Date
July 9, 2025, 1:08 p.m.
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 61.388869] ================================================================== [ 61.389245] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 61.389245] [ 61.389613] Use-after-free read at 0x(____ptrval____) (in kfence-#164): [ 61.389845] test_krealloc+0x6fc/0xbe0 [ 61.390056] kunit_try_run_case+0x1a5/0x480 [ 61.390270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.390479] kthread+0x337/0x6f0 [ 61.390648] ret_from_fork+0x116/0x1d0 [ 61.390816] ret_from_fork_asm+0x1a/0x30 [ 61.391018] [ 61.391112] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 61.391112] [ 61.391459] allocated by task 387 on cpu 0 at 61.388178s (0.003279s ago): [ 61.391694] test_alloc+0x364/0x10f0 [ 61.391935] test_krealloc+0xad/0xbe0 [ 61.392128] kunit_try_run_case+0x1a5/0x480 [ 61.392284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.392453] kthread+0x337/0x6f0 [ 61.392610] ret_from_fork+0x116/0x1d0 [ 61.392858] ret_from_fork_asm+0x1a/0x30 [ 61.393061] [ 61.393157] freed by task 387 on cpu 0 at 61.388475s (0.004680s ago): [ 61.393455] krealloc_noprof+0x108/0x340 [ 61.393628] test_krealloc+0x226/0xbe0 [ 61.393838] kunit_try_run_case+0x1a5/0x480 [ 61.393982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.394152] kthread+0x337/0x6f0 [ 61.394292] ret_from_fork+0x116/0x1d0 [ 61.394471] ret_from_fork_asm+0x1a/0x30 [ 61.394665] [ 61.394791] CPU: 0 UID: 0 PID: 387 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 61.395206] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 61.395809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.396800] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 61.305242] ================================================================== [ 61.305657] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.305657] [ 61.306070] Use-after-free read at 0x(____ptrval____) (in kfence-#163): [ 61.306391] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.306580] kunit_try_run_case+0x1a5/0x480 [ 61.306814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.307072] kthread+0x337/0x6f0 [ 61.307231] ret_from_fork+0x116/0x1d0 [ 61.307376] ret_from_fork_asm+0x1a/0x30 [ 61.307544] [ 61.307613] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 61.307613] [ 61.308087] allocated by task 385 on cpu 0 at 61.284158s (0.023926s ago): [ 61.308383] test_alloc+0x2a6/0x10f0 [ 61.308535] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 61.308707] kunit_try_run_case+0x1a5/0x480 [ 61.308844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.309090] kthread+0x337/0x6f0 [ 61.309257] ret_from_fork+0x116/0x1d0 [ 61.309482] ret_from_fork_asm+0x1a/0x30 [ 61.309637] [ 61.309715] freed by task 385 on cpu 0 at 61.284278s (0.025435s ago): [ 61.310458] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 61.310745] kunit_try_run_case+0x1a5/0x480 [ 61.311062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.311926] kthread+0x337/0x6f0 [ 61.312159] ret_from_fork+0x116/0x1d0 [ 61.312318] ret_from_fork_asm+0x1a/0x30 [ 61.312507] [ 61.312630] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 61.313082] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 61.313356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.313673] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 36.129634] ================================================================== [ 36.130212] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 36.130212] [ 36.130671] Invalid read at 0x(____ptrval____): [ 36.130866] test_invalid_access+0xf0/0x210 [ 36.131063] kunit_try_run_case+0x1a5/0x480 [ 36.131339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.131560] kthread+0x337/0x6f0 [ 36.131679] ret_from_fork+0x116/0x1d0 [ 36.131858] ret_from_fork_asm+0x1a/0x30 [ 36.132094] [ 36.132258] CPU: 1 UID: 0 PID: 381 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 36.132756] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 36.133017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.133395] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 35.908509] ================================================================== [ 35.908964] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.908964] [ 35.909334] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#159): [ 35.910001] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.910207] kunit_try_run_case+0x1a5/0x480 [ 35.910448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.910704] kthread+0x337/0x6f0 [ 35.910905] ret_from_fork+0x116/0x1d0 [ 35.911104] ret_from_fork_asm+0x1a/0x30 [ 35.911274] [ 35.911341] kfence-#159: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.911341] [ 35.911728] allocated by task 375 on cpu 1 at 35.908236s (0.003490s ago): [ 35.912007] test_alloc+0x364/0x10f0 [ 35.912614] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 35.912923] kunit_try_run_case+0x1a5/0x480 [ 35.913071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.913289] kthread+0x337/0x6f0 [ 35.913446] ret_from_fork+0x116/0x1d0 [ 35.913620] ret_from_fork_asm+0x1a/0x30 [ 35.914123] [ 35.914230] freed by task 375 on cpu 1 at 35.908382s (0.005845s ago): [ 35.914800] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.915093] kunit_try_run_case+0x1a5/0x480 [ 35.915248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.915501] kthread+0x337/0x6f0 [ 35.915639] ret_from_fork+0x116/0x1d0 [ 35.915840] ret_from_fork_asm+0x1a/0x30 [ 35.916068] [ 35.916176] CPU: 1 UID: 0 PID: 375 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 35.916623] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.916878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.917244] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 35.804376] ================================================================== [ 35.804792] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.804792] [ 35.805612] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#158): [ 35.805864] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.806056] kunit_try_run_case+0x1a5/0x480 [ 35.806201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.806370] kthread+0x337/0x6f0 [ 35.806490] ret_from_fork+0x116/0x1d0 [ 35.806618] ret_from_fork_asm+0x1a/0x30 [ 35.806788] [ 35.806888] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.806888] [ 35.807227] allocated by task 373 on cpu 0 at 35.804128s (0.003097s ago): [ 35.807520] test_alloc+0x364/0x10f0 [ 35.807703] test_kmalloc_aligned_oob_read+0x105/0x560 [ 35.807928] kunit_try_run_case+0x1a5/0x480 [ 35.808067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.808282] kthread+0x337/0x6f0 [ 35.808443] ret_from_fork+0x116/0x1d0 [ 35.808623] ret_from_fork_asm+0x1a/0x30 [ 35.808819] [ 35.808912] CPU: 0 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 35.809474] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 35.809716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.810071] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 30.500756] ================================================================== [ 30.501137] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 30.501137] [ 30.501462] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#107): [ 30.501904] test_corruption+0x2df/0x3e0 [ 30.502136] kunit_try_run_case+0x1a5/0x480 [ 30.502321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.502527] kthread+0x337/0x6f0 [ 30.502729] ret_from_fork+0x116/0x1d0 [ 30.502923] ret_from_fork_asm+0x1a/0x30 [ 30.503378] [ 30.503473] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.503473] [ 30.504315] allocated by task 361 on cpu 0 at 30.500462s (0.003849s ago): [ 30.504630] test_alloc+0x364/0x10f0 [ 30.505141] test_corruption+0x1cb/0x3e0 [ 30.505324] kunit_try_run_case+0x1a5/0x480 [ 30.505617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.506095] kthread+0x337/0x6f0 [ 30.506285] ret_from_fork+0x116/0x1d0 [ 30.506614] ret_from_fork_asm+0x1a/0x30 [ 30.506876] [ 30.506946] freed by task 361 on cpu 0 at 30.500556s (0.006387s ago): [ 30.507416] test_corruption+0x2df/0x3e0 [ 30.507609] kunit_try_run_case+0x1a5/0x480 [ 30.507970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.508329] kthread+0x337/0x6f0 [ 30.508511] ret_from_fork+0x116/0x1d0 [ 30.508871] ret_from_fork_asm+0x1a/0x30 [ 30.509085] [ 30.509351] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 30.509976] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.510273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.510670] ================================================================== [ 30.188500] ================================================================== [ 30.188941] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 30.188941] [ 30.189220] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#104): [ 30.189846] test_corruption+0x2d2/0x3e0 [ 30.189993] kunit_try_run_case+0x1a5/0x480 [ 30.190415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.190672] kthread+0x337/0x6f0 [ 30.190917] ret_from_fork+0x116/0x1d0 [ 30.191100] ret_from_fork_asm+0x1a/0x30 [ 30.191298] [ 30.191385] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.191385] [ 30.191704] allocated by task 361 on cpu 0 at 30.188248s (0.003454s ago): [ 30.191927] test_alloc+0x364/0x10f0 [ 30.192234] test_corruption+0xe6/0x3e0 [ 30.192451] kunit_try_run_case+0x1a5/0x480 [ 30.192682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.192948] kthread+0x337/0x6f0 [ 30.193362] ret_from_fork+0x116/0x1d0 [ 30.193645] ret_from_fork_asm+0x1a/0x30 [ 30.194185] [ 30.194438] freed by task 361 on cpu 0 at 30.188339s (0.006096s ago): [ 30.194742] test_corruption+0x2d2/0x3e0 [ 30.195296] kunit_try_run_case+0x1a5/0x480 [ 30.195594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.195994] kthread+0x337/0x6f0 [ 30.196155] ret_from_fork+0x116/0x1d0 [ 30.196446] ret_from_fork_asm+0x1a/0x30 [ 30.196660] [ 30.196964] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 30.197466] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.197709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.198014] ================================================================== [ 30.604356] ================================================================== [ 30.604735] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 30.604735] [ 30.605071] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#108): [ 30.605659] test_corruption+0x131/0x3e0 [ 30.605813] kunit_try_run_case+0x1a5/0x480 [ 30.606020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.606263] kthread+0x337/0x6f0 [ 30.606382] ret_from_fork+0x116/0x1d0 [ 30.606600] ret_from_fork_asm+0x1a/0x30 [ 30.606849] [ 30.606956] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.606956] [ 30.607280] allocated by task 363 on cpu 1 at 30.604232s (0.003046s ago): [ 30.607593] test_alloc+0x2a6/0x10f0 [ 30.607792] test_corruption+0xe6/0x3e0 [ 30.607926] kunit_try_run_case+0x1a5/0x480 [ 30.608063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.608575] kthread+0x337/0x6f0 [ 30.608739] ret_from_fork+0x116/0x1d0 [ 30.608866] ret_from_fork_asm+0x1a/0x30 [ 30.609000] [ 30.609065] freed by task 363 on cpu 1 at 30.604275s (0.004787s ago): [ 30.609371] test_corruption+0x131/0x3e0 [ 30.609589] kunit_try_run_case+0x1a5/0x480 [ 30.609894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.610124] kthread+0x337/0x6f0 [ 30.610268] ret_from_fork+0x116/0x1d0 [ 30.610452] ret_from_fork_asm+0x1a/0x30 [ 30.610663] [ 30.610777] CPU: 1 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 30.611327] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.611538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.611969] ================================================================== [ 30.812528] ================================================================== [ 30.812974] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 30.812974] [ 30.813247] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#110): [ 30.813669] test_corruption+0x216/0x3e0 [ 30.813937] kunit_try_run_case+0x1a5/0x480 [ 30.814138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.814338] kthread+0x337/0x6f0 [ 30.814526] ret_from_fork+0x116/0x1d0 [ 30.814707] ret_from_fork_asm+0x1a/0x30 [ 30.814930] [ 30.814999] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.814999] [ 30.815409] allocated by task 363 on cpu 1 at 30.812383s (0.003023s ago): [ 30.815678] test_alloc+0x2a6/0x10f0 [ 30.815817] test_corruption+0x1cb/0x3e0 [ 30.815954] kunit_try_run_case+0x1a5/0x480 [ 30.816153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.816397] kthread+0x337/0x6f0 [ 30.816586] ret_from_fork+0x116/0x1d0 [ 30.816723] ret_from_fork_asm+0x1a/0x30 [ 30.816858] [ 30.817008] freed by task 363 on cpu 1 at 30.812444s (0.004562s ago): [ 30.817314] test_corruption+0x216/0x3e0 [ 30.817530] kunit_try_run_case+0x1a5/0x480 [ 30.817778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.818048] kthread+0x337/0x6f0 [ 30.818219] ret_from_fork+0x116/0x1d0 [ 30.818365] ret_from_fork_asm+0x1a/0x30 [ 30.818566] [ 30.818657] CPU: 1 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 30.819243] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.819563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.819841] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 29.980368] ================================================================== [ 29.980773] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 29.980773] [ 29.981125] Invalid free of 0x(____ptrval____) (in kfence-#102): [ 29.981411] test_invalid_addr_free+0x1e1/0x260 [ 29.981602] kunit_try_run_case+0x1a5/0x480 [ 29.981787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.982048] kthread+0x337/0x6f0 [ 29.982219] ret_from_fork+0x116/0x1d0 [ 29.982376] ret_from_fork_asm+0x1a/0x30 [ 29.982545] [ 29.982613] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.982613] [ 29.983085] allocated by task 357 on cpu 1 at 29.980234s (0.002848s ago): [ 29.983314] test_alloc+0x364/0x10f0 [ 29.983437] test_invalid_addr_free+0xdb/0x260 [ 29.983609] kunit_try_run_case+0x1a5/0x480 [ 29.983973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.984224] kthread+0x337/0x6f0 [ 29.984382] ret_from_fork+0x116/0x1d0 [ 29.984503] ret_from_fork_asm+0x1a/0x30 [ 29.984657] [ 29.984781] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 29.985403] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.985613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.986034] ================================================================== [ 30.084337] ================================================================== [ 30.084712] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 30.084712] [ 30.085059] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 30.085350] test_invalid_addr_free+0xfb/0x260 [ 30.085546] kunit_try_run_case+0x1a5/0x480 [ 30.085690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.085943] kthread+0x337/0x6f0 [ 30.086120] ret_from_fork+0x116/0x1d0 [ 30.086306] ret_from_fork_asm+0x1a/0x30 [ 30.086577] [ 30.086645] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.086645] [ 30.087138] allocated by task 359 on cpu 1 at 30.084229s (0.002906s ago): [ 30.087366] test_alloc+0x2a6/0x10f0 [ 30.087491] test_invalid_addr_free+0xdb/0x260 [ 30.087709] kunit_try_run_case+0x1a5/0x480 [ 30.088105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.088341] kthread+0x337/0x6f0 [ 