1c0 [ 25.549146] kasan_bitops_generic+0x116/0x1c0 [ 25.549173] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.549207] ? __pfx_read_tsc+0x10/0x10 [ 25.549232] ? ktime_get_ts64+0x86/0x230 [ 25.549272] kunit_try_run_case+0x1a5/0x480 [ 25.549295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.549317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.549341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.549372] ? __kthread_parkme+0x82/0x180 [ 25.549394] ? preempt_count_sub+0x50/0x80 [ 25.549419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.549443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.549471] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.549500] kthread+0x337/0x6f0 [ 25.549523] ? trace_preempt_on+0x20/0xc0 [ 25.549548] ? __pfx_kthread+0x10/0x10 [ 25.549572] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.549601] ? calculate_sigpending+0x7b/0xa0 [ 25.549629] ? __pfx_kthread+0x10/0x10 [ 25.549654] ret_from_fork+0x116/0x1d0 [ 25.549675] ? __pfx_kthread+0x10/0x10 [ 25.549699] ret_from_fork_asm+0x1a/0x30 [ 25.549734] </TASK> [ 25.549746] [ 25.557664] Allocated by task 309: [ 25.557849] kasan_save_stack+0x45/0x70 [ 25.558076] kasan_save_track+0x18/0x40 [ 25.558577] kasan_save_alloc_info+0x3b/0x50 [ 25.558825] __kasan_kmalloc+0xb7/0xc0 [ 25.559012] __kmalloc_cache_noprof+0x189/0x420 [ 25.559197] kasan_bitops_generic+0x92/0x1c0 [ 25.559399] kunit_try_run_case+0x1a5/0x480 [ 25.559586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.559761] kthread+0x337/0x6f0 [ 25.559880] ret_from_fork+0x116/0x1d0 [ 25.560007] ret_from_fork_asm+0x1a/0x30 [ 25.560144] [ 25.560210] The buggy address belongs to the object at ffff88810598a260 [ 25.560210] which belongs to the cache kmalloc-16 of size 16 [ 25.560599] The buggy address is located 8 bytes inside of [ 25.560599] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.561107] [ 25.561201] The buggy address belongs to the physical page: [ 25.561507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.562033] flags: 0x200000000000000(node=0|zone=2) [ 25.562380] page_type: f5(slab) [ 25.562545] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.562888] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.563190] page dumped because: kasan: bad access detected [ 25.563449] [ 25.563521] Memory state around the buggy address: [ 25.563672] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.564463] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.564729] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.565180] ^ [ 25.565400] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.565608] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.566226] ================================================================== [ 25.528116] ================================================================== [ 25.528467] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.528840] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.529163] [ 25.529489] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.529545] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.529559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.529582] Call Trace: [ 25.529610] <TASK> [ 25.529630] dump_stack_lvl+0x73/0xb0 [ 25.529663] print_report+0xd1/0x610 [ 25.529688] ? __virt_addr_valid+0x1db/0x2d0 [ 25.529714] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.529773] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529803] kasan_report+0x141/0x180 [ 25.529828] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529863] kasan_check_range+0x10c/0x1c0 [ 25.529890] __kasan_check_write+0x18/0x20 [ 25.529918] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.529948] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.529978] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.530006] ? trace_hardirqs_on+0x37/0xe0 [ 25.530030] ? kasan_bitops_generic+0x92/0x1c0 [ 25.530062] kasan_bitops_generic+0x116/0x1c0 [ 25.530157] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.530186] ? __pfx_read_tsc+0x10/0x10 [ 25.530213] ? ktime_get_ts64+0x86/0x230 [ 25.530255] kunit_try_run_case+0x1a5/0x480 [ 25.530280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.530301] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.530325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.530356] ? __kthread_parkme+0x82/0x180 [ 25.530378] ? preempt_count_sub+0x50/0x80 [ 25.530403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.530427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.530455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.530484] kthread+0x337/0x6f0 [ 25.530508] ? trace_preempt_on+0x20/0xc0 [ 25.530533] ? __pfx_kthread+0x10/0x10 [ 25.530557] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.530585] ? calculate_sigpending+0x7b/0xa0 [ 25.530614] ? __pfx_kthread+0x10/0x10 [ 25.530639] ret_from_fork+0x116/0x1d0 [ 25.530660] ? __pfx_kthread+0x10/0x10 [ 25.530684] ret_from_fork_asm+0x1a/0x30 [ 25.530720] </TASK> [ 25.530731] [ 25.538762] Allocated by task 309: [ 25.538926] kasan_save_stack+0x45/0x70 [ 25.539127] kasan_save_track+0x18/0x40 [ 25.539372] kasan_save_alloc_info+0x3b/0x50 [ 25.539692] __kasan_kmalloc+0xb7/0xc0 [ 25.539895] __kmalloc_cache_noprof+0x189/0x420 [ 25.540057] kasan_bitops_generic+0x92/0x1c0 [ 25.540318] kunit_try_run_case+0x1a5/0x480 [ 25.540566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.540965] kthread+0x337/0x6f0 [ 25.541128] ret_from_fork+0x116/0x1d0 [ 25.541304] ret_from_fork_asm+0x1a/0x30 [ 25.541499] [ 25.541588] The buggy address belongs to the object at ffff88810598a260 [ 25.541588] which belongs to the cache kmalloc-16 of size 16 [ 25.542081] The buggy address is located 8 bytes inside of [ 25.542081] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.542549] [ 25.542640] The buggy address belongs to the physical page: [ 25.542886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.543249] flags: 0x200000000000000(node=0|zone=2) [ 25.543442] page_type: f5(slab) [ 25.543558] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.543906] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.544254] page dumped because: kasan: bad access detected [ 25.544456] [ 25.544544] Memory state around the buggy address: [ 25.544737] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.545069] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.545380] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.545665] ^ [ 25.545962] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.546174] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.546393] ================================================================== [ 25.590622] ================================================================== [ 25.590855] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591109] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.591342] [ 25.591426] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.591474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.591487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.591509] Call Trace: [ 25.591529] <TASK> [ 25.591547] dump_stack_lvl+0x73/0xb0 [ 25.591578] print_report+0xd1/0x610 [ 25.591601] ? __virt_addr_valid+0x1db/0x2d0 [ 25.591626] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591654] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.591684] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591712] kasan_report+0x141/0x180 [ 25.591736] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591769] kasan_check_range+0x10c/0x1c0 [ 25.591795] __kasan_check_write+0x18/0x20 [ 25.591822] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.591850] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.591879] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.591906] ? trace_hardirqs_on+0x37/0xe0 [ 25.591929] ? kasan_bitops_generic+0x92/0x1c0 [ 25.591959] kasan_bitops_generic+0x116/0x1c0 [ 25.591987] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.592013] ? __pfx_read_tsc+0x10/0x10 [ 25.592039] ? ktime_get_ts64+0x86/0x230 [ 25.592230] kunit_try_run_case+0x1a5/0x480 [ 25.592272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.592319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.592350] ? __kthread_parkme+0x82/0x180 [ 25.592373] ? preempt_count_sub+0x50/0x80 [ 25.592399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.592452] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.592481] kthread+0x337/0x6f0 [ 25.592505] ? trace_preempt_on+0x20/0xc0 [ 25.592531] ? __pfx_kthread+0x10/0x10 [ 25.592555] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.592584] ? calculate_sigpending+0x7b/0xa0 [ 25.592613] ? __pfx_kthread+0x10/0x10 [ 25.592638] ret_from_fork+0x116/0x1d0 [ 25.592660] ? __pfx_kthread+0x10/0x10 [ 25.592685] ret_from_fork_asm+0x1a/0x30 [ 25.592722] </TASK> [ 25.592734] [ 25.605909] Allocated by task 309: [ 25.606121] kasan_save_stack+0x45/0x70 [ 25.606356] kasan_save_track+0x18/0x40 [ 25.606557] kasan_save_alloc_info+0x3b/0x50 [ 25.606777] __kasan_kmalloc+0xb7/0xc0 [ 25.607355] __kmalloc_cache_noprof+0x189/0x420 [ 25.607598] kasan_bitops_generic+0x92/0x1c0 [ 25.607802] kunit_try_run_case+0x1a5/0x480 [ 25.608001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.608222] kthread+0x337/0x6f0 [ 25.608455] ret_from_fork+0x116/0x1d0 [ 25.608652] ret_from_fork_asm+0x1a/0x30 [ 25.608947] [ 25.609033] The buggy address belongs to the object at ffff88810598a260 [ 25.609033] which belongs to the cache kmalloc-16 of size 16 [ 25.609496] The buggy address is located 8 bytes inside of [ 25.609496] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.610083] [ 25.610323] The buggy address belongs to the physical page: [ 25.610582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.611015] flags: 0x200000000000000(node=0|zone=2) [ 25.611460] page_type: f5(slab) [ 25.611744] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.612710] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.613345] page dumped because: kasan: bad access detected [ 25.613667] [ 25.613734] Memory state around the buggy address: [ 25.614327] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.615037] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.615553] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.616162] ^ [ 25.616539] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.616952] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.617567] ================================================================== [ 25.450698] ================================================================== [ 25.451617] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.452345] Write of size 8 at addr ffff88810598a268 by task kunit_try_catch/309 [ 25.453001] [ 25.453145] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.453208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.453222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.453255] Call Trace: [ 25.453283] <TASK> [ 25.453304] dump_stack_lvl+0x73/0xb0 [ 25.453350] print_report+0xd1/0x610 [ 25.453377] ? __virt_addr_valid+0x1db/0x2d0 [ 25.453404] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453433] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.453473] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453503] kasan_report+0x141/0x180 [ 25.453528] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453571] kasan_check_range+0x10c/0x1c0 [ 25.453599] __kasan_check_write+0x18/0x20 [ 25.453628] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.453657] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.453686] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.453714] ? trace_hardirqs_on+0x37/0xe0 [ 25.453804] ? kasan_bitops_generic+0x92/0x1c0 [ 25.453847] kasan_bitops_generic+0x116/0x1c0 [ 25.453876] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.453904] ? __pfx_read_tsc+0x10/0x10 [ 25.453931] ? ktime_get_ts64+0x86/0x230 [ 25.453958] kunit_try_run_case+0x1a5/0x480 [ 25.453983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.454004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.454028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.454058] ? __kthread_parkme+0x82/0x180 [ 25.454081] ? preempt_count_sub+0x50/0x80 [ 25.454108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.454132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.454160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.454189] kthread+0x337/0x6f0 [ 25.454234] ? trace_preempt_on+0x20/0xc0 [ 25.454275] ? __pfx_kthread+0x10/0x10 [ 25.454299] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.454340] ? calculate_sigpending+0x7b/0xa0 [ 25.454368] ? __pfx_kthread+0x10/0x10 [ 25.454393] ret_from_fork+0x116/0x1d0 [ 25.454426] ? __pfx_kthread+0x10/0x10 [ 25.454450] ret_from_fork_asm+0x1a/0x30 [ 25.454497] </TASK> [ 25.454510] [ 25.468570] Allocated by task 309: [ 25.468997] kasan_save_stack+0x45/0x70 [ 25.469395] kasan_save_track+0x18/0x40 [ 25.469755] kasan_save_alloc_info+0x3b/0x50 [ 25.470208] __kasan_kmalloc+0xb7/0xc0 [ 25.470613] __kmalloc_cache_noprof+0x189/0x420 [ 25.470997] kasan_bitops_generic+0x92/0x1c0 [ 25.471657] kunit_try_run_case+0x1a5/0x480 [ 25.472072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.472480] kthread+0x337/0x6f0 [ 25.472696] ret_from_fork+0x116/0x1d0 [ 25.473084] ret_from_fork_asm+0x1a/0x30 [ 25.473420] [ 25.473601] The buggy address belongs to the object at ffff88810598a260 [ 25.473601] which belongs to the cache kmalloc-16 of size 16 [ 25.474316] The buggy address is located 8 bytes inside of [ 25.474316] allocated 9-byte region [ffff88810598a260, ffff88810598a269) [ 25.475485] [ 25.475561] The buggy address belongs to the physical page: [ 25.475731] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 25.476585] flags: 0x200000000000000(node=0|zone=2) [ 25.477127] page_type: f5(slab) [ 25.477464] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.477705] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.478347] page dumped because: kasan: bad access detected [ 25.478900] [ 25.479079] Memory state around the buggy address: [ 25.479467] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.479688] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.480348] >ffff88810598a200: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 25.481075] ^ [ 25.481744] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.482072] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.482297] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 25.412296] ================================================================== [ 25.412609] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 25.413783] Read of size 1 at addr ffff88810627a650 by task kunit_try_catch/307 [ 25.414980] [ 25.415368] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.415606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.415643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.415668] Call Trace: [ 25.415688] <TASK> [ 25.415710] dump_stack_lvl+0x73/0xb0 [ 25.415819] print_report+0xd1/0x610 [ 25.415847] ? __virt_addr_valid+0x1db/0x2d0 [ 25.415873] ? strnlen+0x73/0x80 [ 25.415896] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.415925] ? strnlen+0x73/0x80 [ 25.415948] kasan_report+0x141/0x180 [ 25.415971] ? strnlen+0x73/0x80 [ 25.415998] __asan_report_load1_noabort+0x18/0x20 [ 25.416024] strnlen+0x73/0x80 [ 25.416047] kasan_strings+0x615/0xe80 [ 25.416069] ? trace_hardirqs_on+0x37/0xe0 [ 25.416094] ? __pfx_kasan_strings+0x10/0x10 [ 25.416116] ? __kasan_check_write+0x18/0x20 [ 25.416143] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.416165] ? irqentry_exit+0x2a/0x60 [ 25.416186] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.416209] ? trace_hardirqs_on+0x37/0xe0 [ 25.416232] ? __pfx_read_tsc+0x10/0x10 [ 25.416269] ? ktime_get_ts64+0x86/0x230 [ 25.416297] kunit_try_run_case+0x1a5/0x480 [ 25.416320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416344] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.416367] ? __kthread_parkme+0x82/0x180 [ 25.416388] ? preempt_count_sub+0x50/0x80 [ 25.416412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.416461] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.416487] kthread+0x337/0x6f0 [ 25.416509] ? trace_preempt_on+0x20/0xc0 [ 25.416533] ? __pfx_kthread+0x10/0x10 [ 25.416556] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.416583] ? calculate_sigpending+0x7b/0xa0 [ 25.416611] ? __pfx_kthread+0x10/0x10 [ 25.416635] ret_from_fork+0x116/0x1d0 [ 25.416655] ? __pfx_kthread+0x10/0x10 [ 25.416677] ret_from_fork_asm+0x1a/0x30 [ 25.416711] </TASK> [ 25.416723] [ 25.427573] Allocated by task 307: [ 25.428071] kasan_save_stack+0x45/0x70 [ 25.428510] kasan_save_track+0x18/0x40 [ 25.428997] kasan_save_alloc_info+0x3b/0x50 [ 25.429450] __kasan_kmalloc+0xb7/0xc0 [ 25.429910] __kmalloc_cache_noprof+0x189/0x420 [ 25.430219] kasan_strings+0xc0/0xe80 [ 25.430359] kunit_try_run_case+0x1a5/0x480 [ 25.430499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.430670] kthread+0x337/0x6f0 [ 25.431031] ret_from_fork+0x116/0x1d0 [ 25.431415] ret_from_fork_asm+0x1a/0x30 [ 25.432024] [ 25.432246] Freed by task 307: [ 25.432554] kasan_save_stack+0x45/0x70 [ 25.433021] kasan_save_track+0x18/0x40 [ 25.433414] kasan_save_free_info+0x3f/0x60 [ 25.433892] __kasan_slab_free+0x56/0x70 [ 25.434043] kfree+0x222/0x3f0 [ 25.434159] kasan_strings+0x2aa/0xe80 [ 25.434298] kunit_try_run_case+0x1a5/0x480 [ 25.434436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.434605] kthread+0x337/0x6f0 [ 25.434721] ret_from_fork+0x116/0x1d0 [ 25.435257] ret_from_fork_asm+0x1a/0x30 [ 25.435641] [ 25.436038] The buggy address belongs to the object at ffff88810627a640 [ 25.436038] which belongs to the cache kmalloc-32 of size 32 [ 25.437219] The buggy address is located 16 bytes inside of [ 25.437219] freed 32-byte region [ffff88810627a640, ffff88810627a660) [ 25.438381] [ 25.438543] The buggy address belongs to the physical page: [ 25.439124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10627a [ 25.439514] flags: 0x200000000000000(node=0|zone=2) [ 25.439679] page_type: f5(slab) [ 25.440124] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.440896] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.441555] page dumped because: kasan: bad access detected [ 25.441998] [ 25.442069] Memory state around the buggy address: [ 25.442223] ffff88810627a500: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.442928] ffff88810627a580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.443546] >ffff88810627a600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.444225] ^ [ 25.444613] ffff88810627a680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.445160] ffff88810627a700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.445619] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 25.390513] ================================================================== [ 25.390976] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 25.391262] Read of size 1 at addr ffff88810627a650 by task kunit_try_catch/307 [ 25.391561] [ 25.391651] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.391700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.391713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.391735] Call Trace: [ 25.391753] <TASK> [ 25.391771] dump_stack_lvl+0x73/0xb0 [ 25.391799] print_report+0xd1/0x610 [ 25.392024] ? __virt_addr_valid+0x1db/0x2d0 [ 25.392057] ? strlen+0x8f/0xb0 [ 25.392080] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.392110] ? strlen+0x8f/0xb0 [ 25.392134] kasan_report+0x141/0x180 [ 25.392157] ? strlen+0x8f/0xb0 [ 25.392183] __asan_report_load1_noabort+0x18/0x20 [ 25.392211] strlen+0x8f/0xb0 [ 25.392234] kasan_strings+0x57b/0xe80 [ 25.392268] ? trace_hardirqs_on+0x37/0xe0 [ 25.392295] ? __pfx_kasan_strings+0x10/0x10 [ 25.392318] ? __kasan_check_write+0x18/0x20 [ 25.392344] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.392367] ? irqentry_exit+0x2a/0x60 [ 25.392387] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.392411] ? trace_hardirqs_on+0x37/0xe0 [ 25.392434] ? __pfx_read_tsc+0x10/0x10 [ 25.392460] ? ktime_get_ts64+0x86/0x230 [ 25.392486] kunit_try_run_case+0x1a5/0x480 [ 25.392510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.392533] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.392554] ? __kthread_parkme+0x82/0x180 [ 25.392575] ? preempt_count_sub+0x50/0x80 [ 25.392599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.392621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.392648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.392675] kthread+0x337/0x6f0 [ 25.392697] ? trace_preempt_on+0x20/0xc0 [ 25.392721] ? __pfx_kthread+0x10/0x10 [ 25.392744] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.392772] ? calculate_sigpending+0x7b/0xa0 [ 25.392799] ? __pfx_kthread+0x10/0x10 [ 25.392823] ret_from_fork+0x116/0x1d0 [ 25.392843] ? __pfx_kthread+0x10/0x10 [ 25.392866] ret_from_fork_asm+0x1a/0x30 [ 25.392899] </TASK> [ 25.392911] [ 25.400603] Allocated by task 307: [ 25.400783] kasan_save_stack+0x45/0x70 [ 25.400997] kasan_save_track+0x18/0x40 [ 25.401127] kasan_save_alloc_info+0x3b/0x50 [ 25.401318] __kasan_kmalloc+0xb7/0xc0 [ 25.401504] __kmalloc_cache_noprof+0x189/0x420 [ 25.401716] kasan_strings+0xc0/0xe80 [ 25.401890] kunit_try_run_case+0x1a5/0x480 [ 25.402057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.402407] kthread+0x337/0x6f0 [ 25.402563] ret_from_fork+0x116/0x1d0 [ 25.402725] ret_from_fork_asm+0x1a/0x30 [ 25.402931] [ 25.403004] Freed by task 307: [ 25.403154] kasan_save_stack+0x45/0x70 [ 25.403313] kasan_save_track+0x18/0x40 [ 25.403498] kasan_save_free_info+0x3f/0x60 [ 25.403675] __kasan_slab_free+0x56/0x70 [ 25.403805] kfree+0x222/0x3f0 [ 25.403917] kasan_strings+0x2aa/0xe80 [ 25.404044] kunit_try_run_case+0x1a5/0x480 [ 25.404182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.404569] kthread+0x337/0x6f0 [ 25.404733] ret_from_fork+0x116/0x1d0 [ 25.405318] ret_from_fork_asm+0x1a/0x30 [ 25.405745] [ 25.405915] The buggy address belongs to the object at ffff88810627a640 [ 25.405915] which belongs to the cache kmalloc-32 of size 32 [ 25.406358] The buggy address is located 16 bytes inside of [ 25.406358] freed 32-byte region [ffff88810627a640, ffff88810627a660) [ 25.406698] [ 25.406867] The buggy address belongs to the physical page: [ 25.407391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10627a [ 25.407751] flags: 0x200000000000000(node=0|zone=2) [ 25.408279] page_type: f5(slab) [ 25.408420] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.408728] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.409166] page dumped because: kasan: bad access detected [ 25.409424] [ 25.409499] Memory state around the buggy address: [ 25.409662] ffff88810627a500: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.410115] ffff88810627a580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.410412] >ffff88810627a600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.410700] ^ [ 25.411397] ffff88810627a680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.411618] ffff88810627a700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.411827] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 25.369917] ================================================================== [ 25.370195] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 25.370529] Read of size 1 at addr ffff88810627a650 by task kunit_try_catch/307 [ 25.371031] [ 25.371134] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.371187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.371200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.371223] Call Trace: [ 25.371256] <TASK> [ 25.371279] dump_stack_lvl+0x73/0xb0 [ 25.371310] print_report+0xd1/0x610 [ 25.371336] ? __virt_addr_valid+0x1db/0x2d0 [ 25.371363] ? kasan_strings+0xcbc/0xe80 [ 25.371387] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.371418] ? kasan_strings+0xcbc/0xe80 [ 25.371439] kasan_report+0x141/0x180 [ 25.371463] ? kasan_strings+0xcbc/0xe80 [ 25.371489] __asan_report_load1_noabort+0x18/0x20 [ 25.371516] kasan_strings+0xcbc/0xe80 [ 25.371538] ? trace_hardirqs_on+0x37/0xe0 [ 25.371562] ? __pfx_kasan_strings+0x10/0x10 [ 25.371585] ? __kasan_check_write+0x18/0x20 [ 25.371611] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.371634] ? irqentry_exit+0x2a/0x60 [ 25.371656] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.371680] ? trace_hardirqs_on+0x37/0xe0 [ 25.371704] ? __pfx_read_tsc+0x10/0x10 [ 25.371729] ? ktime_get_ts64+0x86/0x230 [ 25.371833] kunit_try_run_case+0x1a5/0x480 [ 25.371862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.371885] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.371907] ? __kthread_parkme+0x82/0x180 [ 25.371929] ? preempt_count_sub+0x50/0x80 [ 25.371954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.371977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.372005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.372032] kthread+0x337/0x6f0 [ 25.372053] ? trace_preempt_on+0x20/0xc0 [ 25.372078] ? __pfx_kthread+0x10/0x10 [ 25.372101] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.372129] ? calculate_sigpending+0x7b/0xa0 [ 25.372158] ? __pfx_kthread+0x10/0x10 [ 25.372181] ret_from_fork+0x116/0x1d0 [ 25.372202] ? __pfx_kthread+0x10/0x10 [ 25.372224] ret_from_fork_asm+0x1a/0x30 [ 25.372272] </TASK> [ 25.372283] [ 25.379914] Allocated by task 307: [ 25.380151] kasan_save_stack+0x45/0x70 [ 25.380358] kasan_save_track+0x18/0x40 [ 25.380527] kasan_save_alloc_info+0x3b/0x50 [ 25.380716] __kasan_kmalloc+0xb7/0xc0 [ 25.380875] __kmalloc_cache_noprof+0x189/0x420 [ 25.381142] kasan_strings+0xc0/0xe80 [ 25.381389] kunit_try_run_case+0x1a5/0x480 [ 25.381571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.381743] kthread+0x337/0x6f0 [ 25.381884] ret_from_fork+0x116/0x1d0 [ 25.382119] ret_from_fork_asm+0x1a/0x30 [ 25.382311] [ 25.382375] Freed by task 307: [ 25.382482] kasan_save_stack+0x45/0x70 [ 25.382644] kasan_save_track+0x18/0x40 [ 25.382830] kasan_save_free_info+0x3f/0x60 [ 25.383033] __kasan_slab_free+0x56/0x70 [ 25.383193] kfree+0x222/0x3f0 [ 25.383362] kasan_strings+0x2aa/0xe80 [ 25.383506] kunit_try_run_case+0x1a5/0x480 [ 25.383706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.383896] kthread+0x337/0x6f0 [ 25.384139] ret_from_fork+0x116/0x1d0 [ 25.384491] ret_from_fork_asm+0x1a/0x30 [ 25.384672] [ 25.384739] The buggy address belongs to the object at ffff88810627a640 [ 25.384739] which belongs to the cache kmalloc-32 of size 32 [ 25.385265] The buggy address is located 16 bytes inside of [ 25.385265] freed 32-byte region [ffff88810627a640, ffff88810627a660) [ 25.385609] [ 25.385680] The buggy address belongs to the physical page: [ 25.385847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10627a [ 25.386081] flags: 0x200000000000000(node=0|zone=2) [ 25.386270] page_type: f5(slab) [ 25.386431] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.386831] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.387160] page dumped because: kasan: bad access detected [ 25.387415] [ 25.387500] Memory state around the buggy address: [ 25.387713] ffff88810627a500: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.388441] ffff88810627a580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.388662] >ffff88810627a600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.389215] ^ [ 25.389494] ffff88810627a680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.389892] ffff88810627a700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.390107] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 25.337015] ================================================================== [ 25.338986] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 25.339681] Read of size 1 at addr ffff88810627a650 by task kunit_try_catch/307 [ 25.341008] [ 25.341248] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.341310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.341324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.341349] Call Trace: [ 25.341363] <TASK> [ 25.341385] dump_stack_lvl+0x73/0xb0 [ 25.341457] print_report+0xd1/0x610 [ 25.341486] ? __virt_addr_valid+0x1db/0x2d0 [ 25.341513] ? strcmp+0xb0/0xc0 [ 25.341535] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.341566] ? strcmp+0xb0/0xc0 [ 25.341588] kasan_report+0x141/0x180 [ 25.341611] ? strcmp+0xb0/0xc0 [ 25.341637] __asan_report_load1_noabort+0x18/0x20 [ 25.341664] strcmp+0xb0/0xc0 [ 25.341689] kasan_strings+0x431/0xe80 [ 25.341712] ? trace_hardirqs_on+0x37/0xe0 [ 25.341739] ? __pfx_kasan_strings+0x10/0x10 [ 25.341819] ? __kasan_check_write+0x18/0x20 [ 25.341847] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.341869] ? irqentry_exit+0x2a/0x60 [ 25.341891] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.341915] ? trace_hardirqs_on+0x37/0xe0 [ 25.341939] ? __pfx_read_tsc+0x10/0x10 [ 25.341965] ? ktime_get_ts64+0x86/0x230 [ 25.341993] kunit_try_run_case+0x1a5/0x480 [ 25.342018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.342040] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.342062] ? __kthread_parkme+0x82/0x180 [ 25.342084] ? preempt_count_sub+0x50/0x80 [ 25.342109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.342131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.342159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.342186] kthread+0x337/0x6f0 [ 25.342207] ? trace_preempt_on+0x20/0xc0 [ 25.342232] ? __pfx_kthread+0x10/0x10 [ 25.342268] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.342295] ? calculate_sigpending+0x7b/0xa0 [ 25.342324] ? __pfx_kthread+0x10/0x10 [ 25.342348] ret_from_fork+0x116/0x1d0 [ 25.342369] ? __pfx_kthread+0x10/0x10 [ 25.342391] ret_from_fork_asm+0x1a/0x30 [ 25.342426] </TASK> [ 25.342439] [ 25.356088] Allocated by task 307: [ 25.356422] kasan_save_stack+0x45/0x70 [ 25.356582] kasan_save_track+0x18/0x40 [ 25.356713] kasan_save_alloc_info+0x3b/0x50 [ 25.357149] __kasan_kmalloc+0xb7/0xc0 [ 25.357561] __kmalloc_cache_noprof+0x189/0x420 [ 25.358050] kasan_strings+0xc0/0xe80 [ 25.358401] kunit_try_run_case+0x1a5/0x480 [ 25.358790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.359286] kthread+0x337/0x6f0 [ 25.359413] ret_from_fork+0x116/0x1d0 [ 25.359541] ret_from_fork_asm+0x1a/0x30 [ 25.359679] [ 25.359745] Freed by task 307: [ 25.360495] kasan_save_stack+0x45/0x70 [ 25.360878] kasan_save_track+0x18/0x40 [ 25.361351] kasan_save_free_info+0x3f/0x60 [ 25.361743] __kasan_slab_free+0x56/0x70 [ 25.362166] kfree+0x222/0x3f0 [ 25.362476] kasan_strings+0x2aa/0xe80 [ 25.362887] kunit_try_run_case+0x1a5/0x480 [ 25.363199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.363387] kthread+0x337/0x6f0 [ 25.363507] ret_from_fork+0x116/0x1d0 [ 25.363636] ret_from_fork_asm+0x1a/0x30 [ 25.363779] [ 25.363848] The buggy address belongs to the object at ffff88810627a640 [ 25.363848] which belongs to the cache kmalloc-32 of size 32 [ 25.364482] The buggy address is located 16 bytes inside of [ 25.364482] freed 32-byte region [ffff88810627a640, ffff88810627a660) [ 25.364909] [ 25.365006] The buggy address belongs to the physical page: [ 25.365259] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10627a [ 25.365742] flags: 0x200000000000000(node=0|zone=2) [ 25.365964] page_type: f5(slab) [ 25.366136] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.366566] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.366984] page dumped because: kasan: bad access detected [ 25.367250] [ 25.367341] Memory state around the buggy address: [ 25.367564] ffff88810627a500: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.367824] ffff88810627a580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.368034] >ffff88810627a600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.368362] ^ [ 25.368622] ffff88810627a680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.369064] ffff88810627a700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.369388] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 25.298016] ================================================================== [ 25.298430] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 25.298653] Read of size 1 at addr ffff8881059cd198 by task kunit_try_catch/305 [ 25.299303] [ 25.299520] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.299578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.299592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.299617] Call Trace: [ 25.299632] <TASK> [ 25.299654] dump_stack_lvl+0x73/0xb0 [ 25.299686] print_report+0xd1/0x610 [ 25.299713] ? __virt_addr_valid+0x1db/0x2d0 [ 25.299742] ? memcmp+0x1b4/0x1d0 [ 25.299765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.299795] ? memcmp+0x1b4/0x1d0 [ 25.299875] kasan_report+0x141/0x180 [ 25.299900] ? memcmp+0x1b4/0x1d0 [ 25.299927] __asan_report_load1_noabort+0x18/0x20 [ 25.299954] memcmp+0x1b4/0x1d0 [ 25.299979] kasan_memcmp+0x18f/0x390 [ 25.300001] ? trace_hardirqs_on+0x37/0xe0 [ 25.300028] ? __pfx_kasan_memcmp+0x10/0x10 [ 25.300050] ? finish_task_switch.isra.0+0x153/0x700 [ 25.300074] ? __switch_to+0x47/0xf50 [ 25.300108] ? __pfx_read_tsc+0x10/0x10 [ 25.300134] ? ktime_get_ts64+0x86/0x230 [ 25.300163] kunit_try_run_case+0x1a5/0x480 [ 25.300189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.300210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.300233] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.300273] ? __kthread_parkme+0x82/0x180 [ 25.300294] ? preempt_count_sub+0x50/0x80 [ 25.300318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.300341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.300368] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.300395] kthread+0x337/0x6f0 [ 25.300417] ? trace_preempt_on+0x20/0xc0 [ 25.300441] ? __pfx_kthread+0x10/0x10 [ 25.300464] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.300492] ? calculate_sigpending+0x7b/0xa0 [ 25.300520] ? __pfx_kthread+0x10/0x10 [ 25.300544] ret_from_fork+0x116/0x1d0 [ 25.300563] ? __pfx_kthread+0x10/0x10 [ 25.300586] ret_from_fork_asm+0x1a/0x30 [ 25.300622] </TASK> [ 25.300634] [ 25.312345] Allocated by task 305: [ 25.312481] kasan_save_stack+0x45/0x70 [ 25.312628] kasan_save_track+0x18/0x40 [ 25.312757] kasan_save_alloc_info+0x3b/0x50 [ 25.313083] __kasan_kmalloc+0xb7/0xc0 [ 25.313445] __kmalloc_cache_noprof+0x189/0x420 [ 25.313909] kasan_memcmp+0xb7/0x390 [ 25.314261] kunit_try_run_case+0x1a5/0x480 [ 25.314641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.315310] kthread+0x337/0x6f0 [ 25.315627] ret_from_fork+0x116/0x1d0 [ 25.315982] ret_from_fork_asm+0x1a/0x30 [ 25.316470] [ 25.316661] The buggy address belongs to the object at ffff8881059cd180 [ 25.316661] which belongs to the cache kmalloc-32 of size 32 [ 25.317744] The buggy address is located 0 bytes to the right of [ 25.317744] allocated 24-byte region [ffff8881059cd180, ffff8881059cd198) [ 25.318556] [ 25.318626] The buggy address belongs to the physical page: [ 25.318798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059cd [ 25.319527] flags: 0x200000000000000(node=0|zone=2) [ 25.320003] page_type: f5(slab) [ 25.320391] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.321152] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.321422] page dumped because: kasan: bad access detected [ 25.321589] [ 25.321652] Memory state around the buggy address: [ 25.321806] ffff8881059cd080: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.322423] ffff8881059cd100: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.323075] >ffff8881059cd180: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.323667] ^ [ 25.324040] ffff8881059cd200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.324649] ffff8881059cd280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.325259] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 25.267442] ================================================================== [ 25.268049] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 25.269357] Read of size 1 at addr ffff88810641fc4a by task kunit_try_catch/301 [ 25.270010] [ 25.270380] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.270443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.270457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.270480] Call Trace: [ 25.270551] <TASK> [ 25.270571] dump_stack_lvl+0x73/0xb0 [ 25.270700] print_report+0xd1/0x610 [ 25.270727] ? __virt_addr_valid+0x1db/0x2d0 [ 25.270822] ? kasan_alloca_oob_right+0x329/0x390 [ 25.270850] ? kasan_addr_to_slab+0x11/0xa0 [ 25.270871] ? kasan_alloca_oob_right+0x329/0x390 [ 25.270895] kasan_report+0x141/0x180 [ 25.270918] ? kasan_alloca_oob_right+0x329/0x390 [ 25.270946] __asan_report_load1_noabort+0x18/0x20 [ 25.270972] kasan_alloca_oob_right+0x329/0x390 [ 25.270997] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.271020] ? finish_task_switch.isra.0+0x153/0x700 [ 25.271044] ? down_read+0x1de/0x270 [ 25.271068] ? trace_hardirqs_on+0x37/0xe0 [ 25.271096] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.271121] ? __schedule+0x10cc/0x2b60 [ 25.271150] ? __pfx_read_tsc+0x10/0x10 [ 25.271175] ? ktime_get_ts64+0x86/0x230 [ 25.271203] kunit_try_run_case+0x1a5/0x480 [ 25.271227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.271259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.271280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.271310] ? __kthread_parkme+0x82/0x180 [ 25.271331] ? preempt_count_sub+0x50/0x80 [ 25.271354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.271377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.271403] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.271430] kthread+0x337/0x6f0 [ 25.271452] ? trace_preempt_on+0x20/0xc0 [ 25.271475] ? __pfx_kthread+0x10/0x10 [ 25.271497] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.271524] ? calculate_sigpending+0x7b/0xa0 [ 25.271552] ? __pfx_kthread+0x10/0x10 [ 25.271575] ret_from_fork+0x116/0x1d0 [ 25.271595] ? __pfx_kthread+0x10/0x10 [ 25.271617] ret_from_fork_asm+0x1a/0x30 [ 25.271652] </TASK> [ 25.271665] [ 25.282541] The buggy address belongs to stack of task kunit_try_catch/301 [ 25.283078] [ 25.283175] The buggy address belongs to the physical page: [ 25.283584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10641f [ 25.284561] flags: 0x200000000000000(node=0|zone=2) [ 25.284785] raw: 0200000000000000 ffffea00041907c8 ffffea00041907c8 0000000000000000 [ 25.285437] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.285903] page dumped because: kasan: bad access detected [ 25.286330] [ 25.286503] Memory state around the buggy address: [ 25.286925] ffff88810641fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.287308] ffff88810641fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.287660] >ffff88810641fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.288220] ^ [ 25.288486] ffff88810641fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.288693] ffff88810641fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.288942] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 25.237252] ================================================================== [ 25.237648] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 25.238466] Read of size 1 at addr ffff88810269fc3f by task kunit_try_catch/299 [ 25.239467] [ 25.239768] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.239830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.239844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.239869] Call Trace: [ 25.239884] <TASK> [ 25.239906] dump_stack_lvl+0x73/0xb0 [ 25.239940] print_report+0xd1/0x610 [ 25.239965] ? __virt_addr_valid+0x1db/0x2d0 [ 25.239992] ? kasan_alloca_oob_left+0x320/0x380 [ 25.240015] ? kasan_addr_to_slab+0x11/0xa0 [ 25.240132] ? kasan_alloca_oob_left+0x320/0x380 [ 25.240166] kasan_report+0x141/0x180 [ 25.240191] ? kasan_alloca_oob_left+0x320/0x380 [ 25.240219] __asan_report_load1_noabort+0x18/0x20 [ 25.240293] kasan_alloca_oob_left+0x320/0x380 [ 25.240317] ? __kasan_check_write+0x18/0x20 [ 25.240345] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.240369] ? finish_task_switch.isra.0+0x153/0x700 [ 25.240395] ? down_read+0x1de/0x270 [ 25.240419] ? trace_hardirqs_on+0x37/0xe0 [ 25.240446] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.240471] ? __schedule+0x10cc/0x2b60 [ 25.240500] ? __pfx_read_tsc+0x10/0x10 [ 25.240526] ? ktime_get_ts64+0x86/0x230 [ 25.240554] kunit_try_run_case+0x1a5/0x480 [ 25.240578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.240599] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.240621] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.240650] ? __kthread_parkme+0x82/0x180 [ 25.240671] ? preempt_count_sub+0x50/0x80 [ 25.240695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.240717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.240841] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.240877] kthread+0x337/0x6f0 [ 25.240900] ? trace_preempt_on+0x20/0xc0 [ 25.240924] ? __pfx_kthread+0x10/0x10 [ 25.240947] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.240974] ? calculate_sigpending+0x7b/0xa0 [ 25.241003] ? __pfx_kthread+0x10/0x10 [ 25.241026] ret_from_fork+0x116/0x1d0 [ 25.241047] ? __pfx_kthread+0x10/0x10 [ 25.241069] ret_from_fork_asm+0x1a/0x30 [ 25.241105] </TASK> [ 25.241117] [ 25.254539] The buggy address belongs to stack of task kunit_try_catch/299 [ 25.254857] [ 25.255042] The buggy address belongs to the physical page: [ 25.255548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10269f [ 25.256406] flags: 0x200000000000000(node=0|zone=2) [ 25.256997] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.257654] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.258437] page dumped because: kasan: bad access detected [ 25.258703] [ 25.258824] Memory state around the buggy address: [ 25.259264] ffff88810269fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.259693] ffff88810269fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.260385] >ffff88810269fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.260717] ^ [ 25.260920] ffff88810269fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.261602] ffff88810269fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.262352] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 25.209331] ================================================================== [ 25.209815] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 25.210061] Read of size 1 at addr ffff8881026a7d02 by task kunit_try_catch/297 [ 25.210290] [ 25.210381] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.210435] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.210447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.210471] Call Trace: [ 25.210485] <TASK> [ 25.210506] dump_stack_lvl+0x73/0xb0 [ 25.210537] print_report+0xd1/0x610 [ 25.210559] ? __virt_addr_valid+0x1db/0x2d0 [ 25.210584] ? kasan_stack_oob+0x2b5/0x300 [ 25.210611] ? kasan_addr_to_slab+0x11/0xa0 [ 25.210631] ? kasan_stack_oob+0x2b5/0x300 [ 25.210658] kasan_report+0x141/0x180 [ 25.210682] ? kasan_stack_oob+0x2b5/0x300 [ 25.210714] __asan_report_load1_noabort+0x18/0x20 [ 25.210741] kasan_stack_oob+0x2b5/0x300 [ 25.210767] ? __pfx_kasan_stack_oob+0x10/0x10 [ 25.210794] ? finish_task_switch.isra.0+0x153/0x700 [ 25.210817] ? __switch_to+0x47/0xf50 [ 25.210847] ? __schedule+0x10cc/0x2b60 [ 25.210877] ? __pfx_read_tsc+0x10/0x10 [ 25.210901] ? ktime_get_ts64+0x86/0x230 [ 25.210927] kunit_try_run_case+0x1a5/0x480 [ 25.210950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.210970] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.210991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.211020] ? __kthread_parkme+0x82/0x180 [ 25.211040] ? preempt_count_sub+0x50/0x80 [ 25.211063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.211087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.211114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.211142] kthread+0x337/0x6f0 [ 25.211163] ? trace_preempt_on+0x20/0xc0 [ 25.211189] ? __pfx_kthread+0x10/0x10 [ 25.211210] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.211604] ? calculate_sigpending+0x7b/0xa0 [ 25.211650] ? __pfx_kthread+0x10/0x10 [ 25.211675] ret_from_fork+0x116/0x1d0 [ 25.211697] ? __pfx_kthread+0x10/0x10 [ 25.211720] ret_from_fork_asm+0x1a/0x30 [ 25.211989] </TASK> [ 25.212007] [ 25.226451] The buggy address belongs to stack of task kunit_try_catch/297 [ 25.226770] and is located at offset 138 in frame: [ 25.227398] kasan_stack_oob+0x0/0x300 [ 25.227724] [ 25.227839] This frame has 4 objects: [ 25.228258] [48, 49) '__assertion' [ 25.228287] [64, 72) 'array' [ 25.228558] [96, 112) '__assertion' [ 25.228736] [128, 138) 'stack_array' [ 25.228979] [ 25.229297] The buggy address belongs to the physical page: [ 25.229570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a7 [ 25.229983] flags: 0x200000000000000(node=0|zone=2) [ 25.230307] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.230624] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.231149] page dumped because: kasan: bad access detected [ 25.231383] [ 25.231455] Memory state around the buggy address: [ 25.231649] ffff8881026a7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.232362] ffff8881026a7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 25.232632] >ffff8881026a7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.233200] ^ [ 25.233400] ffff8881026a7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.233664] ffff8881026a7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.234395] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 25.180568] ================================================================== [ 25.181572] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 25.181852] Read of size 1 at addr ffffffffa16b5f0d by task kunit_try_catch/293 [ 25.182076] [ 25.182201] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.182281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.182296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.182321] Call Trace: [ 25.182336] <TASK> [ 25.182358] dump_stack_lvl+0x73/0xb0 [ 25.182394] print_report+0xd1/0x610 [ 25.182418] ? __virt_addr_valid+0x1db/0x2d0 [ 25.182446] ? kasan_global_oob_right+0x286/0x2d0 [ 25.182475] ? kasan_addr_to_slab+0x11/0xa0 [ 25.182495] ? kasan_global_oob_right+0x286/0x2d0 [ 25.182525] kasan_report+0x141/0x180 [ 25.182547] ? kasan_global_oob_right+0x286/0x2d0 [ 25.182581] __asan_report_load1_noabort+0x18/0x20 [ 25.182609] kasan_global_oob_right+0x286/0x2d0 [ 25.182638] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.182670] ? __schedule+0x10cc/0x2b60 [ 25.182700] ? __pfx_read_tsc+0x10/0x10 [ 25.182726] ? ktime_get_ts64+0x86/0x230 [ 25.182755] kunit_try_run_case+0x1a5/0x480 [ 25.182780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.182801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.182823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.182852] ? __kthread_parkme+0x82/0x180 [ 25.182874] ? preempt_count_sub+0x50/0x80 [ 25.182898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.182920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.182948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.182974] kthread+0x337/0x6f0 [ 25.182996] ? trace_preempt_on+0x20/0xc0 [ 25.183022] ? __pfx_kthread+0x10/0x10 [ 25.183045] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.183072] ? calculate_sigpending+0x7b/0xa0 [ 25.183102] ? __pfx_kthread+0x10/0x10 [ 25.183125] ret_from_fork+0x116/0x1d0 [ 25.183145] ? __pfx_kthread+0x10/0x10 [ 25.183168] ret_from_fork_asm+0x1a/0x30 [ 25.183232] </TASK> [ 25.183259] [ 25.195326] The buggy address belongs to the variable: [ 25.195600] global_array+0xd/0x40 [ 25.195800] [ 25.196039] The buggy address belongs to the physical page: [ 25.196568] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1772b5 [ 25.197376] flags: 0x200000000002000(reserved|node=0|zone=2) [ 25.197589] raw: 0200000000002000 ffffea0005dcad48 ffffea0005dcad48 0000000000000000 [ 25.198030] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.198685] page dumped because: kasan: bad access detected [ 25.199383] [ 25.199560] Memory state around the buggy address: [ 25.200094] ffffffffa16b5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.200489] ffffffffa16b5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.200701] >ffffffffa16b5f00: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 25.201209] ^ [ 25.201604] ffffffffa16b5f80: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 25.202465] ffffffffa16b6000: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 25.203145] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 25.154403] ================================================================== [ 25.155218] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.155596] Free of addr ffff8881063d8001 by task kunit_try_catch/291 [ 25.155875] [ 25.156098] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.156154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.156166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.156190] Call Trace: [ 25.156205] <TASK> [ 25.156225] dump_stack_lvl+0x73/0xb0 [ 25.156272] print_report+0xd1/0x610 [ 25.156295] ? __virt_addr_valid+0x1db/0x2d0 [ 25.156321] ? kasan_addr_to_slab+0x11/0xa0 [ 25.156341] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.156368] kasan_report_invalid_free+0x10a/0x130 [ 25.156393] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.156423] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.156448] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.156688] mempool_free+0x2ec/0x380 [ 25.156719] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.156760] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.156792] ? finish_task_switch.isra.0+0x153/0x700 [ 25.156819] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.156846] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.156875] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.156900] ? __pfx_mempool_kfree+0x10/0x10 [ 25.156928] ? __pfx_read_tsc+0x10/0x10 [ 25.156953] ? ktime_get_ts64+0x86/0x230 [ 25.156981] kunit_try_run_case+0x1a5/0x480 [ 25.157005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.157026] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.157048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.157079] ? __kthread_parkme+0x82/0x180 [ 25.157101] ? preempt_count_sub+0x50/0x80 [ 25.157125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.157147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.157175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.157209] kthread+0x337/0x6f0 [ 25.157231] ? trace_preempt_on+0x20/0xc0 [ 25.157269] ? __pfx_kthread+0x10/0x10 [ 25.157293] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.157319] ? calculate_sigpending+0x7b/0xa0 [ 25.157347] ? __pfx_kthread+0x10/0x10 [ 25.157371] ret_from_fork+0x116/0x1d0 [ 25.157391] ? __pfx_kthread+0x10/0x10 [ 25.157414] ret_from_fork_asm+0x1a/0x30 [ 25.157449] </TASK> [ 25.157460] [ 25.169485] The buggy address belongs to the physical page: [ 25.169858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063d8 [ 25.170367] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.170687] flags: 0x200000000000040(head|node=0|zone=2) [ 25.171263] page_type: f8(unknown) [ 25.171421] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.171937] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.172391] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.172863] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.173294] head: 0200000000000002 ffffea000418f601 00000000ffffffff 00000000ffffffff [ 25.173689] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.174235] page dumped because: kasan: bad access detected [ 25.174447] [ 25.174633] Memory state around the buggy address: [ 25.175129] ffff8881063d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.175567] ffff8881063d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.176027] >ffff8881063d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.176300] ^ [ 25.176469] ffff8881063d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.176780] ffff8881063d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.177395] ================================================================== [ 25.122257] ================================================================== [ 25.122666] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.124040] Free of addr ffff8881059c8101 by task kunit_try_catch/289 [ 25.124599] [ 25.124708] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.124764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.124786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.124810] Call Trace: [ 25.124824] <TASK> [ 25.125061] dump_stack_lvl+0x73/0xb0 [ 25.125105] print_report+0xd1/0x610 [ 25.125131] ? __virt_addr_valid+0x1db/0x2d0 [ 25.125157] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.125187] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.125222] kasan_report_invalid_free+0x10a/0x130 [ 25.125261] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.125289] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.125315] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.125340] check_slab_allocation+0x11f/0x130 [ 25.125362] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.125387] mempool_free+0x2ec/0x380 [ 25.125416] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.125443] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.125469] ? update_load_avg+0x1be/0x21b0 [ 25.125496] ? dequeue_entities+0x27e/0x1740 [ 25.125526] ? finish_task_switch.isra.0+0x153/0x700 [ 25.125552] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.125578] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.125604] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.125630] ? __pfx_mempool_kfree+0x10/0x10 [ 25.125658] ? __pfx_read_tsc+0x10/0x10 [ 25.125683] ? ktime_get_ts64+0x86/0x230 [ 25.125711] kunit_try_run_case+0x1a5/0x480 [ 25.125922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.125956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.125981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.126012] ? __kthread_parkme+0x82/0x180 [ 25.126033] ? preempt_count_sub+0x50/0x80 [ 25.126057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.126080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.126109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.126138] kthread+0x337/0x6f0 [ 25.126160] ? trace_preempt_on+0x20/0xc0 [ 25.126185] ? __pfx_kthread+0x10/0x10 [ 25.126208] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.126235] ? calculate_sigpending+0x7b/0xa0 [ 25.126276] ? __pfx_kthread+0x10/0x10 [ 25.126300] ret_from_fork+0x116/0x1d0 [ 25.126321] ? __pfx_kthread+0x10/0x10 [ 25.126344] ret_from_fork_asm+0x1a/0x30 [ 25.126379] </TASK> [ 25.126391] [ 25.138997] Allocated by task 289: [ 25.139424] kasan_save_stack+0x45/0x70 [ 25.139613] kasan_save_track+0x18/0x40 [ 25.139917] kasan_save_alloc_info+0x3b/0x50 [ 25.140103] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.140341] remove_element+0x11e/0x190 [ 25.140504] mempool_alloc_preallocated+0x4d/0x90 [ 25.140724] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.140948] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.141582] kunit_try_run_case+0x1a5/0x480 [ 25.141749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.142316] kthread+0x337/0x6f0 [ 25.142614] ret_from_fork+0x116/0x1d0 [ 25.142758] ret_from_fork_asm+0x1a/0x30 [ 25.143028] [ 25.143426] The buggy address belongs to the object at ffff8881059c8100 [ 25.143426] which belongs to the cache kmalloc-128 of size 128 [ 25.144088] The buggy address is located 1 bytes inside of [ 25.144088] 128-byte region [ffff8881059c8100, ffff8881059c8180) [ 25.144708] [ 25.144922] The buggy address belongs to the physical page: [ 25.145307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c8 [ 25.145699] flags: 0x200000000000000(node=0|zone=2) [ 25.146031] page_type: f5(slab) [ 25.146516] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.146815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.147465] page dumped because: kasan: bad access detected [ 25.147665] [ 25.147753] Memory state around the buggy address: [ 25.148070] ffff8881059c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.148383] ffff8881059c8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.148678] >ffff8881059c8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.148973] ^ [ 25.149546] ffff8881059c8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.149862] ffff8881059c8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.150483] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 25.074218] ================================================================== [ 25.074696] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.076532] Free of addr ffff888102668000 by task kunit_try_catch/285 [ 25.077347] [ 25.077457] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.077516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.077529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.077554] Call Trace: [ 25.077571] <TASK> [ 25.077593] dump_stack_lvl+0x73/0xb0 [ 25.077631] print_report+0xd1/0x610 [ 25.077655] ? __virt_addr_valid+0x1db/0x2d0 [ 25.077684] ? kasan_addr_to_slab+0x11/0xa0 [ 25.077705] ? mempool_double_free_helper+0x184/0x370 [ 25.077730] kasan_report_invalid_free+0x10a/0x130 [ 25.077765] ? mempool_double_free_helper+0x184/0x370 [ 25.077792] ? mempool_double_free_helper+0x184/0x370 [ 25.077816] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 25.077841] mempool_free+0x2ec/0x380 [ 25.077872] mempool_double_free_helper+0x184/0x370 [ 25.077899] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.077925] ? __kasan_check_write+0x18/0x20 [ 25.077951] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.077975] ? finish_task_switch.isra.0+0x153/0x700 [ 25.078003] mempool_kmalloc_large_double_free+0xed/0x140 [ 25.078030] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 25.078056] ? __kasan_check_write+0x18/0x20 [ 25.078084] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.078109] ? __pfx_mempool_kfree+0x10/0x10 [ 25.078137] ? __pfx_read_tsc+0x10/0x10 [ 25.078164] ? ktime_get_ts64+0x86/0x230 [ 25.078189] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.078217] kunit_try_run_case+0x1a5/0x480 [ 25.078254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.078277] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.078300] ? __kthread_parkme+0x82/0x180 [ 25.078322] ? preempt_count_sub+0x50/0x80 [ 25.078346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.078368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.078395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.078423] kthread+0x337/0x6f0 [ 25.078445] ? trace_preempt_on+0x20/0xc0 [ 25.078471] ? __pfx_kthread+0x10/0x10 [ 25.078493] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.078521] ? calculate_sigpending+0x7b/0xa0 [ 25.078550] ? __pfx_kthread+0x10/0x10 [ 25.078574] ret_from_fork+0x116/0x1d0 [ 25.078594] ? __pfx_kthread+0x10/0x10 [ 25.078617] ret_from_fork_asm+0x1a/0x30 [ 25.078652] </TASK> [ 25.078665] [ 25.089632] The buggy address belongs to the physical page: [ 25.090324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102668 [ 25.090669] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.091158] flags: 0x200000000000040(head|node=0|zone=2) [ 25.091371] page_type: f8(unknown) [ 25.091576] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.091992] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.092252] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.092597] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.092894] head: 0200000000000002 ffffea0004099a01 00000000ffffffff 00000000ffffffff [ 25.093228] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.093592] page dumped because: kasan: bad access detected [ 25.093875] [ 25.093940] Memory state around the buggy address: [ 25.094248] ffff888102667f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.094506] ffff888102667f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.094816] >ffff888102668000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.095233] ^ [ 25.095384] ffff888102668080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.095959] ffff888102668100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.096296] ================================================================== [ 25.099394] ================================================================== [ 25.100142] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.101126] Free of addr ffff88810266c000 by task kunit_try_catch/287 [ 25.101498] [ 25.101610] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.101664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.101678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.101701] Call Trace: [ 25.101717] <TASK> [ 25.101745] dump_stack_lvl+0x73/0xb0 [ 25.101776] print_report+0xd1/0x610 [ 25.101802] ? __virt_addr_valid+0x1db/0x2d0 [ 25.101828] ? kasan_addr_to_slab+0x11/0xa0 [ 25.101847] ? mempool_double_free_helper+0x184/0x370 [ 25.101873] kasan_report_invalid_free+0x10a/0x130 [ 25.102204] ? mempool_double_free_helper+0x184/0x370 [ 25.102256] ? mempool_double_free_helper+0x184/0x370 [ 25.102283] __kasan_mempool_poison_pages+0x115/0x130 [ 25.102310] mempool_free+0x290/0x380 [ 25.102340] mempool_double_free_helper+0x184/0x370 [ 25.102365] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.102391] ? __kasan_check_write+0x18/0x20 [ 25.102418] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.102443] ? finish_task_switch.isra.0+0x153/0x700 [ 25.102471] mempool_page_alloc_double_free+0xe8/0x140 [ 25.102498] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.102527] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.102554] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.102583] ? __pfx_read_tsc+0x10/0x10 [ 25.102608] ? ktime_get_ts64+0x86/0x230 [ 25.102635] kunit_try_run_case+0x1a5/0x480 [ 25.102659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.102681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.102704] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.102734] ? __kthread_parkme+0x82/0x180 [ 25.102809] ? preempt_count_sub+0x50/0x80 [ 25.102835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.102858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.102885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.102913] kthread+0x337/0x6f0 [ 25.102935] ? trace_preempt_on+0x20/0xc0 [ 25.102961] ? __pfx_kthread+0x10/0x10 [ 25.102983] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.103011] ? calculate_sigpending+0x7b/0xa0 [ 25.103039] ? __pfx_kthread+0x10/0x10 [ 25.103063] ret_from_fork+0x116/0x1d0 [ 25.103083] ? __pfx_kthread+0x10/0x10 [ 25.103106] ret_from_fork_asm+0x1a/0x30 [ 25.103141] </TASK> [ 25.103154] [ 25.114296] The buggy address belongs to the physical page: [ 25.114660] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10266c [ 25.115095] flags: 0x200000000000000(node=0|zone=2) [ 25.115364] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.115669] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.116228] page dumped because: kasan: bad access detected [ 25.116539] [ 25.116626] Memory state around the buggy address: [ 25.116815] ffff88810266bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.117426] ffff88810266bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.117783] >ffff88810266c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.118282] ^ [ 25.118455] ffff88810266c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.118866] ffff88810266c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.119170] ================================================================== [ 25.039821] ================================================================== [ 25.040346] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.040697] Free of addr ffff8881062af400 by task kunit_try_catch/283 [ 25.040938] [ 25.041076] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.041133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.041147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.041179] Call Trace: [ 25.041371] <TASK> [ 25.041402] dump_stack_lvl+0x73/0xb0 [ 25.041437] print_report+0xd1/0x610 [ 25.041462] ? __virt_addr_valid+0x1db/0x2d0 [ 25.041492] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.041521] ? mempool_double_free_helper+0x184/0x370 [ 25.041547] kasan_report_invalid_free+0x10a/0x130 [ 25.041572] ? mempool_double_free_helper+0x184/0x370 [ 25.041611] ? mempool_double_free_helper+0x184/0x370 [ 25.041637] ? mempool_double_free_helper+0x184/0x370 [ 25.041662] check_slab_allocation+0x101/0x130 [ 25.041695] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.041721] mempool_free+0x2ec/0x380 [ 25.041750] ? __wake_up+0x49/0x60 [ 25.041792] mempool_double_free_helper+0x184/0x370 [ 25.041828] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.041853] ? update_load_avg+0x1be/0x21b0 [ 25.041884] ? finish_task_switch.isra.0+0x153/0x700 [ 25.041921] mempool_kmalloc_double_free+0xed/0x140 [ 25.041946] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 25.041974] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.042019] ? __pfx_mempool_kfree+0x10/0x10 [ 25.042072] ? __pfx_read_tsc+0x10/0x10 [ 25.042099] ? ktime_get_ts64+0x86/0x230 [ 25.042127] kunit_try_run_case+0x1a5/0x480 [ 25.042153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.042182] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.042205] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.042250] ? __kthread_parkme+0x82/0x180 [ 25.042273] ? preempt_count_sub+0x50/0x80 [ 25.042297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.042320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.042349] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.042378] kthread+0x337/0x6f0 [ 25.042400] ? trace_preempt_on+0x20/0xc0 [ 25.042427] ? __pfx_kthread+0x10/0x10 [ 25.042450] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.042479] ? calculate_sigpending+0x7b/0xa0 [ 25.042507] ? __pfx_kthread+0x10/0x10 [ 25.042532] ret_from_fork+0x116/0x1d0 [ 25.042552] ? __pfx_kthread+0x10/0x10 [ 25.042575] ret_from_fork_asm+0x1a/0x30 [ 25.042612] </TASK> [ 25.042626] [ 25.052547] Allocated by task 283: [ 25.052733] kasan_save_stack+0x45/0x70 [ 25.052990] kasan_save_track+0x18/0x40 [ 25.053182] kasan_save_alloc_info+0x3b/0x50 [ 25.053395] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.053615] remove_element+0x11e/0x190 [ 25.053869] mempool_alloc_preallocated+0x4d/0x90 [ 25.054146] mempool_double_free_helper+0x8a/0x370 [ 25.054384] mempool_kmalloc_double_free+0xed/0x140 [ 25.054599] kunit_try_run_case+0x1a5/0x480 [ 25.054819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.055121] kthread+0x337/0x6f0 [ 25.055299] ret_from_fork+0x116/0x1d0 [ 25.055533] ret_from_fork_asm+0x1a/0x30 [ 25.055676] [ 25.055740] Freed by task 283: [ 25.055844] kasan_save_stack+0x45/0x70 [ 25.055971] kasan_save_track+0x18/0x40 [ 25.056097] kasan_save_free_info+0x3f/0x60 [ 25.056368] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.056602] mempool_free+0x2ec/0x380 [ 25.056903] mempool_double_free_helper+0x109/0x370 [ 25.057378] mempool_kmalloc_double_free+0xed/0x140 [ 25.057599] kunit_try_run_case+0x1a5/0x480 [ 25.057738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.058044] kthread+0x337/0x6f0 [ 25.058247] ret_from_fork+0x116/0x1d0 [ 25.058406] ret_from_fork_asm+0x1a/0x30 [ 25.058592] [ 25.058660] The buggy address belongs to the object at ffff8881062af400 [ 25.058660] which belongs to the cache kmalloc-128 of size 128 [ 25.059012] The buggy address is located 0 bytes inside of [ 25.059012] 128-byte region [ffff8881062af400, ffff8881062af480) [ 25.059746] [ 25.059884] The buggy address belongs to the physical page: [ 25.060152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 25.060427] flags: 0x200000000000000(node=0|zone=2) [ 25.060595] page_type: f5(slab) [ 25.060717] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.061338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.061672] page dumped because: kasan: bad access detected [ 25.062080] [ 25.062152] Memory state around the buggy address: [ 25.062418] ffff8881062af300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.062638] ffff8881062af380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.063324] >ffff8881062af400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.063670] ^ [ 25.063926] ffff8881062af480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.064220] ffff8881062af500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.064496] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 25.019044] ================================================================== [ 25.020103] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.020446] Read of size 1 at addr ffff888106330000 by task kunit_try_catch/281 [ 25.020749] [ 25.020960] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 25.021020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.021033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.021057] Call Trace: [ 25.021071] <TASK> [ 25.021093] dump_stack_lvl+0x73/0xb0 [ 25.021141] print_report+0xd1/0x610 [ 25.021165] ? __virt_addr_valid+0x1db/0x2d0 [ 25.021210] ? mempool_uaf_helper+0x392/0x400 [ 25.021233] ? kasan_addr_to_slab+0x11/0xa0 [ 25.021265] ? mempool_uaf_helper+0x392/0x400 [ 25.021289] kasan_report+0x141/0x180 [ 25.021322] ? mempool_uaf_helper+0x392/0x400 [ 25.021350] __asan_report_load1_noabort+0x18/0x20 [ 25.021378] mempool_uaf_helper+0x392/0x400 [ 25.021412] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.021437] ? __kasan_check_write+0x18/0x20 [ 25.021464] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.021489] ? finish_task_switch.isra.0+0x153/0x700 [ 25.021517] mempool_page_alloc_uaf+0xed/0x140 [ 25.021543] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 25.021572] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.021601] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.021631] ? __pfx_read_tsc+0x10/0x10 [ 25.021658] ? ktime_get_ts64+0x86/0x230 [ 25.021686] kunit_try_run_case+0x1a5/0x480 [ 25.021721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.021743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.021795] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.021868] ? __kthread_parkme+0x82/0x180 [ 25.021893] ? preempt_count_sub+0x50/0x80 [ 25.021917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.021940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.021968] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.021998] kthread+0x337/0x6f0 [ 25.022020] ? trace_preempt_on+0x20/0xc0 [ 25.022047] ? __pfx_kthread+0x10/0x10 [ 25.022070] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.022098] ? calculate_sigpending+0x7b/0xa0 [ 25.022127] ? __pfx_kthread+0x10/0x10 [ 25.022151] ret_from_fork+0x116/0x1d0 [ 25.022171] ? __pfx_kthread+0x10/0x10 [ 25.022195] ret_from_fork_asm+0x1a/0x30 [ 25.022232] </TASK> [ 25.022255] [ 25.030853] The buggy address belongs to the physical page: [ 25.031295] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106330 [ 25.031805] flags: 0x200000000000000(node=0|zone=2) [ 25.032041] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.032279] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.032613] page dumped because: kasan: bad access detected [ 25.033139] [ 25.033262] Memory state around the buggy address: [ 25.033435] ffff88810632ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.033726] ffff88810632ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.034193] >ffff888106330000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.034511] ^ [ 25.034688] ffff888106330080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.035088] ffff888106330100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.035402] ================================================================== [ 24.946659] ================================================================== [ 24.947655] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.948462] Read of size 1 at addr ffff888102668000 by task kunit_try_catch/277 [ 24.949200] [ 24.949320] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.949380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.949394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.949419] Call Trace: [ 24.949437] <TASK> [ 24.949461] dump_stack_lvl+0x73/0xb0 [ 24.949498] print_report+0xd1/0x610 [ 24.949523] ? __virt_addr_valid+0x1db/0x2d0 [ 24.949550] ? mempool_uaf_helper+0x392/0x400 [ 24.949574] ? kasan_addr_to_slab+0x11/0xa0 [ 24.949595] ? mempool_uaf_helper+0x392/0x400 [ 24.949619] kasan_report+0x141/0x180 [ 24.949643] ? mempool_uaf_helper+0x392/0x400 [ 24.949671] __asan_report_load1_noabort+0x18/0x20 [ 24.949699] mempool_uaf_helper+0x392/0x400 [ 24.949724] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.949796] ? __kasan_check_write+0x18/0x20 [ 24.949827] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.949851] ? finish_task_switch.isra.0+0x153/0x700 [ 24.949881] mempool_kmalloc_large_uaf+0xef/0x140 [ 24.949907] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 24.949935] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.949962] ? __pfx_mempool_kfree+0x10/0x10 [ 24.949991] ? __pfx_read_tsc+0x10/0x10 [ 24.950017] ? ktime_get_ts64+0x86/0x230 [ 24.950045] kunit_try_run_case+0x1a5/0x480 [ 24.950071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.950092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.950115] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.950145] ? __kthread_parkme+0x82/0x180 [ 24.950167] ? preempt_count_sub+0x50/0x80 [ 24.950191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.950213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.950253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.950280] kthread+0x337/0x6f0 [ 24.950303] ? trace_preempt_on+0x20/0xc0 [ 24.950330] ? __pfx_kthread+0x10/0x10 [ 24.950353] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.950381] ? calculate_sigpending+0x7b/0xa0 [ 24.950409] ? __pfx_kthread+0x10/0x10 [ 24.950433] ret_from_fork+0x116/0x1d0 [ 24.950454] ? __pfx_kthread+0x10/0x10 [ 24.950477] ret_from_fork_asm+0x1a/0x30 [ 24.950514] </TASK> [ 24.950527] [ 24.964933] The buggy address belongs to the physical page: [ 24.965493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102668 [ 24.966108] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.966749] flags: 0x200000000000040(head|node=0|zone=2) [ 24.967280] page_type: f8(unknown) [ 24.967633] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.967943] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.968692] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.969297] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.969534] head: 0200000000000002 ffffea0004099a01 00000000ffffffff 00000000ffffffff [ 24.969805] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.970666] page dumped because: kasan: bad access detected [ 24.971303] [ 24.971460] Memory state around the buggy address: [ 24.972121] ffff888102667f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.972847] ffff888102667f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.973448] >ffff888102668000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.973658] ^ [ 24.973848] ffff888102668080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.974592] ffff888102668100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.975277] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 24.981706] ================================================================== [ 24.982410] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.982723] Read of size 1 at addr ffff888106279240 by task kunit_try_catch/279 [ 24.983228] [ 24.983383] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.983449] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.983463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.983498] Call Trace: [ 24.983513] <TASK> [ 24.983533] dump_stack_lvl+0x73/0xb0 [ 24.983566] print_report+0xd1/0x610 [ 24.983590] ? __virt_addr_valid+0x1db/0x2d0 [ 24.983617] ? mempool_uaf_helper+0x392/0x400 [ 24.983640] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.983670] ? mempool_uaf_helper+0x392/0x400 [ 24.983704] kasan_report+0x141/0x180 [ 24.983728] ? mempool_uaf_helper+0x392/0x400 [ 24.983756] __asan_report_load1_noabort+0x18/0x20 [ 24.983794] mempool_uaf_helper+0x392/0x400 [ 24.983827] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.983867] ? update_load_avg+0x1be/0x21b0 [ 24.983949] ? irqentry_exit+0x2a/0x60 [ 24.983977] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.984004] mempool_slab_uaf+0xea/0x140 [ 24.984030] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.984059] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.984097] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.984137] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.984164] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.984202] kunit_try_run_case+0x1a5/0x480 [ 24.984228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.984260] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.984283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.984314] ? __kthread_parkme+0x82/0x180 [ 24.984336] ? preempt_count_sub+0x50/0x80 [ 24.984361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.984384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.984412] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.984440] kthread+0x337/0x6f0 [ 24.984463] ? trace_preempt_on+0x20/0xc0 [ 24.984489] ? __pfx_kthread+0x10/0x10 [ 24.984512] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.984540] ? calculate_sigpending+0x7b/0xa0 [ 24.984568] ? __pfx_kthread+0x10/0x10 [ 24.984593] ret_from_fork+0x116/0x1d0 [ 24.984615] ? __pfx_kthread+0x10/0x10 [ 24.984639] ret_from_fork_asm+0x1a/0x30 [ 24.984675] </TASK> [ 24.984687] [ 24.994052] Allocated by task 279: [ 24.994232] kasan_save_stack+0x45/0x70 [ 24.994442] kasan_save_track+0x18/0x40 [ 24.994640] kasan_save_alloc_info+0x3b/0x50 [ 24.994880] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.995158] remove_element+0x11e/0x190 [ 24.995348] mempool_alloc_preallocated+0x4d/0x90 [ 24.995568] mempool_uaf_helper+0x96/0x400 [ 24.995706] mempool_slab_uaf+0xea/0x140 [ 24.995885] kunit_try_run_case+0x1a5/0x480 [ 24.996105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.996400] kthread+0x337/0x6f0 [ 24.996521] ret_from_fork+0x116/0x1d0 [ 24.996815] ret_from_fork_asm+0x1a/0x30 [ 24.996991] [ 24.997086] Freed by task 279: [ 24.997573] kasan_save_stack+0x45/0x70 [ 24.997716] kasan_save_track+0x18/0x40 [ 24.997846] kasan_save_free_info+0x3f/0x60 [ 24.998202] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.998485] mempool_free+0x2ec/0x380 [ 24.998674] mempool_uaf_helper+0x11a/0x400 [ 24.998950] mempool_slab_uaf+0xea/0x140 [ 24.999094] kunit_try_run_case+0x1a5/0x480 [ 24.999306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.999581] kthread+0x337/0x6f0 [ 24.999772] ret_from_fork+0x116/0x1d0 [ 24.999993] ret_from_fork_asm+0x1a/0x30 [ 25.000194] [ 25.000301] The buggy address belongs to the object at ffff888106279240 [ 25.000301] which belongs to the cache test_cache of size 123 [ 25.000866] The buggy address is located 0 bytes inside of [ 25.000866] freed 123-byte region [ffff888106279240, ffff8881062792bb) [ 25.001294] [ 25.001367] The buggy address belongs to the physical page: [ 25.001535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106279 [ 25.001876] flags: 0x200000000000000(node=0|zone=2) [ 25.002106] page_type: f5(slab) [ 25.002463] raw: 0200000000000000 ffff888106209280 dead000000000122 0000000000000000 [ 25.002941] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.003213] page dumped because: kasan: bad access detected [ 25.003393] [ 25.003458] Memory state around the buggy address: [ 25.003617] ffff888106279100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.004210] ffff888106279180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.004675] >ffff888106279200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.005334] ^ [ 25.005585] ffff888106279280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.006049] ffff888106279300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.006359] ================================================================== [ 24.902593] ================================================================== [ 24.903008] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.903261] Read of size 1 at addr ffff8881059acd00 by task kunit_try_catch/275 [ 24.903481] [ 24.903572] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.903627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.903639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.903663] Call Trace: [ 24.903677] <TASK> [ 24.903698] dump_stack_lvl+0x73/0xb0 [ 24.903727] print_report+0xd1/0x610 [ 24.903751] ? __virt_addr_valid+0x1db/0x2d0 [ 24.903776] ? mempool_uaf_helper+0x392/0x400 [ 24.903798] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.903827] ? mempool_uaf_helper+0x392/0x400 [ 24.903850] kasan_report+0x141/0x180 [ 24.903872] ? mempool_uaf_helper+0x392/0x400 [ 24.903899] __asan_report_load1_noabort+0x18/0x20 [ 24.903925] mempool_uaf_helper+0x392/0x400 [ 24.903948] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.903972] ? __kasan_check_write+0x18/0x20 [ 24.903999] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.904021] ? finish_task_switch.isra.0+0x153/0x700 [ 24.904047] mempool_kmalloc_uaf+0xef/0x140 [ 24.904069] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 24.904095] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.904121] ? __pfx_mempool_kfree+0x10/0x10 [ 24.904147] ? __pfx_read_tsc+0x10/0x10 [ 24.904172] ? ktime_get_ts64+0x86/0x230 [ 24.904198] kunit_try_run_case+0x1a5/0x480 [ 24.904221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.904723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.904791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.905085] ? __kthread_parkme+0x82/0x180 [ 24.905111] ? preempt_count_sub+0x50/0x80 [ 24.905136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.905160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.905189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.905221] kthread+0x337/0x6f0 [ 24.905253] ? trace_preempt_on+0x20/0xc0 [ 24.905279] ? __pfx_kthread+0x10/0x10 [ 24.905302] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.905330] ? calculate_sigpending+0x7b/0xa0 [ 24.905358] ? __pfx_kthread+0x10/0x10 [ 24.905381] ret_from_fork+0x116/0x1d0 [ 24.905402] ? __pfx_kthread+0x10/0x10 [ 24.905424] ret_from_fork_asm+0x1a/0x30 [ 24.905458] </TASK> [ 24.905471] [ 24.922911] Allocated by task 275: [ 24.923313] kasan_save_stack+0x45/0x70 [ 24.923943] kasan_save_track+0x18/0x40 [ 24.924566] kasan_save_alloc_info+0x3b/0x50 [ 24.925100] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.925300] remove_element+0x11e/0x190 [ 24.925439] mempool_alloc_preallocated+0x4d/0x90 [ 24.925595] mempool_uaf_helper+0x96/0x400 [ 24.925731] mempool_kmalloc_uaf+0xef/0x140 [ 24.925934] kunit_try_run_case+0x1a5/0x480 [ 24.926865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.927469] kthread+0x337/0x6f0 [ 24.927900] ret_from_fork+0x116/0x1d0 [ 24.928438] ret_from_fork_asm+0x1a/0x30 [ 24.928966] [ 24.929123] Freed by task 275: [ 24.929554] kasan_save_stack+0x45/0x70 [ 24.930019] kasan_save_track+0x18/0x40 [ 24.930529] kasan_save_free_info+0x3f/0x60 [ 24.931045] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.931633] mempool_free+0x2ec/0x380 [ 24.931870] mempool_uaf_helper+0x11a/0x400 [ 24.932020] mempool_kmalloc_uaf+0xef/0x140 [ 24.932165] kunit_try_run_case+0x1a5/0x480 [ 24.932318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.932492] kthread+0x337/0x6f0 [ 24.932607] ret_from_fork+0x116/0x1d0 [ 24.932733] ret_from_fork_asm+0x1a/0x30 [ 24.933577] [ 24.933836] The buggy address belongs to the object at ffff8881059acd00 [ 24.933836] which belongs to the cache kmalloc-128 of size 128 [ 24.935103] The buggy address is located 0 bytes inside of [ 24.935103] freed 128-byte region [ffff8881059acd00, ffff8881059acd80) [ 24.936253] [ 24.936454] The buggy address belongs to the physical page: [ 24.937101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac [ 24.937884] flags: 0x200000000000000(node=0|zone=2) [ 24.938457] page_type: f5(slab) [ 24.938588] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.939218] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.939707] page dumped because: kasan: bad access detected [ 24.939992] [ 24.940172] Memory state around the buggy address: [ 24.940625] ffff8881059acc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.941346] ffff8881059acc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.941877] >ffff8881059acd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.942234] ^ [ 24.942362] ffff8881059acd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.942568] ffff8881059ace00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.942790] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 