30.088492] ret_from_fork+0x116/0x1d0 [ 30.088669] ret_from_fork_asm+0x1a/0x30 [ 30.088901] [ 30.089008] CPU: 1 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 30.089455] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.089611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.089965] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 29.876431] ================================================================== [ 29.876869] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 29.876869] [ 29.877209] Invalid free of 0x(____ptrval____) (in kfence-#101): [ 29.877462] test_double_free+0x112/0x260 [ 29.877607] kunit_try_run_case+0x1a5/0x480 [ 29.877889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.878151] kthread+0x337/0x6f0 [ 29.878299] ret_from_fork+0x116/0x1d0 [ 29.878431] ret_from_fork_asm+0x1a/0x30 [ 29.878623] [ 29.878723] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.878723] [ 29.879072] allocated by task 355 on cpu 1 at 29.876262s (0.002808s ago): [ 29.879355] test_alloc+0x2a6/0x10f0 [ 29.879540] test_double_free+0xdb/0x260 [ 29.879741] kunit_try_run_case+0x1a5/0x480 [ 29.879956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.880212] kthread+0x337/0x6f0 [ 29.880401] ret_from_fork+0x116/0x1d0 [ 29.880678] ret_from_fork_asm+0x1a/0x30 [ 29.880856] [ 29.880963] freed by task 355 on cpu 1 at 29.876306s (0.004655s ago): [ 29.881200] test_double_free+0xfa/0x260 [ 29.881393] kunit_try_run_case+0x1a5/0x480 [ 29.881560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.881738] kthread+0x337/0x6f0 [ 29.881854] ret_from_fork+0x116/0x1d0 [ 29.882027] ret_from_fork_asm+0x1a/0x30 [ 29.882213] [ 29.882350] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 29.882733] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.883225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.883619] ================================================================== [ 29.772495] ================================================================== [ 29.773052] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 29.773052] [ 29.773382] Invalid free of 0x(____ptrval____) (in kfence-#100): [ 29.773673] test_double_free+0x1d3/0x260 [ 29.773830] kunit_try_run_case+0x1a5/0x480 [ 29.774430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.774715] kthread+0x337/0x6f0 [ 29.774882] ret_from_fork+0x116/0x1d0 [ 29.775014] ret_from_fork_asm+0x1a/0x30 [ 29.775149] [ 29.775293] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.775293] [ 29.775730] allocated by task 353 on cpu 0 at 29.772225s (0.003503s ago): [ 29.776078] test_alloc+0x364/0x10f0 [ 29.776235] test_double_free+0xdb/0x260 [ 29.776429] kunit_try_run_case+0x1a5/0x480 [ 29.776628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.776912] kthread+0x337/0x6f0 [ 29.777106] ret_from_fork+0x116/0x1d0 [ 29.777290] ret_from_fork_asm+0x1a/0x30 [ 29.777477] [ 29.777542] freed by task 353 on cpu 0 at 29.772286s (0.005254s ago): [ 29.777757] test_double_free+0x1e0/0x260 [ 29.777948] kunit_try_run_case+0x1a5/0x480 [ 29.778296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.778573] kthread+0x337/0x6f0 [ 29.778749] ret_from_fork+0x116/0x1d0 [ 29.778961] ret_from_fork_asm+0x1a/0x30 [ 29.779318] [ 29.780121] CPU: 0 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 29.780617] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.780880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.781440] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 29.460371] ================================================================== [ 29.460788] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.460788] [ 29.461206] Use-after-free read at 0x(____ptrval____) (in kfence-#97): [ 29.461520] test_use_after_free_read+0x129/0x270 [ 29.461727] kunit_try_run_case+0x1a5/0x480 [ 29.461923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.462164] kthread+0x337/0x6f0 [ 29.462284] ret_from_fork+0x116/0x1d0 [ 29.462413] ret_from_fork_asm+0x1a/0x30 [ 29.462609] [ 29.462713] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.462713] [ 29.463164] allocated by task 347 on cpu 1 at 29.460233s (0.002929s ago): [ 29.463398] test_alloc+0x2a6/0x10f0 [ 29.463570] test_use_after_free_read+0xdc/0x270 [ 29.463825] kunit_try_run_case+0x1a5/0x480 [ 29.464027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.464214] kthread+0x337/0x6f0 [ 29.464328] ret_from_fork+0x116/0x1d0 [ 29.464479] ret_from_fork_asm+0x1a/0x30 [ 29.464675] [ 29.464789] freed by task 347 on cpu 1 at 29.460291s (0.004483s ago): [ 29.465114] test_use_after_free_read+0xfb/0x270 [ 29.465343] kunit_try_run_case+0x1a5/0x480 [ 29.465492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.465684] kthread+0x337/0x6f0 [ 29.465942] ret_from_fork+0x116/0x1d0 [ 29.466101] ret_from_fork_asm+0x1a/0x30 [ 29.466283] [ 29.466395] CPU: 1 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 29.466894] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.467117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.467477] ================================================================== [ 29.356492] ================================================================== [ 29.356968] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.356968] [ 29.357455] Use-after-free read at 0x(____ptrval____) (in kfence-#96): [ 29.357740] test_use_after_free_read+0x129/0x270 [ 29.357952] kunit_try_run_case+0x1a5/0x480 [ 29.358160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.358667] kthread+0x337/0x6f0 [ 29.358894] ret_from_fork+0x116/0x1d0 [ 29.359453] ret_from_fork_asm+0x1a/0x30 [ 29.359718] [ 29.359964] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.359964] [ 29.360361] allocated by task 345 on cpu 0 at 29.356232s (0.004126s ago): [ 29.360653] test_alloc+0x364/0x10f0 [ 29.361144] test_use_after_free_read+0xdc/0x270 [ 29.361387] kunit_try_run_case+0x1a5/0x480 [ 29.361568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.361837] kthread+0x337/0x6f0 [ 29.362134] ret_from_fork+0x116/0x1d0 [ 29.362288] ret_from_fork_asm+0x1a/0x30 [ 29.362511] [ 29.362752] freed by task 345 on cpu 0 at 29.356325s (0.006323s ago): [ 29.363406] test_use_after_free_read+0x1e7/0x270 [ 29.363732] kunit_try_run_case+0x1a5/0x480 [ 29.363978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.364342] kthread+0x337/0x6f0 [ 29.364521] ret_from_fork+0x116/0x1d0 [ 29.364840] ret_from_fork_asm+0x1a/0x30 [ 29.365229] [ 29.365389] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 29.365764] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.366390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.367258] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 29.252187] ================================================================== [ 29.252595] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 29.252595] [ 29.253146] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#95): [ 29.253467] test_out_of_bounds_write+0x10d/0x260 [ 29.253756] kunit_try_run_case+0x1a5/0x480 [ 29.253967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.254230] kthread+0x337/0x6f0 [ 29.254352] ret_from_fork+0x116/0x1d0 [ 29.254527] ret_from_fork_asm+0x1a/0x30 [ 29.254741] [ 29.254876] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.254876] [ 29.255246] allocated by task 343 on cpu 1 at 29.252122s (0.003121s ago): [ 29.255579] test_alloc+0x2a6/0x10f0 [ 29.255792] test_out_of_bounds_write+0xd4/0x260 [ 29.256023] kunit_try_run_case+0x1a5/0x480 [ 29.256237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.256494] kthread+0x337/0x6f0 [ 29.256657] ret_from_fork+0x116/0x1d0 [ 29.256862] ret_from_fork_asm+0x1a/0x30 [ 29.256998] [ 29.257092] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 29.257653] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.257892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.258210] ================================================================== [ 28.940400] ================================================================== [ 28.940841] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 28.940841] [ 28.941234] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#92): [ 28.941565] test_out_of_bounds_write+0x10d/0x260 [ 28.942248] kunit_try_run_case+0x1a5/0x480 [ 28.942482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.942712] kthread+0x337/0x6f0 [ 28.942928] ret_from_fork+0x116/0x1d0 [ 28.943424] ret_from_fork_asm+0x1a/0x30 [ 28.943687] [ 28.943784] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.943784] [ 28.944401] allocated by task 341 on cpu 0 at 28.940268s (0.004130s ago): [ 28.944865] test_alloc+0x364/0x10f0 [ 28.945117] test_out_of_bounds_write+0xd4/0x260 [ 28.945325] kunit_try_run_case+0x1a5/0x480 [ 28.945503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.945739] kthread+0x337/0x6f0 [ 28.946118] ret_from_fork+0x116/0x1d0 [ 28.946370] ret_from_fork_asm+0x1a/0x30 [ 28.946523] [ 28.946646] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.947360] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.947661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.948155] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 28.317570] ================================================================== [ 28.318319] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.318319] [ 28.318822] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#86): [ 28.319317] test_out_of_bounds_read+0x126/0x4e0 [ 28.319574] kunit_try_run_case+0x1a5/0x480 [ 28.319760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.320536] kthread+0x337/0x6f0 [ 28.320706] ret_from_fork+0x116/0x1d0 [ 28.321119] ret_from_fork_asm+0x1a/0x30 [ 28.321423] [ 28.321664] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.321664] [ 28.322607] allocated by task 337 on cpu 0 at 28.316264s (0.006159s ago): [ 28.323757] test_alloc+0x364/0x10f0 [ 28.324176] test_out_of_bounds_read+0xed/0x4e0 [ 28.324589] kunit_try_run_case+0x1a5/0x480 [ 28.324993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.325372] kthread+0x337/0x6f0 [ 28.325490] ret_from_fork+0x116/0x1d0 [ 28.325619] ret_from_fork_asm+0x1a/0x30 [ 28.325830] [ 28.325960] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.326308] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.326462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.326742] ================================================================== [ 28.836284] ================================================================== [ 28.836705] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.836705] [ 28.837127] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#91): [ 28.837473] test_out_of_bounds_read+0x216/0x4e0 [ 28.837679] kunit_try_run_case+0x1a5/0x480 [ 28.837899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.838731] kthread+0x337/0x6f0 [ 28.838951] ret_from_fork+0x116/0x1d0 [ 28.839117] ret_from_fork_asm+0x1a/0x30 [ 28.839300] [ 28.839391] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.839391] [ 28.839776] allocated by task 339 on cpu 0 at 28.836220s (0.003555s ago): [ 28.840519] test_alloc+0x2a6/0x10f0 [ 28.840676] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.841063] kunit_try_run_case+0x1a5/0x480 [ 28.841263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.841635] kthread+0x337/0x6f0 [ 28.841825] ret_from_fork+0x116/0x1d0 [ 28.842112] ret_from_fork_asm+0x1a/0x30 [ 28.842356] [ 28.842475] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.843189] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.843485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.844045] ================================================================== [ 28.524451] ================================================================== [ 28.524973] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.524973] [ 28.525374] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#88): [ 28.526099] test_out_of_bounds_read+0x126/0x4e0 [ 28.526424] kunit_try_run_case+0x1a5/0x480 [ 28.526643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.527247] kthread+0x337/0x6f0 [ 28.527399] ret_from_fork+0x116/0x1d0 [ 28.527600] ret_from_fork_asm+0x1a/0x30 [ 28.528173] [ 28.528288] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.528288] [ 28.528664] allocated by task 339 on cpu 0 at 28.524318s (0.004344s ago): [ 28.529287] test_alloc+0x2a6/0x10f0 [ 28.529461] test_out_of_bounds_read+0xed/0x4e0 [ 28.529620] kunit_try_run_case+0x1a5/0x480 [ 28.530066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.530405] kthread+0x337/0x6f0 [ 28.530569] ret_from_fork+0x116/0x1d0 [ 28.530923] ret_from_fork_asm+0x1a/0x30 [ 28.531111] [ 28.531214] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.531723] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.532161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.532510] ================================================================== [ 28.420440] ================================================================== [ 28.420963] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.420963] [ 28.421835] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#87): [ 28.422231] test_out_of_bounds_read+0x216/0x4e0 [ 28.422445] kunit_try_run_case+0x1a5/0x480 [ 28.422637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.423305] kthread+0x337/0x6f0 [ 28.423466] ret_from_fork+0x116/0x1d0 [ 28.423645] ret_from_fork_asm+0x1a/0x30 [ 28.424148] [ 28.424248] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.424248] [ 28.424770] allocated by task 337 on cpu 0 at 28.420277s (0.004490s ago): [ 28.425079] test_alloc+0x364/0x10f0 [ 28.425257] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.425438] kunit_try_run_case+0x1a5/0x480 [ 28.425630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.426173] kthread+0x337/0x6f0 [ 28.426315] ret_from_fork+0x116/0x1d0 [ 28.426487] ret_from_fork_asm+0x1a/0x30 [ 28.426772] [ 28.427059] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.427564] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.427890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.428318] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 28.174098] ================================================================== [ 28.174435] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 28.174764] Write of size 1 at addr ffff8881060ac678 by task kunit_try_catch/335 [ 28.175117] [ 28.175206] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.175279] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.175294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.175317] Call Trace: [ 28.175336] <TASK> [ 28.175356] dump_stack_lvl+0x73/0xb0 [ 28.175389] print_report+0xd1/0x610 [ 28.175412] ? __virt_addr_valid+0x1db/0x2d0 [ 28.175456] ? strncpy_from_user+0x1a5/0x1d0 [ 28.175480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.175507] ? strncpy_from_user+0x1a5/0x1d0 [ 28.175532] kasan_report+0x141/0x180 [ 28.175555] ? strncpy_from_user+0x1a5/0x1d0 [ 28.175607] __asan_report_store1_noabort+0x1b/0x30 [ 28.175633] strncpy_from_user+0x1a5/0x1d0 [ 28.175659] copy_user_test_oob+0x760/0x10f0 [ 28.175686] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.175721] ? finish_task_switch.isra.0+0x153/0x700 [ 28.175745] ? __switch_to+0x47/0xf80 [ 28.175801] ? __schedule+0x10cc/0x2b60 [ 28.175830] ? __pfx_read_tsc+0x10/0x10 [ 28.175853] ? ktime_get_ts64+0x86/0x230 [ 28.175880] kunit_try_run_case+0x1a5/0x480 [ 