24.838643] ================================================================== [ 24.839562] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.840044] Read of size 1 at addr ffff88810632e001 by task kunit_try_catch/271 [ 24.840398] [ 24.840492] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.840804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.840832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.840855] Call Trace: [ 24.840871] <TASK> [ 24.840891] dump_stack_lvl+0x73/0xb0 [ 24.840922] print_report+0xd1/0x610 [ 24.840946] ? __virt_addr_valid+0x1db/0x2d0 [ 24.840973] ? mempool_oob_right_helper+0x318/0x380 [ 24.840998] ? kasan_addr_to_slab+0x11/0xa0 [ 24.841019] ? mempool_oob_right_helper+0x318/0x380 [ 24.841044] kasan_report+0x141/0x180 [ 24.841067] ? mempool_oob_right_helper+0x318/0x380 [ 24.841097] __asan_report_load1_noabort+0x18/0x20 [ 24.841124] mempool_oob_right_helper+0x318/0x380 [ 24.841150] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.841178] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.841207] ? finish_task_switch.isra.0+0x153/0x700 [ 24.841235] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.841286] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.841324] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.841363] ? __pfx_mempool_kfree+0x10/0x10 [ 24.841391] ? __pfx_read_tsc+0x10/0x10 [ 24.841418] ? ktime_get_ts64+0x86/0x230 [ 24.841446] kunit_try_run_case+0x1a5/0x480 [ 24.841469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.841491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.841513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.841542] ? __kthread_parkme+0x82/0x180 [ 24.841565] ? preempt_count_sub+0x50/0x80 [ 24.841589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.841612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.841639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.841667] kthread+0x337/0x6f0 [ 24.841689] ? trace_preempt_on+0x20/0xc0 [ 24.841715] ? __pfx_kthread+0x10/0x10 [ 24.841738] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.841778] ? calculate_sigpending+0x7b/0xa0 [ 24.841805] ? __pfx_kthread+0x10/0x10 [ 24.841835] ret_from_fork+0x116/0x1d0 [ 24.841856] ? __pfx_kthread+0x10/0x10 [ 24.841878] ret_from_fork_asm+0x1a/0x30 [ 24.841913] </TASK> [ 24.841926] [ 24.853165] The buggy address belongs to the physical page: [ 24.853490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10632c [ 24.853964] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.854331] flags: 0x200000000000040(head|node=0|zone=2) [ 24.854863] page_type: f8(unknown) [ 24.855049] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.855408] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.855727] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.856320] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.856747] head: 0200000000000002 ffffea000418cb01 00000000ffffffff 00000000ffffffff [ 24.857333] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.857740] page dumped because: kasan: bad access detected [ 24.858190] [ 24.858307] Memory state around the buggy address: [ 24.858677] ffff88810632df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.859156] ffff88810632df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.859595] >ffff88810632e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.860108] ^ [ 24.860301] ffff88810632e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.860710] ffff88810632e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.861144] ================================================================== [ 24.865685] ================================================================== [ 24.866252] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.866868] Read of size 1 at addr ffff88810620e2bb by task kunit_try_catch/273 [ 24.867345] [ 24.867609] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.867670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.867684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.867710] Call Trace: [ 24.867787] <TASK> [ 24.867812] dump_stack_lvl+0x73/0xb0 [ 24.867850] print_report+0xd1/0x610 [ 24.867890] ? __virt_addr_valid+0x1db/0x2d0 [ 24.867919] ? mempool_oob_right_helper+0x318/0x380 [ 24.867944] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.867973] ? mempool_oob_right_helper+0x318/0x380 [ 24.867999] kasan_report+0x141/0x180 [ 24.868024] ? mempool_oob_right_helper+0x318/0x380 [ 24.868055] __asan_report_load1_noabort+0x18/0x20 [ 24.868085] mempool_oob_right_helper+0x318/0x380 [ 24.868112] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.868139] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.868165] ? finish_task_switch.isra.0+0x153/0x700 [ 24.868194] mempool_slab_oob_right+0xed/0x140 [ 24.868220] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.868261] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.868290] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.868319] ? __pfx_read_tsc+0x10/0x10 [ 24.868346] ? ktime_get_ts64+0x86/0x230 [ 24.868374] kunit_try_run_case+0x1a5/0x480 [ 24.868401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.868422] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.868445] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.868476] ? __kthread_parkme+0x82/0x180 [ 24.868498] ? preempt_count_sub+0x50/0x80 [ 24.868523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.868545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.868573] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.868601] kthread+0x337/0x6f0 [ 24.868624] ? trace_preempt_on+0x20/0xc0 [ 24.868650] ? __pfx_kthread+0x10/0x10 [ 24.868672] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.868700] ? calculate_sigpending+0x7b/0xa0 [ 24.868729] ? __pfx_kthread+0x10/0x10 [ 24.868808] ret_from_fork+0x116/0x1d0 [ 24.868844] ? __pfx_kthread+0x10/0x10 [ 24.868868] ret_from_fork_asm+0x1a/0x30 [ 24.868906] </TASK> [ 24.868920] [ 24.879615] Allocated by task 273: [ 24.880290] kasan_save_stack+0x45/0x70 [ 24.880508] kasan_save_track+0x18/0x40 [ 24.880643] kasan_save_alloc_info+0x3b/0x50 [ 24.881099] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.881421] remove_element+0x11e/0x190 [ 24.881605] mempool_alloc_preallocated+0x4d/0x90 [ 24.882059] mempool_oob_right_helper+0x8a/0x380 [ 24.882298] mempool_slab_oob_right+0xed/0x140 [ 24.882566] kunit_try_run_case+0x1a5/0x480 [ 24.882756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.883251] kthread+0x337/0x6f0 [ 24.883490] ret_from_fork+0x116/0x1d0 [ 24.883637] ret_from_fork_asm+0x1a/0x30 [ 24.883925] [ 24.884041] The buggy address belongs to the object at ffff88810620e240 [ 24.884041] which belongs to the cache test_cache of size 123 [ 24.884524] The buggy address is located 0 bytes to the right of [ 24.884524] allocated 123-byte region [ffff88810620e240, ffff88810620e2bb) [ 24.885646] [ 24.885744] The buggy address belongs to the physical page: [ 24.886024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10620e [ 24.886381] flags: 0x200000000000000(node=0|zone=2) [ 24.886592] page_type: f5(slab) [ 24.886787] raw: 0200000000000000 ffff888106209140 dead000000000122 0000000000000000 [ 24.887110] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.887421] page dumped because: kasan: bad access detected [ 24.887644] [ 24.887718] Memory state around the buggy address: [ 24.887921] ffff88810620e180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.888812] ffff88810620e200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.889169] >ffff88810620e280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.889480] ^ [ 24.889687] ffff88810620e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.890220] ffff88810620e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.890519] ================================================================== [ 24.809285] ================================================================== [ 24.809804] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.810757] Read of size 1 at addr ffff8881059ac973 by task kunit_try_catch/269 [ 24.811252] [ 24.811564] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.811625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.811638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.811663] Call Trace: [ 24.811678] <TASK> [ 24.811700] dump_stack_lvl+0x73/0xb0 [ 24.811738] print_report+0xd1/0x610 [ 24.812061] ? __virt_addr_valid+0x1db/0x2d0 [ 24.812095] ? mempool_oob_right_helper+0x318/0x380 [ 24.812122] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.812152] ? mempool_oob_right_helper+0x318/0x380 [ 24.812177] kasan_report+0x141/0x180 [ 24.812201] ? mempool_oob_right_helper+0x318/0x380 [ 24.812231] __asan_report_load1_noabort+0x18/0x20 [ 24.812273] mempool_oob_right_helper+0x318/0x380 [ 24.812298] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.812324] ? __kasan_check_write+0x18/0x20 [ 24.812351] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.812375] ? finish_task_switch.isra.0+0x153/0x700 [ 24.812402] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.812427] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.812454] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.812483] ? __pfx_mempool_kfree+0x10/0x10 [ 24.812511] ? __pfx_read_tsc+0x10/0x10 [ 24.812536] ? ktime_get_ts64+0x86/0x230 [ 24.812564] kunit_try_run_case+0x1a5/0x480 [ 24.812589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.812610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.812633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.812663] ? __kthread_parkme+0x82/0x180 [ 24.812684] ? preempt_count_sub+0x50/0x80 [ 24.812707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.812730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.813021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.813056] kthread+0x337/0x6f0 [ 24.813079] ? trace_preempt_on+0x20/0xc0 [ 24.813107] ? __pfx_kthread+0x10/0x10 [ 24.813131] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.813159] ? calculate_sigpending+0x7b/0xa0 [ 24.813187] ? __pfx_kthread+0x10/0x10 [ 24.813218] ret_from_fork+0x116/0x1d0 [ 24.813253] ? __pfx_kthread+0x10/0x10 [ 24.813277] ret_from_fork_asm+0x1a/0x30 [ 24.813312] </TASK> [ 24.813325] [ 24.824781] Allocated by task 269: [ 24.825190] kasan_save_stack+0x45/0x70 [ 24.825480] kasan_save_track+0x18/0x40 [ 24.825641] kasan_save_alloc_info+0x3b/0x50 [ 24.825864] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.826175] remove_element+0x11e/0x190 [ 24.826335] mempool_alloc_preallocated+0x4d/0x90 [ 24.826495] mempool_oob_right_helper+0x8a/0x380 [ 24.826702] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.826982] kunit_try_run_case+0x1a5/0x480 [ 24.827192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.827460] kthread+0x337/0x6f0 [ 24.827697] ret_from_fork+0x116/0x1d0 [ 24.828012] ret_from_fork_asm+0x1a/0x30 [ 24.828187] [ 24.828287] The buggy address belongs to the object at ffff8881059ac900 [ 24.828287] which belongs to the cache kmalloc-128 of size 128 [ 24.828710] The buggy address is located 0 bytes to the right of [ 24.828710] allocated 115-byte region [ffff8881059ac900, ffff8881059ac973) [ 24.829680] [ 24.829865] The buggy address belongs to the physical page: [ 24.830137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac [ 24.830679] flags: 0x200000000000000(node=0|zone=2) [ 24.830972] page_type: f5(slab) [ 24.831137] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.831474] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.831925] page dumped because: kasan: bad access detected [ 24.832170] [ 24.832267] Memory state around the buggy address: [ 24.832533] ffff8881059ac800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.832785] ffff8881059ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833444] >ffff8881059ac900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.833878] ^ [ 24.834157] ffff8881059ac980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.834443] ffff8881059aca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.834764] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 24.226996] ================================================================== [ 24.227491] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 24.228068] Read of size 1 at addr ffff888101d3ac80 by task kunit_try_catch/263 [ 24.228403] [ 24.228747] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.228823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.228836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.228861] Call Trace: [ 24.228877] <TASK> [ 24.229138] dump_stack_lvl+0x73/0xb0 [ 24.229189] print_report+0xd1/0x610 [ 24.229225] ? __virt_addr_valid+0x1db/0x2d0 [ 24.229270] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.229298] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.229327] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.229354] kasan_report+0x141/0x180 [ 24.229406] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.229435] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.229462] __kasan_check_byte+0x3d/0x50 [ 24.229485] kmem_cache_destroy+0x25/0x1d0 [ 24.229517] kmem_cache_double_destroy+0x1bf/0x380 [ 24.229544] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 24.229570] ? finish_task_switch.isra.0+0x153/0x700 [ 24.229594] ? __switch_to+0x47/0xf50 [ 24.229627] ? __pfx_read_tsc+0x10/0x10 [ 24.229654] ? ktime_get_ts64+0x86/0x230 [ 24.229682] kunit_try_run_case+0x1a5/0x480 [ 24.229709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.229730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.229785] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.229817] ? __kthread_parkme+0x82/0x180 [ 24.229840] ? preempt_count_sub+0x50/0x80 [ 24.229864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.229887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.229924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.229952] kthread+0x337/0x6f0 [ 24.229973] ? trace_preempt_on+0x20/0xc0 [ 24.230000] ? __pfx_kthread+0x10/0x10 [ 24.230022] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.230050] ? calculate_sigpending+0x7b/0xa0 [ 24.230079] ? __pfx_kthread+0x10/0x10 [ 24.230102] ret_from_fork+0x116/0x1d0 [ 24.230122] ? __pfx_kthread+0x10/0x10 [ 24.230146] ret_from_fork_asm+0x1a/0x30 [ 24.230181] </TASK> [ 24.230194] [ 24.241406] Allocated by task 263: [ 24.241599] kasan_save_stack+0x45/0x70 [ 24.241819] kasan_save_track+0x18/0x40 [ 24.242125] kasan_save_alloc_info+0x3b/0x50 [ 24.242361] __kasan_slab_alloc+0x91/0xa0 [ 24.242544] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.242751] __kmem_cache_create_args+0x169/0x240 [ 24.243104] kmem_cache_double_destroy+0xd5/0x380 [ 24.243340] kunit_try_run_case+0x1a5/0x480 [ 24.243524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.243695] kthread+0x337/0x6f0 [ 24.243870] ret_from_fork+0x116/0x1d0 [ 24.244148] ret_from_fork_asm+0x1a/0x30 [ 24.244349] [ 24.244431] Freed by task 263: [ 24.244571] kasan_save_stack+0x45/0x70 [ 24.244738] kasan_save_track+0x18/0x40 [ 24.245458] kasan_save_free_info+0x3f/0x60 [ 24.245713] __kasan_slab_free+0x56/0x70 [ 24.246231] kmem_cache_free+0x249/0x420 [ 24.246461] slab_kmem_cache_release+0x2e/0x40 [ 24.246665] kmem_cache_release+0x16/0x20 [ 24.247250] kobject_put+0x181/0x450 [ 24.247465] sysfs_slab_release+0x16/0x20 [ 24.247645] kmem_cache_destroy+0xf0/0x1d0 [ 24.248231] kmem_cache_double_destroy+0x14e/0x380 [ 24.248462] kunit_try_run_case+0x1a5/0x480 [ 24.248650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.249131] kthread+0x337/0x6f0 [ 24.249313] ret_from_fork+0x116/0x1d0 [ 24.249482] ret_from_fork_asm+0x1a/0x30 [ 24.249655] [ 24.249739] The buggy address belongs to the object at ffff888101d3ac80 [ 24.249739] which belongs to the cache kmem_cache of size 208 [ 24.251138] The buggy address is located 0 bytes inside of [ 24.251138] freed 208-byte region [ffff888101d3ac80, ffff888101d3ad50) [ 24.252095] [ 24.252203] The buggy address belongs to the physical page: [ 24.252447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d3a [ 24.253100] flags: 0x200000000000000(node=0|zone=2) [ 24.253556] page_type: f5(slab) [ 24.253912] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 24.254258] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 24.254561] page dumped because: kasan: bad access detected [ 24.255183] [ 24.255291] Memory state around the buggy address: [ 24.255706] ffff888101d3ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.256215] ffff888101d3ac00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.256527] >ffff888101d3ac80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.256811] ^ [ 24.257362] ffff888101d3ad00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 24.257935] ffff888101d3ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.258463] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 24.163157] ================================================================== [ 24.163622] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.164291] Read of size 1 at addr ffff8881059c5000 by task kunit_try_catch/261 [ 24.165049] [ 24.165367] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.165459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.165472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.165498] Call Trace: [ 24.165521] <TASK> [ 24.165543] dump_stack_lvl+0x73/0xb0 [ 24.165581] print_report+0xd1/0x610 [ 24.165606] ? __virt_addr_valid+0x1db/0x2d0 [ 24.165634] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.165660] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.165689] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.165715] kasan_report+0x141/0x180 [ 24.165737] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.165965] __asan_report_load1_noabort+0x18/0x20 [ 24.165997] kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.166024] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 24.166049] ? finish_task_switch.isra.0+0x153/0x700 [ 24.166074] ? __switch_to+0x47/0xf50 [ 24.166108] ? __pfx_read_tsc+0x10/0x10 [ 24.166134] ? ktime_get_ts64+0x86/0x230 [ 24.166163] kunit_try_run_case+0x1a5/0x480 [ 24.166189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.166210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.166234] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.166278] ? __kthread_parkme+0x82/0x180 [ 24.166300] ? preempt_count_sub+0x50/0x80 [ 24.166324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.166346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.166374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.166400] kthread+0x337/0x6f0 [ 24.166422] ? trace_preempt_on+0x20/0xc0 [ 24.166448] ? __pfx_kthread+0x10/0x10 [ 24.166471] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.166498] ? calculate_sigpending+0x7b/0xa0 [ 24.166526] ? __pfx_kthread+0x10/0x10 [ 24.166550] ret_from_fork+0x116/0x1d0 [ 24.166569] ? __pfx_kthread+0x10/0x10 [ 24.166591] ret_from_fork_asm+0x1a/0x30 [ 24.166627] </TASK> [ 24.166640] [ 24.176540] Allocated by task 261: [ 24.176744] kasan_save_stack+0x45/0x70 [ 24.177315] kasan_save_track+0x18/0x40 [ 24.177495] kasan_save_alloc_info+0x3b/0x50 [ 24.177654] __kasan_slab_alloc+0x91/0xa0 [ 24.178389] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.178594] kmem_cache_rcu_uaf+0x155/0x510 [ 24.178945] kunit_try_run_case+0x1a5/0x480 [ 24.179349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.179560] kthread+0x337/0x6f0 [ 24.179964] ret_from_fork+0x116/0x1d0 [ 24.180284] ret_from_fork_asm+0x1a/0x30 [ 24.180627] [ 24.180727] Freed by task 0: [ 24.180918] kasan_save_stack+0x45/0x70 [ 24.181395] kasan_save_track+0x18/0x40 [ 24.181588] kasan_save_free_info+0x3f/0x60 [ 24.181953] __kasan_slab_free+0x56/0x70 [ 24.182231] slab_free_after_rcu_debug+0xe4/0x310 [ 24.182469] rcu_core+0x66f/0x1c40 [ 24.182634] rcu_core_si+0x12/0x20 [ 24.183043] handle_softirqs+0x209/0x730 [ 24.183234] __irq_exit_rcu+0xc9/0x110 [ 24.183392] irq_exit_rcu+0x12/0x20 [ 24.183567] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.183731] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.184047] [ 24.184149] Last potentially related work creation: [ 24.184356] kasan_save_stack+0x45/0x70 [ 24.184542] kasan_record_aux_stack+0xb2/0xc0 [ 24.184743] kmem_cache_free+0x131/0x420 [ 24.184981] kmem_cache_rcu_uaf+0x194/0x510 [ 24.185121] kunit_try_run_case+0x1a5/0x480 [ 24.185288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.185568] kthread+0x337/0x6f0 [ 24.185732] ret_from_fork+0x116/0x1d0 [ 24.185944] ret_from_fork_asm+0x1a/0x30 [ 24.186226] [ 24.186324] The buggy address belongs to the object at ffff8881059c5000 [ 24.186324] which belongs to the cache test_cache of size 200 [ 24.186805] The buggy address is located 0 bytes inside of [ 24.186805] freed 200-byte region [ffff8881059c5000, ffff8881059c50c8) [ 24.187535] [ 24.187690] The buggy address belongs to the physical page: [ 24.188205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c5 [ 24.188626] flags: 0x200000000000000(node=0|zone=2) [ 24.188790] page_type: f5(slab) [ 24.188908] raw: 0200000000000000 ffff888101ea6280 dead000000000122 0000000000000000 [ 24.189356] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.189701] page dumped because: kasan: bad access detected [ 24.189996] [ 24.190097] Memory state around the buggy address: [ 24.190349] ffff8881059c4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.190558] ffff8881059c4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.191105] >ffff8881059c5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.191437] ^ [ 24.191573] ffff8881059c5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.192192] ffff8881059c5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.192529] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 24.090497] ================================================================== [ 24.090992] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 24.091401] Free of addr ffff8881062bd001 by task kunit_try_catch/259 [ 24.091713] [ 24.091844] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.091902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.091915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.091939] Call Trace: [ 24.091955] <TASK> [ 24.091978] dump_stack_lvl+0x73/0xb0 [ 24.092014] print_report+0xd1/0x610 [ 24.092038] ? __virt_addr_valid+0x1db/0x2d0 [ 24.092089] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.092118] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.092146] kasan_report_invalid_free+0x10a/0x130 [ 24.092170] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.092222] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.092260] check_slab_allocation+0x11f/0x130 [ 24.092282] __kasan_slab_pre_free+0x28/0x40 [ 24.092303] kmem_cache_free+0xed/0x420 [ 24.092332] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.092377] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.092407] kmem_cache_invalid_free+0x1d8/0x460 [ 24.092433] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 24.092461] ? finish_task_switch.isra.0+0x153/0x700 [ 24.092485] ? __switch_to+0x47/0xf50 [ 24.092519] ? __pfx_read_tsc+0x10/0x10 [ 24.092545] ? ktime_get_ts64+0x86/0x230 [ 24.092574] kunit_try_run_case+0x1a5/0x480 [ 24.092600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.092621] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.092644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.092674] ? __kthread_parkme+0x82/0x180 [ 24.092697] ? preempt_count_sub+0x50/0x80 [ 24.092720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.092742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.092770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.092797] kthread+0x337/0x6f0 [ 24.092819] ? trace_preempt_on+0x20/0xc0 [ 24.092865] ? __pfx_kthread+0x10/0x10 [ 24.092888] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.092915] ? calculate_sigpending+0x7b/0xa0 [ 24.092943] ? __pfx_kthread+0x10/0x10 [ 24.092967] ret_from_fork+0x116/0x1d0 [ 24.092987] ? __pfx_kthread+0x10/0x10 [ 24.093009] ret_from_fork_asm+0x1a/0x30 [ 24.093045] </TASK> [ 24.093057] [ 24.103479] Allocated by task 259: [ 24.103667] kasan_save_stack+0x45/0x70 [ 24.104141] kasan_save_track+0x18/0x40 [ 24.104388] kasan_save_alloc_info+0x3b/0x50 [ 24.104680] __kasan_slab_alloc+0x91/0xa0 [ 24.105024] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.105253] kmem_cache_invalid_free+0x157/0x460 [ 24.105453] kunit_try_run_case+0x1a5/0x480 [ 24.105635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.106101] kthread+0x337/0x6f0 [ 24.106385] ret_from_fork+0x116/0x1d0 [ 24.106677] ret_from_fork_asm+0x1a/0x30 [ 24.107077] [ 24.107176] The buggy address belongs to the object at ffff8881062bd000 [ 24.107176] which belongs to the cache test_cache of size 200 [ 24.108013] The buggy address is located 1 bytes inside of [ 24.108013] 200-byte region [ffff8881062bd000, ffff8881062bd0c8) [ 24.108484] [ 24.108574] The buggy address belongs to the physical page: [ 24.108803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bd [ 24.109598] flags: 0x200000000000000(node=0|zone=2) [ 24.110032] page_type: f5(slab) [ 24.110340] raw: 0200000000000000 ffff888101d3ab40 dead000000000122 0000000000000000 [ 24.110778] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.111215] page dumped because: kasan: bad access detected [ 24.111459] [ 24.111540] Memory state around the buggy address: [ 24.111745] ffff8881062bcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.112382] ffff8881062bcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.112984] >ffff8881062bd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.113482] ^ [ 24.113770] ffff8881062bd080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.114292] ffff8881062bd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.114589] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 24.045498] ================================================================== [ 24.046187] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.046558] Free of addr ffff8881062bb000 by task kunit_try_catch/257 [ 24.046974] [ 24.047404] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.047486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.047499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.047524] Call Trace: [ 24.047539] <TASK> [ 24.047561] dump_stack_lvl+0x73/0xb0 [ 24.047599] print_report+0xd1/0x610 [ 24.047624] ? __virt_addr_valid+0x1db/0x2d0 [ 24.047653] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.047681] ? kmem_cache_double_free+0x1e5/0x480 [ 24.047709] kasan_report_invalid_free+0x10a/0x130 [ 24.047734] ? kmem_cache_double_free+0x1e5/0x480 [ 24.048160] ? kmem_cache_double_free+0x1e5/0x480 [ 24.048193] check_slab_allocation+0x101/0x130 [ 24.048216] __kasan_slab_pre_free+0x28/0x40 [ 24.048253] kmem_cache_free+0xed/0x420 [ 24.048283] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.048310] ? kmem_cache_double_free+0x1e5/0x480 [ 24.048339] kmem_cache_double_free+0x1e5/0x480 [ 24.048366] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.048392] ? finish_task_switch.isra.0+0x153/0x700 [ 24.048416] ? __switch_to+0x47/0xf50 [ 24.048449] ? __pfx_read_tsc+0x10/0x10 [ 24.048475] ? ktime_get_ts64+0x86/0x230 [ 24.048504] kunit_try_run_case+0x1a5/0x480 [ 24.048529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.048550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.048574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.048603] ? __kthread_parkme+0x82/0x180 [ 24.048624] ? preempt_count_sub+0x50/0x80 [ 24.048648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.048670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.048697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.048723] kthread+0x337/0x6f0 [ 24.048939] ? trace_preempt_on+0x20/0xc0 [ 24.048979] ? __pfx_kthread+0x10/0x10 [ 24.049003] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.049031] ? calculate_sigpending+0x7b/0xa0 [ 24.049060] ? __pfx_kthread+0x10/0x10 [ 24.049084] ret_from_fork+0x116/0x1d0 [ 24.049104] ? __pfx_kthread+0x10/0x10 [ 24.049127] ret_from_fork_asm+0x1a/0x30 [ 24.049163] </TASK> [ 24.049175] [ 24.060719] Allocated by task 257: [ 24.061208] kasan_save_stack+0x45/0x70 [ 24.061461] kasan_save_track+0x18/0x40 [ 24.061757] kasan_save_alloc_info+0x3b/0x50 [ 24.062112] __kasan_slab_alloc+0x91/0xa0 [ 24.062298] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.062546] kmem_cache_double_free+0x14f/0x480 [ 24.062714] kunit_try_run_case+0x1a5/0x480 [ 24.063120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.063525] kthread+0x337/0x6f0 [ 24.063693] ret_from_fork+0x116/0x1d0 [ 24.063868] ret_from_fork_asm+0x1a/0x30 [ 24.064377] [ 24.064481] Freed by task 257: [ 24.064649] kasan_save_stack+0x45/0x70 [ 24.065053] kasan_save_track+0x18/0x40 [ 24.065262] kasan_save_free_info+0x3f/0x60 [ 24.065473] __kasan_slab_free+0x56/0x70 [ 24.065655] kmem_cache_free+0x249/0x420 [ 24.066091] kmem_cache_double_free+0x16a/0x480 [ 24.066550] kunit_try_run_case+0x1a5/0x480 [ 24.066701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.067272] kthread+0x337/0x6f0 [ 24.067587] ret_from_fork+0x116/0x1d0 [ 24.067785] ret_from_fork_asm+0x1a/0x30 [ 24.068146] [ 24.068353] The buggy address belongs to the object at ffff8881062bb000 [ 24.068353] which belongs to the cache test_cache of size 200 [ 24.069279] The buggy address is located 0 bytes inside of [ 24.069279] 200-byte region [ffff8881062bb000, ffff8881062bb0c8) [ 24.069713] [ 24.069917] The buggy address belongs to the physical page: [ 24.070612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bb [ 24.071449] flags: 0x200000000000000(node=0|zone=2) [ 24.071863] page_type: f5(slab) [ 24.072135] raw: 0200000000000000 ffff888101d3aa00 dead000000000122 0000000000000000 [ 24.072655] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.073287] page dumped because: kasan: bad access detected [ 24.073712] [ 24.073902] Memory state around the buggy address: [ 24.074461] ffff8881062baf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.074694] ffff8881062baf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.075543] >ffff8881062bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.076046] ^ [ 24.076165] ffff8881062bb080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.076390] ffff8881062bb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.076597] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 24.000934] ================================================================== [ 24.002982] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 24.004091] Read of size 1 at addr ffff8881059c30c8 by task kunit_try_catch/255 [ 24.004434] [ 24.004533] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 24.004589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.004601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.004625] Call Trace: [ 24.004640] <TASK> [ 24.004662] dump_stack_lvl+0x73/0xb0 [ 24.004698] print_report+0xd1/0x610 [ 24.004722] ? __virt_addr_valid+0x1db/0x2d0 [ 24.004749] ? kmem_cache_oob+0x402/0x530 [ 24.004827] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.004857] ? kmem_cache_oob+0x402/0x530 [ 24.004882] kasan_report+0x141/0x180 [ 24.004906] ? kmem_cache_oob+0x402/0x530 [ 24.004935] __asan_report_load1_noabort+0x18/0x20 [ 24.004962] kmem_cache_oob+0x402/0x530 [ 24.004985] ? trace_hardirqs_on+0x37/0xe0 [ 24.005012] ? __pfx_kmem_cache_oob+0x10/0x10 [ 24.005046] ? finish_task_switch.isra.0+0x153/0x700 [ 24.005071] ? __switch_to+0x47/0xf50 [ 24.005104] ? __pfx_read_tsc+0x10/0x10 [ 24.005130] ? ktime_get_ts64+0x86/0x230 [ 24.005158] kunit_try_run_case+0x1a5/0x480 [ 24.005183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.005210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.005233] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.005273] ? __kthread_parkme+0x82/0x180 [ 24.005295] ? preempt_count_sub+0x50/0x80 [ 24.005318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.005340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.005367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.005394] kthread+0x337/0x6f0 [ 24.005415] ? trace_preempt_on+0x20/0xc0 [ 24.005439] ? __pfx_kthread+0x10/0x10 [ 24.005461] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.005488] ? calculate_sigpending+0x7b/0xa0 [ 24.005516] ? __pfx_kthread+0x10/0x10 [ 24.005540] ret_from_fork+0x116/0x1d0 [ 24.005559] ? __pfx_kthread+0x10/0x10 [ 24.005582] ret_from_fork_asm+0x1a/0x30 [ 24.005617] </TASK> [ 24.005629] [ 24.015744] Allocated by task 255: [ 24.016404] kasan_save_stack+0x45/0x70 [ 24.016672] kasan_save_track+0x18/0x40 [ 24.016919] kasan_save_alloc_info+0x3b/0x50 [ 24.017114] __kasan_slab_alloc+0x91/0xa0 [ 24.017303] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.017508] kmem_cache_oob+0x157/0x530 [ 24.017679] kunit_try_run_case+0x1a5/0x480 [ 24.018038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.018288] kthread+0x337/0x6f0 [ 24.018444] ret_from_fork+0x116/0x1d0 [ 24.018612] ret_from_fork_asm+0x1a/0x30 [ 24.019316] [ 24.019397] The buggy address belongs to the object at ffff8881059c3000 [ 24.019397] which belongs to the cache test_cache of size 200 [ 24.019827] The buggy address is located 0 bytes to the right of [ 24.019827] allocated 200-byte region [ffff8881059c3000, ffff8881059c30c8) [ 24.021292] [ 24.021406] The buggy address belongs to the physical page: [ 24.021667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c3 [ 24.022148] flags: 0x200000000000000(node=0|zone=2) [ 24.022610] page_type: f5(slab) [ 24.022826] raw: 0200000000000000 ffff888101ea6140 dead000000000122 0000000000000000 [ 24.023153] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.023479] page dumped because: kasan: bad access detected [ 24.023705] [ 24.024092] Memory state around the buggy address: [ 24.024328] ffff8881059c2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.024615] ffff8881059c3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.025120] >ffff8881059c3080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.025428] ^ [ 24.025664] ffff8881059c3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.026188] ffff8881059c3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.026482] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 23.969157] ================================================================== [ 23.969602] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 23.969982] Read of size 8 at addr ffff8881059baf00 by task kunit_try_catch/248 [ 23.970680] [ 23.970785] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.970856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.970869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.970892] Call Trace: [ 23.970907] <TASK> [ 23.970929] dump_stack_lvl+0x73/0xb0 [ 23.970961] print_report+0xd1/0x610 [ 23.970985] ? __virt_addr_valid+0x1db/0x2d0 [ 23.971012] ? workqueue_uaf+0x4d6/0x560 [ 23.971034] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.971062] ? workqueue_uaf+0x4d6/0x560 [ 23.971085] kasan_report+0x141/0x180 [ 23.971107] ? workqueue_uaf+0x4d6/0x560 [ 23.971135] __asan_report_load8_noabort+0x18/0x20 [ 23.971161] workqueue_uaf+0x4d6/0x560 [ 23.971184] ? __pfx_workqueue_uaf+0x10/0x10 [ 23.971208] ? __schedule+0x10cc/0x2b60 [ 23.971252] ? __pfx_read_tsc+0x10/0x10 [ 23.971278] ? ktime_get_ts64+0x86/0x230 [ 23.971306] kunit_try_run_case+0x1a5/0x480 [ 23.971330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.971351] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.971372] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.971401] ? __kthread_parkme+0x82/0x180 [ 23.971423] ? preempt_count_sub+0x50/0x80 [ 23.971448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.971470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.971497] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.971524] kthread+0x337/0x6f0 [ 23.971546] ? trace_preempt_on+0x20/0xc0 [ 23.971572] ? __pfx_kthread+0x10/0x10 [ 23.971595] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.971621] ? calculate_sigpending+0x7b/0xa0 [ 23.971649] ? __pfx_kthread+0x10/0x10 [ 23.971673] ret_from_fork+0x116/0x1d0 [ 23.971692] ? __pfx_kthread+0x10/0x10 [ 23.971715] ret_from_fork_asm+0x1a/0x30 [ 23.971750] </TASK> [ 23.971762] [ 23.979081] Allocated by task 248: [ 23.979257] kasan_save_stack+0x45/0x70 [ 23.979458] kasan_save_track+0x18/0x40 [ 23.979649] kasan_save_alloc_info+0x3b/0x50 [ 23.980050] __kasan_kmalloc+0xb7/0xc0 [ 23.980206] __kmalloc_cache_noprof+0x189/0x420 [ 23.980397] workqueue_uaf+0x152/0x560 [ 23.980525] kunit_try_run_case+0x1a5/0x480 [ 23.980663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.981040] kthread+0x337/0x6f0 [ 23.981216] ret_from_fork+0x116/0x1d0 [ 23.981411] ret_from_fork_asm+0x1a/0x30 [ 23.981602] [ 23.981690] Freed by task 9: [ 23.981811] kasan_save_stack+0x45/0x70 [ 23.982040] kasan_save_track+0x18/0x40 [ 23.982230] kasan_save_free_info+0x3f/0x60 [ 23.982407] __kasan_slab_free+0x56/0x70 [ 23.982581] kfree+0x222/0x3f0 [ 23.982706] workqueue_uaf_work+0x12/0x20 [ 23.983113] process_one_work+0x5ee/0xf60 [ 23.983311] worker_thread+0x758/0x1220 [ 23.983457] kthread+0x337/0x6f0 [ 23.983573] ret_from_fork+0x116/0x1d0 [ 23.983699] ret_from_fork_asm+0x1a/0x30 [ 23.983882] [ 23.983970] Last potentially related work creation: [ 23.984183] kasan_save_stack+0x45/0x70 [ 23.984360] kasan_record_aux_stack+0xb2/0xc0 [ 23.984510] __queue_work+0x61a/0xe70 [ 23.984641] queue_work_on+0xb6/0xc0 [ 23.984974] workqueue_uaf+0x26d/0x560 [ 23.985169] kunit_try_run_case+0x1a5/0x480 [ 23.985386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.985643] kthread+0x337/0x6f0 [ 23.985864] ret_from_fork+0x116/0x1d0 [ 23.986032] ret_from_fork_asm+0x1a/0x30 [ 23.986203] [ 23.986304] The buggy address belongs to the object at ffff8881059baf00 [ 23.986304] which belongs to the cache kmalloc-32 of size 32 [ 23.986767] The buggy address is located 0 bytes inside of [ 23.986767] freed 32-byte region [ffff8881059baf00, ffff8881059baf20) [ 23.987369] [ 23.987448] The buggy address belongs to the physical page: [ 23.987616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ba [ 23.987913] flags: 0x200000000000000(node=0|zone=2) [ 23.988143] page_type: f5(slab) [ 23.988551] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.988948] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.989286] page dumped because: kasan: bad access detected [ 23.989451] [ 23.989513] Memory state around the buggy address: [ 23.989662] ffff8881059bae00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.989927] ffff8881059bae80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.990248] >ffff8881059baf00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 23.990563] ^ [ 23.990732] ffff8881059baf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.991123] ffff8881059bb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.991473] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 23.915908] ================================================================== [ 23.916375] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 23.916613] Read of size 4 at addr ffff8881059bae40 by task swapper/0/0 [ 23.917482] [ 23.918030] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.918201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.918219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.918256] Call Trace: [ 23.918291] <IRQ> [ 23.918315] dump_stack_lvl+0x73/0xb0 [ 23.918354] print_report+0xd1/0x610 [ 23.918379] ? __virt_addr_valid+0x1db/0x2d0 [ 23.918406] ? rcu_uaf_reclaim+0x50/0x60 [ 23.918426] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.918455] ? rcu_uaf_reclaim+0x50/0x60 [ 23.918475] kasan_report+0x141/0x180 [ 23.918498] ? rcu_uaf_reclaim+0x50/0x60 [ 23.918523] __asan_report_load4_noabort+0x18/0x20 [ 23.918549] rcu_uaf_reclaim+0x50/0x60 [ 23.918570] rcu_core+0x66f/0x1c40 [ 23.918602] ? __pfx_rcu_core+0x10/0x10 [ 23.918626] ? ktime_get+0x6b/0x150 [ 23.918651] ? handle_softirqs+0x18e/0x730 [ 23.918679] rcu_core_si+0x12/0x20 [ 23.918702] handle_softirqs+0x209/0x730 [ 23.918724] ? hrtimer_interrupt+0x2fe/0x780 [ 23.918747] ? __pfx_handle_softirqs+0x10/0x10 [ 23.918799] __irq_exit_rcu+0xc9/0x110 [ 23.918837] irq_exit_rcu+0x12/0x20 [ 23.918859] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.918884] </IRQ> [ 23.918914] <TASK> [ 23.918926] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.919020] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 23.919249] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d c3 e7 18 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 23.919337] RSP: 0000:ffffffffa0207dd8 EFLAGS: 00010202 [ 23.919428] RAX: ffff8881b3222000 RBX: ffffffffa021cac0 RCX: ffffffff9f0fca05 [ 23.919473] RDX: ffffed102a906193 RSI: 0000000000000004 RDI: 00000000000f08e4 [ 23.919521] RBP: ffffffffa0207de0 R08: 0000000000000001 R09: ffffed102a906192 [ 23.919563] R10: ffff888154830c93 R11: 00000000000b7000 R12: 0000000000000000 [ 23.919607] R13: fffffbfff4043958 R14: ffffffffa0df07d0 R15: 0000000000000000 [ 23.919667] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 23.919721] ? default_idle+0xd/0x20 [ 23.919772] arch_cpu_idle+0xd/0x20 [ 23.919798] default_idle_call+0x48/0x80 [ 23.919836] do_idle+0x379/0x4f0 [ 23.919867] ? __pfx_do_idle+0x10/0x10 [ 23.919898] cpu_startup_entry+0x5c/0x70 [ 23.919926] rest_init+0x11a/0x140 [ 23.919949] ? acpi_subsystem_init+0x5d/0x150 [ 23.919980] start_kernel+0x352/0x400 [ 23.920006] x86_64_start_reservations+0x1c/0x30 [ 23.920031] x86_64_start_kernel+0x10d/0x120 [ 23.920056] common_startup_64+0x13e/0x148 [ 23.920092] </TASK> [ 23.920104] [ 23.938417] Allocated by task 246: [ 23.938780] kasan_save_stack+0x45/0x70 [ 23.939278] kasan_save_track+0x18/0x40 [ 23.939596] kasan_save_alloc_info+0x3b/0x50 [ 23.939889] __kasan_kmalloc+0xb7/0xc0 [ 23.940295] __kmalloc_cache_noprof+0x189/0x420 [ 23.940730] rcu_uaf+0xb0/0x330 [ 23.941079] kunit_try_run_case+0x1a5/0x480 [ 23.941235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.941420] kthread+0x337/0x6f0 [ 23.941538] ret_from_fork+0x116/0x1d0 [ 23.941667] ret_from_fork_asm+0x1a/0x30 [ 23.942120] [ 23.942295] Freed by task 0: [ 23.942588] kasan_save_stack+0x45/0x70 [ 23.943076] kasan_save_track+0x18/0x40 [ 23.943461] kasan_save_free_info+0x3f/0x60 [ 23.943972] __kasan_slab_free+0x56/0x70 [ 23.944358] kfree+0x222/0x3f0 [ 23.944680] rcu_uaf_reclaim+0x1f/0x60 [ 23.945085] rcu_core+0x66f/0x1c40 [ 23.945542] rcu_core_si+0x12/0x20 [ 23.945976] handle_softirqs+0x209/0x730 [ 23.946281] __irq_exit_rcu+0xc9/0x110 [ 23.946409] irq_exit_rcu+0x12/0x20 [ 23.946528] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.946677] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.947327] [ 23.947562] Last potentially related work creation: [ 23.948290] kasan_save_stack+0x45/0x70 [ 23.948784] kasan_record_aux_stack+0xb2/0xc0 [ 23.949291] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 23.949778] call_rcu+0x12/0x20 [ 23.950128] rcu_uaf+0x168/0x330 [ 23.950525] kunit_try_run_case+0x1a5/0x480 [ 23.950922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.951571] kthread+0x337/0x6f0 [ 23.952140] ret_from_fork+0x116/0x1d0 [ 23.952523] ret_from_fork_asm+0x1a/0x30 [ 23.952915] [ 23.953025] The buggy address belongs to the object at ffff8881059bae40 [ 23.953025] which belongs to the cache kmalloc-32 of size 32 [ 23.954035] The buggy address is located 0 bytes inside of [ 23.954035] freed 32-byte region [ffff8881059bae40, ffff8881059bae60) [ 23.955114] [ 23.955322] The buggy address belongs to the physical page: [ 23.955549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ba [ 23.956327] flags: 0x200000000000000(node=0|zone=2) [ 23.956998] page_type: f5(slab) [ 23.957132] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.957381] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.957603] page dumped because: kasan: bad access detected [ 23.957857] [ 23.958009] Memory state around the buggy address: [ 23.958541] ffff8881059bad00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.959331] ffff8881059bad80: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 23.960174] >ffff8881059bae00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 23.960845] ^ [ 23.961394] ffff8881059bae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.962091] ffff8881059baf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.962411] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 23.873988] ================================================================== [ 23.874390] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 23.874667] Read of size 1 at addr ffff8881062af178 by task kunit_try_catch/244 [ 23.874928] [ 23.875380] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.875435] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.875511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.875533] Call Trace: [ 23.875553] <TASK> [ 23.875572] dump_stack_lvl+0x73/0xb0 [ 23.875605] print_report+0xd1/0x610 [ 23.875627] ? __virt_addr_valid+0x1db/0x2d0 [ 23.875652] ? ksize_uaf+0x5e4/0x6c0 [ 23.875673] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.875701] ? ksize_uaf+0x5e4/0x6c0 [ 23.875725] kasan_report+0x141/0x180 [ 23.875747] ? ksize_uaf+0x5e4/0x6c0 [ 23.875788] __asan_report_load1_noabort+0x18/0x20 [ 23.875815] ksize_uaf+0x5e4/0x6c0 [ 23.875919] ? __pfx_ksize_uaf+0x10/0x10 [ 23.875942] ? __schedule+0x10cc/0x2b60 [ 23.875971] ? __pfx_read_tsc+0x10/0x10 [ 23.875996] ? ktime_get_ts64+0x86/0x230 [ 23.876022] kunit_try_run_case+0x1a5/0x480 [ 23.876045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.876065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.876086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.876115] ? __kthread_parkme+0x82/0x180 [ 23.876137] ? preempt_count_sub+0x50/0x80 [ 23.876161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.876182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.876209] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.876236] kthread+0x337/0x6f0 [ 23.876270] ? trace_preempt_on+0x20/0xc0 [ 23.876295] ? __pfx_kthread+0x10/0x10 [ 23.876317] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.876345] ? calculate_sigpending+0x7b/0xa0 [ 23.876372] ? __pfx_kthread+0x10/0x10 [ 23.876395] ret_from_fork+0x116/0x1d0 [ 23.876414] ? __pfx_kthread+0x10/0x10 [ 23.876437] ret_from_fork_asm+0x1a/0x30 [ 23.876471] </TASK> [ 23.876482] [ 23.885338] Allocated by task 244: [ 23.885716] kasan_save_stack+0x45/0x70 [ 23.886224] kasan_save_track+0x18/0x40 [ 23.886584] kasan_save_alloc_info+0x3b/0x50 [ 23.886966] __kasan_kmalloc+0xb7/0xc0 [ 23.887418] __kmalloc_cache_noprof+0x189/0x420 [ 23.887652] ksize_uaf+0xaa/0x6c0 [ 23.887813] kunit_try_run_case+0x1a5/0x480 [ 23.888229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.888658] kthread+0x337/0x6f0 [ 23.888988] ret_from_fork+0x116/0x1d0 [ 23.889178] ret_from_fork_asm+0x1a/0x30 [ 23.889372] [ 23.889459] Freed by task 244: [ 23.889601] kasan_save_stack+0x45/0x70 [ 23.890094] kasan_save_track+0x18/0x40 [ 23.890308] kasan_save_free_info+0x3f/0x60 [ 23.890721] __kasan_slab_free+0x56/0x70 [ 23.891208] kfree+0x222/0x3f0 [ 23.891518] ksize_uaf+0x12c/0x6c0 [ 23.891833] kunit_try_run_case+0x1a5/0x480 [ 23.892235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.892626] kthread+0x337/0x6f0 [ 23.892945] ret_from_fork+0x116/0x1d0 [ 23.893149] ret_from_fork_asm+0x1a/0x30 [ 23.893337] [ 23.893424] The buggy address belongs to the object at ffff8881062af100 [ 23.893424] which belongs to the cache kmalloc-128 of size 128 [ 23.894251] The buggy address is located 120 bytes inside of [ 23.894251] freed 128-byte region [ffff8881062af100, ffff8881062af180) [ 23.895304] [ 23.895425] The buggy address belongs to the physical page: [ 23.896034] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 23.896454] flags: 0x200000000000000(node=0|zone=2) [ 23.896667] page_type: f5(slab) [ 23.897108] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.897573] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.898085] page dumped because: kasan: bad access detected [ 23.898676] [ 23.898949] Memory state around the buggy address: [ 23.899183] ffff8881062af000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.899480] ffff8881062af080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.899979] >ffff8881062af100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.900424] ^ [ 23.901007] ffff8881062af180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.901696] ffff8881062af200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.902387] ================================================================== [ 23.820734] ================================================================== [ 23.821216] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 23.821580] Read of size 1 at addr ffff8881062af100 by task kunit_try_catch/244 [ 23.821881] [ 23.822110] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.822171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.822184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.822207] Call Trace: [ 23.822222] <TASK> [ 23.822255] dump_stack_lvl+0x73/0xb0 [ 23.822327] print_report+0xd1/0x610 [ 23.822352] ? __virt_addr_valid+0x1db/0x2d0 [ 23.822378] ? ksize_uaf+0x19d/0x6c0 [ 23.822399] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.822429] ? ksize_uaf+0x19d/0x6c0 [ 23.822472] kasan_report+0x141/0x180 [ 23.822495] ? ksize_uaf+0x19d/0x6c0 [ 23.822521] ? ksize_uaf+0x19d/0x6c0 [ 23.822543] __kasan_check_byte+0x3d/0x50 [ 23.822566] ksize+0x20/0x60 [ 23.822595] ksize_uaf+0x19d/0x6c0 [ 23.822617] ? __pfx_ksize_uaf+0x10/0x10 [ 23.822639] ? __schedule+0x10cc/0x2b60 [ 23.822669] ? __pfx_read_tsc+0x10/0x10 [ 23.822712] ? ktime_get_ts64+0x86/0x230 [ 23.822740] kunit_try_run_case+0x1a5/0x480 [ 23.822934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.822957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.822979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.823008] ? __kthread_parkme+0x82/0x180 [ 23.823031] ? preempt_count_sub+0x50/0x80 [ 23.823055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.823078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.823105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.823132] kthread+0x337/0x6f0 [ 23.823153] ? trace_preempt_on+0x20/0xc0 [ 23.823179] ? __pfx_kthread+0x10/0x10 [ 23.823202] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.823229] ? calculate_sigpending+0x7b/0xa0 [ 23.823270] ? __pfx_kthread+0x10/0x10 [ 23.823293] ret_from_fork+0x116/0x1d0 [ 23.823313] ? __pfx_kthread+0x10/0x10 [ 23.823335] ret_from_fork_asm+0x1a/0x30 [ 23.823371] </TASK> [ 23.823383] [ 23.831543] Allocated by task 244: [ 23.831743] kasan_save_stack+0x45/0x70 [ 23.832010] kasan_save_track+0x18/0x40 [ 23.832174] kasan_save_alloc_info+0x3b/0x50 [ 23.832414] __kasan_kmalloc+0xb7/0xc0 [ 23.832595] __kmalloc_cache_noprof+0x189/0x420 [ 23.832840] ksize_uaf+0xaa/0x6c0 [ 23.833085] kunit_try_run_case+0x1a5/0x480 [ 23.833417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.833660] kthread+0x337/0x6f0 [ 23.834067] ret_from_fork+0x116/0x1d0 [ 23.834197] ret_from_fork_asm+0x1a/0x30 [ 23.834341] [ 23.834426] Freed by task 244: [ 23.834616] kasan_save_stack+0x45/0x70 [ 23.835060] kasan_save_track+0x18/0x40 [ 23.835272] kasan_save_free_info+0x3f/0x60 [ 23.835478] __kasan_slab_free+0x56/0x70 [ 23.835633] kfree+0x222/0x3f0 [ 23.835742] ksize_uaf+0x12c/0x6c0 [ 23.836538] kunit_try_run_case+0x1a5/0x480 [ 23.837135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.837894] kthread+0x337/0x6f0 [ 23.838260] ret_from_fork+0x116/0x1d0 [ 23.838396] ret_from_fork_asm+0x1a/0x30 [ 23.838533] [ 23.838599] The buggy address belongs to the object at ffff8881062af100 [ 23.838599] which belongs to the cache kmalloc-128 of size 128 [ 23.839356] The buggy address is located 0 bytes inside of [ 23.839356] freed 128-byte region [ffff8881062af100, ffff8881062af180) [ 23.840434] [ 23.840528] The buggy address belongs to the physical page: [ 23.840712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 23.841253] flags: 0x200000000000000(node=0|zone=2) [ 23.841486] page_type: f5(slab) [ 23.841769] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.842198] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.842519] page dumped because: kasan: bad access detected [ 23.842742] [ 23.843131] Memory state around the buggy address: [ 23.843428] ffff8881062af000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.843673] ffff8881062af080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.844355] >ffff8881062af100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.844632] ^ [ 23.844775] ffff8881062af180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.845210] ffff8881062af200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.845505] ================================================================== [ 23.846054] ================================================================== [ 23.846806] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 23.847074] Read of size 1 at addr ffff8881062af100 by task kunit_try_catch/244 [ 23.847389] [ 23.847738] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.847821] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.847834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.847856] Call Trace: [ 23.847871] <TASK> [ 23.847889] dump_stack_lvl+0x73/0xb0 [ 23.847921] print_report+0xd1/0x610 [ 23.847945] ? __virt_addr_valid+0x1db/0x2d0 [ 23.847970] ? ksize_uaf+0x5fe/0x6c0 [ 23.847991] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.848020] ? ksize_uaf+0x5fe/0x6c0 [ 23.848042] kasan_report+0x141/0x180 [ 23.848229] ? ksize_uaf+0x5fe/0x6c0 [ 23.848269] __asan_report_load1_noabort+0x18/0x20 [ 23.848296] ksize_uaf+0x5fe/0x6c0 [ 23.848318] ? __pfx_ksize_uaf+0x10/0x10 [ 23.848340] ? __schedule+0x10cc/0x2b60 [ 23.848370] ? __pfx_read_tsc+0x10/0x10 [ 23.848396] ? ktime_get_ts64+0x86/0x230 [ 23.848422] kunit_try_run_case+0x1a5/0x480 [ 23.848445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.848465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.848487] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.848516] ? __kthread_parkme+0x82/0x180 [ 23.848537] ? preempt_count_sub+0x50/0x80 [ 23.848562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.848584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.848610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.848637] kthread+0x337/0x6f0 [ 23.848658] ? trace_preempt_on+0x20/0xc0 [ 23.848683] ? __pfx_kthread+0x10/0x10 [ 23.848705] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.848733] ? calculate_sigpending+0x7b/0xa0 [ 23.848839] ? __pfx_kthread+0x10/0x10 [ 23.848866] ret_from_fork+0x116/0x1d0 [ 23.848887] ? __pfx_kthread+0x10/0x10 [ 23.848909] ret_from_fork_asm+0x1a/0x30 [ 23.848943] </TASK> [ 23.848955] [ 23.858387] Allocated by task 244: [ 23.858590] kasan_save_stack+0x45/0x70 [ 23.858778] kasan_save_track+0x18/0x40 [ 23.858903] kasan_save_alloc_info+0x3b/0x50 [ 23.859277] __kasan_kmalloc+0xb7/0xc0 [ 23.859488] __kmalloc_cache_noprof+0x189/0x420 [ 23.859837] ksize_uaf+0xaa/0x6c0 [ 23.860054] kunit_try_run_case+0x1a5/0x480 [ 23.860433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.861116] kthread+0x337/0x6f0 [ 23.861381] ret_from_fork+0x116/0x1d0 [ 23.861569] ret_from_fork_asm+0x1a/0x30 [ 23.862204] [ 23.862386] Freed by task 244: [ 23.862535] kasan_save_stack+0x45/0x70 [ 23.862737] kasan_save_track+0x18/0x40 [ 23.863372] kasan_save_free_info+0x3f/0x60 [ 23.863590] __kasan_slab_free+0x56/0x70 [ 23.863726] kfree+0x222/0x3f0 [ 23.863932] ksize_uaf+0x12c/0x6c0 [ 23.864093] kunit_try_run_case+0x1a5/0x480 [ 23.864482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.864703] kthread+0x337/0x6f0 [ 23.865329] ret_from_fork+0x116/0x1d0 [ 23.865516] ret_from_fork_asm+0x1a/0x30 [ 23.865910] [ 23.866182] The buggy address belongs to the object at ffff8881062af100 [ 23.866182] which belongs to the cache kmalloc-128 of size 128 [ 23.866851] The buggy address is located 0 bytes inside of [ 23.866851] freed 128-byte region [ffff8881062af100, ffff8881062af180) [ 23.867694] [ 23.867970] The buggy address belongs to the physical page: [ 23.868177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 23.868545] flags: 0x200000000000000(node=0|zone=2) [ 23.868783] page_type: f5(slab) [ 23.869300] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.869790] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.870207] page dumped because: kasan: bad access detected [ 23.870648] [ 23.870752] Memory state around the buggy address: [ 23.871212] ffff8881062af000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.871604] ffff8881062af080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.872113] >ffff8881062af100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.872422] ^ [ 23.872565] ffff8881062af180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.873052] ffff8881062af200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.873360] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 23.736019] ================================================================== [ 23.736542] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.736871] Read of size 1 at addr ffff8881062af073 by task kunit_try_catch/242 [ 23.737341] [ 23.737474] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.737553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.737566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.737682] Call Trace: [ 23.737862] <TASK> [ 23.737885] dump_stack_lvl+0x73/0xb0 [ 23.737919] print_report+0xd1/0x610 [ 23.737943] ? __virt_addr_valid+0x1db/0x2d0 [ 23.737969] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.737993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.738021] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.738046] kasan_report+0x141/0x180 [ 23.738069] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.738097] __asan_report_load1_noabort+0x18/0x20 [ 23.738124] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.738150] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.738174] ? finish_task_switch.isra.0+0x153/0x700 [ 23.738197] ? __switch_to+0x47/0xf50 [ 23.738228] ? __schedule+0x10cc/0x2b60 [ 23.738270] ? __pfx_read_tsc+0x10/0x10 [ 23.738296] ? ktime_get_ts64+0x86/0x230 [ 23.738323] kunit_try_run_case+0x1a5/0x480 [ 23.738347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.738367] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.738389] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.738418] ? __kthread_parkme+0x82/0x180 [ 23.738440] ? preempt_count_sub+0x50/0x80 [ 23.738464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.738485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.738512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.738539] kthread+0x337/0x6f0 [ 23.738564] ? trace_preempt_on+0x20/0xc0 [ 23.738592] ? __pfx_kthread+0x10/0x10 [ 23.738616] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.738644] ? calculate_sigpending+0x7b/0xa0 [ 23.738672] ? __pfx_kthread+0x10/0x10 [ 23.738697] ret_from_fork+0x116/0x1d0 [ 23.738716] ? __pfx_kthread+0x10/0x10 [ 23.738739] ret_from_fork_asm+0x1a/0x30 [ 23.738948] </TASK> [ 23.738969] [ 23.748924] Allocated by task 242: [ 23.749097] kasan_save_stack+0x45/0x70 [ 23.749471] kasan_save_track+0x18/0x40 [ 23.749728] kasan_save_alloc_info+0x3b/0x50 [ 23.750092] __kasan_kmalloc+0xb7/0xc0 [ 23.750279] __kmalloc_cache_noprof+0x189/0x420 [ 23.750491] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.750682] kunit_try_run_case+0x1a5/0x480 [ 23.751136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.751353] kthread+0x337/0x6f0 [ 23.751522] ret_from_fork+0x116/0x1d0 [ 23.752212] ret_from_fork_asm+0x1a/0x30 [ 23.752408] [ 23.752605] The buggy address belongs to the object at ffff8881062af000 [ 23.752605] which belongs to the cache kmalloc-128 of size 128 [ 23.753649] The buggy address is located 0 bytes to the right of [ 23.753649] allocated 115-byte region [ffff8881062af000, ffff8881062af073) [ 23.754620] [ 23.754719] The buggy address belongs to the physical page: [ 23.755152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 23.755512] flags: 0x200000000000000(node=0|zone=2) [ 23.755723] page_type: f5(slab) [ 23.756098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.756423] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.756865] page dumped because: kasan: bad access detected [ 23.757083] [ 23.757565] Memory state around the buggy address: [ 23.757765] ffff8881062aef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.758422] ffff8881062aef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.758881] >ffff8881062af000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.759166] ^ [ 23.759450] ffff8881062af080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.759737] ffff8881062af100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.760505] ================================================================== [ 23.791686] ================================================================== [ 23.791947] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.792615] Read of size 1 at addr ffff8881062af07f by task kunit_try_catch/242 [ 23.793030] [ 23.793317] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.793373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.793385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.793407] Call Trace: [ 23.793429] <TASK> [ 23.793449] dump_stack_lvl+0x73/0xb0 [ 23.793481] print_report+0xd1/0x610 [ 23.793505] ? __virt_addr_valid+0x1db/0x2d0 [ 23.793530] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.793554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.793582] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.793606] kasan_report+0x141/0x180 [ 23.793628] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.793657] __asan_report_load1_noabort+0x18/0x20 [ 23.793683] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.793708] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.793731] ? finish_task_switch.isra.0+0x153/0x700 [ 23.793754] ? __switch_to+0x47/0xf50 [ 23.793832] ? __schedule+0x10cc/0x2b60 [ 23.793862] ? __pfx_read_tsc+0x10/0x10 [ 23.793887] ? ktime_get_ts64+0x86/0x230 [ 23.793915] kunit_try_run_case+0x1a5/0x480 [ 23.793938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.793959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.793981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.794025] ? __kthread_parkme+0x82/0x180 [ 23.794046] ? preempt_count_sub+0x50/0x80 [ 23.794070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.794092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.794118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.794144] kthread+0x337/0x6f0 [ 23.794166] ? trace_preempt_on+0x20/0xc0 [ 23.794192] ? __pfx_kthread+0x10/0x10 [ 23.794214] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.794252] ? calculate_sigpending+0x7b/0xa0 [ 23.794280] ? __pfx_kthread+0x10/0x10 [ 23.794304] ret_from_fork+0x116/0x1d0 [ 23.794323] ? __pfx_kthread+0x10/0x10 [ 23.794345] ret_from_fork_asm+0x1a/0x30 [ 23.794380] </TASK> [ 23.794392] [ 23.803869] Allocated by task 242: [ 23.804109] kasan_save_stack+0x45/0x70 [ 23.804280] kasan_save_track+0x18/0x40 [ 23.804532] kasan_save_alloc_info+0x3b/0x50 [ 23.804815] __kasan_kmalloc+0xb7/0xc0 [ 23.804997] __kmalloc_cache_noprof+0x189/0x420 [ 23.805180] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.805338] kunit_try_run_case+0x1a5/0x480 [ 23.805498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.805751] kthread+0x337/0x6f0 [ 23.806012] ret_from_fork+0x116/0x1d0 [ 23.806323] ret_from_fork_asm+0x1a/0x30 [ 23.807417] [ 23.807500] The buggy address belongs to the object at ffff8881062af000 [ 23.807500] which belongs to the cache kmalloc-128 of size 128 [ 23.808333] The buggy address is located 12 bytes to the right of [ 23.808333] allocated 115-byte region [ffff8881062af000, ffff8881062af073) [ 23.808859] [ 23.809308] The buggy address belongs to the physical page: [ 23.809636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 23.810260] flags: 0x200000000000000(node=0|zone=2) [ 23.810547] page_type: f5(slab) [ 23.810739] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.811487] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.811983] page dumped because: kasan: bad access detected [ 23.812378] [ 23.812611] Memory state around the buggy address: [ 23.812896] ffff8881062aef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.813450] ffff8881062aef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.813866] >ffff8881062af000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.814325] ^ [ 23.814647] ffff8881062af080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.815361] ffff8881062af100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.815791] ================================================================== [ 23.761580] ================================================================== [ 23.762003] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.762421] Read of size 1 at addr ffff8881062af078 by task kunit_try_catch/242 [ 23.762945] [ 23.763134] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.763266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.763280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.763303] Call Trace: [ 23.763323] <TASK> [ 23.763343] dump_stack_lvl+0x73/0xb0 [ 23.763377] print_report+0xd1/0x610 [ 23.763400] ? __virt_addr_valid+0x1db/0x2d0 [ 23.763424] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.763448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.763477] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.763501] kasan_report+0x141/0x180 [ 23.763523] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.763552] __asan_report_load1_noabort+0x18/0x20 [ 23.763578] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.763603] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.763627] ? finish_task_switch.isra.0+0x153/0x700 [ 23.763649] ? __switch_to+0x47/0xf50 [ 23.763678] ? __schedule+0x10cc/0x2b60 [ 23.763708] ? __pfx_read_tsc+0x10/0x10 [ 23.763732] ? ktime_get_ts64+0x86/0x230 [ 23.763772] kunit_try_run_case+0x1a5/0x480 [ 23.763795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.763865] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.763893] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.763923] ? __kthread_parkme+0x82/0x180 [ 23.763945] ? preempt_count_sub+0x50/0x80 [ 23.763968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.763991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.764018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.764045] kthread+0x337/0x6f0 [ 23.764068] ? trace_preempt_on+0x20/0xc0 [ 23.764094] ? __pfx_kthread+0x10/0x10 [ 23.764118] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.764145] ? calculate_sigpending+0x7b/0xa0 [ 23.764173] ? __pfx_kthread+0x10/0x10 [ 23.764197] ret_from_fork+0x116/0x1d0 [ 23.764218] ? __pfx_kthread+0x10/0x10 [ 23.764251] ret_from_fork_asm+0x1a/0x30 [ 23.764286] </TASK> [ 23.764297] [ 23.775415] Allocated by task 242: [ 23.775562] kasan_save_stack+0x45/0x70 [ 23.775719] kasan_save_track+0x18/0x40 [ 23.775857] kasan_save_alloc_info+0x3b/0x50 [ 23.776004] __kasan_kmalloc+0xb7/0xc0 [ 23.776129] __kmalloc_cache_noprof+0x189/0x420 [ 23.776362] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.776576] kunit_try_run_case+0x1a5/0x480 [ 23.777653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.777842] kthread+0x337/0x6f0 [ 23.778438] ret_from_fork+0x116/0x1d0 [ 23.779101] ret_from_fork_asm+0x1a/0x30 [ 23.780805] [ 23.780949] The buggy address belongs to the object at ffff8881062af000 [ 23.780949] which belongs to the cache kmalloc-128 of size 128 [ 23.781473] The buggy address is located 5 bytes to the right of [ 23.781473] allocated 115-byte region [ffff8881062af000, ffff8881062af073) [ 23.783285] [ 23.783493] The buggy address belongs to the physical page: [ 23.784593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062af [ 23.785484] flags: 0x200000000000000(node=0|zone=2) [ 23.786019] page_type: f5(slab) [ 23.786203] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.786596] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.787284] page dumped because: kasan: bad access detected [ 23.787634] [ 23.787727] Memory state around the buggy address: [ 23.788183] ffff8881062aef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.788593] ffff8881062aef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789132] >ffff8881062af000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.789553] ^ [ 23.789973] ffff8881062af080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.790290] ffff8881062af100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.790598] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 23.709072] ================================================================== [ 23.709634] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 23.710074] Free of addr ffff8881025fe600 by task kunit_try_catch/240 [ 23.710347] [ 23.710436] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.710487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.710499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.710521] Call Trace: [ 23.710534] <TASK> [ 23.710552] dump_stack_lvl+0x73/0xb0 [ 23.710583] print_report+0xd1/0x610 [ 23.710605] ? __virt_addr_valid+0x1db/0x2d0 [ 23.710633] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.710661] ? kfree_sensitive+0x2e/0x90 [ 23.710689] kasan_report_invalid_free+0x10a/0x130 [ 23.710714] ? kfree_sensitive+0x2e/0x90 [ 23.710743] ? kfree_sensitive+0x2e/0x90 [ 23.710770] check_slab_allocation+0x101/0x130 [ 23.710791] __kasan_slab_pre_free+0x28/0x40 [ 23.710812] kfree+0xf0/0x3f0 [ 23.710836] ? add_taint+0x2e/0xa0 [ 23.710863] ? kfree_sensitive+0x2e/0x90 [ 23.710892] kfree_sensitive+0x2e/0x90 [ 23.710919] kmalloc_double_kzfree+0x19c/0x350 [ 23.710944] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.710968] ? __schedule+0x10cc/0x2b60 [ 23.710998] ? __pfx_read_tsc+0x10/0x10 [ 23.711022] ? ktime_get_ts64+0x86/0x230 [ 23.711049] kunit_try_run_case+0x1a5/0x480 [ 23.711071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.711091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.711113] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.711141] ? __kthread_parkme+0x82/0x180 [ 23.711162] ? preempt_count_sub+0x50/0x80 [ 23.711210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.711264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.711315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.711343] kthread+0x337/0x6f0 [ 23.711364] ? trace_preempt_on+0x20/0xc0 [ 23.711389] ? __pfx_kthread+0x10/0x10 [ 23.711412] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.711439] ? calculate_sigpending+0x7b/0xa0 [ 23.711466] ? __pfx_kthread+0x10/0x10 [ 23.711489] ret_from_fork+0x116/0x1d0 [ 23.711509] ? __pfx_kthread+0x10/0x10 [ 23.711531] ret_from_fork_asm+0x1a/0x30 [ 23.711566] </TASK> [ 23.711577] [ 23.720078] Allocated by task 240: [ 23.720417] kasan_save_stack+0x45/0x70 [ 23.720654] kasan_save_track+0x18/0x40 [ 23.720965] kasan_save_alloc_info+0x3b/0x50 [ 23.721119] __kasan_kmalloc+0xb7/0xc0 [ 23.721258] __kmalloc_cache_noprof+0x189/0x420 [ 23.721445] kmalloc_double_kzfree+0xa9/0x350 [ 23.721652] kunit_try_run_case+0x1a5/0x480 [ 23.721854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.722403] kthread+0x337/0x6f0 [ 23.722578] ret_from_fork+0x116/0x1d0 [ 23.722747] ret_from_fork_asm+0x1a/0x30 [ 23.723001] [ 23.723103] Freed by task 240: [ 23.723207] kasan_save_stack+0x45/0x70 [ 23.723345] kasan_save_track+0x18/0x40 [ 23.723528] kasan_save_free_info+0x3f/0x60 [ 23.723832] __kasan_slab_free+0x56/0x70 [ 23.724062] kfree+0x222/0x3f0 [ 23.724223] kfree_sensitive+0x67/0x90 [ 23.724402] kmalloc_double_kzfree+0x12b/0x350 [ 23.724554] kunit_try_run_case+0x1a5/0x480 [ 23.724749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.725361] kthread+0x337/0x6f0 [ 23.725561] ret_from_fork+0x116/0x1d0 [ 23.725808] ret_from_fork_asm+0x1a/0x30 [ 23.726007] [ 23.726095] The buggy address belongs to the object at ffff8881025fe600 [ 23.726095] which belongs to the cache kmalloc-16 of size 16 [ 23.726887] The buggy address is located 0 bytes inside of [ 23.726887] 16-byte region [ffff8881025fe600, ffff8881025fe610) [ 23.727204] [ 23.727322] The buggy address belongs to the physical page: [ 23.727590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025fe [ 23.728160] flags: 0x200000000000000(node=0|zone=2) [ 23.728441] page_type: f5(slab) [ 23.728605] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.729077] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.729319] page dumped because: kasan: bad access detected [ 23.729562] [ 23.729774] Memory state around the buggy address: [ 23.730186] ffff8881025fe500: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.730559] ffff8881025fe580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.730939] >ffff8881025fe600: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.731161] ^ [ 23.731281] ffff8881025fe680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.731610] ffff8881025fe700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.731956] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 23.682363] ================================================================== [ 23.682938] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 23.683467] Read of size 1 at addr ffff8881025fe600 by task kunit_try_catch/240 [ 23.683790] [ 23.683944] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.683998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.684011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.684034] Call Trace: [ 23.684048] <TASK> [ 23.684068] dump_stack_lvl+0x73/0xb0 [ 23.684101] print_report+0xd1/0x610 [ 23.684125] ? __virt_addr_valid+0x1db/0x2d0 [ 23.684152] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.684176] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.684205] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.684229] kasan_report+0x141/0x180 [ 23.684265] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.684292] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.684316] __kasan_check_byte+0x3d/0x50 [ 23.684338] kfree_sensitive+0x22/0x90 [ 23.684369] kmalloc_double_kzfree+0x19c/0x350 [ 23.684393] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.684442] ? __schedule+0x10cc/0x2b60 [ 23.684473] ? __pfx_read_tsc+0x10/0x10 [ 23.684499] ? ktime_get_ts64+0x86/0x230 [ 23.684538] kunit_try_run_case+0x1a5/0x480 [ 23.684563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.684596] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.684618] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.684647] ? __kthread_parkme+0x82/0x180 [ 23.684669] ? preempt_count_sub+0x50/0x80 [ 23.684694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.684716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.684743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.684771] kthread+0x337/0x6f0 [ 23.684793] ? trace_preempt_on+0x20/0xc0 [ 23.684881] ? __pfx_kthread+0x10/0x10 [ 23.684905] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.684932] ? calculate_sigpending+0x7b/0xa0 [ 23.684961] ? __pfx_kthread+0x10/0x10 [ 23.684984] ret_from_fork+0x116/0x1d0 [ 23.685005] ? __pfx_kthread+0x10/0x10 [ 23.685027] ret_from_fork_asm+0x1a/0x30 [ 23.685062] </TASK> [ 23.685074] [ 23.696135] Allocated by task 240: [ 23.696408] kasan_save_stack+0x45/0x70 [ 23.696586] kasan_save_track+0x18/0x40 [ 23.697292] kasan_save_alloc_info+0x3b/0x50 [ 23.697501] __kasan_kmalloc+0xb7/0xc0 [ 23.697664] __kmalloc_cache_noprof+0x189/0x420 [ 23.697963] kmalloc_double_kzfree+0xa9/0x350 [ 23.698182] kunit_try_run_case+0x1a5/0x480 [ 23.698394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.698627] kthread+0x337/0x6f0 [ 23.698775] ret_from_fork+0x116/0x1d0 [ 23.699112] ret_from_fork_asm+0x1a/0x30 [ 23.699273] [ 23.699340] Freed by task 240: [ 23.699494] kasan_save_stack+0x45/0x70 [ 23.699680] kasan_save_track+0x18/0x40 [ 23.699909] kasan_save_free_info+0x3f/0x60 [ 23.700131] __kasan_slab_free+0x56/0x70 [ 23.700447] kfree+0x222/0x3f0 [ 23.700621] kfree_sensitive+0x67/0x90 [ 23.700914] kmalloc_double_kzfree+0x12b/0x350 [ 23.701064] kunit_try_run_case+0x1a5/0x480 [ 23.701206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.701469] kthread+0x337/0x6f0 [ 23.701653] ret_from_fork+0x116/0x1d0 [ 23.701837] ret_from_fork_asm+0x1a/0x30 [ 23.702065] [ 23.702216] The buggy address belongs to the object at ffff8881025fe600 [ 23.702216] which belongs to the cache kmalloc-16 of size 16 [ 23.702728] The buggy address is located 0 bytes inside of [ 23.702728] freed 16-byte region [ffff8881025fe600, ffff8881025fe610) [ 23.703459] [ 23.703538] The buggy address belongs to the physical page: [ 23.703858] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025fe [ 23.704321] flags: 0x200000000000000(node=0|zone=2) [ 23.704554] page_type: f5(slab) [ 23.704702] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.705069] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.705481] page dumped because: kasan: bad access detected [ 23.705738] [ 23.705868] Memory state around the buggy address: [ 23.706108] ffff8881025fe500: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.706446] ffff8881025fe580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.706706] >ffff8881025fe600: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.707090] ^ [ 23.707436] ffff8881025fe680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.707727] ffff8881025fe700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.708195] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 23.655210] ================================================================== [ 23.655734] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 23.656402] Read of size 1 at addr ffff8881062ac028 by task kunit_try_catch/236 [ 23.656738] [ 23.656837] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.656894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.657252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.657283] Call Trace: [ 23.657297] <TASK> [ 23.657319] dump_stack_lvl+0x73/0xb0 [ 23.657357] print_report+0xd1/0x610 [ 23.657382] ? __virt_addr_valid+0x1db/0x2d0 [ 23.657410] ? kmalloc_uaf2+0x4a8/0x520 [ 23.657430] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.657458] ? kmalloc_uaf2+0x4a8/0x520 [ 23.657479] kasan_report+0x141/0x180 [ 23.657501] ? kmalloc_uaf2+0x4a8/0x520 [ 23.657526] __asan_report_load1_noabort+0x18/0x20 [ 23.657552] kmalloc_uaf2+0x4a8/0x520 [ 23.657573] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 23.657593] ? finish_task_switch.isra.0+0x153/0x700 [ 23.657617] ? __switch_to+0x47/0xf50 [ 23.657647] ? __schedule+0x10cc/0x2b60 [ 23.657677] ? __pfx_read_tsc+0x10/0x10 [ 23.657702] ? ktime_get_ts64+0x86/0x230 [ 23.657731] kunit_try_run_case+0x1a5/0x480 [ 23.657829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.657857] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.657880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.657909] ? __kthread_parkme+0x82/0x180 [ 23.657931] ? preempt_count_sub+0x50/0x80 [ 23.657954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.657976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.658004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.658031] kthread+0x337/0x6f0 [ 23.658053] ? trace_preempt_on+0x20/0xc0 [ 23.658080] ? __pfx_kthread+0x10/0x10 [ 23.658104] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.658131] ? calculate_sigpending+0x7b/0xa0 [ 23.658159] ? __pfx_kthread+0x10/0x10 [ 23.658183] ret_from_fork+0x116/0x1d0 [ 23.658202] ? __pfx_kthread+0x10/0x10 [ 23.658225] ret_from_fork_asm+0x1a/0x30 [ 23.658272] </TASK> [ 23.658285] [ 23.665653] Allocated by task 236: [ 23.665800] kasan_save_stack+0x45/0x70 [ 23.665989] kasan_save_track+0x18/0x40 [ 23.666162] kasan_save_alloc_info+0x3b/0x50 [ 23.666317] __kasan_kmalloc+0xb7/0xc0 [ 23.666442] __kmalloc_cache_noprof+0x189/0x420 [ 23.666609] kmalloc_uaf2+0xc6/0x520 [ 23.666777] kunit_try_run_case+0x1a5/0x480 [ 23.666971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.667320] kthread+0x337/0x6f0 [ 23.667488] ret_from_fork+0x116/0x1d0 [ 23.667614] ret_from_fork_asm+0x1a/0x30 [ 23.667748] [ 23.667811] Freed by task 236: [ 23.667914] kasan_save_stack+0x45/0x70 [ 23.668085] kasan_save_track+0x18/0x40 [ 23.668276] kasan_save_free_info+0x3f/0x60 [ 23.668610] __kasan_slab_free+0x56/0x70 [ 23.668816] kfree+0x222/0x3f0 [ 23.669313] kmalloc_uaf2+0x14c/0x520 [ 23.669478] kunit_try_run_case+0x1a5/0x480 [ 23.669646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.670000] kthread+0x337/0x6f0 [ 23.670124] ret_from_fork+0x116/0x1d0 [ 23.670263] ret_from_fork_asm+0x1a/0x30 [ 23.670397] [ 23.670463] The buggy address belongs to the object at ffff8881062ac000 [ 23.670463] which belongs to the cache kmalloc-64 of size 64 [ 23.671312] The buggy address is located 40 bytes inside of [ 23.671312] freed 64-byte region [ffff8881062ac000, ffff8881062ac040) [ 23.671832] [ 23.671923] The buggy address belongs to the physical page: [ 23.672093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062ac [ 23.672477] flags: 0x200000000000000(node=0|zone=2) [ 23.672719] page_type: f5(slab) [ 23.673035] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.673277] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.673856] page dumped because: kasan: bad access detected [ 23.674130] [ 23.674219] Memory state around the buggy address: [ 23.674453] ffff8881062abf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.674730] ffff8881062abf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.675112] >ffff8881062ac000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.675359] ^ [ 23.675503] ffff8881062ac080: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 23.675878] ffff8881062ac100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.676193] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 23.630421] ================================================================== [ 23.631190] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 23.631542] Write of size 33 at addr ffff8881059b5f80 by task kunit_try_catch/234 [ 23.631949] [ 23.632065] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.632122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.632134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.632158] Call Trace: [ 23.632174] <TASK> [ 23.632195] dump_stack_lvl+0x73/0xb0 [ 23.632229] print_report+0xd1/0x610 [ 23.632266] ? __virt_addr_valid+0x1db/0x2d0 [ 23.632291] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.632312] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.632341] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.632363] kasan_report+0x141/0x180 [ 23.632385] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.632411] kasan_check_range+0x10c/0x1c0 [ 23.632436] __asan_memset+0x27/0x50 [ 23.632463] kmalloc_uaf_memset+0x1a3/0x360 [ 23.632484] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 23.632507] ? __schedule+0x10cc/0x2b60 [ 23.632536] ? __pfx_read_tsc+0x10/0x10 [ 23.632561] ? ktime_get_ts64+0x86/0x230 [ 23.632589] kunit_try_run_case+0x1a5/0x480 [ 23.632613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.632633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.632655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.632683] ? __kthread_parkme+0x82/0x180 [ 23.632705] ? preempt_count_sub+0x50/0x80 [ 23.632729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.632797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.632839] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.632867] kthread+0x337/0x6f0 [ 23.632888] ? trace_preempt_on+0x20/0xc0 [ 23.632914] ? __pfx_kthread+0x10/0x10 [ 23.632936] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.632963] ? calculate_sigpending+0x7b/0xa0 [ 23.632991] ? __pfx_kthread+0x10/0x10 [ 23.633014] ret_from_fork+0x116/0x1d0 [ 23.633034] ? __pfx_kthread+0x10/0x10 [ 23.633056] ret_from_fork_asm+0x1a/0x30 [ 23.633091] </TASK> [ 23.633103] [ 23.640228] Allocated by task 234: [ 23.640387] kasan_save_stack+0x45/0x70 [ 23.640577] kasan_save_track+0x18/0x40 [ 23.640704] kasan_save_alloc_info+0x3b/0x50 [ 23.640872] __kasan_kmalloc+0xb7/0xc0 [ 23.641069] __kmalloc_cache_noprof+0x189/0x420 [ 23.641284] kmalloc_uaf_memset+0xa9/0x360 [ 23.641421] kunit_try_run_case+0x1a5/0x480 [ 23.641571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.641816] kthread+0x337/0x6f0 [ 23.642053] ret_from_fork+0x116/0x1d0 [ 23.642236] ret_from_fork_asm+0x1a/0x30 [ 23.642444] [ 23.642507] Freed by task 234: [ 23.642656] kasan_save_stack+0x45/0x70 [ 23.642873] kasan_save_track+0x18/0x40 [ 23.643013] kasan_save_free_info+0x3f/0x60 [ 23.643212] __kasan_slab_free+0x56/0x70 [ 23.643413] kfree+0x222/0x3f0 [ 23.643530] kmalloc_uaf_memset+0x12b/0x360 [ 23.643698] kunit_try_run_case+0x1a5/0x480 [ 23.644034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.644298] kthread+0x337/0x6f0 [ 23.644440] ret_from_fork+0x116/0x1d0 [ 23.644594] ret_from_fork_asm+0x1a/0x30 [ 23.644729] [ 23.644794] The