28.175904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.175925] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.175950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.175975] ? __kthread_parkme+0x82/0x180 [ 28.175997] ? preempt_count_sub+0x50/0x80 [ 28.176021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.176044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.176070] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.176096] kthread+0x337/0x6f0 [ 28.176117] ? trace_preempt_on+0x20/0xc0 [ 28.176142] ? __pfx_kthread+0x10/0x10 [ 28.176164] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.176207] ? calculate_sigpending+0x7b/0xa0 [ 28.176233] ? __pfx_kthread+0x10/0x10 [ 28.176270] ret_from_fork+0x116/0x1d0 [ 28.176290] ? __pfx_kthread+0x10/0x10 [ 28.176326] ret_from_fork_asm+0x1a/0x30 [ 28.176384] </TASK> [ 28.176396] [ 28.183462] Allocated by task 335: [ 28.183651] kasan_save_stack+0x45/0x70 [ 28.183991] kasan_save_track+0x18/0x40 [ 28.184204] kasan_save_alloc_info+0x3b/0x50 [ 28.184400] __kasan_kmalloc+0xb7/0xc0 [ 28.184566] __kmalloc_noprof+0x1c9/0x500 [ 28.184807] kunit_kmalloc_array+0x25/0x60 [ 28.184968] copy_user_test_oob+0xab/0x10f0 [ 28.185189] kunit_try_run_case+0x1a5/0x480 [ 28.185360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.185601] kthread+0x337/0x6f0 [ 28.185767] ret_from_fork+0x116/0x1d0 [ 28.185942] ret_from_fork_asm+0x1a/0x30 [ 28.186119] [ 28.186210] The buggy address belongs to the object at ffff8881060ac600 [ 28.186210] which belongs to the cache kmalloc-128 of size 128 [ 28.186673] The buggy address is located 0 bytes to the right of [ 28.186673] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.187286] [ 28.187368] The buggy address belongs to the physical page: [ 28.187601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.187969] flags: 0x200000000000000(node=0|zone=2) [ 28.188228] page_type: f5(slab) [ 28.188384] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.188712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.189197] page dumped because: kasan: bad access detected [ 28.189366] [ 28.189453] Memory state around the buggy address: [ 28.189705] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.190055] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.190371] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.190675] ^ [ 28.191031] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.191391] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.191713] ================================================================== [ 28.155366] ================================================================== [ 28.155611] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 28.156080] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.156429] [ 28.156557] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.156608] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.156622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.156645] Call Trace: [ 28.156662] <TASK> [ 28.156679] dump_stack_lvl+0x73/0xb0 [ 28.156722] print_report+0xd1/0x610 [ 28.156745] ? __virt_addr_valid+0x1db/0x2d0 [ 28.156770] ? strncpy_from_user+0x2e/0x1d0 [ 28.156794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.156821] ? strncpy_from_user+0x2e/0x1d0 [ 28.156846] kasan_report+0x141/0x180 [ 28.156868] ? strncpy_from_user+0x2e/0x1d0 [ 28.156897] kasan_check_range+0x10c/0x1c0 [ 28.156922] __kasan_check_write+0x18/0x20 [ 28.156979] strncpy_from_user+0x2e/0x1d0 [ 28.157003] ? __kasan_check_read+0x15/0x20 [ 28.157047] copy_user_test_oob+0x760/0x10f0 [ 28.157074] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.157097] ? finish_task_switch.isra.0+0x153/0x700 [ 28.157120] ? __switch_to+0x47/0xf80 [ 28.157148] ? __schedule+0x10cc/0x2b60 [ 28.157172] ? __pfx_read_tsc+0x10/0x10 [ 28.157194] ? ktime_get_ts64+0x86/0x230 [ 28.157237] kunit_try_run_case+0x1a5/0x480 [ 28.157260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.157295] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.157320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.157345] ? __kthread_parkme+0x82/0x180 [ 28.157367] ? preempt_count_sub+0x50/0x80 [ 28.157391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.157414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.157440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.157467] kthread+0x337/0x6f0 [ 28.157487] ? trace_preempt_on+0x20/0xc0 [ 28.157511] ? __pfx_kthread+0x10/0x10 [ 28.157533] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.157557] ? calculate_sigpending+0x7b/0xa0 [ 28.157582] ? __pfx_kthread+0x10/0x10 [ 28.157605] ret_from_fork+0x116/0x1d0 [ 28.157625] ? __pfx_kthread+0x10/0x10 [ 28.157647] ret_from_fork_asm+0x1a/0x30 [ 28.157679] </TASK> [ 28.157701] [ 28.165543] Allocated by task 335: [ 28.165672] kasan_save_stack+0x45/0x70 [ 28.165822] kasan_save_track+0x18/0x40 [ 28.166018] kasan_save_alloc_info+0x3b/0x50 [ 28.166244] __kasan_kmalloc+0xb7/0xc0 [ 28.166452] __kmalloc_noprof+0x1c9/0x500 [ 28.166666] kunit_kmalloc_array+0x25/0x60 [ 28.167011] copy_user_test_oob+0xab/0x10f0 [ 28.167213] kunit_try_run_case+0x1a5/0x480 [ 28.167398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.167595] kthread+0x337/0x6f0 [ 28.167787] ret_from_fork+0x116/0x1d0 [ 28.167984] ret_from_fork_asm+0x1a/0x30 [ 28.168173] [ 28.168262] The buggy address belongs to the object at ffff8881060ac600 [ 28.168262] which belongs to the cache kmalloc-128 of size 128 [ 28.168789] The buggy address is located 0 bytes inside of [ 28.168789] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.169293] [ 28.169403] The buggy address belongs to the physical page: [ 28.169628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.170011] flags: 0x200000000000000(node=0|zone=2) [ 28.170273] page_type: f5(slab) [ 28.170436] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.170884] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.171219] page dumped because: kasan: bad access detected [ 28.171446] [ 28.171510] Memory state around the buggy address: [ 28.171658] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.172011] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.172328] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.172638] ^ [ 28.172928] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.173138] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.173443] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 28.082499] ================================================================== [ 28.082936] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.083206] Read of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.083465] [ 28.083543] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.083593] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.083607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.083628] Call Trace: [ 28.083645] <TASK> [ 28.083664] dump_stack_lvl+0x73/0xb0 [ 28.083704] print_report+0xd1/0x610 [ 28.083727] ? __virt_addr_valid+0x1db/0x2d0 [ 28.083752] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.083776] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.083802] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.083830] kasan_report+0x141/0x180 [ 28.083852] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.083881] kasan_check_range+0x10c/0x1c0 [ 28.083906] __kasan_check_read+0x15/0x20 [ 28.083931] copy_user_test_oob+0x4aa/0x10f0 [ 28.083956] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.083980] ? finish_task_switch.isra.0+0x153/0x700 [ 28.084003] ? __switch_to+0x47/0xf80 [ 28.085774] ? __schedule+0x10cc/0x2b60 [ 28.085821] ? __pfx_read_tsc+0x10/0x10 [ 28.085847] ? ktime_get_ts64+0x86/0x230 [ 28.085877] kunit_try_run_case+0x1a5/0x480 [ 28.085902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.085924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.085950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.085975] ? __kthread_parkme+0x82/0x180 [ 28.085998] ? preempt_count_sub+0x50/0x80 [ 28.086024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.086047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.086073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.086100] kthread+0x337/0x6f0 [ 28.086121] ? trace_preempt_on+0x20/0xc0 [ 28.086145] ? __pfx_kthread+0x10/0x10 [ 28.086166] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.086190] ? calculate_sigpending+0x7b/0xa0 [ 28.086215] ? __pfx_kthread+0x10/0x10 [ 28.086237] ret_from_fork+0x116/0x1d0 [ 28.086258] ? __pfx_kthread+0x10/0x10 [ 28.086280] ret_from_fork_asm+0x1a/0x30 [ 28.086313] </TASK> [ 28.086326] [ 28.097347] Allocated by task 335: [ 28.097483] kasan_save_stack+0x45/0x70 [ 28.097634] kasan_save_track+0x18/0x40 [ 28.098246] kasan_save_alloc_info+0x3b/0x50 [ 28.098449] __kasan_kmalloc+0xb7/0xc0 [ 28.098630] __kmalloc_noprof+0x1c9/0x500 [ 28.098845] kunit_kmalloc_array+0x25/0x60 [ 28.099050] copy_user_test_oob+0xab/0x10f0 [ 28.099709] kunit_try_run_case+0x1a5/0x480 [ 28.100222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.100592] kthread+0x337/0x6f0 [ 28.100823] ret_from_fork+0x116/0x1d0 [ 28.101235] ret_from_fork_asm+0x1a/0x30 [ 28.101380] [ 28.101447] The buggy address belongs to the object at ffff8881060ac600 [ 28.101447] which belongs to the cache kmalloc-128 of size 128 [ 28.101828] The buggy address is located 0 bytes inside of [ 28.101828] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.102643] [ 28.102772] The buggy address belongs to the physical page: [ 28.103137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.103468] flags: 0x200000000000000(node=0|zone=2) [ 28.103678] page_type: f5(slab) [ 28.103857] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.104390] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.104802] page dumped because: kasan: bad access detected [ 28.105024] [ 28.105274] Memory state around the buggy address: [ 28.105461] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.105885] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.106247] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.106611] ^ [ 28.106959] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.107365] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.107690] ================================================================== [ 28.109473] ================================================================== [ 28.109797] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.110163] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.110526] [ 28.110644] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.110728] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.110743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.110789] Call Trace: [ 28.110819] <TASK> [ 28.110840] dump_stack_lvl+0x73/0xb0 [ 28.110908] print_report+0xd1/0x610 [ 28.110934] ? __virt_addr_valid+0x1db/0x2d0 [ 28.110959] ? copy_user_test_oob+0x557/0x10f0 [ 28.110994] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.111020] ? copy_user_test_oob+0x557/0x10f0 [ 28.111045] kasan_report+0x141/0x180 [ 28.111067] ? copy_user_test_oob+0x557/0x10f0 [ 28.111096] kasan_check_range+0x10c/0x1c0 [ 28.111120] __kasan_check_write+0x18/0x20 [ 28.111171] copy_user_test_oob+0x557/0x10f0 [ 28.111196] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.111220] ? finish_task_switch.isra.0+0x153/0x700 [ 28.111254] ? __switch_to+0x47/0xf80 [ 28.111280] ? __schedule+0x10cc/0x2b60 [ 28.111305] ? __pfx_read_tsc+0x10/0x10 [ 28.111327] ? ktime_get_ts64+0x86/0x230 [ 28.111353] kunit_try_run_case+0x1a5/0x480 [ 28.111375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.111396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.111421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.111445] ? __kthread_parkme+0x82/0x180 [ 28.111467] ? preempt_count_sub+0x50/0x80 [ 28.111492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.111514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.111539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.111566] kthread+0x337/0x6f0 [ 28.111586] ? trace_preempt_on+0x20/0xc0 [ 28.111609] ? __pfx_kthread+0x10/0x10 [ 28.111631] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.111654] ? calculate_sigpending+0x7b/0xa0 [ 28.111679] ? __pfx_kthread+0x10/0x10 [ 28.111710] ret_from_fork+0x116/0x1d0 [ 28.111730] ? __pfx_kthread+0x10/0x10 [ 28.111752] ret_from_fork_asm+0x1a/0x30 [ 28.111797] </TASK> [ 28.111816] [ 28.119548] Allocated by task 335: [ 28.119674] kasan_save_stack+0x45/0x70 [ 28.119826] kasan_save_track+0x18/0x40 [ 28.119952] kasan_save_alloc_info+0x3b/0x50 [ 28.120203] __kasan_kmalloc+0xb7/0xc0 [ 28.120383] __kmalloc_noprof+0x1c9/0x500 [ 28.120577] kunit_kmalloc_array+0x25/0x60 [ 28.120780] copy_user_test_oob+0xab/0x10f0 [ 28.120978] kunit_try_run_case+0x1a5/0x480 [ 28.121146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.121424] kthread+0x337/0x6f0 [ 28.121622] ret_from_fork+0x116/0x1d0 [ 28.121826] ret_from_fork_asm+0x1a/0x30 [ 28.122051] [ 28.122156] The buggy address belongs to the object at ffff8881060ac600 [ 28.122156] which belongs to the cache kmalloc-128 of size 128 [ 28.122991] The buggy address is located 0 bytes inside of [ 28.122991] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.123344] [ 28.123410] The buggy address belongs to the physical page: [ 28.123579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.124668] flags: 0x200000000000000(node=0|zone=2) [ 28.125150] page_type: f5(slab) [ 28.125478] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.126088] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.126493] page dumped because: kasan: bad access detected [ 28.126731] [ 28.127101] Memory state around the buggy address: [ 28.127553] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.128303] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.128751] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.129074] ^ [ 28.129348] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.129632] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.130331] ================================================================== [ 28.065398] ================================================================== [ 28.065740] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.066097] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.066394] [ 28.066491] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.066545] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.066560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.066583] Call Trace: [ 28.066599] <TASK> [ 28.066619] dump_stack_lvl+0x73/0xb0 [ 28.066652] print_report+0xd1/0x610 [ 28.066675] ? __virt_addr_valid+0x1db/0x2d0 [ 28.066714] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.066738] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.066765] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.066805] kasan_report+0x141/0x180 [ 28.066828] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.066857] kasan_check_range+0x10c/0x1c0 [ 28.066880] __kasan_check_write+0x18/0x20 [ 28.066905] copy_user_test_oob+0x3fd/0x10f0 [ 28.066931] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.066954] ? finish_task_switch.isra.0+0x153/0x700 [ 28.066978] ? __switch_to+0x47/0xf80 [ 28.067006] ? __schedule+0x10cc/0x2b60 [ 28.067031] ? __pfx_read_tsc+0x10/0x10 [ 28.067053] ? ktime_get_ts64+0x86/0x230 [ 28.067079] kunit_try_run_case+0x1a5/0x480 [ 