buggy address belongs to the object at ffff8881059b5f80 [ 23.644794] which belongs to the cache kmalloc-64 of size 64 [ 23.645143] The buggy address is located 0 bytes inside of [ 23.645143] freed 64-byte region [ffff8881059b5f80, ffff8881059b5fc0) [ 23.645567] [ 23.645660] The buggy address belongs to the physical page: [ 23.645905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b5 [ 23.646555] flags: 0x200000000000000(node=0|zone=2) [ 23.646721] page_type: f5(slab) [ 23.647074] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.647509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.648089] page dumped because: kasan: bad access detected [ 23.648325] [ 23.648405] Memory state around the buggy address: [ 23.648557] ffff8881059b5e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.648766] ffff8881059b5f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.648974] >ffff8881059b5f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.649456] ^ [ 23.649623] ffff8881059b6000: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 23.650159] ffff8881059b6080: 00 00 00 00 00 00 00 00 00 03 fc fc fc fc fc fc [ 23.650493] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 23.592463] ================================================================== [ 23.593216] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 23.593458] Read of size 1 at addr ffff8881025fe5e8 by task kunit_try_catch/232 [ 23.593676] [ 23.593773] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.593826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.593838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.593862] Call Trace: [ 23.593876] <TASK> [ 23.593896] dump_stack_lvl+0x73/0xb0 [ 23.593927] print_report+0xd1/0x610 [ 23.593950] ? __virt_addr_valid+0x1db/0x2d0 [ 23.593976] ? kmalloc_uaf+0x320/0x380 [ 23.593996] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.594024] ? kmalloc_uaf+0x320/0x380 [ 23.594045] kasan_report+0x141/0x180 [ 23.594067] ? kmalloc_uaf+0x320/0x380 [ 23.594092] __asan_report_load1_noabort+0x18/0x20 [ 23.594119] kmalloc_uaf+0x320/0x380 [ 23.594139] ? __pfx_kmalloc_uaf+0x10/0x10 [ 23.594160] ? __schedule+0x10cc/0x2b60 [ 23.594188] ? __pfx_read_tsc+0x10/0x10 [ 23.594214] ? ktime_get_ts64+0x86/0x230 [ 23.594715] kunit_try_run_case+0x1a5/0x480 [ 23.595049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.595075] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.595099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.595128] ? __kthread_parkme+0x82/0x180 [ 23.595150] ? preempt_count_sub+0x50/0x80 [ 23.595191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.595214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.595252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.595279] kthread+0x337/0x6f0 [ 23.595300] ? trace_preempt_on+0x20/0xc0 [ 23.595326] ? __pfx_kthread+0x10/0x10 [ 23.595348] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.595376] ? calculate_sigpending+0x7b/0xa0 [ 23.595403] ? __pfx_kthread+0x10/0x10 [ 23.595427] ret_from_fork+0x116/0x1d0 [ 23.595446] ? __pfx_kthread+0x10/0x10 [ 23.595468] ret_from_fork_asm+0x1a/0x30 [ 23.595502] </TASK> [ 23.595514] [ 23.608926] Allocated by task 232: [ 23.609472] kasan_save_stack+0x45/0x70 [ 23.610079] kasan_save_track+0x18/0x40 [ 23.610609] kasan_save_alloc_info+0x3b/0x50 [ 23.611135] __kasan_kmalloc+0xb7/0xc0 [ 23.611547] __kmalloc_cache_noprof+0x189/0x420 [ 23.612101] kmalloc_uaf+0xaa/0x380 [ 23.612493] kunit_try_run_case+0x1a5/0x480 [ 23.613016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.613840] kthread+0x337/0x6f0 [ 23.614094] ret_from_fork+0x116/0x1d0 [ 23.614230] ret_from_fork_asm+0x1a/0x30 [ 23.614377] [ 23.614443] Freed by task 232: [ 23.614550] kasan_save_stack+0x45/0x70 [ 23.614678] kasan_save_track+0x18/0x40 [ 23.615135] kasan_save_free_info+0x3f/0x60 [ 23.615586] __kasan_slab_free+0x56/0x70 [ 23.616160] kfree+0x222/0x3f0 [ 23.616522] kmalloc_uaf+0x12c/0x380 [ 23.617028] kunit_try_run_case+0x1a5/0x480 [ 23.617480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.618090] kthread+0x337/0x6f0 [ 23.618449] ret_from_fork+0x116/0x1d0 [ 23.618837] ret_from_fork_asm+0x1a/0x30 [ 23.619217] [ 23.619298] The buggy address belongs to the object at ffff8881025fe5e0 [ 23.619298] which belongs to the cache kmalloc-16 of size 16 [ 23.619650] The buggy address is located 8 bytes inside of [ 23.619650] freed 16-byte region [ffff8881025fe5e0, ffff8881025fe5f0) [ 23.620677] [ 23.620875] The buggy address belongs to the physical page: [ 23.621589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025fe [ 23.622658] flags: 0x200000000000000(node=0|zone=2) [ 23.623150] page_type: f5(slab) [ 23.623336] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.623562] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.623862] page dumped because: kasan: bad access detected [ 23.624114] [ 23.624205] Memory state around the buggy address: [ 23.624412] ffff8881025fe480: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 23.624699] ffff8881025fe500: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.625115] >ffff8881025fe580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.625406] ^ [ 23.625676] ffff8881025fe600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.626038] ffff8881025fe680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.626354] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 23.558115] ================================================================== [ 23.559427] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.560307] Read of size 64 at addr ffff8881059b5d04 by task kunit_try_catch/230 [ 23.561228] [ 23.561344] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.561402] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.561415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.561438] Call Trace: [ 23.561453] <TASK> [ 23.561473] dump_stack_lvl+0x73/0xb0 [ 23.561508] print_report+0xd1/0x610 [ 23.561533] ? __virt_addr_valid+0x1db/0x2d0 [ 23.561559] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.561584] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.561612] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.561638] kasan_report+0x141/0x180 [ 23.561661] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.561691] kasan_check_range+0x10c/0x1c0 [ 23.561716] __asan_memmove+0x27/0x70 [ 23.561743] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.561780] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.561806] ? __schedule+0x10cc/0x2b60 [ 23.561848] ? __pfx_read_tsc+0x10/0x10 [ 23.562040] ? ktime_get_ts64+0x86/0x230 [ 23.562071] kunit_try_run_case+0x1a5/0x480 [ 23.562097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.562118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.562140] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.562168] ? __kthread_parkme+0x82/0x180 [ 23.562190] ? preempt_count_sub+0x50/0x80 [ 23.562214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.562236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.562274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.562301] kthread+0x337/0x6f0 [ 23.562322] ? trace_preempt_on+0x20/0xc0 [ 23.562348] ? __pfx_kthread+0x10/0x10 [ 23.562370] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.562397] ? calculate_sigpending+0x7b/0xa0 [ 23.562425] ? __pfx_kthread+0x10/0x10 [ 23.562448] ret_from_fork+0x116/0x1d0 [ 23.562467] ? __pfx_kthread+0x10/0x10 [ 23.562490] ret_from_fork_asm+0x1a/0x30 [ 23.562525] </TASK> [ 23.562538] [ 23.577171] Allocated by task 230: [ 23.577516] kasan_save_stack+0x45/0x70 [ 23.577909] kasan_save_track+0x18/0x40 [ 23.578231] kasan_save_alloc_info+0x3b/0x50 [ 23.578394] __kasan_kmalloc+0xb7/0xc0 [ 23.578519] __kmalloc_cache_noprof+0x189/0x420 [ 23.578670] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.578851] kunit_try_run_case+0x1a5/0x480 [ 23.578989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.579266] kthread+0x337/0x6f0 [ 23.579433] ret_from_fork+0x116/0x1d0 [ 23.579595] ret_from_fork_asm+0x1a/0x30 [ 23.579864] [ 23.580019] The buggy address belongs to the object at ffff8881059b5d00 [ 23.580019] which belongs to the cache kmalloc-64 of size 64 [ 23.581090] The buggy address is located 4 bytes inside of [ 23.581090] allocated 64-byte region [ffff8881059b5d00, ffff8881059b5d40) [ 23.582259] [ 23.582425] The buggy address belongs to the physical page: [ 23.582963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059b5 [ 23.583636] flags: 0x200000000000000(node=0|zone=2) [ 23.583826] page_type: f5(slab) [ 23.584099] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.584741] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.585290] page dumped because: kasan: bad access detected [ 23.585457] [ 23.585520] Memory state around the buggy address: [ 23.585671] ffff8881059b5c00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.585894] ffff8881059b5c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.586357] >ffff8881059b5d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.586600] ^ [ 23.586957] ffff8881059b5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.587271] ffff8881059b5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.587548] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 23.532676] ================================================================== [ 23.533593] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 23.534076] Read of size 18446744073709551614 at addr ffff888106335e84 by task kunit_try_catch/228 [ 23.534476] [ 23.534573] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.534627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.534640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.534663] Call Trace: [ 23.534678] <TASK> [ 23.534699] dump_stack_lvl+0x73/0xb0 [ 23.534734] print_report+0xd1/0x610 [ 23.534840] ? __virt_addr_valid+0x1db/0x2d0 [ 23.534871] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.534896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.534925] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.534971] kasan_report+0x141/0x180 [ 23.534994] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.535025] kasan_check_range+0x10c/0x1c0 [ 23.535050] __asan_memmove+0x27/0x70 [ 23.535077] kmalloc_memmove_negative_size+0x171/0x330 [ 23.535103] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.535129] ? __schedule+0x10cc/0x2b60 [ 23.535159] ? __pfx_read_tsc+0x10/0x10 [ 23.535184] ? ktime_get_ts64+0x86/0x230 [ 23.535213] kunit_try_run_case+0x1a5/0x480 [ 23.535251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.535272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.535293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.535322] ? __kthread_parkme+0x82/0x180 [ 23.535344] ? preempt_count_sub+0x50/0x80 [ 23.535369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.535390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.535417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.535444] kthread+0x337/0x6f0 [ 23.535465] ? trace_preempt_on+0x20/0xc0 [ 23.535491] ? __pfx_kthread+0x10/0x10 [ 23.535513] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.535540] ? calculate_sigpending+0x7b/0xa0 [ 23.535568] ? __pfx_kthread+0x10/0x10 [ 23.535591] ret_from_fork+0x116/0x1d0 [ 23.535611] ? __pfx_kthread+0x10/0x10 [ 23.535634] ret_from_fork_asm+0x1a/0x30 [ 23.535669] </TASK> [ 23.535681] [ 23.545813] Allocated by task 228: [ 23.546108] kasan_save_stack+0x45/0x70 [ 23.546271] kasan_save_track+0x18/0x40 [ 23.546471] kasan_save_alloc_info+0x3b/0x50 [ 23.546681] __kasan_kmalloc+0xb7/0xc0 [ 23.546863] __kmalloc_cache_noprof+0x189/0x420 [ 23.547167] kmalloc_memmove_negative_size+0xac/0x330 [ 23.547399] kunit_try_run_case+0x1a5/0x480 [ 23.547534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.547698] kthread+0x337/0x6f0 [ 23.547809] ret_from_fork+0x116/0x1d0 [ 23.548030] ret_from_fork_asm+0x1a/0x30 [ 23.548260] [ 23.548353] The buggy address belongs to the object at ffff888106335e80 [ 23.548353] which belongs to the cache kmalloc-64 of size 64 [ 23.549140] The buggy address is located 4 bytes inside of [ 23.549140] 64-byte region [ffff888106335e80, ffff888106335ec0) [ 23.549623] [ 23.549693] The buggy address belongs to the physical page: [ 23.549862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106335 [ 23.550526] flags: 0x200000000000000(node=0|zone=2) [ 23.550939] page_type: f5(slab) [ 23.551070] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.551345] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.551678] page dumped because: kasan: bad access detected [ 23.552233] [ 23.552344] Memory state around the buggy address: [ 23.552646] ffff888106335d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.552955] ffff888106335e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.553157] >ffff888106335e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.553637] ^ [ 23.553804] ffff888106335f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.554186] ffff888106335f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.554680] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 23.502862] ================================================================== [ 23.503235] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.504388] Write of size 16 at addr ffff88810595df69 by task kunit_try_catch/226 [ 23.505600] [ 23.505969] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.506028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.506041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.506064] Call Trace: [ 23.506080] <TASK> [ 23.506101] dump_stack_lvl+0x73/0xb0 [ 23.506137] print_report+0xd1/0x610 [ 23.506162] ? __virt_addr_valid+0x1db/0x2d0 [ 23.506187] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.506209] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.506254] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.506292] kasan_report+0x141/0x180 [ 23.506331] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.506357] kasan_check_range+0x10c/0x1c0 [ 23.506382] __asan_memset+0x27/0x50 [ 23.506458] kmalloc_oob_memset_16+0x166/0x330 [ 23.506484] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.506506] ? __schedule+0x10cc/0x2b60 [ 23.506631] ? __pfx_read_tsc+0x10/0x10 [ 23.506659] ? ktime_get_ts64+0x86/0x230 [ 23.506687] kunit_try_run_case+0x1a5/0x480 [ 23.506711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.506732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.506769] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.506798] ? __kthread_parkme+0x82/0x180 [ 23.506830] ? preempt_count_sub+0x50/0x80 [ 23.506854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.506876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.506902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.506929] kthread+0x337/0x6f0 [ 23.506950] ? trace_preempt_on+0x20/0xc0 [ 23.506976] ? __pfx_kthread+0x10/0x10 [ 23.506998] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.507025] ? calculate_sigpending+0x7b/0xa0 [ 23.507053] ? __pfx_kthread+0x10/0x10 [ 23.507076] ret_from_fork+0x116/0x1d0 [ 23.507095] ? __pfx_kthread+0x10/0x10 [ 23.507118] ret_from_fork_asm+0x1a/0x30 [ 23.507152] </TASK> [ 23.507164] [ 23.517968] Allocated by task 226: [ 23.518305] kasan_save_stack+0x45/0x70 [ 23.518783] kasan_save_track+0x18/0x40 [ 23.518977] kasan_save_alloc_info+0x3b/0x50 [ 23.519120] __kasan_kmalloc+0xb7/0xc0 [ 23.519254] __kmalloc_cache_noprof+0x189/0x420 [ 23.519417] kmalloc_oob_memset_16+0xac/0x330 [ 23.519557] kunit_try_run_case+0x1a5/0x480 [ 23.519694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.519856] kthread+0x337/0x6f0 [ 23.519966] ret_from_fork+0x116/0x1d0 [ 23.520085] ret_from_fork_asm+0x1a/0x30 [ 23.520213] [ 23.520375] The buggy address belongs to the object at ffff88810595df00 [ 23.520375] which belongs to the cache kmalloc-128 of size 128 [ 23.522107] The buggy address is located 105 bytes inside of [ 23.522107] allocated 120-byte region [ffff88810595df00, ffff88810595df78) [ 23.522893] [ 23.523083] The buggy address belongs to the physical page: [ 23.523603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595d [ 23.524356] flags: 0x200000000000000(node=0|zone=2) [ 23.524539] page_type: f5(slab) [ 23.524661] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.525315] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.526071] page dumped because: kasan: bad access detected [ 23.526635] [ 23.526837] Memory state around the buggy address: [ 23.527281] ffff88810595de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.527503] ffff88810595de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.527714] >ffff88810595df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.527965] ^ [ 23.528441] ffff88810595df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.528713] ffff88810595e000: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc [ 23.529404] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 23.475554] ================================================================== [ 23.476002] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 23.476414] Write of size 8 at addr ffff88810595de71 by task kunit_try_catch/224 [ 23.476665] [ 23.476778] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.476833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.476845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.476869] Call Trace: [ 23.476883] <TASK> [ 23.476904] dump_stack_lvl+0x73/0xb0 [ 23.476935] print_report+0xd1/0x610 [ 23.476959] ? __virt_addr_valid+0x1db/0x2d0 [ 23.476985] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.477007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.477035] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.477058] kasan_report+0x141/0x180 [ 23.477081] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.477107] kasan_check_range+0x10c/0x1c0 [ 23.477132] __asan_memset+0x27/0x50 [ 23.477159] kmalloc_oob_memset_8+0x166/0x330 [ 23.477181] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.477210] ? __schedule+0x10cc/0x2b60 [ 23.477251] ? __pfx_read_tsc+0x10/0x10 [ 23.477277] ? ktime_get_ts64+0x86/0x230 [ 23.477304] kunit_try_run_case+0x1a5/0x480 [ 23.477329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.477349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.477371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.477400] ? __kthread_parkme+0x82/0x180 [ 23.477422] ? preempt_count_sub+0x50/0x80 [ 23.477447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.477470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.477498] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.477525] kthread+0x337/0x6f0 [ 23.477547] ? trace_preempt_on+0x20/0xc0 [ 23.477573] ? __pfx_kthread+0x10/0x10 [ 23.477596] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.477623] ? calculate_sigpending+0x7b/0xa0 [ 23.477651] ? __pfx_kthread+0x10/0x10 [ 23.477674] ret_from_fork+0x116/0x1d0 [ 23.477694] ? __pfx_kthread+0x10/0x10 [ 23.477716] ret_from_fork_asm+0x1a/0x30 [ 23.477751] </TASK> [ 23.477763] [ 23.486634] Allocated by task 224: [ 23.487219] kasan_save_stack+0x45/0x70 [ 23.487622] kasan_save_track+0x18/0x40 [ 23.487879] kasan_save_alloc_info+0x3b/0x50 [ 23.488085] __kasan_kmalloc+0xb7/0xc0 [ 23.488263] __kmalloc_cache_noprof+0x189/0x420 [ 23.488464] kmalloc_oob_memset_8+0xac/0x330 [ 23.488650] kunit_try_run_case+0x1a5/0x480 [ 23.489216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.489583] kthread+0x337/0x6f0 [ 23.489738] ret_from_fork+0x116/0x1d0 [ 23.490082] ret_from_fork_asm+0x1a/0x30 [ 23.490274] [ 23.490358] The buggy address belongs to the object at ffff88810595de00 [ 23.490358] which belongs to the cache kmalloc-128 of size 128 [ 23.491356] The buggy address is located 113 bytes inside of [ 23.491356] allocated 120-byte region [ffff88810595de00, ffff88810595de78) [ 23.492059] [ 23.492158] The buggy address belongs to the physical page: [ 23.492402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595d [ 23.492732] flags: 0x200000000000000(node=0|zone=2) [ 23.493369] page_type: f5(slab) [ 23.493670] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.494368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.494679] page dumped because: kasan: bad access detected [ 23.495132] [ 23.495221] Memory state around the buggy address: [ 23.495434] ffff88810595dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.495718] ffff88810595dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.496457] >ffff88810595de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.496745] ^ [ 23.497122] ffff88810595de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.497428] ffff88810595df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.497703] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 23.443647] ================================================================== [ 23.444185] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.444525] Write of size 4 at addr ffff88810595dd75 by task kunit_try_catch/222 [ 23.445114] [ 23.445221] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.445287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.445300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.445323] Call Trace: [ 23.445337] <TASK> [ 23.445360] dump_stack_lvl+0x73/0xb0 [ 23.445395] print_report+0xd1/0x610 [ 23.445419] ? __virt_addr_valid+0x1db/0x2d0 [ 23.445447] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.445469] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.445497] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.445519] kasan_report+0x141/0x180 [ 23.445542] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.445568] kasan_check_range+0x10c/0x1c0 [ 23.445593] __asan_memset+0x27/0x50 [ 23.445619] kmalloc_oob_memset_4+0x166/0x330 [ 23.445642] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.445664] ? __schedule+0x10cc/0x2b60 [ 23.445694] ? __pfx_read_tsc+0x10/0x10 [ 23.445719] ? ktime_get_ts64+0x86/0x230 [ 23.445747] kunit_try_run_case+0x1a5/0x480 [ 23.445771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.445791] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.445813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.445870] ? __kthread_parkme+0x82/0x180 [ 23.445960] ? preempt_count_sub+0x50/0x80 [ 23.445986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.446008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.446037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.446064] kthread+0x337/0x6f0 [ 23.446085] ? trace_preempt_on+0x20/0xc0 [ 23.446111] ? __pfx_kthread+0x10/0x10 [ 23.446133] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.446160] ? calculate_sigpending+0x7b/0xa0 [ 23.446188] ? __pfx_kthread+0x10/0x10 [ 23.446211] ret_from_fork+0x116/0x1d0 [ 23.446231] ? __pfx_kthread+0x10/0x10 [ 23.446263] ret_from_fork_asm+0x1a/0x30 [ 23.446298] </TASK> [ 23.446309] [ 23.456735] Allocated by task 222: [ 23.457445] kasan_save_stack+0x45/0x70 [ 23.457735] kasan_save_track+0x18/0x40 [ 23.458336] kasan_save_alloc_info+0x3b/0x50 [ 23.458664] __kasan_kmalloc+0xb7/0xc0 [ 23.459267] __kmalloc_cache_noprof+0x189/0x420 [ 23.459495] kmalloc_oob_memset_4+0xac/0x330 [ 23.459689] kunit_try_run_case+0x1a5/0x480 [ 23.460216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.460548] kthread+0x337/0x6f0 [ 23.460993] ret_from_fork+0x116/0x1d0 [ 23.461353] ret_from_fork_asm+0x1a/0x30 [ 23.461555] [ 23.461641] The buggy address belongs to the object at ffff88810595dd00 [ 23.461641] which belongs to the cache kmalloc-128 of size 128 [ 23.462840] The buggy address is located 117 bytes inside of [ 23.462840] allocated 120-byte region [ffff88810595dd00, ffff88810595dd78) [ 23.463951] [ 23.464054] The buggy address belongs to the physical page: [ 23.464470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595d [ 23.465166] flags: 0x200000000000000(node=0|zone=2) [ 23.465541] page_type: f5(slab) [ 23.465710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.466504] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.467152] page dumped because: kasan: bad access detected [ 23.467400] [ 23.467487] Memory state around the buggy address: [ 23.467687] ffff88810595dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.468589] ffff88810595dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.469182] >ffff88810595dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.469630] ^ [ 23.470154] ffff88810595dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.470456] ffff88810595de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.471034] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 23.419011] ================================================================== [ 23.419558] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.420486] Write of size 2 at addr ffff8881059ac677 by task kunit_try_catch/220 [ 23.420842] [ 23.421224] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.421296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.421308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.421331] Call Trace: [ 23.421345] <TASK> [ 23.421364] dump_stack_lvl+0x73/0xb0 [ 23.421398] print_report+0xd1/0x610 [ 23.421421] ? __virt_addr_valid+0x1db/0x2d0 [ 23.421446] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.421469] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.421499] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.421521] kasan_report+0x141/0x180 [ 23.421545] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.421571] kasan_check_range+0x10c/0x1c0 [ 23.421598] __asan_memset+0x27/0x50 [ 23.421625] kmalloc_oob_memset_2+0x166/0x330 [ 23.421648] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.421671] ? __schedule+0x10cc/0x2b60 [ 23.421700] ? __pfx_read_tsc+0x10/0x10 [ 23.421726] ? ktime_get_ts64+0x86/0x230 [ 23.421772] kunit_try_run_case+0x1a5/0x480 [ 23.421797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.421826] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.421849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.421880] ? __kthread_parkme+0x82/0x180 [ 23.421902] ? preempt_count_sub+0x50/0x80 [ 23.421927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.421950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.421977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.422004] kthread+0x337/0x6f0 [ 23.422026] ? trace_preempt_on+0x20/0xc0 [ 23.422051] ? __pfx_kthread+0x10/0x10 [ 23.422074] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.422101] ? calculate_sigpending+0x7b/0xa0 [ 23.422128] ? __pfx_kthread+0x10/0x10 [ 23.422152] ret_from_fork+0x116/0x1d0 [ 23.422172] ? __pfx_kthread+0x10/0x10 [ 23.422194] ret_from_fork_asm+0x1a/0x30 [ 23.422229] </TASK> [ 23.422251] [ 23.429819] Allocated by task 220: [ 23.430009] kasan_save_stack+0x45/0x70 [ 23.430208] kasan_save_track+0x18/0x40 [ 23.430362] kasan_save_alloc_info+0x3b/0x50 [ 23.430569] __kasan_kmalloc+0xb7/0xc0 [ 23.430703] __kmalloc_cache_noprof+0x189/0x420 [ 23.431071] kmalloc_oob_memset_2+0xac/0x330 [ 23.431284] kunit_try_run_case+0x1a5/0x480 [ 23.431435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.431606] kthread+0x337/0x6f0 [ 23.431975] ret_from_fork+0x116/0x1d0 [ 23.432181] ret_from_fork_asm+0x1a/0x30 [ 23.432481] [ 23.432573] The buggy address belongs to the object at ffff8881059ac600 [ 23.432573] which belongs to the cache kmalloc-128 of size 128 [ 23.433153] The buggy address is located 119 bytes inside of [ 23.433153] allocated 120-byte region [ffff8881059ac600, ffff8881059ac678) [ 23.433654] [ 23.433747] The buggy address belongs to the physical page: [ 23.434041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac [ 23.434356] flags: 0x200000000000000(node=0|zone=2) [ 23.434516] page_type: f5(slab) [ 23.434634] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.434859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.435145] page dumped because: kasan: bad access detected [ 23.435396] [ 23.435482] Memory state around the buggy address: [ 23.435783] ffff8881059ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.436057] ffff8881059ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.436279] >ffff8881059ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.436483] ^ [ 23.436705] ffff8881059ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.437404] ffff8881059ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.437721] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 23.399198] ================================================================== [ 23.399652] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.399992] Write of size 128 at addr ffff88810595dc00 by task kunit_try_catch/218 [ 23.400705] [ 23.400820] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.400888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.400901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.400925] Call Trace: [ 23.400939] <TASK> [ 23.400959] dump_stack_lvl+0x73/0xb0 [ 23.400995] print_report+0xd1/0x610 [ 23.401020] ? __virt_addr_valid+0x1db/0x2d0 [ 23.401047] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.401069] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.401098] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.401120] kasan_report+0x141/0x180 [ 23.401143] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.401170] kasan_check_range+0x10c/0x1c0 [ 23.401202] __asan_memset+0x27/0x50 [ 23.401228] kmalloc_oob_in_memset+0x15f/0x320 [ 23.401262] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.401286] ? __schedule+0x10cc/0x2b60 [ 23.401316] ? __pfx_read_tsc+0x10/0x10 [ 23.401341] ? ktime_get_ts64+0x86/0x230 [ 23.401370] kunit_try_run_case+0x1a5/0x480 [ 23.401395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.401415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.401438] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.401467] ? __kthread_parkme+0x82/0x180 [ 23.401489] ? preempt_count_sub+0x50/0x80 [ 23.401514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.401536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.401564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.401590] kthread+0x337/0x6f0 [ 23.401612] ? trace_preempt_on+0x20/0xc0 [ 23.401638] ? __pfx_kthread+0x10/0x10 [ 23.401661] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.401687] ? calculate_sigpending+0x7b/0xa0 [ 23.401715] ? __pfx_kthread+0x10/0x10 [ 23.401739] ret_from_fork+0x116/0x1d0 [ 23.401758] ? __pfx_kthread+0x10/0x10 [ 23.401782] ret_from_fork_asm+0x1a/0x30 [ 23.401817] </TASK> [ 23.401840] [ 23.409107] Allocated by task 218: [ 23.409313] kasan_save_stack+0x45/0x70 [ 23.409517] kasan_save_track+0x18/0x40 [ 23.409713] kasan_save_alloc_info+0x3b/0x50 [ 23.409880] __kasan_kmalloc+0xb7/0xc0 [ 23.410172] __kmalloc_cache_noprof+0x189/0x420 [ 23.410392] kmalloc_oob_in_memset+0xac/0x320 [ 23.410565] kunit_try_run_case+0x1a5/0x480 [ 23.410703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.410901] kthread+0x337/0x6f0 [ 23.411161] ret_from_fork+0x116/0x1d0 [ 23.411353] ret_from_fork_asm+0x1a/0x30 [ 23.411551] [ 23.411647] The buggy address belongs to the object at ffff88810595dc00 [ 23.411647] which belongs to the cache kmalloc-128 of size 128 [ 23.412160] The buggy address is located 0 bytes inside of [ 23.412160] allocated 120-byte region [ffff88810595dc00, ffff88810595dc78) [ 23.412561] [ 23.412653] The buggy address belongs to the physical page: [ 23.412974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595d [ 23.413344] flags: 0x200000000000000(node=0|zone=2) [ 23.413548] page_type: f5(slab) [ 23.413695] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.414187] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.414468] page dumped because: kasan: bad access detected [ 23.414698] [ 23.414762] Memory state around the buggy address: [ 23.414998] ffff88810595db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.415212] ffff88810595db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.415429] >ffff88810595dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.415634] ^ [ 23.415881] ffff88810595dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.416187] ffff88810595dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.416663] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 23.370355] ================================================================== [ 23.371233] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 23.371585] Read of size 16 at addr ffff88810598a240 by task kunit_try_catch/216 [ 23.372090] [ 23.372194] CPU: 0 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.372259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.372272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.372294] Call Trace: [ 23.372307] <TASK> [ 23.372326] dump_stack_lvl+0x73/0xb0 [ 23.372357] print_report+0xd1/0x610 [ 23.372381] ? __virt_addr_valid+0x1db/0x2d0 [ 23.372406] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.372426] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.372455] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.372476] kasan_report+0x141/0x180 [ 23.372499] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.372525] __asan_report_load16_noabort+0x18/0x20 [ 23.372552] kmalloc_uaf_16+0x47b/0x4c0 [ 23.372573] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 23.372596] ? __schedule+0x10cc/0x2b60 [ 23.372624] ? __pfx_read_tsc+0x10/0x10 [ 23.372649] ? ktime_get_ts64+0x86/0x230 [ 23.372676] kunit_try_run_case+0x1a5/0x480 [ 23.372699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.372719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.372741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.372836] ? __kthread_parkme+0x82/0x180 [ 23.372858] ? preempt_count_sub+0x50/0x80 [ 23.372883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.372906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.372933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.372962] kthread+0x337/0x6f0 [ 23.372984] ? trace_preempt_on+0x20/0xc0 [ 23.373009] ? __pfx_kthread+0x10/0x10 [ 23.373032] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.373058] ? calculate_sigpending+0x7b/0xa0 [ 23.373086] ? __pfx_kthread+0x10/0x10 [ 23.373109] ret_from_fork+0x116/0x1d0 [ 23.373129] ? __pfx_kthread+0x10/0x10 [ 23.373151] ret_from_fork_asm+0x1a/0x30 [ 23.373186] </TASK> [ 23.373203] [ 23.379639] Allocated by task 216: [ 23.379764] kasan_save_stack+0x45/0x70 [ 23.379952] kasan_save_track+0x18/0x40 [ 23.380158] kasan_save_alloc_info+0x3b/0x50 [ 23.380370] __kasan_kmalloc+0xb7/0xc0 [ 23.380546] __kmalloc_cache_noprof+0x189/0x420 [ 23.380757] kmalloc_uaf_16+0x15b/0x4c0 [ 23.381078] kunit_try_run_case+0x1a5/0x480 [ 23.381408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.381585] kthread+0x337/0x6f0 [ 23.381747] ret_from_fork+0x116/0x1d0 [ 23.381984] ret_from_fork_asm+0x1a/0x30 [ 23.382149] [ 23.382249] Freed by task 216: [ 23.382361] kasan_save_stack+0x45/0x70 [ 23.382553] kasan_save_track+0x18/0x40 [ 23.382712] kasan_save_free_info+0x3f/0x60 [ 23.383058] __kasan_slab_free+0x56/0x70 [ 23.383225] kfree+0x222/0x3f0 [ 23.383394] kmalloc_uaf_16+0x1d6/0x4c0 [ 23.383559] kunit_try_run_case+0x1a5/0x480 [ 23.383740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.383983] kthread+0x337/0x6f0 [ 23.384179] ret_from_fork+0x116/0x1d0 [ 23.384409] ret_from_fork_asm+0x1a/0x30 [ 23.384554] [ 23.384639] The buggy address belongs to the object at ffff88810598a240 [ 23.384639] which belongs to the cache kmalloc-16 of size 16 [ 23.385276] The buggy address is located 0 bytes inside of [ 23.385276] freed 16-byte region [ffff88810598a240, ffff88810598a250) [ 23.385636] [ 23.385704] The buggy address belongs to the physical page: [ 23.385937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 23.386293] flags: 0x200000000000000(node=0|zone=2) [ 23.386557] page_type: f5(slab) [ 23.386674] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.387359] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.387659] page dumped because: kasan: bad access detected [ 23.387823] [ 23.387885] Memory state around the buggy address: [ 23.388077] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.388529] ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.388746] >ffff88810598a200: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 23.389266] ^ [ 23.389433] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.389672] ffff88810598a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.390150] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 23.349649] ================================================================== [ 23.350634] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 23.350924] Write of size 16 at addr ffff88810598a1e0 by task kunit_try_catch/214 [ 23.351463] [ 23.351566] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.351622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.351635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.351660] Call Trace: [ 23.351676] <TASK> [ 23.351697] dump_stack_lvl+0x73/0xb0 [ 23.351731] print_report+0xd1/0x610 [ 23.351775] ? __virt_addr_valid+0x1db/0x2d0 [ 23.351802] ? kmalloc_oob_16+0x452/0x4a0 [ 23.351823] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.351861] ? kmalloc_oob_16+0x452/0x4a0 [ 23.351883] kasan_report+0x141/0x180 [ 23.351906] ? kmalloc_oob_16+0x452/0x4a0 [ 23.351932] __asan_report_store16_noabort+0x1b/0x30 [ 23.351959] kmalloc_oob_16+0x452/0x4a0 [ 23.351981] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.352003] ? __schedule+0x10cc/0x2b60 [ 23.352032] ? __pfx_read_tsc+0x10/0x10 [ 23.352058] ? ktime_get_ts64+0x86/0x230 [ 23.352086] kunit_try_run_case+0x1a5/0x480 [ 23.352110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.352130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.352152] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.352181] ? __kthread_parkme+0x82/0x180 [ 23.352202] ? preempt_count_sub+0x50/0x80 [ 23.352227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.352261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.352288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.352315] kthread+0x337/0x6f0 [ 23.352337] ? trace_preempt_on+0x20/0xc0 [ 23.352362] ? __pfx_kthread+0x10/0x10 [ 23.352385] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.352411] ? calculate_sigpending+0x7b/0xa0 [ 23.352439] ? __pfx_kthread+0x10/0x10 [ 23.352463] ret_from_fork+0x116/0x1d0 [ 23.352482] ? __pfx_kthread+0x10/0x10 [ 23.352505] ret_from_fork_asm+0x1a/0x30 [ 23.352539] </TASK> [ 23.352551] [ 23.359064] Allocated by task 214: [ 23.359373] kasan_save_stack+0x45/0x70 [ 23.359584] kasan_save_track+0x18/0x40 [ 23.359736] kasan_save_alloc_info+0x3b/0x50 [ 23.359923] __kasan_kmalloc+0xb7/0xc0 [ 23.360104] __kmalloc_cache_noprof+0x189/0x420 [ 23.360493] kmalloc_oob_16+0xa8/0x4a0 [ 23.360662] kunit_try_run_case+0x1a5/0x480 [ 23.360889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.361065] kthread+0x337/0x6f0 [ 23.361180] ret_from_fork+0x116/0x1d0 [ 23.361383] ret_from_fork_asm+0x1a/0x30 [ 23.361572] [ 23.361657] The buggy address belongs to the object at ffff88810598a1e0 [ 23.361657] which belongs to the cache kmalloc-16 of size 16 [ 23.362176] The buggy address is located 0 bytes inside of [ 23.362176] allocated 13-byte region [ffff88810598a1e0, ffff88810598a1ed) [ 23.362755] [ 23.363162] The buggy address belongs to the physical page: [ 23.363455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10598a [ 23.363956] flags: 0x200000000000000(node=0|zone=2) [ 23.364144] page_type: f5(slab) [ 23.364437] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.364736] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.365073] page dumped because: kasan: bad access detected [ 23.365399] [ 23.365473] Memory state around the buggy address: [ 23.365624] ffff88810598a080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.365832] ffff88810598a100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.366038] >ffff88810598a180: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 23.366302] ^ [ 23.366589] ffff88810598a200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.367185] ffff88810598a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.367413] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 23.298096] ================================================================== [ 23.298615] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 23.298912] Read of size 1 at addr ffff888105653200 by task kunit_try_catch/212 [ 23.299381] [ 23.299499] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.299553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.299566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.299590] Call Trace: [ 23.299605] <TASK> [ 23.299626] dump_stack_lvl+0x73/0xb0 [ 23.299659] print_report+0xd1/0x610 [ 23.299684] ? __virt_addr_valid+0x1db/0x2d0 [ 23.299709] ? krealloc_uaf+0x1b8/0x5e0 [ 23.299731] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.299760] ? krealloc_uaf+0x1b8/0x5e0 [ 23.299784] kasan_report+0x141/0x180 [ 23.299806] ? krealloc_uaf+0x1b8/0x5e0 [ 23.299832] ? krealloc_uaf+0x1b8/0x5e0 [ 23.299854] __kasan_check_byte+0x3d/0x50 [ 23.299979] krealloc_noprof+0x3f/0x340 [ 23.300014] krealloc_uaf+0x1b8/0x5e0 [ 23.300037] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.300059] ? finish_task_switch.isra.0+0x153/0x700 [ 23.300083] ? __switch_to+0x47/0xf50 [ 23.300113] ? __schedule+0x10cc/0x2b60 [ 23.300142] ? __pfx_read_tsc+0x10/0x10 [ 23.300167] ? ktime_get_ts64+0x86/0x230 [ 23.300195] kunit_try_run_case+0x1a5/0x480 [ 23.300219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.300254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.300276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.300305] ? __kthread_parkme+0x82/0x180 [ 23.300326] ? preempt_count_sub+0x50/0x80 [ 23.300349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.300371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.300398] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.300425] kthread+0x337/0x6f0 [ 23.300446] ? trace_preempt_on+0x20/0xc0 [ 23.300471] ? __pfx_kthread+0x10/0x10 [ 23.300494] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.300521] ? calculate_sigpending+0x7b/0xa0 [ 23.300549] ? __pfx_kthread+0x10/0x10 [ 23.300572] ret_from_fork+0x116/0x1d0 [ 23.300592] ? __pfx_kthread+0x10/0x10 [ 23.300614] ret_from_fork_asm+0x1a/0x30 [ 23.300648] </TASK> [ 23.300661] [ 23.307820] Allocated by task 212: [ 23.307951] kasan_save_stack+0x45/0x70 [ 23.308416] kasan_save_track+0x18/0x40 [ 23.308616] kasan_save_alloc_info+0x3b/0x50 [ 23.308824] __kasan_kmalloc+0xb7/0xc0 [ 23.309008] __kmalloc_cache_noprof+0x189/0x420 [ 23.309284] krealloc_uaf+0xbb/0x5e0 [ 23.309461] kunit_try_run_case+0x1a5/0x480 [ 23.309730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.310088] kthread+0x337/0x6f0 [ 23.310234] ret_from_fork+0x116/0x1d0 [ 23.310392] ret_from_fork_asm+0x1a/0x30 [ 23.310580] [ 23.310648] Freed by task 212: [ 23.310874] kasan_save_stack+0x45/0x70 [ 23.311031] kasan_save_track+0x18/0x40 [ 23.311158] kasan_save_free_info+0x3f/0x60 [ 23.311310] __kasan_slab_free+0x56/0x70 [ 23.311442] kfree+0x222/0x3f0 [ 23.311555] krealloc_uaf+0x13d/0x5e0 [ 23.311704] kunit_try_run_case+0x1a5/0x480 [ 23.311894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.312136] kthread+0x337/0x6f0 [ 23.312304] ret_from_fork+0x116/0x1d0 [ 23.312485] ret_from_fork_asm+0x1a/0x30 [ 23.312887] [ 23.312965] The buggy address belongs to the object at ffff888105653200 [ 23.312965] which belongs to the cache kmalloc-256 of size 256 [ 23.313404] The buggy address is located 0 bytes inside of [ 23.313404] freed 256-byte region [ffff888105653200, ffff888105653300) [ 23.314390] [ 23.314493] The buggy address belongs to the physical page: [ 23.314747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105652 [ 23.315102] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.315383] flags: 0x200000000000040(head|node=0|zone=2) [ 23.315558] page_type: f5(slab) [ 23.315677] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.316139] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.316488] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.316954] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.317313] head: 0200000000000001 ffffea0004159481 00000000ffffffff 00000000ffffffff [ 23.317610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.318119] page dumped because: kasan: bad access detected [ 23.318358] [ 23.318449] Memory state around the buggy address: [ 23.318617] ffff888105653100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.318826] ffff888105653180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.319031] >ffff888105653200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.319246] ^ [ 23.319477] ffff888105653280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.319788] ffff888105653300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.320087] ================================================================== [ 23.320756] ================================================================== [ 23.321129] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 23.321448] Read of size 1 at addr ffff888105653200 by task kunit_try_catch/212 [ 23.321666] [ 23.321792] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.321846] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.321858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.321880] Call Trace: [ 23.321894] <TASK> [ 23.321913] dump_stack_lvl+0x73/0xb0 [ 23.321944] print_report+0xd1/0x610 [ 23.321968] ? __virt_addr_valid+0x1db/0x2d0 [ 23.321993] ? krealloc_uaf+0x53c/0x5e0 [ 23.322015] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.322043] ? krealloc_uaf+0x53c/0x5e0 [ 23.322067] kasan_report+0x141/0x180 [ 23.322090] ? krealloc_uaf+0x53c/0x5e0 [ 23.322117] __asan_report_load1_noabort+0x18/0x20 [ 23.322145] krealloc_uaf+0x53c/0x5e0 [ 23.322168] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.322190] ? finish_task_switch.isra.0+0x153/0x700 [ 23.322212] ? __switch_to+0x47/0xf50 [ 23.322255] ? __schedule+0x10cc/0x2b60 [ 23.322284] ? __pfx_read_tsc+0x10/0x10 [ 23.322309] ? ktime_get_ts64+0x86/0x230 [ 23.322336] kunit_try_run_case+0x1a5/0x480 [ 23.322358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.322378] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.322400] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.322430] ? __kthread_parkme+0x82/0x180 [ 23.322451] ? preempt_count_sub+0x50/0x80 [ 23.322474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.322495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.322522] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.322548] kthread+0x337/0x6f0 [ 23.322570] ? trace_preempt_on+0x20/0xc0 [ 23.322595] ? __pfx_kthread+0x10/0x10 [ 23.322617] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.322644] ? calculate_sigpending+0x7b/0xa0 [ 23.322671] ? __pfx_kthread+0x10/0x10 [ 23.322694] ret_from_fork+0x116/0x1d0 [ 23.322713] ? __pfx_kthread+0x10/0x10 [ 23.322735] ret_from_fork_asm+0x1a/0x30 [ 23.322819] </TASK> [ 23.322834] [ 23.330029] Allocated by task 212: [ 23.330182] kasan_save_stack+0x45/0x70 [ 23.330393] kasan_save_track+0x18/0x40 [ 23.330575] kasan_save_alloc_info+0x3b/0x50 [ 23.330750] __kasan_kmalloc+0xb7/0xc0 [ 23.330996] __kmalloc_cache_noprof+0x189/0x420 [ 23.331188] krealloc_uaf+0xbb/0x5e0 [ 23.331327] kunit_try_run_case+0x1a5/0x480 [ 23.331464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.331675] kthread+0x337/0x6f0 [ 23.331845] ret_from_fork+0x116/0x1d0 [ 23.332023] ret_from_fork_asm+0x1a/0x30 [ 23.332191] [ 23.332263] Freed by task 212: [ 23.332367] kasan_save_stack+0x45/0x70 [ 23.332493] kasan_save_track+0x18/0x40 [ 23.332638] kasan_save_free_info+0x3f/0x60 [ 23.332869] __kasan_slab_free+0x56/0x70 [ 23.333058] kfree+0x222/0x3f0 [ 23.333226] krealloc_uaf+0x13d/0x5e0 [ 23.333419] kunit_try_run_case+0x1a5/0x480 [ 23.333623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.333885] kthread+0x337/0x6f0 [ 23.334009] ret_from_fork+0x116/0x1d0 [ 23.334134] ret_from_fork_asm+0x1a/0x30 [ 23.334278] [ 23.334344] The buggy address belongs to the object at ffff888105653200 [ 23.334344] which belongs to the cache kmalloc-256 of size 256 [ 23.334692] The buggy address is located 0 bytes inside of [ 23.334692] freed 256-byte region [ffff888105653200, ffff888105653300) [ 23.335186] [ 23.335284] The buggy address belongs to the physical page: [ 23.335743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105652 [ 23.336115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.336353] flags: 0x200000000000040(head|node=0|zone=2) [ 23.336529] page_type: f5(slab) [ 23.336649] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.336875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.338171] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.338626] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.339154] head: 0200000000000001 ffffea0004159481 00000000ffffffff 00000000ffffffff [ 23.339828] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.340148] page dumped because: kasan: bad access detected [ 23.340384] [ 23.340466] Memory state around the buggy address: [ 23.340670] ffff888105653100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.341261] ffff888105653180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.341552] >ffff888105653200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.341957] ^ [ 23.342115] ffff888105653280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.342408] ffff888105653300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.342686] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 23.126705] ================================================================== [ 23.127289] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.127622] Write of size 1 at addr ffff888100a236eb by task kunit_try_catch/206 [ 23.128041] [ 23.128130] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.128179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.128191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.128212] Call Trace: [ 23.128232] <TASK> [ 23.128264] dump_stack_lvl+0x73/0xb0 [ 23.128296] print_report+0xd1/0x610 [ 23.128318] ? __virt_addr_valid+0x1db/0x2d0 [ 23.128342] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.128368] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.128397] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.128421] kasan_report+0x141/0x180 [ 23.128444] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.128474] __asan_report_store1_noabort+0x1b/0x30 [ 23.128500] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.128527] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.128552] ? finish_task_switch.isra.0+0x153/0x700 [ 23.128574] ? __switch_to+0x47/0xf50 [ 23.128603] ? __schedule+0x10cc/0x2b60 [ 23.128631] ? __pfx_read_tsc+0x10/0x10 [ 23.128659] krealloc_less_oob+0x1c/0x30 [ 23.128682] kunit_try_run_case+0x1a5/0x480 [ 23.128704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.128724] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.128746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.128776] ? __kthread_parkme+0x82/0x180 [ 23.128797] ? preempt_count_sub+0x50/0x80 [ 23.128820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.128842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.128870] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.128896] kthread+0x337/0x6f0 [ 23.128918] ? trace_preempt_on+0x20/0xc0 [ 23.128943] ? __pfx_kthread+0x10/0x10 [ 23.128965] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.128992] ? calculate_sigpending+0x7b/0xa0 [ 23.129019] ? __pfx_kthread+0x10/0x10 [ 23.129042] ret_from_fork+0x116/0x1d0 [ 23.129062] ? __pfx_kthread+0x10/0x10 [ 23.129084] ret_from_fork_asm+0x1a/0x30 [ 23.129117] </TASK> [ 23.129129] [ 23.136323] Allocated by task 206: [ 23.136482] kasan_save_stack+0x45/0x70 [ 23.136657] kasan_save_track+0x18/0x40 [ 23.136861] kasan_save_alloc_info+0x3b/0x50 [ 23.137046] __kasan_krealloc+0x190/0x1f0 [ 23.137178] krealloc_noprof+0xf3/0x340 [ 23.137380] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.137600] krealloc_less_oob+0x1c/0x30 [ 23.137785] kunit_try_run_case+0x1a5/0x480 [ 23.137935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.138338] kthread+0x337/0x6f0 [ 23.138511] ret_from_fork+0x116/0x1d0 [ 23.138694] ret_from_fork_asm+0x1a/0x30 [ 23.139354] [ 23.139458] The buggy address belongs to the object at ffff888100a23600 [ 23.139458] which belongs to the cache kmalloc-256 of size 256 [ 23.139961] The buggy address is located 34 bytes to the right of [ 23.139961] allocated 201-byte region [ffff888100a23600, ffff888100a236c9) [ 23.140476] [ 23.140546] The buggy address belongs to the physical page: [ 23.140875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 23.141162] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.141401] flags: 0x200000000000040(head|node=0|zone=2) [ 23.141573] page_type: f5(slab) [ 23.141690] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.142019] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.142369] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.142789] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.143111] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 23.143351] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.143573] page dumped because: kasan: bad access detected [ 23.144041] [ 23.144152] Memory state around the buggy address: [ 23.144390] ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.144709] ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.145493] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.145928] ^ [ 23.146176] ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.146466] ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.146744] ================================================================== [ 23.075354] ================================================================== [ 23.075951] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.076274] Write of size 1 at addr ffff888100a236da by task kunit_try_catch/206 [ 23.076544] [ 23.076653] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.076702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.076714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.076735] Call Trace: [ 23.076756] <TASK> [ 23.076795] dump_stack_lvl+0x73/0xb0 [ 23.076875] print_report+0xd1/0x610 [ 23.076920] ? __virt_addr_valid+0x1db/0x2d0 [ 23.076945] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.076970] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.076999] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.077024] kasan_report+0x141/0x180 [ 23.077047] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.077092] __asan_report_store1_noabort+0x1b/0x30 [ 23.077119] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.077146] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.077172] ? finish_task_switch.isra.0+0x153/0x700 [ 23.077200] ? __switch_to+0x47/0xf50 [ 23.077229] ? __schedule+0x10cc/0x2b60 [ 23.077269] ? __pfx_read_tsc+0x10/0x10 [ 23.077297] krealloc_less_oob+0x1c/0x30 [ 23.077320] kunit_try_run_case+0x1a5/0x480 [ 23.077342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.077362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.077384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.077413] ? __kthread_parkme+0x82/0x180 [ 23.077434] ? preempt_count_sub+0x50/0x80 [ 23.077457] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.077479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.077505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.077532] kthread+0x337/0x6f0 [ 23.077553] ? trace_preempt_on+0x20/0xc0 [ 23.077580] ? __pfx_kthread+0x10/0x10 [ 23.077602] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.077629] ? calculate_sigpending+0x7b/0xa0 [ 23.077657] ? __pfx_kthread+0x10/0x10 [ 23.077680] ret_from_fork+0x116/0x1d0 [ 23.077699] ? __pfx_kthread+0x10/0x10 [ 23.077722] ret_from_fork_asm+0x1a/0x30 [ 23.077756] </TASK> [ 23.077767] [ 23.086052] Allocated by task 206: [ 23.086260] kasan_save_stack+0x45/0x70 [ 23.086487] kasan_save_track+0x18/0x40 [ 23.086618] kasan_save_alloc_info+0x3b/0x50 [ 23.086764] __kasan_krealloc+0x190/0x1f0 [ 23.086953] krealloc_noprof+0xf3/0x340 [ 23.087157] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.087625] krealloc_less_oob+0x1c/0x30 [ 23.087810] kunit_try_run_case+0x1a5/0x480 [ 23.088004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.088226] kthread+0x337/0x6f0 [ 23.088504] ret_from_fork+0x116/0x1d0 [ 23.088635] ret_from_fork_asm+0x1a/0x30 [ 23.088927] [ 23.089027] The buggy address belongs to the object at ffff888100a23600 [ 23.089027] which belongs to the cache kmalloc-256 of size 256 [ 23.089459] The buggy address is located 17 bytes to the right of [ 23.089459] allocated 201-byte region [ffff888100a23600, ffff888100a236c9) [ 23.090023] [ 23.090120] The buggy address belongs to the physical page: [ 23.090373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 23.090618] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.090975] flags: 0x200000000000040(head|node=0|zone=2) [ 23.091258] page_type: f5(slab) [ 23.091423] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.091952] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.092267] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.092602] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.093051] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 23.093320] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.093666] page dumped because: kasan: bad access detected [ 23.093916] [ 23.094005] Memory state around the buggy address: [ 23.094224] ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.094591] ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.094957] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.095267] ^ [ 23.095506] ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.095847] ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.096157] ================================================================== [ 23.231442] ================================================================== [ 23.232322] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.232917] Write of size 1 at addr ffff888105e160da by task kunit_try_catch/210 [ 23.233268] [ 23.233377] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.233428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.233441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.233462] Call Trace: [ 23.233484] <TASK> [ 23.233506] dump_stack_lvl+0x73/0xb0 [ 23.233538] print_report+0xd1/0x610 [ 23.233562] ? __virt_addr_valid+0x1db/0x2d0 [ 23.233586] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.233610] ? kasan_addr_to_slab+0x11/0xa0 [ 23.233631] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.233655] kasan_report+0x141/0x180 [ 23.233680] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.233709] __asan_report_store1_noabort+0x1b/0x30 [ 23.233737] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.234044] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.234074] ? finish_task_switch.isra.0+0x153/0x700 [ 23.234098] ? __switch_to+0x47/0xf50 [ 23.234127] ? __schedule+0x10cc/0x2b60 [ 23.234192] ? __pfx_read_tsc+0x10/0x10 [ 23.234224] krealloc_large_less_oob+0x1c/0x30 [ 23.234258] kunit_try_run_case+0x1a5/0x480 [ 23.234282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.234303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.234324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.234354] ? __kthread_parkme+0x82/0x180 [ 23.234375] ? preempt_count_sub+0x50/0x80 [ 23.234398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.234420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.234446] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.234473] kthread+0x337/0x6f0 [ 23.234494] ? trace_preempt_on+0x20/0xc0 [ 23.234520] ? __pfx_kthread+0x10/0x10 [ 23.234542] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.234569] ? calculate_sigpending+0x7b/0xa0 [ 23.234596] ? __pfx_kthread+0x10/0x10 [ 23.234619] ret_from_fork+0x116/0x1d0 [ 23.234639] ? __pfx_kthread+0x10/0x10 [ 23.234661] ret_from_fork_asm+0x1a/0x30 [ 23.234695] </TASK> [ 23.234707] [ 23.247146] The buggy address belongs to the physical page: [ 23.247470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14 [ 23.247982] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.248420] flags: 0x200000000000040(head|node=0|zone=2) [ 23.248656] page_type: f8(unknown) [ 23.249161] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.249485] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.250065] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.250416] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.250730] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff [ 23.251235] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.251554] page dumped because: kasan: bad access detected [ 23.251734] [ 23.251799] Memory state around the buggy address: [ 23.251951] ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.252611] ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.252957] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.253303] ^ [ 23.253486] ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.253691] ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.253894] ================================================================== [ 23.054218] ================================================================== [ 23.054496] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.054786] Write of size 1 at addr ffff888100a236d0 by task kunit_try_catch/206 [ 23.055178] [ 23.055273] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.055324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.055335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.055356] Call Trace: [ 23.055370] <TASK> [ 23.055459] dump_stack_lvl+0x73/0xb0 [ 23.055492] print_report+0xd1/0x610 [ 23.055516] ? __virt_addr_valid+0x1db/0x2d0 [ 23.055541] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.055565] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.055594] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.055619] kasan_report+0x141/0x180 [ 23.055642] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.055671] __asan_report_store1_noabort+0x1b/0x30 [ 23.055698] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.055725] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.055792] ? finish_task_switch.isra.0+0x153/0x700 [ 23.055819] ? __switch_to+0x47/0xf50 [ 23.055848] ? __schedule+0x10cc/0x2b60 [ 23.055877] ? __pfx_read_tsc+0x10/0x10 [ 23.055907] krealloc_less_oob+0x1c/0x30 [ 23.055930] kunit_try_run_case+0x1a5/0x480 [ 23.055953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.055973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.055995] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.056024] ? __kthread_parkme+0x82/0x180 [ 23.056045] ? preempt_count_sub+0x50/0x80 [ 23.056068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.056090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.056117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.056143] kthread+0x337/0x6f0 [ 23.056164] ? trace_preempt_on+0x20/0xc0 [ 23.056189] ? __pfx_kthread+0x10/0x10 [ 23.056212] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.056252] ? calculate_sigpending+0x7b/0xa0 [ 23.056281] ? __pfx_kthread+0x10/0x10 [ 23.056304] ret_from_fork+0x116/0x1d0 [ 23.056324] ? __pfx_kthread+0x10/0x10 [ 23.056347] ret_from_fork_asm+0x1a/0x30 [ 23.056381] </TASK> [ 23.056393] [ 23.064313] Allocated by task 206: [ 23.064454] kasan_save_stack+0x45/0x70 [ 23.064602] kasan_save_track+0x18/0x40 [ 23.064731] kasan_save_alloc_info+0x3b/0x50 [ 23.064925] __kasan_krealloc+0x190/0x1f0 [ 23.065121] krealloc_noprof+0xf3/0x340 [ 23.065345] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.065578] krealloc_less_oob+0x1c/0x30 [ 23.065786] kunit_try_run_case+0x1a5/0x480 [ 23.066088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.066384] kthread+0x337/0x6f0 [ 23.066537] ret_from_fork+0x116/0x1d0 [ 23.066720] ret_from_fork_asm+0x1a/0x30 [ 23.066969] [ 23.067079] The buggy address belongs to the object at ffff888100a23600 [ 23.067079] which belongs to the cache kmalloc-256 of size 256 [ 23.067444] The buggy address is located 7 bytes to the right of [ 23.067444] allocated 201-byte region [ffff888100a23600, ffff888100a236c9) [ 23.067933] [ 23.068028] The buggy address belongs to the physical page: [ 23.068306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 23.068842] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.069100] flags: 0x200000000000040(head|node=0|zone=2) [ 23.069294] page_type: f5(slab) [ 23.069416] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.069653] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.070210] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.070771] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.071398] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 23.071742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.072216] page dumped because: kasan: bad access detected [ 23.072655] [ 23.072783] Memory state around the buggy address: [ 23.072985] ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.073401] ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.073699] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.074031] ^ [ 23.074307] ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.074605] ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.074811] ================================================================== [ 23.254233] ================================================================== [ 23.255454] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.256025] Write of size 1 at addr ffff888105e160ea by task kunit_try_catch/210 [ 23.256271] [ 23.256361] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.256411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.256423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.256444] Call Trace: [ 23.256464] <TASK> [ 23.256484] dump_stack_lvl+0x73/0xb0 [ 23.256515] print_report+0xd1/0x610 [ 23.256539] ? __virt_addr_valid+0x1db/0x2d0 [ 23.256564] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.256588] ? kasan_addr_to_slab+0x11/0xa0 [ 23.256608] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.257153] kasan_report+0x141/0x180 [ 23.257187] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.257226] __asan_report_store1_noabort+0x1b/0x30 [ 23.257381] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.257417] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.257444] ? finish_task_switch.isra.0+0x153/0x700 [ 23.257469] ? __switch_to+0x47/0xf50 [ 23.257499] ? __schedule+0x10cc/0x2b60 [ 23.257529] ? __pfx_read_tsc+0x10/0x10 [ 23.257557] krealloc_large_less_oob+0x1c/0x30 [ 23.257581] kunit_try_run_case+0x1a5/0x480 [ 23.257604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.257624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.257646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.257676] ? __kthread_parkme+0x82/0x180 [ 23.257697] ? preempt_count_sub+0x50/0x80 [ 23.257720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.257742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.257769] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.257796] kthread+0x337/0x6f0 [ 23.257818] ? trace_preempt_on+0x20/0xc0 [ 23.257843] ? __pfx_kthread+0x10/0x10 [ 23.257866] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.257893] ? calculate_sigpending+0x7b/0xa0 [ 23.257920] ? __pfx_kthread+0x10/0x10 [ 23.257944] ret_from_fork+0x116/0x1d0 [ 23.257963] ? __pfx_kthread+0x10/0x10 [ 23.257986] ret_from_fork_asm+0x1a/0x30 [ 23.258021] </TASK> [ 23.258033] [ 23.268992] The buggy address belongs to the physical page: [ 23.269220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14 [ 23.269530] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.270069] flags: 0x200000000000040(head|node=0|zone=2) [ 23.270336] page_type: f8(unknown) [ 23.270492] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.270876] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.271172] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.271528] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.271907] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff [ 23.272215] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.272520] page dumped because: kasan: bad access detected [ 23.272739] [ 23.273018] Memory state around the buggy address: [ 23.273182] ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.273510] ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.273744] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.273950] ^ [ 23.274184] ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.274501] ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.274986] ================================================================== [ 23.096674] ================================================================== [ 23.097189] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.097523] Write of size 1 at addr ffff888100a236ea by task kunit_try_catch/206 [ 23.097972] [ 23.098087] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.098136] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.098148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.098169] Call Trace: [ 23.098187] <TASK> [ 23.098229] dump_stack_lvl+0x73/0xb0 [ 23.098272] print_report+0xd1/0x610 [ 23.098295] ? __virt_addr_valid+0x1db/0x2d0 [ 23.098319] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.098343] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.098371] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.098416] kasan_report+0x141/0x180 [ 23.098440] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.098470] __asan_report_store1_noabort+0x1b/0x30 [ 23.098497] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.098524] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.098549] ? finish_task_switch.isra.0+0x153/0x700 [ 23.098571] ? __switch_to+0x47/0xf50 [ 23.098600] ? __schedule+0x10cc/0x2b60 [ 23.098650] ? __pfx_read_tsc+0x10/0x10 [ 23.098678] krealloc_less_oob+0x1c/0x30 [ 23.098702] kunit_try_run_case+0x1a5/0x480 [ 23.098726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.098822] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.098846] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.098875] ? __kthread_parkme+0x82/0x180 [ 23.098896] ? preempt_count_sub+0x50/0x80 [ 23.098919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.098941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.098989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.099016] kthread+0x337/0x6f0 [ 23.099038] ? trace_preempt_on+0x20/0xc0 [ 23.099063] ? __pfx_kthread+0x10/0x10 [ 23.099086] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.099113] ? calculate_sigpending+0x7b/0xa0 [ 23.099141] ? __pfx_kthread+0x10/0x10 [ 23.099164] ret_from_fork+0x116/0x1d0 [ 23.099183] ? __pfx_kthread+0x10/0x10 [ 23.099206] ret_from_fork_asm+0x1a/0x30 [ 23.099248] </TASK> [ 23.099260] [ 23.111622] Allocated by task 206: [ 23.111968] kasan_save_stack+0x45/0x70 [ 23.112454] kasan_save_track+0x18/0x40 [ 23.112879] kasan_save_alloc_info+0x3b/0x50 [ 23.113303] __kasan_krealloc+0x190/0x1f0 [ 23.113681] krealloc_noprof+0xf3/0x340 [ 23.114096] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.114606] krealloc_less_oob+0x1c/0x30 [ 23.115011] kunit_try_run_case+0x1a5/0x480 [ 23.115508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.115916] kthread+0x337/0x6f0 [ 23.116152] ret_from_fork+0x116/0x1d0 [ 23.116444] ret_from_fork_asm+0x1a/0x30 [ 23.116587] [ 23.116653] The buggy address belongs to the object at ffff888100a23600 [ 23.116653] which belongs to the cache kmalloc-256 of size 256 [ 23.117948] The buggy address is located 33 bytes to the right of [ 23.117948] allocated 201-byte region [ffff888100a23600, ffff888100a236c9) [ 23.119162] [ 23.119417] The buggy address belongs to the physical page: [ 23.119595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 23.120092] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.120792] flags: 0x200000000000040(head|node=0|zone=2) [ 23.121296] page_type: f5(slab) [ 23.121579] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.122348] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.122588] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.122835] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.123268] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 23.123555] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.123899] page dumped because: kasan: bad access detected [ 23.124098] [ 23.124162] Memory state around the buggy address: [ 23.124395] ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.124670] ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.124944] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.125167] ^ [ 23.125514] ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.125781] ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.126151] ================================================================== [ 23.026997] ================================================================== [ 23.027481] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.027847] Write of size 1 at addr ffff888100a236c9 by task kunit_try_catch/206 [ 23.028138] [ 23.028234] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.028488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.028505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.028530] Call Trace: [ 23.028545] <TASK> [ 23.028566] dump_stack_lvl+0x73/0xb0 [ 23.028602] print_report+0xd1/0x610 [ 23.028626] ? __virt_addr_valid+0x1db/0x2d0 [ 23.028654] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.028678] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.028707] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.028732] kasan_report+0x141/0x180 [ 23.028832] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.028865] __asan_report_store1_noabort+0x1b/0x30 [ 23.028892] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.028920] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.028945] ? finish_task_switch.isra.0+0x153/0x700 [ 23.028969] ? __switch_to+0x47/0xf50 [ 23.029000] ? __schedule+0x10cc/0x2b60 [ 23.029030] ? __pfx_read_tsc+0x10/0x10 [ 23.029059] krealloc_less_oob+0x1c/0x30 [ 23.029082] kunit_try_run_case+0x1a5/0x480 [ 23.029106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.029127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.029149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.029178] ? __kthread_parkme+0x82/0x180 [ 23.029205] ? preempt_count_sub+0x50/0x80 [ 23.029229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.029263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.029290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.029316] kthread+0x337/0x6f0 [ 23.029338] ? trace_preempt_on+0x20/0xc0 [ 23.029365] ? __pfx_kthread+0x10/0x10 [ 23.029388] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.029415] ? calculate_sigpending+0x7b/0xa0 [ 23.029445] ? __pfx_kthread+0x10/0x10 [ 23.029468] ret_from_fork+0x116/0x1d0 [ 23.029488] ? __pfx_kthread+0x10/0x10 [ 23.029510] ret_from_fork_asm+0x1a/0x30 [ 23.029545] </TASK> [ 23.029558] [ 23.038660] Allocated by task 206: [ 23.039517] kasan_save_stack+0x45/0x70 [ 23.039932] kasan_save_track+0x18/0x40 [ 23.040175] kasan_save_alloc_info+0x3b/0x50 [ 23.040483] __kasan_krealloc+0x190/0x1f0 [ 23.040811] krealloc_noprof+0xf3/0x340 [ 23.041057] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.041288] krealloc_less_oob+0x1c/0x30 [ 23.041468] kunit_try_run_case+0x1a5/0x480 [ 23.041651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.042387] kthread+0x337/0x6f0 [ 23.042617] ret_from_fork+0x116/0x1d0 [ 23.042921] ret_from_fork_asm+0x1a/0x30 [ 23.043344] [ 23.043436] The buggy address belongs to the object at ffff888100a23600 [ 23.043436] which belongs to the cache kmalloc-256 of size 256 [ 23.044702] The buggy address is located 0 bytes to the right of [ 23.044702] allocated 201-byte region [ffff888100a23600, ffff888100a236c9) [ 23.045589] [ 23.045688] The buggy address belongs to the physical page: [ 23.046362] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 23.046700] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.047070] flags: 0x200000000000040(head|node=0|zone=2) [ 23.047329] page_type: f5(slab) [ 23.047483] raw: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.048146] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.048448] head: 0200000000000040 ffff888100041b40 ffffea0004028a00 dead000000000002 [ 23.048749] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.049275] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 23.049577] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.050072] page dumped because: kasan: bad access detected [ 23.050306] [ 23.050388] Memory state around the buggy address: [ 23.050588] ffff888100a23580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.051039] ffff888100a23600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.051330] >ffff888100a23680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.051605] ^ [ 23.052515] ffff888100a23700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.052755] ffff888100a23780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.053168] ================================================================== [ 23.190022] ================================================================== [ 23.190584] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.191022] Write of size 1 at addr ffff888105e160c9 by task kunit_try_catch/210 [ 23.191400] [ 23.191502] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.191560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.191576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.191612] Call Trace: [ 23.191627] <TASK> [ 23.191649] dump_stack_lvl+0x73/0xb0 [ 23.191684] print_report+0xd1/0x610 [ 23.191710] ? __virt_addr_valid+0x1db/0x2d0 [ 23.191740] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.191770] ? kasan_addr_to_slab+0x11/0xa0 [ 23.191793] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.191823] kasan_report+0x141/0x180 [ 23.191847] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.191880] __asan_report_store1_noabort+0x1b/0x30 [ 23.191910] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.191959] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.191988] ? finish_task_switch.isra.0+0x153/0x700 [ 23.192016] ? __switch_to+0x47/0xf50 [ 23.192048] ? __schedule+0x10cc/0x2b60 [ 23.192080] ? __pfx_read_tsc+0x10/0x10 [ 23.192110] krealloc_large_less_oob+0x1c/0x30 [ 23.192137] kunit_try_run_case+0x1a5/0x480 [ 23.192164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.192188] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.192213] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.192257] ? __kthread_parkme+0x82/0x180 [ 23.192280] ? preempt_count_sub+0x50/0x80 [ 23.192306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.192331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.192362] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.192394] kthread+0x337/0x6f0 [ 23.192416] ? trace_preempt_on+0x20/0xc0 [ 23.192446] ? __pfx_kthread+0x10/0x10 [ 23.192470] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.192500] ? calculate_sigpending+0x7b/0xa0 [ 23.192531] ? __pfx_kthread+0x10/0x10 [ 23.192556] ret_from_fork+0x116/0x1d0 [ 23.192577] ? __pfx_kthread+0x10/0x10 [ 23.192601] ret_from_fork_asm+0x1a/0x30 [ 23.192638] </TASK> [ 23.192650] [ 23.200566] The buggy address belongs to the physical page: [ 23.201098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14 [ 23.201496] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.201810] flags: 0x200000000000040(head|node=0|zone=2) [ 23.202150] page_type: f8(unknown) [ 23.202303] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.202555] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.202890] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.203339] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.203581] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff [ 23.203852] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.204197] page dumped because: kasan: bad access detected [ 23.204461] [ 23.204564] Memory state around the buggy address: [ 23.204723] ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.205384] ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.205615] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.205830] ^ [ 23.206257] ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.206578] ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.206999] ================================================================== [ 23.275339] ================================================================== [ 23.275562] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.276138] Write of size 1 at addr ffff888105e160eb by task kunit_try_catch/210 [ 23.276488] [ 23.276597] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.276648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.276660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.276681] Call Trace: [ 23.276703] <TASK> [ 23.276724] dump_stack_lvl+0x73/0xb0 [ 23.276754] print_report+0xd1/0x610 [ 23.276777] ? __virt_addr_valid+0x1db/0x2d0 [ 23.276801] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.277002] ? kasan_addr_to_slab+0x11/0xa0 [ 23.277028] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.277054] kasan_report+0x141/0x180 [ 23.277077] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.277106] __asan_report_store1_noabort+0x1b/0x30 [ 23.277133] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.277159] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.277184] ? finish_task_switch.isra.0+0x153/0x700 [ 23.277214] ? __switch_to+0x47/0xf50 [ 23.277258] ? __schedule+0x10cc/0x2b60 [ 23.277288] ? __pfx_read_tsc+0x10/0x10 [ 23.277317] krealloc_large_less_oob+0x1c/0x30 [ 23.277342] kunit_try_run_case+0x1a5/0x480 [ 23.277366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.277386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.277408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.277436] ? __kthread_parkme+0x82/0x180 [ 23.277456] ? preempt_count_sub+0x50/0x80 [ 23.277479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.277501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.277527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.277554] kthread+0x337/0x6f0 [ 23.277575] ? trace_preempt_on+0x20/0xc0 [ 23.277600] ? __pfx_kthread+0x10/0x10 [ 23.277623] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.277649] ? calculate_sigpending+0x7b/0xa0 [ 23.277675] ? __pfx_kthread+0x10/0x10 [ 23.277699] ret_from_fork+0x116/0x1d0 [ 23.277718] ? __pfx_kthread+0x10/0x10 [ 23.277740] ret_from_fork_asm+0x1a/0x30 [ 23.277837] </TASK> [ 23.277849] [ 23.285158] The buggy address belongs to the physical page: [ 23.285426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14 [ 23.285853] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.286189] flags: 0x200000000000040(head|node=0|zone=2) [ 23.286449] page_type: f8(unknown) [ 23.286619] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.287082] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.287332] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.287662] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.287986] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff [ 23.288210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.289021] page dumped because: kasan: bad access detected [ 23.289265] [ 23.289345] Memory state around the buggy address: [ 23.289553] ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.289776] ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.290086] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.290440] ^ [ 23.290668] ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.290960] ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.291164] ================================================================== [ 23.207463] ================================================================== [ 23.207868] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.208166] Write of size 1 at addr ffff888105e160d0 by task kunit_try_catch/210 [ 23.208406] [ 23.208519] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.208584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.208598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.208631] Call Trace: [ 23.208650] <TASK> [ 23.208670] dump_stack_lvl+0x73/0xb0 [ 23.208702] print_report+0xd1/0x610 [ 23.208725] ? __virt_addr_valid+0x1db/0x2d0 [ 23.208749] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.208774] ? kasan_addr_to_slab+0x11/0xa0 [ 23.208794] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.208819] kasan_report+0x141/0x180 [ 23.208842] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.208872] __asan_report_store1_noabort+0x1b/0x30 [ 23.208899] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.208926] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.208951] ? finish_task_switch.isra.0+0x153/0x700 [ 23.208973] ? __switch_to+0x47/0xf50 [ 23.209002] ? __schedule+0x10cc/0x2b60 [ 23.209031] ? __pfx_read_tsc+0x10/0x10 [ 23.209060] krealloc_large_less_oob+0x1c/0x30 [ 23.209085] kunit_try_run_case+0x1a5/0x480 [ 23.209108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.209128] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.209150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.209178] ? __kthread_parkme+0x82/0x180 [ 23.209205] ? preempt_count_sub+0x50/0x80 [ 23.209228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.209261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.209287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.209314] kthread+0x337/0x6f0 [ 23.209335] ? trace_preempt_on+0x20/0xc0 [ 23.209361] ? __pfx_kthread+0x10/0x10 [ 23.209383] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.209410] ? calculate_sigpending+0x7b/0xa0 [ 23.209437] ? __pfx_kthread+0x10/0x10 [ 23.209460] ret_from_fork+0x116/0x1d0 [ 23.209480] ? __pfx_kthread+0x10/0x10 [ 23.209502] ret_from_fork_asm+0x1a/0x30 [ 23.209537] </TASK> [ 23.209548] [ 23.221267] The buggy address belongs to the physical page: [ 23.221560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e14 [ 23.221960] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.222526] flags: 0x200000000000040(head|node=0|zone=2) [ 23.222982] page_type: f8(unknown) [ 23.223164] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.223492] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.224111] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.224633] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.225183] head: 0200000000000002 ffffea0004178501 00000000ffffffff 00000000ffffffff [ 23.225689] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.226459] page dumped because: kasan: bad access detected [ 23.227207] [ 23.227398] Memory state around the buggy address: [ 23.227611] ffff888105e15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.228347] ffff888105e16000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.228822] >ffff888105e16080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.229112] ^ [ 23.229369] ffff888105e16100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.229653] ffff888105e16180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.230433] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 23.170816] ================================================================== [ 23.171147] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.171506] Write of size 1 at addr ffff88810631a0f0 by task kunit_try_catch/208 [ 23.171749] [ 23.171925] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.171975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.171987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.172008] Call Trace: [ 23.172021] <TASK> [ 23.172039] dump_stack_lvl+0x73/0xb0 [ 23.172069] print_report+0xd1/0x610 [ 23.172092] ? __virt_addr_valid+0x1db/0x2d0 [ 23.172117] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.172142] ? kasan_addr_to_slab+0x11/0xa0 [ 23.172162] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.172188] kasan_report+0x141/0x180 [ 23.172210] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.172252] __asan_report_store1_noabort+0x1b/0x30 [ 23.172280] krealloc_more_oob_helper+0x7eb/0x930 [ 23.172304] ? __schedule+0x10cc/0x2b60 [ 23.172333] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.172360] ? __kasan_check_write+0x18/0x20 [ 23.172386] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.172407] ? irqentry_exit+0x2a/0x60 [ 23.172428] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.172451] ? trace_hardirqs_on+0x37/0xe0 [ 23.172476] ? __pfx_read_tsc+0x10/0x10 [ 23.172504] krealloc_large_more_oob+0x1c/0x30 [ 23.172528] kunit_try_run_case+0x1a5/0x480 [ 23.172551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.172573] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.172594] ? __kthread_parkme+0x82/0x180 [ 23.172616] ? preempt_count_sub+0x50/0x80 [ 23.172640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.172662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.172688] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.172715] kthread+0x337/0x6f0 [ 23.172736] ? trace_preempt_on+0x20/0xc0 [ 23.172817] ? __pfx_kthread+0x10/0x10 [ 23.172843] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.172870] ? calculate_sigpending+0x7b/0xa0 [ 23.172897] ? __pfx_kthread+0x10/0x10 [ 23.172921] ret_from_fork+0x116/0x1d0 [ 23.172946] ? __pfx_kthread+0x10/0x10 [ 23.172970] ret_from_fork_asm+0x1a/0x30 [ 23.173004] </TASK> [ 23.173016] [ 23.180470] The buggy address belongs to the physical page: [ 23.180651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106318 [ 23.181000] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.181336] flags: 0x200000000000040(head|node=0|zone=2) [ 23.181909] page_type: f8(unknown) [ 23.182046] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.182285] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.182542] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.183070] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.183429] head: 0200000000000002 ffffea000418c601 00000000ffffffff 00000000ffffffff [ 23.183776] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.184165] page dumped because: kasan: bad access detected [ 23.184437] [ 23.184503] Memory state around the buggy address: [ 23.184655] ffff888106319f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.184863] ffff88810631a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.185156] >ffff88810631a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.185477] ^ [ 23.185777] ffff88810631a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.186363] ffff88810631a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.186582] ================================================================== [ 22.991024] ================================================================== [ 22.991523] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.992371] Write of size 1 at addr ffff888100a360f0 by task kunit_try_catch/204 [ 22.992619] [ 22.992728] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.992856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.992870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.992892] Call Trace: [ 22.992907] <TASK> [ 22.992925] dump_stack_lvl+0x73/0xb0 [ 22.992957] print_report+0xd1/0x610 [ 22.992980] ? __virt_addr_valid+0x1db/0x2d0 [ 22.993004] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.993028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.993056] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.993081] kasan_report+0x141/0x180 [ 22.993103] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.993133] __asan_report_store1_noabort+0x1b/0x30 [ 22.993159] krealloc_more_oob_helper+0x7eb/0x930 [ 22.993183] ? __schedule+0x10cc/0x2b60 [ 22.993218] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.993256] ? finish_task_switch.isra.0+0x153/0x700 [ 22.993279] ? __switch_to+0x47/0xf50 [ 22.993307] ? __schedule+0x10cc/0x2b60 [ 22.993334] ? __pfx_read_tsc+0x10/0x10 [ 22.993362] krealloc_more_oob+0x1c/0x30 [ 22.993386] kunit_try_run_case+0x1a5/0x480 [ 22.993408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.993428] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.993449] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.993478] ? __kthread_parkme+0x82/0x180 [ 22.993500] ? preempt_count_sub+0x50/0x80 [ 22.993523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.993544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.993570] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.993597] kthread+0x337/0x6f0 [ 22.993618] ? trace_preempt_on+0x20/0xc0 [ 22.993643] ? __pfx_kthread+0x10/0x10 [ 22.993665] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.993692] ? calculate_sigpending+0x7b/0xa0 [ 22.993719] ? __pfx_kthread+0x10/0x10 [ 22.993742] ret_from_fork+0x116/0x1d0 [ 22.993761] ? __pfx_kthread+0x10/0x10 [ 22.994319] ret_from_fork_asm+0x1a/0x30 [ 22.994358] </TASK> [ 22.994371] [ 23.009746] Allocated by task 204: [ 23.010224] kasan_save_stack+0x45/0x70 [ 23.010522] kasan_save_track+0x18/0x40 [ 23.010657] kasan_save_alloc_info+0x3b/0x50 [ 23.010928] __kasan_krealloc+0x190/0x1f0 [ 23.011117] krealloc_noprof+0xf3/0x340 [ 23.011298] krealloc_more_oob_helper+0x1a9/0x930 [ 23.011500] krealloc_more_oob+0x1c/0x30 [ 23.011689] kunit_try_run_case+0x1a5/0x480 [ 23.011867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.012529] kthread+0x337/0x6f0 [ 23.012687] ret_from_fork+0x116/0x1d0 [ 23.013256] ret_from_fork_asm+0x1a/0x30 [ 23.013439] [ 23.013529] The buggy address belongs to the object at ffff888100a36000 [ 23.013529] which belongs to the cache kmalloc-256 of size 256 [ 23.014146] The buggy address is located 5 bytes to the right of [ 23.014146] allocated 235-byte region [ffff888100a36000, ffff888100a360eb) [ 23.014662] [ 23.014752] The buggy address belongs to the physical page: [ 23.015396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36 [ 23.015736] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.016139] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 23.016395] page_type: f5(slab) [ 23.016548] raw: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003 [ 23.016858] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.017532] head: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003 [ 23.018058] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.018407] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff [ 23.018716] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.019190] page dumped because: kasan: bad access detected [ 23.019442] [ 23.019514] Memory state around the buggy address: [ 23.019717] ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.020107] ffff888100a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.020420] >ffff888100a36080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.020703] ^ [ 23.021096] ffff888100a36100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.021402] ffff888100a36180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.021685] ================================================================== [ 22.958659] ================================================================== [ 22.959700] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.960753] Write of size 1 at addr ffff888100a360eb by task kunit_try_catch/204 [ 22.961387] [ 22.961506] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.961564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.961577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.961600] Call Trace: [ 22.961614] <TASK> [ 22.961634] dump_stack_lvl+0x73/0xb0 [ 22.961667] print_report+0xd1/0x610 [ 22.961692] ? __virt_addr_valid+0x1db/0x2d0 [ 22.961717] ? krealloc_more_oob_helper+0x821/0x930 [ 22.961742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.961981] ? krealloc_more_oob_helper+0x821/0x930 [ 22.962008] kasan_report+0x141/0x180 [ 22.962031] ? krealloc_more_oob_helper+0x821/0x930 [ 22.962105] __asan_report_store1_noabort+0x1b/0x30 [ 22.962135] krealloc_more_oob_helper+0x821/0x930 [ 22.962158] ? __schedule+0x10cc/0x2b60 [ 22.962188] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.962213] ? finish_task_switch.isra.0+0x153/0x700 [ 22.962248] ? __switch_to+0x47/0xf50 [ 22.962281] ? __schedule+0x10cc/0x2b60 [ 22.962308] ? __pfx_read_tsc+0x10/0x10 [ 22.962336] krealloc_more_oob+0x1c/0x30 [ 22.962360] kunit_try_run_case+0x1a5/0x480 [ 22.962383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.962403] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.962424] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.962453] ? __kthread_parkme+0x82/0x180 [ 22.962473] ? preempt_count_sub+0x50/0x80 [ 22.962496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.962518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.962544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.962571] kthread+0x337/0x6f0 [ 22.962592] ? trace_preempt_on+0x20/0xc0 [ 22.962617] ? __pfx_kthread+0x10/0x10 [ 22.962639] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.962667] ? calculate_sigpending+0x7b/0xa0 [ 22.962695] ? __pfx_kthread+0x10/0x10 [ 22.962718] ret_from_fork+0x116/0x1d0 [ 22.962737] ? __pfx_kthread+0x10/0x10 [ 22.962770] ret_from_fork_asm+0x1a/0x30 [ 22.962807] </TASK> [ 22.962833] [ 22.974852] Allocated by task 204: [ 22.975221] kasan_save_stack+0x45/0x70 [ 22.975458] kasan_save_track+0x18/0x40 [ 22.975631] kasan_save_alloc_info+0x3b/0x50 [ 22.976019] __kasan_krealloc+0x190/0x1f0 [ 22.976335] krealloc_noprof+0xf3/0x340 [ 22.976689] krealloc_more_oob_helper+0x1a9/0x930 [ 22.977038] krealloc_more_oob+0x1c/0x30 [ 22.977249] kunit_try_run_case+0x1a5/0x480 [ 22.977430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.977657] kthread+0x337/0x6f0 [ 22.978061] ret_from_fork+0x116/0x1d0 [ 22.978357] ret_from_fork_asm+0x1a/0x30 [ 22.978657] [ 22.978905] The buggy address belongs to the object at ffff888100a36000 [ 22.978905] which belongs to the cache kmalloc-256 of size 256 [ 22.979575] The buggy address is located 0 bytes to the right of [ 22.979575] allocated 235-byte region [ffff888100a36000, ffff888100a360eb) [ 22.980400] [ 22.980498] The buggy address belongs to the physical page: [ 22.980880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a36 [ 22.981366] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.981669] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 22.982072] page_type: f5(slab) [ 22.982422] raw: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003 [ 22.983142] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.983469] head: 0200000000000040 ffff888100041b40 ffffea0004028880 dead000000000003 [ 22.983935] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.984438] head: 0200000000000001 ffffea0004028d81 00000000ffffffff 00000000ffffffff [ 22.985184] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.985552] page dumped because: kasan: bad access detected [ 22.985981] [ 22.986080] Memory state around the buggy address: [ 22.986520] ffff888100a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.986983] ffff888100a36000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.987289] >ffff888100a36080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.987576] ^ [ 22.988114] ffff888100a36100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.988595] ffff888100a36180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.989326] ================================================================== [ 23.153099] ================================================================== [ 23.153585] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.153929] Write of size 1 at addr ffff88810631a0eb by task kunit_try_catch/208 [ 23.154381] [ 23.154692] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 23.154819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.154835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.154858] Call Trace: [ 23.154874] <TASK> [ 23.154895] dump_stack_lvl+0x73/0xb0 [ 23.154928] print_report+0xd1/0x610 [ 23.154953] ? __virt_addr_valid+0x1db/0x2d0 [ 23.154979] ? krealloc_more_oob_helper+0x821/0x930 [ 23.155004] ? kasan_addr_to_slab+0x11/0xa0 [ 23.155024] ? krealloc_more_oob_helper+0x821/0x930 [ 23.155049] kasan_report+0x141/0x180 [ 23.155072] ? krealloc_more_oob_helper+0x821/0x930 [ 23.155101] __asan_report_store1_noabort+0x1b/0x30 [ 23.155128] krealloc_more_oob_helper+0x821/0x930 [ 23.155152] ? __schedule+0x10cc/0x2b60 [ 23.155181] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.155208] ? __kasan_check_write+0x18/0x20 [ 23.155234] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.155270] ? irqentry_exit+0x2a/0x60 [ 23.155291] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.155314] ? trace_hardirqs_on+0x37/0xe0 [ 23.155339] ? __pfx_read_tsc+0x10/0x10 [ 23.155368] krealloc_large_more_oob+0x1c/0x30 [ 23.155393] kunit_try_run_case+0x1a5/0x480 [ 23.155417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.155440] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.155461] ? __kthread_parkme+0x82/0x180 [ 23.155482] ? preempt_count_sub+0x50/0x80 [ 23.155507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.155528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.155556] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.155582] kthread+0x337/0x6f0 [ 23.155604] ? trace_preempt_on+0x20/0xc0 [ 23.155627] ? __pfx_kthread+0x10/0x10 [ 23.155649] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.155676] ? calculate_sigpending+0x7b/0xa0 [ 23.155704] ? __pfx_kthread+0x10/0x10 [ 23.155727] ret_from_fork+0x116/0x1d0 [ 23.155747] ? __pfx_kthread+0x10/0x10 [ 23.155782] ret_from_fork_asm+0x1a/0x30 [ 23.155854] </TASK> [ 23.155869] [ 23.163856] The buggy address belongs to the physical page: [ 23.164056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106318 [ 23.164311] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.164641] flags: 0x200000000000040(head|node=0|zone=2) [ 23.165126] page_type: f8(unknown) [ 23.165335] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.165664] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.166090] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.166424] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.166679] head: 0200000000000002 ffffea000418c601 00000000ffffffff 00000000ffffffff [ 23.166902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.167162] page dumped because: kasan: bad access detected [ 23.167413] [ 23.167499] Memory state around the buggy address: [ 23.168023] ffff888106319f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.168394] ffff88810631a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.168603] >ffff88810631a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.168808] ^ [ 23.169462] ffff88810631a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.169940] ffff88810631a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.170294] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 22.902379] ================================================================== [ 22.903035] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 22.903352] Free of addr ffff888106314001 by task kunit_try_catch/198 [ 22.903629] [ 22.903742] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.904133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.904150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.904175] Call Trace: [ 22.904191] <TASK> [ 22.904211] dump_stack_lvl+0x73/0xb0 [ 22.904281] print_report+0xd1/0x610 [ 22.904307] ? __virt_addr_valid+0x1db/0x2d0 [ 22.904334] ? kasan_addr_to_slab+0x11/0xa0 [ 22.904353] ? kfree+0x274/0x3f0 [ 22.904377] kasan_report_invalid_free+0x10a/0x130 [ 22.904402] ? kfree+0x274/0x3f0 [ 22.904427] ? kfree+0x274/0x3f0 [ 22.904450] __kasan_kfree_large+0x86/0xd0 [ 22.904471] free_large_kmalloc+0x52/0x110 [ 22.904496] kfree+0x274/0x3f0 [ 22.904523] kmalloc_large_invalid_free+0x120/0x2b0 [ 22.904546] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.904571] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.904597] kunit_try_run_case+0x1a5/0x480 [ 22.904620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.904641] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.904663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.904692] ? __kthread_parkme+0x82/0x180 [ 22.904713] ? preempt_count_sub+0x50/0x80 [ 22.904737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.905054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.905085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.905113] kthread+0x337/0x6f0 [ 22.905135] ? trace_preempt_on+0x20/0xc0 [ 22.905161] ? __pfx_kthread+0x10/0x10 [ 22.905184] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.905220] ? calculate_sigpending+0x7b/0xa0 [ 22.905261] ? __pfx_kthread+0x10/0x10 [ 22.905284] ret_from_fork+0x116/0x1d0 [ 22.905306] ? __pfx_kthread+0x10/0x10 [ 22.905328] ret_from_fork_asm+0x1a/0x30 [ 22.905363] </TASK> [ 22.905374] [ 22.917269] The buggy address belongs to the physical page: [ 22.917484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106314 [ 22.917954] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.918264] flags: 0x200000000000040(head|node=0|zone=2) [ 22.919071] page_type: f8(unknown) [ 22.919372] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.919854] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.920338] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.920740] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.921268] head: 0200000000000002 ffffea000418c501 00000000ffffffff 00000000ffffffff [ 22.921598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.921996] page dumped because: kasan: bad access detected [ 22.922327] [ 22.922393] Memory state around the buggy address: [ 22.923230] ffff888106313f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.923543] ffff888106313f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.924138] >ffff888106314000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.924534] ^ [ 22.924797] ffff888106314080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.925327] ffff888106314100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.925815] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 22.880208] ================================================================== [ 22.880663] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 22.881000] Read of size 1 at addr ffff888106314000 by task kunit_try_catch/196 [ 22.881447] [ 22.881655] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.881726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.881738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.881761] Call Trace: [ 22.881903] <TASK> [ 22.881928] dump_stack_lvl+0x73/0xb0 [ 22.881961] print_report+0xd1/0x610 [ 22.881986] ? __virt_addr_valid+0x1db/0x2d0 [ 22.882011] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.882031] ? kasan_addr_to_slab+0x11/0xa0 [ 22.882052] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.882073] kasan_report+0x141/0x180 [ 22.882096] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.882121] __asan_report_load1_noabort+0x18/0x20 [ 22.882148] kmalloc_large_uaf+0x2f1/0x340 [ 22.882168] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 22.882190] ? __schedule+0x10cc/0x2b60 [ 22.882219] ? __pfx_read_tsc+0x10/0x10 [ 22.882256] ? ktime_get_ts64+0x86/0x230 [ 22.882283] kunit_try_run_case+0x1a5/0x480 [ 22.882306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.882326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.882348] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.882376] ? __kthread_parkme+0x82/0x180 [ 22.882398] ? preempt_count_sub+0x50/0x80 [ 22.882422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.882444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.882470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.882497] kthread+0x337/0x6f0 [ 22.882518] ? trace_preempt_on+0x20/0xc0 [ 22.882543] ? __pfx_kthread+0x10/0x10 [ 22.882566] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.882593] ? calculate_sigpending+0x7b/0xa0 [ 22.882622] ? __pfx_kthread+0x10/0x10 [ 22.882645] ret_from_fork+0x116/0x1d0 [ 22.882666] ? __pfx_kthread+0x10/0x10 [ 22.882688] ret_from_fork_asm+0x1a/0x30 [ 22.882723] </TASK> [ 22.882736] [ 22.891705] The buggy address belongs to the physical page: [ 22.892152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106314 [ 22.892669] flags: 0x200000000000000(node=0|zone=2) [ 22.892852] raw: 0200000000000000 ffffea000418c608 ffff888154839fc0 0000000000000000 [ 22.893590] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 22.894319] page dumped because: kasan: bad access detected [ 22.894687] [ 22.895087] Memory state around the buggy address: [ 22.895345] ffff888106313f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.895639] ffff888106313f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.896163] >ffff888106314000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.896650] ^ [ 22.896938] ffff888106314080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.897453] ffff888106314100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.897737] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 22.856934] ================================================================== [ 22.858618] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 22.859624] Write of size 1 at addr ffff88810631600a by task kunit_try_catch/194 [ 22.860491] [ 22.860615] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.860672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.860685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.860708] Call Trace: [ 22.860723] <TASK> [ 22.860751] dump_stack_lvl+0x73/0xb0 [ 22.860786] print_report+0xd1/0x610 [ 22.860811] ? __virt_addr_valid+0x1db/0x2d0 [ 22.860838] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.860859] ? kasan_addr_to_slab+0x11/0xa0 [ 22.860879] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.860901] kasan_report+0x141/0x180 [ 22.860924] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.860950] __asan_report_store1_noabort+0x1b/0x30 [ 22.860977] kmalloc_large_oob_right+0x2e9/0x330 [ 22.860999] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 22.861021] ? __schedule+0x10cc/0x2b60 [ 22.861052] ? __pfx_read_tsc+0x10/0x10 [ 22.861077] ? ktime_get_ts64+0x86/0x230 [ 22.861105] kunit_try_run_case+0x1a5/0x480 [ 22.861130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.861150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.861172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.861206] ? __kthread_parkme+0x82/0x180 [ 22.861228] ? preempt_count_sub+0x50/0x80 [ 22.861261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.861283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.861310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.861336] kthread+0x337/0x6f0 [ 22.861358] ? trace_preempt_on+0x20/0xc0 [ 22.861383] ? __pfx_kthread+0x10/0x10 [ 22.861406] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.861433] ? calculate_sigpending+0x7b/0xa0 [ 22.861462] ? __pfx_kthread+0x10/0x10 [ 22.861486] ret_from_fork+0x116/0x1d0 [ 22.861506] ? __pfx_kthread+0x10/0x10 [ 22.861528] ret_from_fork_asm+0x1a/0x30 [ 22.861563] </TASK> [ 22.861574] [ 22.869505] The buggy address belongs to the physical page: [ 22.869710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106314 [ 22.870284] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.870616] flags: 0x200000000000040(head|node=0|zone=2) [ 22.871009] page_type: f8(unknown) [ 22.871196] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.871488] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.871899] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.872250] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.872591] head: 0200000000000002 ffffea000418c501 00000000ffffffff 00000000ffffffff [ 22.873019] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.873359] page dumped because: kasan: bad access detected [ 22.873587] [ 22.873668] Memory state around the buggy address: [ 22.874074] ffff888106315f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.874384] ffff888106315f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.874675] >ffff888106316000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.875069] ^ [ 22.875260] ffff888106316080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.875496] ffff888106316100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.875734] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 22.827742] ================================================================== [ 22.828561] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 22.829024] Write of size 1 at addr ffff888102c2df00 by task kunit_try_catch/192 [ 22.829399] [ 22.829496] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.829584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.829597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.829620] Call Trace: [ 22.829634] <TASK> [ 22.829661] dump_stack_lvl+0x73/0xb0 [ 22.829882] print_report+0xd1/0x610 [ 22.829921] ? __virt_addr_valid+0x1db/0x2d0 [ 22.829946] ? kmalloc_big_oob_right+0x316/0x370 [ 22.829969] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.829998] ? kmalloc_big_oob_right+0x316/0x370 [ 22.830020] kasan_report+0x141/0x180 [ 22.830043] ? kmalloc_big_oob_right+0x316/0x370 [ 22.830070] __asan_report_store1_noabort+0x1b/0x30 [ 22.830097] kmalloc_big_oob_right+0x316/0x370 [ 22.830120] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 22.830143] ? __schedule+0x10cc/0x2b60 [ 22.830172] ? __pfx_read_tsc+0x10/0x10 [ 22.830225] ? ktime_get_ts64+0x86/0x230 [ 22.830263] kunit_try_run_case+0x1a5/0x480 [ 22.830286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.830307] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.830329] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.830358] ? __kthread_parkme+0x82/0x180 [ 22.830379] ? preempt_count_sub+0x50/0x80 [ 22.830404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.830425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.830485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.830512] kthread+0x337/0x6f0 [ 22.830558] ? trace_preempt_on+0x20/0xc0 [ 22.830583] ? __pfx_kthread+0x10/0x10 [ 22.830606] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.830632] ? calculate_sigpending+0x7b/0xa0 [ 22.830659] ? __pfx_kthread+0x10/0x10 [ 22.830682] ret_from_fork+0x116/0x1d0 [ 22.830702] ? __pfx_kthread+0x10/0x10 [ 22.830724] ret_from_fork_asm+0x1a/0x30 [ 22.830758] </TASK> [ 22.830771] [ 22.841527] Allocated by task 192: [ 22.841998] kasan_save_stack+0x45/0x70 [ 22.842295] kasan_save_track+0x18/0x40 [ 22.842577] kasan_save_alloc_info+0x3b/0x50 [ 22.843152] __kasan_kmalloc+0xb7/0xc0 [ 22.843357] __kmalloc_cache_noprof+0x189/0x420 [ 22.843662] kmalloc_big_oob_right+0xa9/0x370 [ 22.844088] kunit_try_run_case+0x1a5/0x480 [ 22.844396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.844731] kthread+0x337/0x6f0 [ 22.845127] ret_from_fork+0x116/0x1d0 [ 22.845345] ret_from_fork_asm+0x1a/0x30 [ 22.845694] [ 22.845872] The buggy address belongs to the object at ffff888102c2c000 [ 22.845872] which belongs to the cache kmalloc-8k of size 8192 [ 22.846415] The buggy address is located 0 bytes to the right of [ 22.846415] allocated 7936-byte region [ffff888102c2c000, ffff888102c2df00) [ 22.846887] [ 22.847004] The buggy address belongs to the physical page: [ 22.847314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c28 [ 22.847667] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.847974] flags: 0x200000000000040(head|node=0|zone=2) [ 22.848331] page_type: f5(slab) [ 22.848465] raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 22.848926] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.849284] head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 22.849632] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.850045] head: 0200000000000003 ffffea00040b0a01 00000000ffffffff 00000000ffffffff [ 22.850318] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.850672] page dumped because: kasan: bad access detected [ 22.850932] [ 22.851013] Memory state around the buggy address: [ 22.851317] ffff888102c2de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.851598] ffff888102c2de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.852092] >ffff888102c2df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.852462] ^ [ 22.852646] ffff888102c2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.852914] ffff888102c2e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.853523] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 22.782393] ================================================================== [ 22.783636] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.784067] Write of size 1 at addr ffff8881059ac478 by task kunit_try_catch/190 [ 22.785171] [ 22.785467] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.785525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.785538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.785561] Call Trace: [ 22.785577] <TASK> [ 22.785597] dump_stack_lvl+0x73/0xb0 [ 22.785630] print_report+0xd1/0x610 [ 22.785789] ? __virt_addr_valid+0x1db/0x2d0 [ 22.785818] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.785844] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.785873] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.785899] kasan_report+0x141/0x180 [ 22.785924] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.785955] __asan_report_store1_noabort+0x1b/0x30 [ 22.785983] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.786009] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.786035] ? __schedule+0x10cc/0x2b60 [ 22.786065] ? __pfx_read_tsc+0x10/0x10 [ 22.786090] ? ktime_get_ts64+0x86/0x230 [ 22.786117] kunit_try_run_case+0x1a5/0x480 [ 22.786140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.786160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.786182] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.786210] ? __kthread_parkme+0x82/0x180 [ 22.786231] ? preempt_count_sub+0x50/0x80 [ 22.786268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.786289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.786316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.786343] kthread+0x337/0x6f0 [ 22.786364] ? trace_preempt_on+0x20/0xc0 [ 22.786388] ? __pfx_kthread+0x10/0x10 [ 22.786411] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.786438] ? calculate_sigpending+0x7b/0xa0 [ 22.786465] ? __pfx_kthread+0x10/0x10 [ 22.786488] ret_from_fork+0x116/0x1d0 [ 22.786508] ? __pfx_kthread+0x10/0x10 [ 22.786530] ret_from_fork_asm+0x1a/0x30 [ 22.786564] </TASK> [ 22.786576] [ 22.798114] Allocated by task 190: [ 22.798324] kasan_save_stack+0x45/0x70 [ 22.798776] kasan_save_track+0x18/0x40 [ 22.799541] kasan_save_alloc_info+0x3b/0x50 [ 22.800328] __kasan_kmalloc+0xb7/0xc0 [ 22.800846] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.801623] kmalloc_track_caller_oob_right+0x99/0x520 [ 22.801991] kunit_try_run_case+0x1a5/0x480 [ 22.802204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.802489] kthread+0x337/0x6f0 [ 22.802655] ret_from_fork+0x116/0x1d0 [ 22.802825] ret_from_fork_asm+0x1a/0x30 [ 22.803188] [ 22.803273] The buggy address belongs to the object at ffff8881059ac400 [ 22.803273] which belongs to the cache kmalloc-128 of size 128 [ 22.803800] The buggy address is located 0 bytes to the right of [ 22.803800] allocated 120-byte region [ffff8881059ac400, ffff8881059ac478) [ 22.804474] [ 22.804550] The buggy address belongs to the physical page: [ 22.804747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac [ 22.805320] flags: 0x200000000000000(node=0|zone=2) [ 22.805715] page_type: f5(slab) [ 22.805943] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.806430] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.807001] page dumped because: kasan: bad access detected [ 22.807213] [ 22.807307] Memory state around the buggy address: [ 22.807504] ffff8881059ac300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.808068] ffff8881059ac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.808403] >ffff8881059ac400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.808730] ^ [ 22.809316] ffff8881059ac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.809602] ffff8881059ac500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.810050] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 22.756349] ================================================================== [ 22.756727] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 22.756989] Read of size 1 at addr ffff888106213000 by task kunit_try_catch/188 [ 22.757209] [ 22.757317] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.757370] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.757382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.757405] Call Trace: [ 22.757419] <TASK> [ 22.757438] dump_stack_lvl+0x73/0xb0 [ 22.757468] print_report+0xd1/0x610 [ 22.757490] ? __virt_addr_valid+0x1db/0x2d0 [ 22.757514] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.757538] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.757565] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.757590] kasan_report+0x141/0x180 [ 22.757612] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.757641] __asan_report_load1_noabort+0x18/0x20 [ 22.757667] kmalloc_node_oob_right+0x369/0x3c0 [ 22.757692] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 22.757716] ? __schedule+0x10cc/0x2b60 [ 22.757745] ? __pfx_read_tsc+0x10/0x10 [ 22.757769] ? ktime_get_ts64+0x86/0x230 [ 22.757794] kunit_try_run_case+0x1a5/0x480 [ 22.757817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.757836] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.757856] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.757884] ? __kthread_parkme+0x82/0x180 [ 22.757904] ? preempt_count_sub+0x50/0x80 [ 22.757928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.757949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.757975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.758001] kthread+0x337/0x6f0 [ 22.758021] ? trace_preempt_on+0x20/0xc0 [ 22.758045] ? __pfx_kthread+0x10/0x10 [ 22.758067] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.758092] ? calculate_sigpending+0x7b/0xa0 [ 22.758118] ? __pfx_kthread+0x10/0x10 [ 22.758141] ret_from_fork+0x116/0x1d0 [ 22.758160] ? __pfx_kthread+0x10/0x10 [ 22.758181] ret_from_fork_asm+0x1a/0x30 [ 22.758214] </TASK> [ 22.758226] [ 22.766421] Allocated by task 188: [ 22.766642] kasan_save_stack+0x45/0x70 [ 22.766945] kasan_save_track+0x18/0x40 [ 22.767190] kasan_save_alloc_info+0x3b/0x50 [ 22.767396] __kasan_kmalloc+0xb7/0xc0 [ 22.767599] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.767933] kmalloc_node_oob_right+0xab/0x3c0 [ 22.768146] kunit_try_run_case+0x1a5/0x480 [ 22.768353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.768650] kthread+0x337/0x6f0 [ 22.768907] ret_from_fork+0x116/0x1d0 [ 22.769135] ret_from_fork_asm+0x1a/0x30 [ 22.769395] [ 22.769513] The buggy address belongs to the object at ffff888106212000 [ 22.769513] which belongs to the cache kmalloc-4k of size 4096 [ 22.770173] The buggy address is located 0 bytes to the right of [ 22.770173] allocated 4096-byte region [ffff888106212000, ffff888106213000) [ 22.770720] [ 22.770902] The buggy address belongs to the physical page: [ 22.771218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106210 [ 22.771647] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.772141] flags: 0x200000000000040(head|node=0|zone=2) [ 22.772511] page_type: f5(slab) [ 22.772679] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 22.773106] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.773469] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 22.773955] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.774427] head: 0200000000000003 ffffea0004188401 00000000ffffffff 00000000ffffffff [ 22.774806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.775199] page dumped because: kasan: bad access detected [ 22.775499] [ 22.775590] Memory state around the buggy address: [ 22.775926] ffff888106212f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.776193] ffff888106212f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.776491] >ffff888106213000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.776799] ^ [ 22.776954] ffff888106213080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.777248] ffff888106213100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.777453] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 22.717885] ================================================================== [ 22.718418] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 22.718714] Read of size 1 at addr ffff8881025fe5bf by task kunit_try_catch/186 [ 22.719043] [ 22.719183] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.719287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.719300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.719325] Call Trace: [ 22.719339] <TASK> [ 22.719361] dump_stack_lvl+0x73/0xb0 [ 22.719397] print_report+0xd1/0x610 [ 22.719421] ? __virt_addr_valid+0x1db/0x2d0 [ 22.719449] ? kmalloc_oob_left+0x361/0x3c0 [ 22.719470] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.719498] ? kmalloc_oob_left+0x361/0x3c0 [ 22.719520] kasan_report+0x141/0x180 [ 22.719543] ? kmalloc_oob_left+0x361/0x3c0 [ 22.719569] __asan_report_load1_noabort+0x18/0x20 [ 22.719596] kmalloc_oob_left+0x361/0x3c0 [ 22.719618] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 22.719640] ? __schedule+0x10cc/0x2b60 [ 22.719670] ? __pfx_read_tsc+0x10/0x10 [ 22.719696] ? ktime_get_ts64+0x86/0x230 [ 22.719725] kunit_try_run_case+0x1a5/0x480 [ 22.719750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.719884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.719906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.719935] ? __kthread_parkme+0x82/0x180 [ 22.719957] ? preempt_count_sub+0x50/0x80 [ 22.719982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.720004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.720042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.720087] kthread+0x337/0x6f0 [ 22.720108] ? trace_preempt_on+0x20/0xc0 [ 22.720134] ? __pfx_kthread+0x10/0x10 [ 22.720157] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.720184] ? calculate_sigpending+0x7b/0xa0 [ 22.720212] ? __pfx_kthread+0x10/0x10 [ 22.720235] ret_from_fork+0x116/0x1d0 [ 22.720265] ? __pfx_kthread+0x10/0x10 [ 22.720287] ret_from_fork_asm+0x1a/0x30 [ 22.720323] </TASK> [ 22.720335] [ 22.730343] Allocated by task 21: [ 22.730515] kasan_save_stack+0x45/0x70 [ 22.730660] kasan_save_track+0x18/0x40 [ 22.730811] kasan_save_alloc_info+0x3b/0x50 [ 22.731020] __kasan_kmalloc+0xb7/0xc0 [ 22.731788] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.732001] build_sched_domains+0x38c/0x5dd0 [ 22.732252] partition_sched_domains+0x471/0x9c0 [ 22.732549] rebuild_sched_domains_locked+0x97d/0xd50 [ 22.733113] cpuset_update_active_cpus+0x80f/0x1a90 [ 22.733532] sched_cpu_activate+0x2bf/0x330 [ 22.733718] cpuhp_invoke_callback+0x2a1/0xf00 [ 22.734108] cpuhp_thread_fun+0x2ce/0x5c0 [ 22.734265] smpboot_thread_fn+0x2bc/0x730 [ 22.734402] kthread+0x337/0x6f0 [ 22.734749] ret_from_fork+0x116/0x1d0 [ 22.735442] ret_from_fork_asm+0x1a/0x30 [ 22.735638] [ 22.736377] Freed by task 21: [ 22.737605] kasan_save_stack+0x45/0x70 [ 22.738576] kasan_save_track+0x18/0x40 [ 22.739023] kasan_save_free_info+0x3f/0x60 [ 