28.067102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.067124] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.067148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.067173] ? __kthread_parkme+0x82/0x180 [ 28.067196] ? preempt_count_sub+0x50/0x80 [ 28.067219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.067243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.067269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.067295] kthread+0x337/0x6f0 [ 28.067316] ? trace_preempt_on+0x20/0xc0 [ 28.067340] ? __pfx_kthread+0x10/0x10 [ 28.067362] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.067386] ? calculate_sigpending+0x7b/0xa0 [ 28.067411] ? __pfx_kthread+0x10/0x10 [ 28.067433] ret_from_fork+0x116/0x1d0 [ 28.067454] ? __pfx_kthread+0x10/0x10 [ 28.067476] ret_from_fork_asm+0x1a/0x30 [ 28.067509] </TASK> [ 28.067522] [ 28.074411] Allocated by task 335: [ 28.074584] kasan_save_stack+0x45/0x70 [ 28.074822] kasan_save_track+0x18/0x40 [ 28.075009] kasan_save_alloc_info+0x3b/0x50 [ 28.075211] __kasan_kmalloc+0xb7/0xc0 [ 28.075394] __kmalloc_noprof+0x1c9/0x500 [ 28.075593] kunit_kmalloc_array+0x25/0x60 [ 28.075828] copy_user_test_oob+0xab/0x10f0 [ 28.076021] kunit_try_run_case+0x1a5/0x480 [ 28.076193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.076419] kthread+0x337/0x6f0 [ 28.076561] ret_from_fork+0x116/0x1d0 [ 28.076738] ret_from_fork_asm+0x1a/0x30 [ 28.076937] [ 28.077033] The buggy address belongs to the object at ffff8881060ac600 [ 28.077033] which belongs to the cache kmalloc-128 of size 128 [ 28.077478] The buggy address is located 0 bytes inside of [ 28.077478] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.077985] [ 28.078080] The buggy address belongs to the physical page: [ 28.078309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.078607] flags: 0x200000000000000(node=0|zone=2) [ 28.078850] page_type: f5(slab) [ 28.079002] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.079256] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.079476] page dumped because: kasan: bad access detected [ 28.079643] [ 28.079717] Memory state around the buggy address: [ 28.080049] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.080365] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.080641] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.080858] ^ [ 28.081066] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.081553] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.081885] ================================================================== [ 28.131442] ================================================================== [ 28.131785] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.132467] Read of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.133228] [ 28.133356] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.133528] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.133544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.133568] Call Trace: [ 28.133587] <TASK> [ 28.133606] dump_stack_lvl+0x73/0xb0 [ 28.133677] print_report+0xd1/0x610 [ 28.133710] ? __virt_addr_valid+0x1db/0x2d0 [ 28.133735] ? copy_user_test_oob+0x604/0x10f0 [ 28.133759] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.133796] ? copy_user_test_oob+0x604/0x10f0 [ 28.133821] kasan_report+0x141/0x180 [ 28.133845] ? copy_user_test_oob+0x604/0x10f0 [ 28.133873] kasan_check_range+0x10c/0x1c0 [ 28.133898] __kasan_check_read+0x15/0x20 [ 28.133922] copy_user_test_oob+0x604/0x10f0 [ 28.133948] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.133973] ? finish_task_switch.isra.0+0x153/0x700 [ 28.133997] ? __switch_to+0x47/0xf80 [ 28.134024] ? __schedule+0x10cc/0x2b60 [ 28.134049] ? __pfx_read_tsc+0x10/0x10 [ 28.134071] ? ktime_get_ts64+0x86/0x230 [ 28.134097] kunit_try_run_case+0x1a5/0x480 [ 28.134120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.134141] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.134166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.134191] ? __kthread_parkme+0x82/0x180 [ 28.134212] ? preempt_count_sub+0x50/0x80 [ 28.134237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.134259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.134284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.134311] kthread+0x337/0x6f0 [ 28.134331] ? trace_preempt_on+0x20/0xc0 [ 28.134354] ? __pfx_kthread+0x10/0x10 [ 28.134376] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.134400] ? calculate_sigpending+0x7b/0xa0 [ 28.134426] ? __pfx_kthread+0x10/0x10 [ 28.134449] ret_from_fork+0x116/0x1d0 [ 28.134469] ? __pfx_kthread+0x10/0x10 [ 28.134491] ret_from_fork_asm+0x1a/0x30 [ 28.134524] </TASK> [ 28.134537] [ 28.145199] Allocated by task 335: [ 28.145505] kasan_save_stack+0x45/0x70 [ 28.145896] kasan_save_track+0x18/0x40 [ 28.146182] kasan_save_alloc_info+0x3b/0x50 [ 28.146387] __kasan_kmalloc+0xb7/0xc0 [ 28.146553] __kmalloc_noprof+0x1c9/0x500 [ 28.146750] kunit_kmalloc_array+0x25/0x60 [ 28.147161] copy_user_test_oob+0xab/0x10f0 [ 28.147340] kunit_try_run_case+0x1a5/0x480 [ 28.147523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.147765] kthread+0x337/0x6f0 [ 28.148352] ret_from_fork+0x116/0x1d0 [ 28.148607] ret_from_fork_asm+0x1a/0x30 [ 28.148946] [ 28.149186] The buggy address belongs to the object at ffff8881060ac600 [ 28.149186] which belongs to the cache kmalloc-128 of size 128 [ 28.149675] The buggy address is located 0 bytes inside of [ 28.149675] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.150286] [ 28.150361] The buggy address belongs to the physical page: [ 28.150583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.150999] flags: 0x200000000000000(node=0|zone=2) [ 28.151211] page_type: f5(slab) [ 28.151363] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.151730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.152131] page dumped because: kasan: bad access detected [ 28.152304] [ 28.152398] Memory state around the buggy address: [ 28.152620] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.152961] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.153320] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.153583] ^ [ 28.154026] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.154352] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.154657] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 28.036811] ================================================================== [ 28.037144] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 28.037680] Read of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.038235] [ 28.038322] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.038374] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.038388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.038410] Call Trace: [ 28.038429] <TASK> [ 28.038447] dump_stack_lvl+0x73/0xb0 [ 28.038478] print_report+0xd1/0x610 [ 28.038502] ? __virt_addr_valid+0x1db/0x2d0 [ 28.038527] ? _copy_to_user+0x3c/0x70 [ 28.038549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.038576] ? _copy_to_user+0x3c/0x70 [ 28.038598] kasan_report+0x141/0x180 [ 28.038621] ? _copy_to_user+0x3c/0x70 [ 28.038647] kasan_check_range+0x10c/0x1c0 [ 28.038672] __kasan_check_read+0x15/0x20 [ 28.038707] _copy_to_user+0x3c/0x70 [ 28.038731] copy_user_test_oob+0x364/0x10f0 [ 28.038757] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.038792] ? finish_task_switch.isra.0+0x153/0x700 [ 28.038816] ? __switch_to+0x47/0xf80 [ 28.038844] ? __schedule+0x10cc/0x2b60 [ 28.038869] ? __pfx_read_tsc+0x10/0x10 [ 28.038891] ? ktime_get_ts64+0x86/0x230 [ 28.038918] kunit_try_run_case+0x1a5/0x480 [ 28.038941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.038962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.038986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.039012] ? __kthread_parkme+0x82/0x180 [ 28.039033] ? preempt_count_sub+0x50/0x80 [ 28.039058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.039081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.039106] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.039131] kthread+0x337/0x6f0 [ 28.039153] ? trace_preempt_on+0x20/0xc0 [ 28.039176] ? __pfx_kthread+0x10/0x10 [ 28.039198] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.039221] ? calculate_sigpending+0x7b/0xa0 [ 28.039247] ? __pfx_kthread+0x10/0x10 [ 28.039269] ret_from_fork+0x116/0x1d0 [ 28.039289] ? __pfx_kthread+0x10/0x10 [ 28.039311] ret_from_fork_asm+0x1a/0x30 [ 28.039343] </TASK> [ 28.039355] [ 28.050460] Allocated by task 335: [ 28.050882] kasan_save_stack+0x45/0x70 [ 28.051195] kasan_save_track+0x18/0x40 [ 28.051396] kasan_save_alloc_info+0x3b/0x50 [ 28.051590] __kasan_kmalloc+0xb7/0xc0 [ 28.051769] __kmalloc_noprof+0x1c9/0x500 [ 28.052228] kunit_kmalloc_array+0x25/0x60 [ 28.052541] copy_user_test_oob+0xab/0x10f0 [ 28.052900] kunit_try_run_case+0x1a5/0x480 [ 28.053097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.053330] kthread+0x337/0x6f0 [ 28.053482] ret_from_fork+0x116/0x1d0 [ 28.053650] ret_from_fork_asm+0x1a/0x30 [ 28.054250] [ 28.054359] The buggy address belongs to the object at ffff8881060ac600 [ 28.054359] which belongs to the cache kmalloc-128 of size 128 [ 28.055318] The buggy address is located 0 bytes inside of [ 28.055318] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.056463] [ 28.056553] The buggy address belongs to the physical page: [ 28.057007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.057327] flags: 0x200000000000000(node=0|zone=2) [ 28.057538] page_type: f5(slab) [ 28.057703] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.057934] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.058466] page dumped because: kasan: bad access detected [ 28.058686] [ 28.058767] Memory state around the buggy address: [ 28.058987] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.059261] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.059477] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.059790] ^ [ 28.060028] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.060544] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.060826] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 28.005156] ================================================================== [ 28.006551] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 28.007356] Write of size 121 at addr ffff8881060ac600 by task kunit_try_catch/335 [ 28.008246] [ 28.008631] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 28.008741] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.008780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.008809] Call Trace: [ 28.008826] <TASK> [ 28.008851] dump_stack_lvl+0x73/0xb0 [ 28.008894] print_report+0xd1/0x610 [ 28.008920] ? __virt_addr_valid+0x1db/0x2d0 [ 28.008949] ? _copy_from_user+0x32/0x90 [ 28.008971] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.008999] ? _copy_from_user+0x32/0x90 [ 28.009022] kasan_report+0x141/0x180 [ 28.009044] ? _copy_from_user+0x32/0x90 [ 28.009071] kasan_check_range+0x10c/0x1c0 [ 28.009095] __kasan_check_write+0x18/0x20 [ 28.009119] _copy_from_user+0x32/0x90 [ 28.009142] copy_user_test_oob+0x2be/0x10f0 [ 28.009169] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.009192] ? finish_task_switch.isra.0+0x153/0x700 [ 28.009216] ? __switch_to+0x47/0xf80 [ 28.009245] ? __schedule+0x10cc/0x2b60 [ 28.009270] ? __pfx_read_tsc+0x10/0x10 [ 28.009294] ? ktime_get_ts64+0x86/0x230 [ 28.009321] kunit_try_run_case+0x1a5/0x480 [ 28.009344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.009366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.009391] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.009415] ? __kthread_parkme+0x82/0x180 [ 28.009438] ? preempt_count_sub+0x50/0x80 [ 28.009462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.009484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.009510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.009536] kthread+0x337/0x6f0 [ 28.009557] ? trace_preempt_on+0x20/0xc0 [ 28.009583] ? __pfx_kthread+0x10/0x10 [ 28.009604] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.009627] ? calculate_sigpending+0x7b/0xa0 [ 28.009653] ? __pfx_kthread+0x10/0x10 [ 28.009676] ret_from_fork+0x116/0x1d0 [ 28.009707] ? __pfx_kthread+0x10/0x10 [ 28.009728] ret_from_fork_asm+0x1a/0x30 [ 28.009780] </TASK> [ 28.009794] [ 28.022211] Allocated by task 335: [ 28.022531] kasan_save_stack+0x45/0x70 [ 28.022857] kasan_save_track+0x18/0x40 [ 28.022995] kasan_save_alloc_info+0x3b/0x50 [ 28.023138] __kasan_kmalloc+0xb7/0xc0 [ 28.023264] __kmalloc_noprof+0x1c9/0x500 [ 28.023403] kunit_kmalloc_array+0x25/0x60 [ 28.023538] copy_user_test_oob+0xab/0x10f0 [ 28.023677] kunit_try_run_case+0x1a5/0x480 [ 28.024078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.024538] kthread+0x337/0x6f0 [ 28.024857] ret_from_fork+0x116/0x1d0 [ 28.025191] ret_from_fork_asm+0x1a/0x30 [ 28.025537] [ 28.025687] The buggy address belongs to the object at ffff8881060ac600 [ 28.025687] which belongs to the cache kmalloc-128 of size 128 [ 28.026781] The buggy address is located 0 bytes inside of [ 28.026781] allocated 120-byte region [ffff8881060ac600, ffff8881060ac678) [ 28.027826] [ 28.027988] The buggy address belongs to the physical page: [ 28.028469] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 28.029159] flags: 0x200000000000000(node=0|zone=2) [ 28.029395] page_type: f5(slab) [ 28.029513] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.029748] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.030393] page dumped because: kasan: bad access detected [ 28.030912] [ 28.031065] Memory state around the buggy address: [ 28.031476] ffff8881060ac500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.032278] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.032801] >ffff8881060ac600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.033012] ^ [ 28.033220] ffff8881060ac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.033428] ffff8881060ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.033634] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 27.972054] ================================================================== [ 27.972362] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.972683] Write of size 8 at addr ffff8881060ac578 by task kunit_try_catch/331 [ 27.973178] [ 27.973315] CPU: 1 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.973418] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.973435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.973459] Call Trace: [ 27.973480] <TASK> [ 27.973502] dump_stack_lvl+0x73/0xb0 [ 27.973535] print_report+0xd1/0x610 [ 27.973559] ? __virt_addr_valid+0x1db/0x2d0 [ 27.973607] ? copy_to_kernel_nofault+0x99/0x260 [ 27.973632] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.973659] ? copy_to_kernel_nofault+0x99/0x260 [ 27.973683] kasan_report+0x141/0x180 [ 27.973718] ? copy_to_kernel_nofault+0x99/0x260 [ 27.973747] kasan_check_range+0x10c/0x1c0 [ 27.973798] __kasan_check_write+0x18/0x20 [ 27.973822] copy_to_kernel_nofault+0x99/0x260 [ 27.973847] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.973871] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.973952] ? finish_task_switch.isra.0+0x153/0x700 [ 27.973980] ? __schedule+0x10cc/0x2b60 [ 27.974004] ? trace_hardirqs_on+0x37/0xe0 [ 27.974037] ? __pfx_read_tsc+0x10/0x10 [ 27.974060] ? ktime_get_ts64+0x86/0x230 [ 27.974086] kunit_try_run_case+0x1a5/0x480 [ 27.974110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.974131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.974156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.974181] ? __kthread_parkme+0x82/0x180 [ 27.974203] ? preempt_count_sub+0x50/0x80 [ 27.974226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.974249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.974275] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.974301] kthread+0x337/0x6f0 [ 27.974321] ? trace_preempt_on+0x20/0xc0 [ 27.974344] ? __pfx_kthread+0x10/0x10 [ 27.974365] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.974388] ? calculate_sigpending+0x7b/0xa0 [ 27.974414] ? __pfx_kthread+0x10/0x10 [ 27.974436] ret_from_fork+0x116/0x1d0 [ 27.974456] ? __pfx_kthread+0x10/0x10 [ 27.974477] ret_from_fork_asm+0x1a/0x30 [ 27.974510] </TASK> [ 27.974523] [ 27.982909] Allocated by task 331: [ 27.983133] kasan_save_stack+0x45/0x70 [ 27.983427] kasan_save_track+0x18/0x40 [ 27.983600] kasan_save_alloc_info+0x3b/0x50 [ 27.983777] __kasan_kmalloc+0xb7/0xc0 [ 27.984062] __kmalloc_cache_noprof+0x189/0x420 [ 27.984636] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.984892] kunit_try_run_case+0x1a5/0x480 [ 27.985097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.985341] kthread+0x337/0x6f0 [ 27.985510] ret_from_fork+0x116/0x1d0 [ 27.985705] ret_from_fork_asm+0x1a/0x30 [ 27.985925] [ 27.986045] The buggy address belongs to the object at ffff8881060ac500 [ 27.986045] which belongs to the cache kmalloc-128 of size 128 [ 27.986592] The buggy address is located 0 bytes to the right of [ 27.986592] allocated 120-byte region [ffff8881060ac500, ffff8881060ac578) [ 27.987022] [ 27.987164] The buggy address belongs to the physical page: [ 27.987455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 27.988130] flags: 0x200000000000000(node=0|zone=2) [ 27.988332] page_type: f5(slab) [ 27.988502] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.989023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.989340] page dumped because: kasan: bad access detected [ 27.989564] [ 27.989629] Memory state around the buggy address: [ 27.989996] ffff8881060ac400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.990297] ffff8881060ac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.990630] >ffff8881060ac500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.990977] ^ [ 27.991299] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.991602] ffff8881060ac600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.991885] ================================================================== [ 27.940768] ================================================================== [ 27.941770] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.942789] Read of size 8 at addr ffff8881060ac578 by task kunit_try_catch/331 [ 27.943191] [ 27.943690] CPU: 1 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.943768] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.943797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.943847] Call Trace: [ 27.943864] <TASK> [ 27.944009] dump_stack_lvl+0x73/0xb0 [ 27.944051] print_report+0xd1/0x610 [ 27.944078] ? __virt_addr_valid+0x1db/0x2d0 [ 27.944106] ? copy_to_kernel_nofault+0x225/0x260 [ 27.944130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.944158] ? copy_to_kernel_nofault+0x225/0x260 [ 27.944182] kasan_report+0x141/0x180 [ 27.944205] ? copy_to_kernel_nofault+0x225/0x260 [ 27.944233] __asan_report_load8_noabort+0x18/0x20 [ 27.944258] copy_to_kernel_nofault+0x225/0x260 [ 27.944284] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.944308] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.944331] ? finish_task_switch.isra.0+0x153/0x700 [ 27.944356] ? __schedule+0x10cc/0x2b60 [ 27.944381] ? trace_hardirqs_on+0x37/0xe0 [ 27.944414] ? __pfx_read_tsc+0x10/0x10 [ 27.944438] ? ktime_get_ts64+0x86/0x230 [ 27.944465] kunit_try_run_case+0x1a5/0x480 [ 27.944491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.944512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.944537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.944562] ? __kthread_parkme+0x82/0x180 [ 27.944584] ? preempt_count_sub+0x50/0x80 [ 27.944607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.944630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.944656] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.944681] kthread+0x337/0x6f0 [ 27.944713] ? trace_preempt_on+0x20/0xc0 [ 27.944737] ? __pfx_kthread+0x10/0x10 [ 27.944758] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.944794] ? calculate_sigpending+0x7b/0xa0 [ 27.944820] ? __pfx_kthread+0x10/0x10 [ 27.944843] ret_from_fork+0x116/0x1d0 [ 27.944863] ? __pfx_kthread+0x10/0x10 [ 27.944892] ret_from_fork_asm+0x1a/0x30 [ 27.944925] </TASK> [ 27.944939] [ 27.957490] Allocated by task 331: [ 27.957862] kasan_save_stack+0x45/0x70 [ 27.958213] kasan_save_track+0x18/0x40 [ 27.958555] kasan_save_alloc_info+0x3b/0x50 [ 27.959272] __kasan_kmalloc+0xb7/0xc0 [ 27.959638] __kmalloc_cache_noprof+0x189/0x420 [ 27.959911] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.960120] kunit_try_run_case+0x1a5/0x480 [ 27.960302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.960848] kthread+0x337/0x6f0 [ 27.961186] ret_from_fork+0x116/0x1d0 [ 27.961558] ret_from_fork_asm+0x1a/0x30 [ 27.961991] [ 27.962167] The buggy address belongs to the object at ffff8881060ac500 [ 27.962167] which belongs to the cache kmalloc-128 of size 128 [ 27.962981] The buggy address is located 0 bytes to the right of [ 27.962981] allocated 120-byte region [ffff8881060ac500, ffff8881060ac578) [ 27.963329] [ 27.963399] The buggy address belongs to the physical page: [ 27.963565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 27.964210] flags: 0x200000000000000(node=0|zone=2) [ 27.964633] page_type: f5(slab) [ 27.964976] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.965623] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.966384] page dumped because: kasan: bad access detected [ 27.966959] [ 27.967122] Memory state around the buggy address: [ 27.967701] ffff8881060ac400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.968414] ffff8881060ac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.969096] >ffff8881060ac500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.969795] ^ [ 27.970463] ffff8881060ac580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.971184] ffff8881060ac600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.971418] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 27.111139] ================================================================== [ 27.112071] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 27.112743] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.113310] [ 27.113403] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.113458] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.113473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.113498] Call Trace: [ 27.113521] <TASK> [ 27.113542] dump_stack_lvl+0x73/0xb0 [ 27.113576] print_report+0xd1/0x610 [ 27.113599] ? __virt_addr_valid+0x1db/0x2d0 [ 27.113625] ? kasan_atomics_helper+0x1079/0x5450 [ 27.113647] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.113674] ? kasan_atomics_helper+0x1079/0x5450 [ 27.113708] kasan_report+0x141/0x180 [ 27.113731] ? kasan_atomics_helper+0x1079/0x5450 [ 27.113758] kasan_check_range+0x10c/0x1c0 [ 27.113792] __kasan_check_write+0x18/0x20 [ 27.113816] kasan_atomics_helper+0x1079/0x5450 [ 27.113840] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.113863] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.113898] ? kasan_save_alloc_info+0x3b/0x50 [ 27.113927] kasan_atomics+0x1dc/0x310 [ 27.113962] ? __pfx_kasan_atomics+0x10/0x10 [ 27.113987] ? __pfx_read_tsc+0x10/0x10 [ 27.114011] ? ktime_get_ts64+0x86/0x230 [ 27.114038] kunit_try_run_case+0x1a5/0x480 [ 27.114070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.114092] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.114118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.114155] ? __kthread_parkme+0x82/0x180 [ 27.114179] ? preempt_count_sub+0x50/0x80 [ 27.114204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.114228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.114254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.114280] kthread+0x337/0x6f0 [ 27.114301] ? trace_preempt_on+0x20/0xc0 [ 27.114327] ? __pfx_kthread+0x10/0x10 [ 27.114349] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.114372] ? calculate_sigpending+0x7b/0xa0 [ 27.114398] ? __pfx_kthread+0x10/0x10 [ 27.114429] ret_from_fork+0x116/0x1d0 [ 27.114450] ? __pfx_kthread+0x10/0x10 [ 27.114471] ret_from_fork_asm+0x1a/0x30 [ 27.114514] </TASK> [ 27.114526] [ 27.123892] Allocated by task 315: [ 27.124098] kasan_save_stack+0x45/0x70 [ 27.124329] kasan_save_track+0x18/0x40 [ 27.124522] kasan_save_alloc_info+0x3b/0x50 [ 27.124740] __kasan_kmalloc+0xb7/0xc0 [ 27.125029] __kmalloc_cache_noprof+0x189/0x420 [ 27.125198] kasan_atomics+0x95/0x310 [ 27.125328] kunit_try_run_case+0x1a5/0x480 [ 27.125468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.125749] kthread+0x337/0x6f0 [ 27.125921] ret_from_fork+0x116/0x1d0 [ 27.126105] ret_from_fork_asm+0x1a/0x30 [ 27.126284] [ 27.126351] The buggy address belongs to the object at ffff8881058d6700 [ 27.126351] which belongs to the cache kmalloc-64 of size 64 [ 27.126725] The buggy address is located 0 bytes to the right of [ 27.126725] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.127276] [ 27.127373] The buggy address belongs to the physical page: [ 27.127655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.128009] flags: 0x200000000000000(node=0|zone=2) [ 27.128176] page_type: f5(slab) [ 27.128348] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.128717] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.129068] page dumped because: kasan: bad access detected [ 27.129295] [ 27.129399] Memory state around the buggy address: [ 27.129593] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.129960] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.130265] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.130555] ^ [ 27.130772] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.131088] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.131400] ================================================================== [ 27.643258] ================================================================== [ 27.643522] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 27.644157] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.644529] [ 27.644736] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.644795] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.644811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.644835] Call Trace: [ 27.644857] <TASK> [ 27.644881] dump_stack_lvl+0x73/0xb0 [ 27.644915] print_report+0xd1/0x610 [ 27.644941] ? __virt_addr_valid+0x1db/0x2d0 [ 27.644967] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.644989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.645016] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.645038] kasan_report+0x141/0x180 [ 27.645060] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.645087] kasan_check_range+0x10c/0x1c0 [ 27.645111] __kasan_check_write+0x18/0x20 [ 27.645134] kasan_atomics_helper+0x1d7a/0x5450 [ 27.645158] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.645180] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.645205] ? kasan_save_alloc_info+0x3b/0x50 [ 27.645235] kasan_atomics+0x1dc/0x310 [ 27.645259] ? __pfx_kasan_atomics+0x10/0x10 [ 27.645283] ? __pfx_read_tsc+0x10/0x10 [ 27.645307] ? ktime_get_ts64+0x86/0x230 [ 27.645334] kunit_try_run_case+0x1a5/0x480 [ 27.645357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.645378] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.645404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.645429] ? __kthread_parkme+0x82/0x180 [ 27.645452] ? preempt_count_sub+0x50/0x80 [ 27.645478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.645501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.645527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.645553] kthread+0x337/0x6f0 [ 27.645574] ? trace_preempt_on+0x20/0xc0 [ 27.645602] ? __pfx_kthread+0x10/0x10 [ 27.645625] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.645648] ? calculate_sigpending+0x7b/0xa0 [ 27.645674] ? __pfx_kthread+0x10/0x10 [ 27.645868] ret_from_fork+0x116/0x1d0 [ 27.645895] ? __pfx_kthread+0x10/0x10 [ 27.645918] ret_from_fork_asm+0x1a/0x30 [ 27.645952] </TASK> [ 27.645966] [ 27.655687] Allocated by task 315: [ 27.656063] kasan_save_stack+0x45/0x70 [ 27.656280] kasan_save_track+0x18/0x40 [ 27.656570] kasan_save_alloc_info+0x3b/0x50 [ 27.656794] __kasan_kmalloc+0xb7/0xc0 [ 27.657048] __kmalloc_cache_noprof+0x189/0x420 [ 27.657257] kasan_atomics+0x95/0x310 [ 27.657425] kunit_try_run_case+0x1a5/0x480 [ 27.657619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.657855] kthread+0x337/0x6f0 [ 27.658330] ret_from_fork+0x116/0x1d0 [ 27.658515] ret_from_fork_asm+0x1a/0x30 [ 27.658657] [ 27.658767] The buggy address belongs to the object at ffff8881058d6700 [ 27.658767] which belongs to the cache kmalloc-64 of size 64 [ 27.659391] The buggy address is located 0 bytes to the right of [ 27.659391] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.660165] [ 27.660329] The buggy address belongs to the physical page: [ 27.660572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.661132] flags: 0x200000000000000(node=0|zone=2) [ 27.661433] page_type: f5(slab) [ 27.661574] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.662069] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.662441] page dumped because: kasan: bad access detected [ 27.662636] [ 27.662745] Memory state around the buggy address: [ 27.662949] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.663430] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.663795] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.664148] ^ [ 27.664356] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.664642] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.665165] ================================================================== [ 27.313893] ================================================================== [ 27.315297] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 27.315629] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.316015] [ 27.316148] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.316204] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.316219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.316254] Call Trace: [ 27.316275] <TASK> [ 27.316297] dump_stack_lvl+0x73/0xb0 [ 27.316342] print_report+0xd1/0x610 [ 27.316366] ? __virt_addr_valid+0x1db/0x2d0 [ 27.316392] ? kasan_atomics_helper+0x1467/0x5450 [ 27.316414] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.316450] ? kasan_atomics_helper+0x1467/0x5450 [ 27.316473] kasan_report+0x141/0x180 [ 27.316495] ? kasan_atomics_helper+0x1467/0x5450 [ 27.316613] kasan_check_range+0x10c/0x1c0 [ 27.316640] __kasan_check_write+0x18/0x20 [ 27.316664] kasan_atomics_helper+0x1467/0x5450 [ 27.316688] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.316726] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.316753] ? kasan_save_alloc_info+0x3b/0x50 [ 27.316792] kasan_atomics+0x1dc/0x310 [ 27.316815] ? __pfx_kasan_atomics+0x10/0x10 [ 27.316840] ? __pfx_read_tsc+0x10/0x10 [ 27.316875] ? ktime_get_ts64+0x86/0x230 [ 27.316902] kunit_try_run_case+0x1a5/0x480 [ 27.316937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.316958] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.316984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.317008] ? __kthread_parkme+0x82/0x180 [ 27.317030] ? preempt_count_sub+0x50/0x80 [ 27.317055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.317078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.317104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.317129] kthread+0x337/0x6f0 [ 27.317150] ? trace_preempt_on+0x20/0xc0 [ 27.317174] ? __pfx_kthread+0x10/0x10 [ 27.317196] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.317219] ? calculate_sigpending+0x7b/0xa0 [ 27.317244] ? __pfx_kthread+0x10/0x10 [ 27.317267] ret_from_fork+0x116/0x1d0 [ 27.317287] ? __pfx_kthread+0x10/0x10 [ 27.317309] ret_from_fork_asm+0x1a/0x30 [ 27.317342] </TASK> [ 27.317356] [ 27.324944] Allocated by task 315: [ 27.325155] kasan_save_stack+0x45/0x70 [ 27.325369] kasan_save_track+0x18/0x40 [ 27.325504] kasan_save_alloc_info+0x3b/0x50 [ 27.325679] __kasan_kmalloc+0xb7/0xc0 [ 27.325881] __kmalloc_cache_noprof+0x189/0x420 [ 27.326101] kasan_atomics+0x95/0x310 [ 27.326262] kunit_try_run_case+0x1a5/0x480 [ 27.326405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.326831] kthread+0x337/0x6f0 [ 27.326968] ret_from_fork+0x116/0x1d0 [ 27.327173] ret_from_fork_asm+0x1a/0x30 [ 27.327311] [ 27.327379] The buggy address belongs to the object at ffff8881058d6700 [ 27.327379] which belongs to the cache kmalloc-64 of size 64 [ 27.327757] The buggy address is located 0 bytes to the right of [ 27.327757] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.328330] [ 27.328423] The buggy address belongs to the physical page: [ 27.328671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.328962] flags: 0x200000000000000(node=0|zone=2) [ 27.329124] page_type: f5(slab) [ 27.329242] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.329586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.330209] page dumped because: kasan: bad access detected [ 27.330462] [ 27.330553] Memory state around the buggy address: [ 27.330764] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.331085] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.331385] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.331676] ^ [ 27.331925] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.332227] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.332513] ================================================================== [ 27.131954] ================================================================== [ 27.132890] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 27.133226] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.133446] [ 27.133544] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.133609] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.133624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.133648] Call Trace: [ 27.133682] <TASK> [ 27.133713] dump_stack_lvl+0x73/0xb0 [ 27.133748] print_report+0xd1/0x610 [ 27.133772] ? __virt_addr_valid+0x1db/0x2d0 [ 27.133798] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.133821] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.133869] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.133892] kasan_report+0x141/0x180 [ 27.133925] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.133952] __asan_report_load4_noabort+0x18/0x20 [ 27.133977] kasan_atomics_helper+0x4a1c/0x5450 [ 27.134000] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.134023] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.134049] ? kasan_save_alloc_info+0x3b/0x50 [ 27.134077] kasan_atomics+0x1dc/0x310 [ 27.134101] ? __pfx_kasan_atomics+0x10/0x10 [ 27.134126] ? __pfx_read_tsc+0x10/0x10 [ 27.134150] ? ktime_get_ts64+0x86/0x230 [ 27.134177] kunit_try_run_case+0x1a5/0x480 [ 27.134201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.134222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.134248] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.134273] ? __kthread_parkme+0x82/0x180 [ 27.134305] ? preempt_count_sub+0x50/0x80 [ 27.134331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.134354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.134391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.134418] kthread+0x337/0x6f0 [ 27.134440] ? trace_preempt_on+0x20/0xc0 [ 27.134464] ? __pfx_kthread+0x10/0x10 [ 27.134486] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.134509] ? calculate_sigpending+0x7b/0xa0 [ 27.134536] ? __pfx_kthread+0x10/0x10 [ 27.134567] ret_from_fork+0x116/0x1d0 [ 27.134588] ? __pfx_kthread+0x10/0x10 [ 27.134609] ret_from_fork_asm+0x1a/0x30 [ 27.134653] </TASK> [ 27.134667] [ 27.142275] Allocated by task 315: [ 27.142509] kasan_save_stack+0x45/0x70 [ 27.142730] kasan_save_track+0x18/0x40 [ 27.142966] kasan_save_alloc_info+0x3b/0x50 [ 27.143152] __kasan_kmalloc+0xb7/0xc0 [ 27.143342] __kmalloc_cache_noprof+0x189/0x420 [ 27.143553] kasan_atomics+0x95/0x310 [ 27.143745] kunit_try_run_case+0x1a5/0x480 [ 27.143949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.144183] kthread+0x337/0x6f0 [ 27.144361] ret_from_fork+0x116/0x1d0 [ 27.144546] ret_from_fork_asm+0x1a/0x30 [ 27.144724] [ 27.144851] The buggy address belongs to the object at ffff8881058d6700 [ 27.144851] which belongs to the cache kmalloc-64 of size 64 [ 27.145332] The buggy address is located 0 bytes to the right of [ 27.145332] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.145768] [ 27.145853] The buggy address belongs to the physical page: [ 27.146248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.146601] flags: 0x200000000000000(node=0|zone=2) [ 27.146861] page_type: f5(slab) [ 27.147219] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.147520] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.147753] page dumped because: kasan: bad access detected [ 27.148018] [ 27.148111] Memory state around the buggy address: [ 27.148362] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.148681] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.149234] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.149547] ^ [ 27.149735] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.150166] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.150428] ================================================================== [ 27.874367] ================================================================== [ 27.875129] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 27.875549] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.876116] [ 27.876368] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.876557] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.876576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.876599] Call Trace: [ 27.876617] <TASK> [ 27.876636] dump_stack_lvl+0x73/0xb0 [ 27.876669] print_report+0xd1/0x610 [ 27.876706] ? __virt_addr_valid+0x1db/0x2d0 [ 27.876731] ? kasan_atomics_helper+0x224c/0x5450 [ 27.876754] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.876795] ? kasan_atomics_helper+0x224c/0x5450 [ 27.876818] kasan_report+0x141/0x180 [ 27.876840] ? kasan_atomics_helper+0x224c/0x5450 [ 27.876867] kasan_check_range+0x10c/0x1c0 [ 27.876892] __kasan_check_write+0x18/0x20 [ 27.876915] kasan_atomics_helper+0x224c/0x5450 [ 27.876938] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.876961] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.876986] ? kasan_save_alloc_info+0x3b/0x50 [ 27.877016] kasan_atomics+0x1dc/0x310 [ 27.877038] ? __pfx_kasan_atomics+0x10/0x10 [ 27.877063] ? __pfx_read_tsc+0x10/0x10 [ 27.877086] ? ktime_get_ts64+0x86/0x230 [ 27.877112] kunit_try_run_case+0x1a5/0x480 [ 27.877134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.877156] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.877181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.877206] ? __kthread_parkme+0x82/0x180 [ 27.877227] ? preempt_count_sub+0x50/0x80 [ 27.877252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.877275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.877301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.877327] kthread+0x337/0x6f0 [ 27.877347] ? trace_preempt_on+0x20/0xc0 [ 27.877372] ? __pfx_kthread+0x10/0x10 [ 27.877394] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.877417] ? calculate_sigpending+0x7b/0xa0 [ 27.877442] ? __pfx_kthread+0x10/0x10 [ 27.877464] ret_from_fork+0x116/0x1d0 [ 27.877484] ? __pfx_kthread+0x10/0x10 [ 27.877506] ret_from_fork_asm+0x1a/0x30 [ 27.877538] </TASK> [ 27.877551] [ 27.887849] Allocated by task 315: [ 27.888053] kasan_save_stack+0x45/0x70 [ 27.888370] kasan_save_track+0x18/0x40 [ 27.888563] kasan_save_alloc_info+0x3b/0x50 [ 27.888766] __kasan_kmalloc+0xb7/0xc0 [ 27.889189] __kmalloc_cache_noprof+0x189/0x420 [ 27.889480] kasan_atomics+0x95/0x310 [ 27.889663] kunit_try_run_case+0x1a5/0x480 [ 27.890013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.890351] kthread+0x337/0x6f0 [ 27.890505] ret_from_fork+0x116/0x1d0 [ 27.890860] ret_from_fork_asm+0x1a/0x30 [ 27.891181] [ 27.891261] The buggy address belongs to the object at ffff8881058d6700 [ 27.891261] which belongs to the cache kmalloc-64 of size 64 [ 27.891766] The buggy address is located 0 bytes to the right of [ 27.891766] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.892581] [ 27.892678] The buggy address belongs to the physical page: [ 27.893087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.893588] flags: 0x200000000000000(node=0|zone=2) [ 27.894161] page_type: f5(slab) [ 27.894558] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.895306] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.895603] page dumped because: kasan: bad access detected [ 27.895810] [ 27.895967] Memory state around the buggy address: [ 27.896377] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.897073] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.897710] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.898048] ^ [ 27.898201] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.898411] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.898620] ================================================================== [ 26.836628] ================================================================== [ 26.837123] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 26.837364] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.837990] [ 26.838200] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.838255] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.838270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.838294] Call Trace: [ 26.838309] <TASK> [ 26.838329] dump_stack_lvl+0x73/0xb0 [ 26.838360] print_report+0xd1/0x610 [ 26.838385] ? __virt_addr_valid+0x1db/0x2d0 [ 26.838410] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.838431] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.838459] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.838480] kasan_report+0x141/0x180 [ 26.838503] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.838529] kasan_check_range+0x10c/0x1c0 [ 26.838554] __kasan_check_write+0x18/0x20 [ 26.838578] kasan_atomics_helper+0x8f9/0x5450 [ 26.838612] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.838635] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.838659] ? kasan_save_alloc_info+0x3b/0x50 [ 26.838706] kasan_atomics+0x1dc/0x310 [ 26.838731] ? __pfx_kasan_atomics+0x10/0x10 [ 26.838756] ? __pfx_read_tsc+0x10/0x10 [ 26.838789] ? ktime_get_ts64+0x86/0x230 [ 26.838815] kunit_try_run_case+0x1a5/0x480 [ 26.838839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.838860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.838901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.838936] ? __kthread_parkme+0x82/0x180 [ 26.838958] ? preempt_count_sub+0x50/0x80 [ 26.838983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.839006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.839032] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.839059] kthread+0x337/0x6f0 [ 26.839080] ? trace_preempt_on+0x20/0xc0 [ 26.839104] ? __pfx_kthread+0x10/0x10 [ 26.839126] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.839148] ? calculate_sigpending+0x7b/0xa0 [ 26.839174] ? __pfx_kthread+0x10/0x10 [ 26.839197] ret_from_fork+0x116/0x1d0 [ 26.839218] ? __pfx_kthread+0x10/0x10 [ 26.839239] ret_from_fork_asm+0x1a/0x30 [ 26.839271] </TASK> [ 26.839284] [ 26.853505] Allocated by task 315: [ 26.853885] kasan_save_stack+0x45/0x70 [ 26.854344] kasan_save_track+0x18/0x40 [ 26.854478] kasan_save_alloc_info+0x3b/0x50 [ 26.854625] __kasan_kmalloc+0xb7/0xc0 [ 26.854767] __kmalloc_cache_noprof+0x189/0x420 [ 26.855186] kasan_atomics+0x95/0x310 [ 26.855654] kunit_try_run_case+0x1a5/0x480 [ 26.856103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.856687] kthread+0x337/0x6f0 [ 26.857049] ret_from_fork+0x116/0x1d0 [ 26.857415] ret_from_fork_asm+0x1a/0x30 [ 26.857824] [ 26.858027] The buggy address belongs to the object at ffff8881058d6700 [ 26.858027] which belongs to the cache kmalloc-64 of size 64 [ 26.859111] The buggy address is located 0 bytes to the right of [ 26.859111] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.860023] [ 26.860097] The buggy address belongs to the physical page: [ 26.860418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.861165] flags: 0x200000000000000(node=0|zone=2) [ 26.861611] page_type: f5(slab) [ 26.861765] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.862222] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.862678] page dumped because: kasan: bad access detected [ 26.862872] [ 26.863062] Memory state around the buggy address: [ 26.863569] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.864061] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.864303] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.864918] ^ [ 26.865421] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.865682] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.865941] ================================================================== [ 26.585534] ================================================================== [ 26.586029] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 26.586370] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.586704] [ 26.586870] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.586922] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.586937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.586960] Call Trace: [ 26.586975] <TASK> [ 26.586992] dump_stack_lvl+0x73/0xb0 [ 26.587022] print_report+0xd1/0x610 [ 26.587047] ? __virt_addr_valid+0x1db/0x2d0 [ 26.587072] ? kasan_atomics_helper+0x3df/0x5450 [ 26.587094] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.587121] ? kasan_atomics_helper+0x3df/0x5450 [ 26.587143] kasan_report+0x141/0x180 [ 26.587166] ? kasan_atomics_helper+0x3df/0x5450 [ 26.587192] kasan_check_range+0x10c/0x1c0 [ 26.587217] __kasan_check_read+0x15/0x20 [ 26.587241] kasan_atomics_helper+0x3df/0x5450 [ 26.587265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.587288] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.587312] ? kasan_save_alloc_info+0x3b/0x50 [ 26.587341] kasan_atomics+0x1dc/0x310 [ 26.587365] ? __pfx_kasan_atomics+0x10/0x10 [ 26.587389] ? __pfx_read_tsc+0x10/0x10 [ 26.587413] ? ktime_get_ts64+0x86/0x230 [ 26.587439] kunit_try_run_case+0x1a5/0x480 [ 26.587462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.587485] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.587510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.587536] ? __kthread_parkme+0x82/0x180 [ 26.587558] ? preempt_count_sub+0x50/0x80 [ 26.587634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.587659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.587685] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.587725] kthread+0x337/0x6f0 [ 26.587746] ? trace_preempt_on+0x20/0xc0 [ 26.587782] ? __pfx_kthread+0x10/0x10 [ 26.587804] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.587832] ? calculate_sigpending+0x7b/0xa0 [ 26.587858] ? __pfx_kthread+0x10/0x10 [ 26.587882] ret_from_fork+0x116/0x1d0 [ 26.587903] ? __pfx_kthread+0x10/0x10 [ 26.587943] ret_from_fork_asm+0x1a/0x30 [ 26.587975] </TASK> [ 26.587988] [ 26.594933] Allocated by task 315: [ 26.595062] kasan_save_stack+0x45/0x70 [ 26.595201] kasan_save_track+0x18/0x40 [ 26.595329] kasan_save_alloc_info+0x3b/0x50 [ 26.595471] __kasan_kmalloc+0xb7/0xc0 [ 26.595596] __kmalloc_cache_noprof+0x189/0x420 [ 26.595845] kasan_atomics+0x95/0x310 [ 26.596089] kunit_try_run_case+0x1a5/0x480 [ 26.596289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.596541] kthread+0x337/0x6f0 [ 26.596714] ret_from_fork+0x116/0x1d0 [ 26.597088] ret_from_fork_asm+0x1a/0x30 [ 26.597293] [ 26.597388] The buggy address belongs to the object at ffff8881058d6700 [ 26.597388] which belongs to the cache kmalloc-64 of size 64 [ 26.598223] The buggy address is located 0 bytes to the right of [ 26.598223] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.598645] [ 26.598730] The buggy address belongs to the physical page: [ 26.599254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.599601] flags: 0x200000000000000(node=0|zone=2) [ 26.599771] page_type: f5(slab) [ 26.600204] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.600520] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.600855] page dumped because: kasan: bad access detected [ 26.601087] [ 26.601157] Memory state around the buggy address: [ 26.601308] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.601520] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.601762] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.602371] ^ [ 26.602604] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.603235] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.603524] ================================================================== [ 26.496177] ================================================================== [ 26.497354] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 26.497932] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.498567] [ 26.498762] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.498818] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.498833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.498868] Call Trace: [ 26.498882] <TASK> [ 26.498915] dump_stack_lvl+0x73/0xb0 [ 26.498949] print_report+0xd1/0x610 [ 26.498972] ? __virt_addr_valid+0x1db/0x2d0 [ 26.498997] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.499018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.499044] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.499065] kasan_report+0x141/0x180 [ 26.499087] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.499112] __asan_report_load4_noabort+0x18/0x20 [ 26.499136] kasan_atomics_helper+0x4bbc/0x5450 [ 26.499158] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.499180] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.499204] ? kasan_save_alloc_info+0x3b/0x50 [ 26.499232] kasan_atomics+0x1dc/0x310 [ 26.499253] ? __pfx_kasan_atomics+0x10/0x10 [ 26.499277] ? __pfx_read_tsc+0x10/0x10 [ 26.499300] ? ktime_get_ts64+0x86/0x230 [ 26.499326] kunit_try_run_case+0x1a5/0x480 [ 26.499349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.499370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.499394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.499418] ? __kthread_parkme+0x82/0x180 [ 26.499439] ? preempt_count_sub+0x50/0x80 [ 26.499463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.499485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.499510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.499536] kthread+0x337/0x6f0 [ 26.499555] ? trace_preempt_on+0x20/0xc0 [ 26.499580] ? __pfx_kthread+0x10/0x10 [ 26.499600] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.499623] ? calculate_sigpending+0x7b/0xa0 [ 26.499647] ? __pfx_kthread+0x10/0x10 [ 26.499667] ret_from_fork+0x116/0x1d0 [ 26.499687] ? __pfx_kthread+0x10/0x10 [ 26.499730] ret_from_fork_asm+0x1a/0x30 [ 26.499761] </TASK> [ 26.499772] [ 26.512929] Allocated by task 315: [ 26.513065] kasan_save_stack+0x45/0x70 [ 26.513204] kasan_save_track+0x18/0x40 [ 26.513331] kasan_save_alloc_info+0x3b/0x50 [ 26.513468] __kasan_kmalloc+0xb7/0xc0 [ 26.513591] __kmalloc_cache_noprof+0x189/0x420 [ 26.513847] kasan_atomics+0x95/0x310 [ 26.514172] kunit_try_run_case+0x1a5/0x480 [ 26.514532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.514999] kthread+0x337/0x6f0 [ 26.515288] ret_from_fork+0x116/0x1d0 [ 26.515618] ret_from_fork_asm+0x1a/0x30 [ 26.516189] [ 26.516276] The buggy address belongs to the object at ffff8881058d6700 [ 26.516276] which belongs to the cache kmalloc-64 of size 64 [ 26.516622] The buggy address is located 0 bytes to the right of [ 26.516622] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.517610] [ 26.518674] The buggy address belongs to the physical page: [ 26.520361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.521430] flags: 0x200000000000000(node=0|zone=2) [ 26.521905] page_type: f5(slab) [ 26.522617] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.523130] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.523364] page dumped because: kasan: bad access detected [ 26.523536] [ 26.523605] Memory state around the buggy address: [ 26.524438] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.525518] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.526479] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.527395] ^ [ 26.528081] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.529099] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.529362] ================================================================== [ 26.603984] ================================================================== [ 26.604273] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 26.604567] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.604964] [ 26.605075] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.605123] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.605139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.605160] Call Trace: [ 26.605177] <TASK> [ 26.605193] dump_stack_lvl+0x73/0xb0 [ 26.605222] print_report+0xd1/0x610 [ 26.605244] ? __virt_addr_valid+0x1db/0x2d0 [ 26.605268] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.605291] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.605318] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.605340] kasan_report+0x141/0x180 [ 26.605363] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.605390] __asan_report_load4_noabort+0x18/0x20 [ 26.605415] kasan_atomics_helper+0x4b54/0x5450 [ 26.605439] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.605461] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.605486] ? kasan_save_alloc_info+0x3b/0x50 [ 26.605514] kasan_atomics+0x1dc/0x310 [ 26.605539] ? __pfx_kasan_atomics+0x10/0x10 [ 26.605564] ? __pfx_read_tsc+0x10/0x10 [ 26.605587] ? ktime_get_ts64+0x86/0x230 [ 26.605611] kunit_try_run_case+0x1a5/0x480 [ 26.605634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.605655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.605680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.605718] ? __kthread_parkme+0x82/0x180 [ 26.605739] ? preempt_count_sub+0x50/0x80 [ 26.605764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.605797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.605823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.605850] kthread+0x337/0x6f0 [ 26.605871] ? trace_preempt_on+0x20/0xc0 [ 26.605939] ? __pfx_kthread+0x10/0x10 [ 26.605963] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.605987] ? calculate_sigpending+0x7b/0xa0 [ 26.606011] ? __pfx_kthread+0x10/0x10 [ 26.606034] ret_from_fork+0x116/0x1d0 [ 26.606055] ? __pfx_kthread+0x10/0x10 [ 26.606077] ret_from_fork_asm+0x1a/0x30 [ 26.606110] </TASK> [ 26.606121] [ 26.613421] Allocated by task 315: [ 26.613549] kasan_save_stack+0x45/0x70 [ 26.613689] kasan_save_track+0x18/0x40 [ 26.614067] kasan_save_alloc_info+0x3b/0x50 [ 26.614284] __kasan_kmalloc+0xb7/0xc0 [ 26.614478] __kmalloc_cache_noprof+0x189/0x420 [ 26.614687] kasan_atomics+0x95/0x310 [ 26.614959] kunit_try_run_case+0x1a5/0x480 [ 26.615139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.615357] kthread+0x337/0x6f0 [ 26.615506] ret_from_fork+0x116/0x1d0 [ 26.615680] ret_from_fork_asm+0x1a/0x30 [ 26.615959] [ 26.616042] The buggy address belongs to the object at ffff8881058d6700 [ 26.616042] which belongs to the cache kmalloc-64 of size 64 [ 26.616449] The buggy address is located 0 bytes to the right of [ 26.616449] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.617065] [ 26.617178] The buggy address belongs to the physical page: [ 26.617432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.617846] flags: 0x200000000000000(node=0|zone=2) [ 26.618254] page_type: f5(slab) [ 26.618431] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.618724] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.619095] page dumped because: kasan: bad access detected [ 26.619269] [ 26.619335] Memory state around the buggy address: [ 26.619555] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.620026] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.620247] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.620456] ^ [ 26.620608] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.621355] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.621686] ================================================================== [ 26.867047] ================================================================== [ 26.867765] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 26.868587] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.869252] [ 26.869476] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.869532] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.869547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.869584] Call Trace: [ 26.869601] <TASK> [ 26.869623] dump_stack_lvl+0x73/0xb0 [ 26.869670] print_report+0xd1/0x610 [ 26.869704] ? __virt_addr_valid+0x1db/0x2d0 [ 26.869731] ? kasan_atomics_helper+0x992/0x5450 [ 26.869763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.869800] ? kasan_atomics_helper+0x992/0x5450 [ 26.869834] kasan_report+0x141/0x180 [ 26.869857] ? kasan_atomics_helper+0x992/0x5450 [ 26.869884] kasan_check_range+0x10c/0x1c0 [ 26.869908] __kasan_check_write+0x18/0x20 [ 26.869932] kasan_atomics_helper+0x992/0x5450 [ 26.869955] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.869978] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.870004] ? kasan_save_alloc_info+0x3b/0x50 [ 26.870033] kasan_atomics+0x1dc/0x310 [ 26.870057] ? __pfx_kasan_atomics+0x10/0x10 [ 26.870082] ? __pfx_read_tsc+0x10/0x10 [ 26.870106] ? ktime_get_ts64+0x86/0x230 [ 26.870133] kunit_try_run_case+0x1a5/0x480 [ 26.870156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.870178] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.870203] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.870228] ? __kthread_parkme+0x82/0x180 [ 26.870251] ? preempt_count_sub+0x50/0x80 [ 26.870275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.870298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.870324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.870351] kthread+0x337/0x6f0 [ 26.870372] ? trace_preempt_on+0x20/0xc0 [ 26.870397] ? __pfx_kthread+0x10/0x10 [ 26.870418] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.870442] ? calculate_sigpending+0x7b/0xa0 [ 26.870467] ? __pfx_kthread+0x10/0x10 [ 26.870490] ret_from_fork+0x116/0x1d0 [ 26.870511] ? __pfx_kthread+0x10/0x10 [ 26.870532] ret_from_fork_asm+0x1a/0x30 [ 26.870564] </TASK> [ 26.870577] [ 26.883119] Allocated by task 315: [ 26.883466] kasan_save_stack+0x45/0x70 [ 26.883791] kasan_save_track+0x18/0x40 [ 26.883932] kasan_save_alloc_info+0x3b/0x50 [ 26.884348] __kasan_kmalloc+0xb7/0xc0 [ 26.884711] __kmalloc_cache_noprof+0x189/0x420 [ 26.885045] kasan_atomics+0x95/0x310 [ 26.885187] kunit_try_run_case+0x1a5/0x480 [ 26.885538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.886180] kthread+0x337/0x6f0 [ 26.886410] ret_from_fork+0x116/0x1d0 [ 26.886658] ret_from_fork_asm+0x1a/0x30 [ 26.886828] [ 26.886963] The buggy address belongs to the object at ffff8881058d6700 [ 26.886963] which belongs to the cache kmalloc-64 of size 64 [ 26.887567] The buggy address is located 0 bytes to the right of [ 26.887567] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.888139] [ 26.888317] The buggy address belongs to the physical page: [ 26.888594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.888883] flags: 0x200000000000000(node=0|zone=2) [ 26.889336] page_type: f5(slab) [ 26.889631] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.890308] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.890994] page dumped because: kasan: bad access detected [ 26.891409] [ 26.891477] Memory state around the buggy address: [ 26.891629] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.892046] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.892662] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.893286] ^ [ 26.893718] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.894453] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.894666] ================================================================== [ 27.014064] ================================================================== [ 27.014446] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 27.014830] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.015156] [ 27.015265] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.015326] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.015342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.015364] Call Trace: [ 27.015393] <TASK> [ 27.015411] dump_stack_lvl+0x73/0xb0 [ 27.015443] print_report+0xd1/0x610 [ 27.015466] ? __virt_addr_valid+0x1db/0x2d0 [ 27.015500] ? kasan_atomics_helper+0xde0/0x5450 [ 27.015522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.015549] ? kasan_atomics_helper+0xde0/0x5450 [ 27.015582] kasan_report+0x141/0x180 [ 27.015605] ? kasan_atomics_helper+0xde0/0x5450 [ 27.015631] kasan_check_range+0x10c/0x1c0 [ 27.015656] __kasan_check_write+0x18/0x20 [ 27.015679] kasan_atomics_helper+0xde0/0x5450 [ 27.015721] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.015744] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.015768] ? kasan_save_alloc_info+0x3b/0x50 [ 27.015821] kasan_atomics+0x1dc/0x310 [ 27.015844] ? __pfx_kasan_atomics+0x10/0x10 [ 27.015868] ? __pfx_read_tsc+0x10/0x10 [ 27.015891] ? ktime_get_ts64+0x86/0x230 [ 27.015917] kunit_try_run_case+0x1a5/0x480 [ 27.015940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.015961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.015986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.016011] ? __kthread_parkme+0x82/0x180 [ 27.016032] ? preempt_count_sub+0x50/0x80 [ 27.016057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.016079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.016105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.016132] kthread+0x337/0x6f0 [ 27.016153] ? trace_preempt_on+0x20/0xc0 [ 27.016177] ? __pfx_kthread+0x10/0x10 [ 27.016208] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.016231] ? calculate_sigpending+0x7b/0xa0 [ 27.016267] ? __pfx_kthread+0x10/0x10 [ 27.016290] ret_from_fork+0x116/0x1d0 [ 27.016311] ? __pfx_kthread+0x10/0x10 [ 27.016332] ret_from_fork_asm+0x1a/0x30 [ 27.016364] </TASK> [ 27.016376] [ 27.024284] Allocated by task 315: [ 27.024467] kasan_save_stack+0x45/0x70 [ 27.024645] kasan_save_track+0x18/0x40 [ 27.024845] kasan_save_alloc_info+0x3b/0x50 [ 27.025044] __kasan_kmalloc+0xb7/0xc0 [ 27.025235] __kmalloc_cache_noprof+0x189/0x420 [ 27.025435] kasan_atomics+0x95/0x310 [ 27.025614] kunit_try_run_case+0x1a5/0x480 [ 27.025879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.026106] kthread+0x337/0x6f0 [ 27.026264] ret_from_fork+0x116/0x1d0 [ 27.026397] ret_from_fork_asm+0x1a/0x30 [ 27.026540] [ 27.026652] The buggy address belongs to the object at ffff8881058d6700 [ 27.026652] which belongs to the cache kmalloc-64 of size 64 [ 27.027122] The buggy address is located 0 bytes to the right of [ 27.027122] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.027893] [ 27.027963] The buggy address belongs to the physical page: [ 27.028230] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.028485] flags: 0x200000000000000(node=0|zone=2) [ 27.028645] page_type: f5(slab) [ 27.028775] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.029005] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.029524] page dumped because: kasan: bad access detected [ 27.029779] [ 27.029868] Memory state around the buggy address: [ 27.030083] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.030522] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.030753] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.031070] ^ [ 27.031256] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.031534] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.031755] ================================================================== [ 27.072372] ================================================================== [ 27.072740] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 27.073437] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.073833] [ 27.073947] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.074015] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.074031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.074055] Call Trace: [ 27.074077] <TASK> [ 27.074097] dump_stack_lvl+0x73/0xb0 [ 27.074130] print_report+0xd1/0x610 [ 27.074153] ? __virt_addr_valid+0x1db/0x2d0 [ 27.074179] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.074201] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.074230] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.074253] kasan_report+0x141/0x180 [ 27.074276] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.074312] kasan_check_range+0x10c/0x1c0 [ 27.074337] __kasan_check_write+0x18/0x20 [ 27.074371] kasan_atomics_helper+0xfa9/0x5450 [ 27.074395] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.074418] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.074444] ? kasan_save_alloc_info+0x3b/0x50 [ 27.074473] kasan_atomics+0x1dc/0x310 [ 27.074506] ? __pfx_kasan_atomics+0x10/0x10 [ 27.074532] ? __pfx_read_tsc+0x10/0x10 [ 27.074567] ? ktime_get_ts64+0x86/0x230 [ 27.074595] kunit_try_run_case+0x1a5/0x480 [ 27.074623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.074645] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.074679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.074721] ? __kthread_parkme+0x82/0x180 [ 27.074743] ? preempt_count_sub+0x50/0x80 [ 27.074767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.074799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.074825] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.074852] kthread+0x337/0x6f0 [ 27.074882] ? trace_preempt_on+0x20/0xc0 [ 27.074907] ? __pfx_kthread+0x10/0x10 [ 27.074929] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.074962] ? calculate_sigpending+0x7b/0xa0 [ 27.074988] ? __pfx_kthread+0x10/0x10 [ 27.075011] ret_from_fork+0x116/0x1d0 [ 27.075032] ? __pfx_kthread+0x10/0x10 [ 27.075063] ret_from_fork_asm+0x1a/0x30 [ 27.075096] </TASK> [ 27.075109] [ 27.082504] Allocated by task 315: [ 27.082632] kasan_save_stack+0x45/0x70 [ 27.082883] kasan_save_track+0x18/0x40 [ 27.083072] kasan_save_alloc_info+0x3b/0x50 [ 27.083339] __kasan_kmalloc+0xb7/0xc0 [ 27.083538] __kmalloc_cache_noprof+0x189/0x420 [ 27.083766] kasan_atomics+0x95/0x310 [ 27.083927] kunit_try_run_case+0x1a5/0x480 [ 27.084069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.084314] kthread+0x337/0x6f0 [ 27.084506] ret_from_fork+0x116/0x1d0 [ 27.084704] ret_from_fork_asm+0x1a/0x30 [ 27.084922] [ 27.085005] The buggy address belongs to the object at ffff8881058d6700 [ 27.085005] which belongs to the cache kmalloc-64 of size 64 [ 27.085492] The buggy address is located 0 bytes to the right of [ 27.085492] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.086058] [ 27.086131] The buggy address belongs to the physical page: [ 27.086299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.086536] flags: 0x200000000000000(node=0|zone=2) [ 27.086709] page_type: f5(slab) [ 27.087035] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.087371] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.087707] page dumped because: kasan: bad access detected [ 27.088210] [ 27.088287] Memory state around the buggy address: [ 27.088439] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.088650] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.088993] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.089339] ^ [ 27.089590] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.089976] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.090254] ================================================================== [ 27.151077] ================================================================== [ 27.151864] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 27.152248] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.152494] [ 27.152581] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.152636] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.152651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.152675] Call Trace: [ 27.152707] <TASK> [ 27.152732] dump_stack_lvl+0x73/0xb0 [ 27.152766] print_report+0xd1/0x610 [ 27.152790] ? __virt_addr_valid+0x1db/0x2d0 [ 27.152816] ? kasan_atomics_helper+0x1148/0x5450 [ 27.152839] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.152866] ? kasan_atomics_helper+0x1148/0x5450 [ 27.152889] kasan_report+0x141/0x180 [ 27.152912] ? kasan_atomics_helper+0x1148/0x5450 [ 27.152939] kasan_check_range+0x10c/0x1c0 [ 27.152964] __kasan_check_write+0x18/0x20 [ 27.153011] kasan_atomics_helper+0x1148/0x5450 [ 27.153035] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.153058] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.153095] ? kasan_save_alloc_info+0x3b/0x50 [ 27.153124] kasan_atomics+0x1dc/0x310 [ 27.153148] ? __pfx_kasan_atomics+0x10/0x10 [ 27.153173] ? __pfx_read_tsc+0x10/0x10 [ 27.153198] ? ktime_get_ts64+0x86/0x230 [ 27.153226] kunit_try_run_case+0x1a5/0x480 [ 27.153250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.153272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.153297] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.153323] ? __kthread_parkme+0x82/0x180 [ 27.153346] ? preempt_count_sub+0x50/0x80 [ 27.153371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.153394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.153420] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.153447] kthread+0x337/0x6f0 [ 27.153468] ? trace_preempt_on+0x20/0xc0 [ 27.153504] ? __pfx_kthread+0x10/0x10 [ 27.153527] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.153550] ? calculate_sigpending+0x7b/0xa0 [ 27.153587] ? __pfx_kthread+0x10/0x10 [ 27.153610] ret_from_fork+0x116/0x1d0 [ 27.153631] ? __pfx_kthread+0x10/0x10 [ 27.153664] ret_from_fork_asm+0x1a/0x30 [ 27.153707] </TASK> [ 27.153719] [ 27.161286] Allocated by task 315: [ 27.161496] kasan_save_stack+0x45/0x70 [ 27.161718] kasan_save_track+0x18/0x40 [ 27.162061] kasan_save_alloc_info+0x3b/0x50 [ 27.162265] __kasan_kmalloc+0xb7/0xc0 [ 27.162395] __kmalloc_cache_noprof+0x189/0x420 [ 27.162547] kasan_atomics+0x95/0x310 [ 27.162677] kunit_try_run_case+0x1a5/0x480 [ 27.163012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.163264] kthread+0x337/0x6f0 [ 27.163428] ret_from_fork+0x116/0x1d0 [ 27.163614] ret_from_fork_asm+0x1a/0x30 [ 27.163854] [ 27.163932] The buggy address belongs to the object at ffff8881058d6700 [ 27.163932] which belongs to the cache kmalloc-64 of size 64 [ 27.164283] The buggy address is located 0 bytes to the right of [ 27.164283] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.164916] [ 27.165008] The buggy address belongs to the physical page: [ 27.165211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.165450] flags: 0x200000000000000(node=0|zone=2) [ 27.165612] page_type: f5(slab) [ 27.165756] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.166125] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.166452] page dumped because: kasan: bad access detected [ 27.166705] [ 27.166797] Memory state around the buggy address: [ 27.167015] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.167269] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.167478] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.167685] ^ [ 27.167964] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.168281] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.168617] ================================================================== [ 27.665994] ================================================================== [ 27.666703] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 27.667165] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.667591] [ 27.667767] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.667837] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.667853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.667876] Call Trace: [ 27.667896] <TASK> [ 27.667917] dump_stack_lvl+0x73/0xb0 [ 27.667951] print_report+0xd1/0x610 [ 27.667976] ? __virt_addr_valid+0x1db/0x2d0 [ 27.668007] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.668030] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.668057] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.668079] kasan_report+0x141/0x180 [ 27.668102] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.668129] kasan_check_range+0x10c/0x1c0 [ 27.668152] __kasan_check_write+0x18/0x20 [ 27.668176] kasan_atomics_helper+0x1e12/0x5450 [ 27.668200] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.668221] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.668246] ? kasan_save_alloc_info+0x3b/0x50 [ 27.668275] kasan_atomics+0x1dc/0x310 [ 27.668297] ? __pfx_kasan_atomics+0x10/0x10 [ 27.668321] ? __pfx_read_tsc+0x10/0x10 [ 27.668345] ? ktime_get_ts64+0x86/0x230 [ 27.668372] kunit_try_run_case+0x1a5/0x480 [ 27.668396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.668416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.668441] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.668466] ? __kthread_parkme+0x82/0x180 [ 27.668488] ? preempt_count_sub+0x50/0x80 [ 27.668512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.668535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.668561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.668588] kthread+0x337/0x6f0 [ 27.668608] ? trace_preempt_on+0x20/0xc0 [ 27.668633] ? __pfx_kthread+0x10/0x10 [ 27.668654] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.668677] ? calculate_sigpending+0x7b/0xa0 [ 27.668714] ? __pfx_kthread+0x10/0x10 [ 27.668737] ret_from_fork+0x116/0x1d0 [ 27.668758] ? __pfx_kthread+0x10/0x10 [ 27.668789] ret_from_fork_asm+0x1a/0x30 [ 27.668822] </TASK> [ 27.668834] [ 27.675947] Allocated by task 315: [ 27.676124] kasan_save_stack+0x45/0x70 [ 27.676329] kasan_save_track+0x18/0x40 [ 27.676517] kasan_save_alloc_info+0x3b/0x50 [ 27.676735] __kasan_kmalloc+0xb7/0xc0 [ 27.676921] __kmalloc_cache_noprof+0x189/0x420 [ 27.677101] kasan_atomics+0x95/0x310 [ 27.677230] kunit_try_run_case+0x1a5/0x480 [ 27.677426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.677678] kthread+0x337/0x6f0 [ 27.677852] ret_from_fork+0x116/0x1d0 [ 27.677983] ret_from_fork_asm+0x1a/0x30 [ 27.678154] [ 27.678245] The buggy address belongs to the object at ffff8881058d6700 [ 27.678245] which belongs to the cache kmalloc-64 of size 64 [ 27.678746] The buggy address is located 0 bytes to the right of [ 27.678746] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.679223] [ 27.679293] The buggy address belongs to the physical page: [ 27.679543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.679922] flags: 0x200000000000000(node=0|zone=2) [ 27.680103] page_type: f5(slab) [ 27.680220] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.680447] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.680666] page dumped because: kasan: bad access detected [ 27.680867] [ 27.680955] Memory state around the buggy address: [ 27.681177] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.681500] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.681825] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.682039] ^ [ 27.682191] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.682400] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.682679] ================================================================== [ 27.804672] ================================================================== [ 27.805430] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 27.806014] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.806345] [ 27.806454] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.806509] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.806525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.806548] Call Trace: [ 27.806570] <TASK> [ 27.806590] dump_stack_lvl+0x73/0xb0 [ 27.806622] print_report+0xd1/0x610 [ 27.806645] ? __virt_addr_valid+0x1db/0x2d0 [ 27.806671] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.806705] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.806732] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.806754] kasan_report+0x141/0x180 [ 27.806777] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.806804] __asan_report_load8_noabort+0x18/0x20 [ 27.806854] kasan_atomics_