22.739180] __kasan_slab_free+0x56/0x70 [ 22.739333] kfree+0x222/0x3f0 [ 22.739453] build_sched_domains+0x1fff/0x5dd0 [ 22.739603] partition_sched_domains+0x471/0x9c0 [ 22.739764] rebuild_sched_domains_locked+0x97d/0xd50 [ 22.739929] cpuset_update_active_cpus+0x80f/0x1a90 [ 22.740088] sched_cpu_activate+0x2bf/0x330 [ 22.740232] cpuhp_invoke_callback+0x2a1/0xf00 [ 22.740387] cpuhp_thread_fun+0x2ce/0x5c0 [ 22.741493] smpboot_thread_fn+0x2bc/0x730 [ 22.742450] kthread+0x337/0x6f0 [ 22.742638] ret_from_fork+0x116/0x1d0 [ 22.743520] ret_from_fork_asm+0x1a/0x30 [ 22.744099] [ 22.744495] The buggy address belongs to the object at ffff8881025fe5a0 [ 22.744495] which belongs to the cache kmalloc-16 of size 16 [ 22.745354] The buggy address is located 15 bytes to the right of [ 22.745354] allocated 16-byte region [ffff8881025fe5a0, ffff8881025fe5b0) [ 22.746136] [ 22.746218] The buggy address belongs to the physical page: [ 22.746409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025fe [ 22.746651] flags: 0x200000000000000(node=0|zone=2) [ 22.746844] page_type: f5(slab) [ 22.746966] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.747892] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.748161] page dumped because: kasan: bad access detected [ 22.748424] [ 22.748515] Memory state around the buggy address: [ 22.749146] ffff8881025fe480: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 22.749662] ffff8881025fe500: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.750300] >ffff8881025fe580: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 22.750949] ^ [ 22.751581] ffff8881025fe600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.752470] ffff8881025fe680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.753076] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 22.692742] ================================================================== [ 22.692969] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.693627] Read of size 1 at addr ffff8881059ac380 by task kunit_try_catch/184 [ 22.694177] [ 22.694339] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.694415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.694427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.694449] Call Trace: [ 22.694463] <TASK> [ 22.694497] dump_stack_lvl+0x73/0xb0 [ 22.694528] print_report+0xd1/0x610 [ 22.694550] ? __virt_addr_valid+0x1db/0x2d0 [ 22.694592] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.694626] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.694668] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.694703] kasan_report+0x141/0x180 [ 22.694726] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.694753] __asan_report_load1_noabort+0x18/0x20 [ 22.694801] kmalloc_oob_right+0x68a/0x7f0 [ 22.694824] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.694848] ? __schedule+0x10cc/0x2b60 [ 22.694877] ? __pfx_read_tsc+0x10/0x10 [ 22.694901] ? ktime_get_ts64+0x86/0x230 [ 22.694928] kunit_try_run_case+0x1a5/0x480 [ 22.694950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.694971] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.694993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.695022] ? __kthread_parkme+0x82/0x180 [ 22.695043] ? preempt_count_sub+0x50/0x80 [ 22.695067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.695088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.695131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.695172] kthread+0x337/0x6f0 [ 22.695206] ? trace_preempt_on+0x20/0xc0 [ 22.695254] ? __pfx_kthread+0x10/0x10 [ 22.695292] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.695332] ? calculate_sigpending+0x7b/0xa0 [ 22.695386] ? __pfx_kthread+0x10/0x10 [ 22.695409] ret_from_fork+0x116/0x1d0 [ 22.695429] ? __pfx_kthread+0x10/0x10 [ 22.695451] ret_from_fork_asm+0x1a/0x30 [ 22.695485] </TASK> [ 22.695496] [ 22.703397] Allocated by task 184: [ 22.703706] kasan_save_stack+0x45/0x70 [ 22.704069] kasan_save_track+0x18/0x40 [ 22.704256] kasan_save_alloc_info+0x3b/0x50 [ 22.704398] __kasan_kmalloc+0xb7/0xc0 [ 22.704521] __kmalloc_cache_noprof+0x189/0x420 [ 22.704740] kmalloc_oob_right+0xa9/0x7f0 [ 22.705708] kunit_try_run_case+0x1a5/0x480 [ 22.706288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.706477] kthread+0x337/0x6f0 [ 22.706598] ret_from_fork+0x116/0x1d0 [ 22.706725] ret_from_fork_asm+0x1a/0x30 [ 22.707353] [ 22.707562] The buggy address belongs to the object at ffff8881059ac300 [ 22.707562] which belongs to the cache kmalloc-128 of size 128 [ 22.708855] The buggy address is located 13 bytes to the right of [ 22.708855] allocated 115-byte region [ffff8881059ac300, ffff8881059ac373) [ 22.709565] [ 22.709636] The buggy address belongs to the physical page: [ 22.709876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac [ 22.710138] flags: 0x200000000000000(node=0|zone=2) [ 22.710567] page_type: f5(slab) [ 22.711054] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.711480] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.711861] page dumped because: kasan: bad access detected [ 22.712058] [ 22.712142] Memory state around the buggy address: [ 22.712302] ffff8881059ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.712615] ffff8881059ac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.712832] >ffff8881059ac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.713220] ^ [ 22.713575] ffff8881059ac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.713857] ffff8881059ac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.714457] ================================================================== [ 22.644716] ================================================================== [ 22.645931] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.646777] Write of size 1 at addr ffff8881059ac373 by task kunit_try_catch/184 [ 22.647386] [ 22.648593] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.648998] Tainted: [N]=TEST [ 22.649033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.649290] Call Trace: [ 22.649366] <TASK> [ 22.649527] dump_stack_lvl+0x73/0xb0 [ 22.649628] print_report+0xd1/0x610 [ 22.649658] ? __virt_addr_valid+0x1db/0x2d0 [ 22.649686] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.649708] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.649737] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.649775] kasan_report+0x141/0x180 [ 22.649799] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.649825] __asan_report_store1_noabort+0x1b/0x30 [ 22.649852] kmalloc_oob_right+0x6f0/0x7f0 [ 22.649874] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.649897] ? __schedule+0x10cc/0x2b60 [ 22.649927] ? __pfx_read_tsc+0x10/0x10 [ 22.649953] ? ktime_get_ts64+0x86/0x230 [ 22.649982] kunit_try_run_case+0x1a5/0x480 [ 22.650007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.650027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.650049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.650077] ? __kthread_parkme+0x82/0x180 [ 22.650099] ? preempt_count_sub+0x50/0x80 [ 22.650124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.650147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.650174] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.650201] kthread+0x337/0x6f0 [ 22.650223] ? trace_preempt_on+0x20/0xc0 [ 22.650262] ? __pfx_kthread+0x10/0x10 [ 22.650286] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.650313] ? calculate_sigpending+0x7b/0xa0 [ 22.650341] ? __pfx_kthread+0x10/0x10 [ 22.650364] ret_from_fork+0x116/0x1d0 [ 22.650384] ? __pfx_kthread+0x10/0x10 [ 22.650406] ret_from_fork_asm+0x1a/0x30 [ 22.650469] </TASK> [ 22.650537] [ 22.659936] Allocated by task 184: [ 22.660526] kasan_save_stack+0x45/0x70 [ 22.660925] kasan_save_track+0x18/0x40 [ 22.661110] kasan_save_alloc_info+0x3b/0x50 [ 22.661497] __kasan_kmalloc+0xb7/0xc0 [ 22.661652] __kmalloc_cache_noprof+0x189/0x420 [ 22.662013] kmalloc_oob_right+0xa9/0x7f0 [ 22.662373] kunit_try_run_case+0x1a5/0x480 [ 22.662540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.663035] kthread+0x337/0x6f0 [ 22.663231] ret_from_fork+0x116/0x1d0 [ 22.663638] ret_from_fork_asm+0x1a/0x30 [ 22.663878] [ 22.664142] The buggy address belongs to the object at ffff8881059ac300 [ 22.664142] which belongs to the cache kmalloc-128 of size 128 [ 22.664905] The buggy address is located 0 bytes to the right of [ 22.664905] allocated 115-byte region [ffff8881059ac300, ffff8881059ac373) [ 22.665501] [ 22.665676] The buggy address belongs to the physical page: [ 22.666108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac [ 22.666727] flags: 0x200000000000000(node=0|zone=2) [ 22.667464] page_type: f5(slab) [ 22.668072] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.668409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.668803] page dumped because: kasan: bad access detected [ 22.669221] [ 22.669385] Memory state around the buggy address: [ 22.670038] ffff8881059ac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.670389] ffff8881059ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.670721] >ffff8881059ac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.671314] ^ [ 22.671627] ffff8881059ac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.671965] ffff8881059ac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.672392] ================================================================== [ 22.673813] ================================================================== [ 22.674503] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.674898] Write of size 1 at addr ffff8881059ac378 by task kunit_try_catch/184 [ 22.675293] [ 22.675413] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 22.675484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.675496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.675519] Call Trace: [ 22.675539] <TASK> [ 22.675559] dump_stack_lvl+0x73/0xb0 [ 22.675589] print_report+0xd1/0x610 [ 22.675612] ? __virt_addr_valid+0x1db/0x2d0 [ 22.675637] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.675659] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.675704] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.675740] kasan_report+0x141/0x180 [ 22.675763] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.675790] __asan_report_store1_noabort+0x1b/0x30 [ 22.675836] kmalloc_oob_right+0x6bd/0x7f0 [ 22.675859] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.675882] ? __schedule+0x10cc/0x2b60 [ 22.675911] ? __pfx_read_tsc+0x10/0x10 [ 22.675936] ? ktime_get_ts64+0x86/0x230 [ 22.675963] kunit_try_run_case+0x1a5/0x480 [ 22.675985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.676006] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.676027] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.676055] ? __kthread_parkme+0x82/0x180 [ 22.676076] ? preempt_count_sub+0x50/0x80 [ 22.676101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.676123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.676150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.676176] kthread+0x337/0x6f0 [ 22.676198] ? trace_preempt_on+0x20/0xc0 [ 22.676224] ? __pfx_kthread+0x10/0x10 [ 22.676257] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.676284] ? calculate_sigpending+0x7b/0xa0 [ 22.676312] ? __pfx_kthread+0x10/0x10 [ 22.676335] ret_from_fork+0x116/0x1d0 [ 22.676354] ? __pfx_kthread+0x10/0x10 [ 22.676377] ret_from_fork_asm+0x1a/0x30 [ 22.676411] </TASK> [ 22.676422] [ 22.683580] Allocated by task 184: [ 22.683708] kasan_save_stack+0x45/0x70 [ 22.683844] kasan_save_track+0x18/0x40 [ 22.684038] kasan_save_alloc_info+0x3b/0x50 [ 22.684346] __kasan_kmalloc+0xb7/0xc0 [ 22.684632] __kmalloc_cache_noprof+0x189/0x420 [ 22.684871] kmalloc_oob_right+0xa9/0x7f0 [ 22.685151] kunit_try_run_case+0x1a5/0x480 [ 22.685311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.685478] kthread+0x337/0x6f0 [ 22.685590] ret_from_fork+0x116/0x1d0 [ 22.685711] ret_from_fork_asm+0x1a/0x30 [ 22.685840] [ 22.685903] The buggy address belongs to the object at ffff8881059ac300 [ 22.685903] which belongs to the cache kmalloc-128 of size 128 [ 22.686872] The buggy address is located 5 bytes to the right of [ 22.686872] allocated 115-byte region [ffff8881059ac300, ffff8881059ac373) [ 22.687440] [ 22.687537] The buggy address belongs to the physical page: [ 22.687762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059ac [ 22.688328] flags: 0x200000000000000(node=0|zone=2) [ 22.688517] page_type: f5(slab) [ 22.688676] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.689020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.689379] page dumped because: kasan: bad access detected [ 22.689628] [ 22.689733] Memory state around the buggy address: [ 22.690000] ffff8881059ac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.690410] ffff8881059ac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.690985] >ffff8881059ac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.691505] ^ [ 22.691790] ffff8881059ac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.692026] ffff8881059ac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.692223] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 186.248943] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2886 [ 186.250466] Modules linked in: [ 186.250948] CPU: 1 UID: 0 PID: 2886 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 186.251330] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 186.251505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.251770] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 186.252473] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 186.253838] RSP: 0000:ffff888102317c78 EFLAGS: 00010286 [ 186.254549] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 186.255366] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff9f65f2f4 [ 186.256026] RBP: ffff888102317ca0 R08: 0000000000000000 R09: ffffed1020f44e80 [ 186.256261] R10: ffff888107a27407 R11: 0000000000000000 R12: ffffffff9f65f2e0 [ 186.256470] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102317d38 [ 186.256677] FS: 0000000000000000(0000) GS:ffff8881b3322000(0000) knlGS:0000000000000000 [ 186.257761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.258616] CR2: 00007ffff7ffd000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 186.259518] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c3 [ 186.260404] DR3: ffffffffa16a44c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 186.261377] Call Trace: [ 186.261873] <TASK> [ 186.262300] drm_test_rect_calc_vscale+0x108/0x270 [ 186.262971] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 186.263557] ? __schedule+0x10cc/0x2b60 [ 186.263719] ? __pfx_read_tsc+0x10/0x10 [ 186.264467] ? ktime_get_ts64+0x86/0x230 [ 186.265158] kunit_try_run_case+0x1a5/0x480 [ 186.265584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.265794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 186.266477] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 186.267368] ? __kthread_parkme+0x82/0x180 [ 186.267577] ? preempt_count_sub+0x50/0x80 [ 186.267729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.268362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 186.268965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 186.269323] kthread+0x337/0x6f0 [ 186.269451] ? trace_preempt_on+0x20/0xc0 [ 186.269597] ? __pfx_kthread+0x10/0x10 [ 186.269731] ? _raw_spin_unlock_irq+0x47/0x80 [ 186.270259] ? calculate_sigpending+0x7b/0xa0 [ 186.270730] ? __pfx_kthread+0x10/0x10 [ 186.271193] ret_from_fork+0x116/0x1d0 [ 186.271574] ? __pfx_kthread+0x10/0x10 [ 186.272037] ret_from_fork_asm+0x1a/0x30 [ 186.272511] </TASK> [ 186.272611] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 186.225345] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2884 [ 186.226302] Modules linked in: [ 186.226742] CPU: 0 UID: 0 PID: 2884 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 186.227374] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 186.227561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.228240] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 186.228528] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 186.229534] RSP: 0000:ffff888104a2fc78 EFLAGS: 00010286 [ 186.230033] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 186.230449] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff9f65f2bc [ 186.230748] RBP: ffff888104a2fca0 R08: 0000000000000000 R09: ffffed1020f03540 [ 186.231321] R10: ffff88810781aa07 R11: 0000000000000000 R12: ffffffff9f65f2a8 [ 186.231741] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888104a2fd38 [ 186.232303] FS: 0000000000000000(0000) GS:ffff8881b3222000(0000) knlGS:0000000000000000 [ 186.233313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.233668] CR2: 00007ffff7ffe000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 186.234146] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c2 [ 186.234602] DR3: ffffffffa16a44c3 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 186.235240] Call Trace: [ 186.235526] <TASK> [ 186.235719] drm_test_rect_calc_vscale+0x108/0x270 [ 186.236242] ? __kasan_check_write+0x18/0x20 [ 186.236526] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 186.236992] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 186.237412] ? __pfx_read_tsc+0x10/0x10 [ 186.237664] ? ktime_get_ts64+0x86/0x230 [ 186.238152] kunit_try_run_case+0x1a5/0x480 [ 186.238389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.238590] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 186.238995] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 186.239430] ? __kthread_parkme+0x82/0x180 [ 186.239745] ? preempt_count_sub+0x50/0x80 [ 186.240372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.240989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 186.241279] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 186.241546] kthread+0x337/0x6f0 [ 186.241710] ? trace_preempt_on+0x20/0xc0 [ 186.242285] ? __pfx_kthread+0x10/0x10 [ 186.242546] ? _raw_spin_unlock_irq+0x47/0x80 [ 186.242998] ? calculate_sigpending+0x7b/0xa0 [ 186.243404] ? __pfx_kthread+0x10/0x10 [ 186.243600] ret_from_fork+0x116/0x1d0 [ 186.244043] ? __pfx_kthread+0x10/0x10 [ 186.244882] ret_from_fork_asm+0x1a/0x30 [ 186.245268] </TASK> [ 186.245386] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 186.188768] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2874 [ 186.189893] Modules linked in: [ 186.190666] CPU: 1 UID: 0 PID: 2874 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 186.191560] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 186.191789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.192659] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 186.193291] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 9b de 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 186.194505] RSP: 0000:ffff8881045f7c78 EFLAGS: 00010286 [ 186.195187] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 186.195879] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff9f65f2f8 [ 186.196272] RBP: ffff8881045f7ca0 R08: 0000000000000000 R09: ffffed1020f03480 [ 186.196482] R10: ffff88810781a407 R11: 0000000000000000 R12: ffffffff9f65f2e0 [ 186.196690] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881045f7d38 [ 186.196916] FS: 0000000000000000(0000) GS:ffff8881b3322000(0000) knlGS:0000000000000000 [ 186.197698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.197996] CR2: 00007ffff7ffd000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 186.198414] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c3 [ 186.199042] DR3: ffffffffa16a44c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 186.199440] Call Trace: [ 186.199566] <TASK> [ 186.199691] drm_test_rect_calc_hscale+0x108/0x270 [ 186.200263] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 186.200612] ? __schedule+0x10cc/0x2b60 [ 186.200819] ? __pfx_read_tsc+0x10/0x10 [ 186.201130] ? ktime_get_ts64+0x86/0x230 [ 186.201309] kunit_try_run_case+0x1a5/0x480 [ 186.201521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.201719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 186.201934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 186.202606] ? __kthread_parkme+0x82/0x180 [ 186.202795] ? preempt_count_sub+0x50/0x80 [ 186.203369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.203562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 186.204101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 186.204486] kthread+0x337/0x6f0 [ 186.204717] ? trace_preempt_on+0x20/0xc0 [ 186.205042] ? __pfx_kthread+0x10/0x10 [ 186.205237] ? _raw_spin_unlock_irq+0x47/0x80 [ 186.205451] ? calculate_sigpending+0x7b/0xa0 [ 186.205647] ? __pfx_kthread+0x10/0x10 [ 186.205808] ret_from_fork+0x116/0x1d0 [ 186.206368] ? __pfx_kthread+0x10/0x10 [ 186.206511] ret_from_fork_asm+0x1a/0x30 [ 186.206967] </TASK> [ 186.207093] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 186.163571] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2872 [ 186.164837] Modules linked in: [ 186.165311] CPU: 0 UID: 0 PID: 2872 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 186.166726] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 186.167174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 186.167457] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 186.167639] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 9b de 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 186.168772] RSP: 0000:ffff88810474fc78 EFLAGS: 00010286 [ 186.169024] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 186.169322] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff9f65f2c0 [ 186.169567] RBP: ffff88810474fca0 R08: 0000000000000000 R09: ffffed1020f03460 [ 186.169865] R10: ffff88810781a307 R11: 0000000000000000 R12: ffffffff9f65f2a8 [ 186.170523] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810474fd38 [ 186.171066] FS: 0000000000000000(0000) GS:ffff8881b3222000(0000) knlGS:0000000000000000 [ 186.171536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 186.172088] CR2: 00007ffff7ffe000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 186.172536] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c2 [ 186.172999] DR3: ffffffffa16a44c3 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 186.173446] Call Trace: [ 186.173591] <TASK> [ 186.173730] drm_test_rect_calc_hscale+0x108/0x270 [ 186.174238] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 186.174624] ? __schedule+0x10cc/0x2b60 [ 186.175149] ? __pfx_read_tsc+0x10/0x10 [ 186.175364] ? ktime_get_ts64+0x86/0x230 [ 186.175525] kunit_try_run_case+0x1a5/0x480 [ 186.175738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.176372] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 186.176674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 186.177130] ? __kthread_parkme+0x82/0x180 [ 186.177356] ? preempt_count_sub+0x50/0x80 [ 186.177552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 186.178165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 186.178443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 186.178922] kthread+0x337/0x6f0 [ 186.179067] ? trace_preempt_on+0x20/0xc0 [ 186.179475] ? __pfx_kthread+0x10/0x10 [ 186.179771] ? _raw_spin_unlock_irq+0x47/0x80 [ 186.180087] ? calculate_sigpending+0x7b/0xa0 [ 186.180311] ? __pfx_kthread+0x10/0x10 [ 186.180713] ret_from_fork+0x116/0x1d0 [ 186.181096] ? __pfx_kthread+0x10/0x10 [ 186.181275] ret_from_fork_asm+0x1a/0x30 [ 186.181430] </TASK> [ 186.181518] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 185.342031] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 185.342221] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2677 [ 185.343441] Modules linked in: [ 185.343601] CPU: 1 UID: 0 PID: 2677 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 185.344538] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 185.344949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 185.345582] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 185.346128] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 ad ce 81 00 48 c7 c1 e0 31 61 9f 4c 89 f2 48 c7 c7 00 2e 61 9f 48 89 c6 e8 d4 a4 72 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 185.347043] RSP: 0000:ffff888100b5fd18 EFLAGS: 00010286 [ 185.347445] RAX: 0000000000000000 RBX: ffff88810b102800 RCX: 1ffffffff4064ad4 [ 185.348022] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 185.348530] RBP: ffff888100b5fd48 R08: 0000000000000000 R09: fffffbfff4064ad4 [ 185.349121] R10: 0000000000000003 R11: 000000000003b4b0 R12: ffff888104f24800 [ 185.349433] R13: ffff88810b1028f8 R14: ffff888102c0da80 R15: ffff8881003c7b48 [ 185.349712] FS: 0000000000000000(0000) GS:ffff8881b3322000(0000) knlGS:0000000000000000 [ 185.350953] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 185.351272] CR2: 00007ffff7ffd000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 185.351973] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c3 [ 185.352523] DR3: ffffffffa16a44c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 185.352997] Call Trace: [ 185.353497] <TASK> [ 185.353627] ? trace_preempt_on+0x20/0xc0 [ 185.354296] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 185.354560] drm_gem_shmem_free_wrapper+0x12/0x20 [ 185.354997] __kunit_action_free+0x57/0x70 [ 185.355455] kunit_remove_resource+0x133/0x200 [ 185.355722] ? preempt_count_sub+0x50/0x80 [ 185.356298] kunit_cleanup+0x7a/0x120 [ 185.356746] kunit_try_run_case_cleanup+0xbd/0xf0 [ 185.357040] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 185.357297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 185.357527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 185.358045] kthread+0x337/0x6f0 [ 185.358364] ? trace_preempt_on+0x20/0xc0 [ 185.358737] ? __pfx_kthread+0x10/0x10 [ 185.359226] ? _raw_spin_unlock_irq+0x47/0x80 [ 185.359520] ? calculate_sigpending+0x7b/0xa0 [ 185.359939] ? __pfx_kthread+0x10/0x10 [ 185.360317] ret_from_fork+0x116/0x1d0 [ 185.360657] ? __pfx_kthread+0x10/0x10 [ 185.361200] ret_from_fork_asm+0x1a/0x30 [ 185.361608] </TASK> [ 185.361740] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 185.186518] WARNING: drivers/gpu/drm/drm_framebuffer.c:867 at drm_framebuffer_init+0x44/0x300, CPU#0: kunit_try_catch/2658 [ 185.187163] Modules linked in: [ 185.187391] CPU: 0 UID: 0 PID: 2658 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 185.188115] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 185.188470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 185.188983] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 185.189217] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 185.190303] RSP: 0000:ffff888104f57b30 EFLAGS: 00010246 [ 185.190540] RAX: dffffc0000000000 RBX: ffff888104f57c28 RCX: 0000000000000000 [ 185.190798] RDX: 1ffff110209eaf8e RSI: ffff888104f57c28 RDI: ffff888104f57c70 [ 185.191226] RBP: ffff888104f57b70 R08: ffff8881073b9000 R09: ffffffff9f603000 [ 185.191834] R10: 0000000000000003 R11: 0000000019d26067 R12: ffff8881073b9000 [ 185.192226] R13: ffff8881003c7ae8 R14: ffff888104f57ba8 R15: 0000000000000000 [ 185.192501] FS: 0000000000000000(0000) GS:ffff8881b3222000(0000) knlGS:0000000000000000 [ 185.193173] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 185.193422] CR2: 00007ffff7ffe000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 185.194087] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c2 [ 185.194377] DR3: ffffffffa16a44c3 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 185.194751] Call Trace: [ 185.194950] <TASK> [ 185.195068] ? add_dr+0xc1/0x1d0 [ 185.195272] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 185.195516] ? add_dr+0x148/0x1d0 [ 185.195669] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 185.196348] ? __drmm_add_action+0x1a4/0x280 [ 185.196687] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 185.197344] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 185.197640] ? __drmm_add_action_or_reset+0x22/0x50 [ 185.198057] ? __schedule+0x10cc/0x2b60 [ 185.198283] ? __pfx_read_tsc+0x10/0x10 [ 185.198486] ? ktime_get_ts64+0x86/0x230 [ 185.198668] kunit_try_run_case+0x1a5/0x480 [ 185.198985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 185.199195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 185.199418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 185.199706] ? __kthread_parkme+0x82/0x180 [ 185.199972] ? preempt_count_sub+0x50/0x80 [ 185.200162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 185.200407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 185.200629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 185.201220] kthread+0x337/0x6f0 [ 185.201417] ? trace_preempt_on+0x20/0xc0 [ 185.201829] ? __pfx_kthread+0x10/0x10 [ 185.202109] ? _raw_spin_unlock_irq+0x47/0x80 [ 185.202386] ? calculate_sigpending+0x7b/0xa0 [ 185.202623] ? __pfx_kthread+0x10/0x10 [ 185.202953] ret_from_fork+0x116/0x1d0 [ 185.203200] ? __pfx_kthread+0x10/0x10 [ 185.203395] ret_from_fork_asm+0x1a/0x30 [ 185.203574] </TASK> [ 185.203697] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 185.151640] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 185.151894] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#1: kunit_try_catch/2654 [ 185.153557] Modules linked in: [ 185.153718] CPU: 1 UID: 0 PID: 2654 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 185.155222] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 185.155960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 185.156336] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 185.156523] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 bb fc 88 00 48 c7 c1 e0 de 5f 9f 4c 89 fa 48 c7 c7 40 df 5f 9f 48 89 c6 e8 e2 d2 79 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 185.156991] RSP: 0000:ffff888104f57b68 EFLAGS: 00010282 [ 185.157169] RAX: 0000000000000000 RBX: ffff888104f57c40 RCX: 1ffffffff4064ad4 [ 185.157378] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 185.157687] RBP: ffff888104f57b90 R08: 0000000000000000 R09: fffffbfff4064ad4 [ 185.157975] R10: 0000000000000003 R11: 0000000000039cb8 R12: ffff888104f57c18 [ 185.158379] R13: ffff88810541d800 R14: ffff8881025f2000 R15: ffff888102c8fe00 [ 185.158673] FS: 0000000000000000(0000) GS:ffff8881b3322000(0000) knlGS:0000000000000000 [ 185.159098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 185.159365] CR2: 00007ffff7ffd000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 185.159711] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c3 [ 185.159942] DR3: ffffffffa16a44c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 185.160169] Call Trace: [ 185.160449] <TASK> [ 185.160701] drm_test_framebuffer_free+0x1ab/0x610 [ 185.160950] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 185.161317] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 185.161594] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 185.161908] ? __drmm_add_action_or_reset+0x22/0x50 [ 185.162169] ? __schedule+0x10cc/0x2b60 [ 185.162391] ? __pfx_read_tsc+0x10/0x10 [ 185.162591] ? ktime_get_ts64+0x86/0x230 [ 185.162913] kunit_try_run_case+0x1a5/0x480 [ 185.163215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 185.163412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 185.163634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 185.163980] ? __kthread_parkme+0x82/0x180 [ 185.164227] ? preempt_count_sub+0x50/0x80 [ 185.164600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 185.164786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 185.165059] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 185.165364] kthread+0x337/0x6f0 [ 185.165560] ? trace_preempt_on+0x20/0xc0 [ 185.165863] ? __pfx_kthread+0x10/0x10 [ 185.166092] ? _raw_spin_unlock_irq+0x47/0x80 [ 185.166318] ? calculate_sigpending+0x7b/0xa0 [ 185.166524] ? __pfx_kthread+0x10/0x10 [ 185.166653] ret_from_fork+0x116/0x1d0 [ 185.166843] ? __pfx_kthread+0x10/0x10 [ 185.167054] ret_from_fork_asm+0x1a/0x30 [ 185.167432] </TASK> [ 185.167551] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 183.751612] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2102 [ 183.752343] Modules linked in: [ 183.752748] CPU: 0 UID: 0 PID: 2102 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 183.753876] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 183.754113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 183.754589] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 183.754830] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 10 2f 2a 02 48 89 df e8 68 [ 183.755918] RSP: 0000:ffff88810636fc90 EFLAGS: 00010246 [ 183.756212] RAX: dffffc0000000000 RBX: ffff888105d58000 RCX: 0000000000000000 [ 183.756500] RDX: 1ffff11020bab034 RSI: ffffffff9c8017f8 RDI: ffff888105d581a0 [ 183.756798] RBP: ffff88810636fca0 R08: 1ffff11020078f6a R09: ffffed1020c6df65 [ 183.757065] R10: 0000000000000003 R11: ffffffff9bd807a8 R12: 0000000000000000 [ 183.757546] R13: ffff88810636fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 183.757876] FS: 0000000000000000(0000) GS:ffff8881b3222000(0000) knlGS:0000000000000000 [ 183.758324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 183.758720] CR2: 00007ffff7ffe000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 183.758999] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c2 [ 183.759415] DR3: ffffffffa16a44c3 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 183.760419] Call Trace: [ 183.760566] <TASK> [ 183.760672] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 183.761271] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 183.761616] ? __schedule+0x10cc/0x2b60 [ 183.761802] ? __pfx_read_tsc+0x10/0x10 [ 183.761957] ? ktime_get_ts64+0x86/0x230 [ 183.762394] kunit_try_run_case+0x1a5/0x480 [ 183.762600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 183.762954] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 183.763215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 183.763456] ? __kthread_parkme+0x82/0x180 [ 183.763625] ? preempt_count_sub+0x50/0x80 [ 183.763800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 183.764371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 183.764628] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 183.764916] kthread+0x337/0x6f0 [ 183.765266] ? trace_preempt_on+0x20/0xc0 [ 183.765529] ? __pfx_kthread+0x10/0x10 [ 183.765719] ? _raw_spin_unlock_irq+0x47/0x80 [ 183.766092] ? calculate_sigpending+0x7b/0xa0 [ 183.766362] ? __pfx_kthread+0x10/0x10 [ 183.766543] ret_from_fork+0x116/0x1d0 [ 183.766735] ? __pfx_kthread+0x10/0x10 [ 183.767022] ret_from_fork_asm+0x1a/0x30 [ 183.767333] </TASK> [ 183.767489] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 183.659660] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2094 [ 183.661450] Modules linked in: [ 183.662032] CPU: 1 UID: 0 PID: 2094 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 183.662521] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 183.662703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 183.663302] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 183.663958] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 10 2f 2a 02 48 89 df e8 68 [ 183.664690] RSP: 0000:ffff888105fd7c90 EFLAGS: 00010246 [ 183.665155] RAX: dffffc0000000000 RBX: ffff8881061b0000 RCX: 0000000000000000 [ 183.665663] RDX: 1ffff11020c36034 RSI: ffffffff9c8017f8 RDI: ffff8881061b01a0 [ 183.666341] RBP: ffff888105fd7ca0 R08: 1ffff11020078f6a R09: ffffed1020bfaf65 [ 183.666911] R10: 0000000000000003 R11: ffffffff9bd807a8 R12: 0000000000000000 [ 183.667451] R13: ffff888105fd7d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 183.668046] FS: 0000000000000000(0000) GS:ffff8881b3322000(0000) knlGS:0000000000000000 [ 183.668515] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 183.668962] CR2: 00007ffff7ffd000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 183.669388] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c3 [ 183.669973] DR3: ffffffffa16a44c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 183.670418] Call Trace: [ 183.670557] <TASK> [ 183.670690] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 183.671379] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 183.671978] ? __schedule+0x10cc/0x2b60 [ 183.672348] ? __pfx_read_tsc+0x10/0x10 [ 183.672536] ? ktime_get_ts64+0x86/0x230 [ 183.672724] kunit_try_run_case+0x1a5/0x480 [ 183.673243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 183.673599] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 183.674056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 183.674422] ? __kthread_parkme+0x82/0x180 [ 183.674625] ? preempt_count_sub+0x50/0x80 [ 183.675254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 183.675488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 183.675731] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 183.676346] kthread+0x337/0x6f0 [ 183.676720] ? trace_preempt_on+0x20/0xc0 [ 183.677225] ? __pfx_kthread+0x10/0x10 [ 183.677560] ? _raw_spin_unlock_irq+0x47/0x80 [ 183.677991] ? calculate_sigpending+0x7b/0xa0 [ 183.678388] ? __pfx_kthread+0x10/0x10 [ 183.678572] ret_from_fork+0x116/0x1d0 [ 183.678744] ? __pfx_kthread+0x10/0x10 [ 183.679461] ret_from_fork_asm+0x1a/0x30 [ 183.679719] </TASK> [ 183.680103] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 123.706325] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#1: kunit_try_catch/706 [ 123.707411] Modules linked in: [ 123.708044] CPU: 1 UID: 0 PID: 706 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 123.709519] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 123.709708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 123.710547] RIP: 0010:intlog10+0x2a/0x40 [ 123.710988] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 87 66 8f 02 90 <0f> 0b 90 31 c0 e9 7c 66 8f 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 123.712250] RSP: 0000:ffff888103f57cb0 EFLAGS: 00010246 [ 123.712661] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff110207eafb4 [ 123.713251] RDX: 1ffffffff3e9316c RSI: 1ffff110207eafb3 RDI: 0000000000000000 [ 123.713960] RBP: ffff888103f57d60 R08: 0000000000000000 R09: ffffed1020f22e20 [ 123.714509] R10: ffff888107917107 R11: 0000000000000000 R12: 1ffff110207eaf97 [ 123.714723] R13: ffffffff9f498b60 R14: 0000000000000000 R15: ffff888103f57d38 [ 123.715469] FS: 0000000000000000(0000) GS:ffff8881b3322000(0000) knlGS:0000000000000000 [ 123.716268] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.716621] CR2: dffffc0000000000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 123.717100] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c3 [ 123.717719] DR3: ffffffffa16a44c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 123.718342] Call Trace: [ 123.718451] <TASK> [ 123.718541] ? intlog10_test+0xf2/0x220 [ 123.718700] ? __pfx_intlog10_test+0x10/0x10 [ 123.719189] ? __schedule+0x10cc/0x2b60 [ 123.719578] ? __pfx_read_tsc+0x10/0x10 [ 123.719988] ? ktime_get_ts64+0x86/0x230 [ 123.720990] kunit_try_run_case+0x1a5/0x480 [ 123.721411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.721814] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 123.722232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 123.722566] ? __kthread_parkme+0x82/0x180 [ 123.722712] ? preempt_count_sub+0x50/0x80 [ 123.723193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.723711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 123.724216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 123.724419] kthread+0x337/0x6f0 [ 123.724543] ? trace_preempt_on+0x20/0xc0 [ 123.724687] ? __pfx_kthread+0x10/0x10 [ 123.724838] ? _raw_spin_unlock_irq+0x47/0x80 [ 123.725161] ? calculate_sigpending+0x7b/0xa0 [ 123.725415] ? __pfx_kthread+0x10/0x10 [ 123.725613] ret_from_fork+0x116/0x1d0 [ 123.726008] ? __pfx_kthread+0x10/0x10 [ 123.726225] ret_from_fork_asm+0x1a/0x30 [ 123.726455] </TASK> [ 123.726577] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 123.667112] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/688 [ 123.668359] Modules linked in: [ 123.669864] CPU: 0 UID: 0 PID: 688 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) [ 123.671045] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 123.671366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 123.672183] RIP: 0010:intlog2+0xdf/0x110 [ 123.672379] Code: 49 9f c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 5f c9 55 ff 8b 45 e4 eb [ 123.672876] RSP: 0000:ffff888104097cb0 EFLAGS: 00010246 [ 123.673250] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020812fb4 [ 123.673540] RDX: 1ffffffff3e931c0 RSI: 1ffff11020812fb3 RDI: 0000000000000000 [ 123.673966] RBP: ffff888104097d60 R08: 0000000000000000 R09: ffffed10204ff720 [ 123.674220] R10: ffff8881027fb907 R11: 0000000000000000 R12: 1ffff11020812f97 [ 123.674551] R13: ffffffff9f498e00 R14: 0000000000000000 R15: ffff888104097d38 [ 123.674841] FS: 0000000000000000(0000) GS:ffff8881b3222000(0000) knlGS:0000000000000000 [ 123.675285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.675664] CR2: ffff88815408a000 CR3: 0000000175ebc000 CR4: 00000000000006f0 [ 123.676053] DR0: ffffffffa16a44c0 DR1: ffffffffa16a44c1 DR2: ffffffffa16a44c2 [ 123.676386] DR3: ffffffffa16a44c3 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 123.677075] Call Trace: [ 123.677261] <TASK> [ 123.677378] ? intlog2_test+0xf2/0x220 [ 123.677597] ? __pfx_intlog2_test+0x10/0x10 [ 123.677968] ? __schedule+0x10cc/0x2b60 [ 123.678194] ? __pfx_read_tsc+0x10/0x10 [ 123.678395] ? ktime_get_ts64+0x86/0x230 [ 123.678592] kunit_try_run_case+0x1a5/0x480 [ 123.679361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.679584] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 123.679852] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 123.680084] ? __kthread_parkme+0x82/0x180 [ 123.680282] ? preempt_count_sub+0x50/0x80 [ 123.680487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.680707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 123.681200] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 123.681465] kthread+0x337/0x6f0 [ 123.681610] ? trace_preempt_on+0x20/0xc0 [ 123.681994] ? __pfx_kthread+0x10/0x10 [ 123.682201] ? _raw_spin_unlock_irq+0x47/0x80 [ 123.682444] ? calculate_sigpending+0x7b/0xa0 [ 123.682625] ? __pfx_kthread+0x10/0x10 [ 123.682939] ret_from_fork+0x116/0x1d0 [ 123.683219] ? __pfx_kthread+0x10/0x10 [ 123.683419] ret_from_fork_asm+0x1a/0x30 [ 123.683636] </TASK> [ 123.683754] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 123.078340] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI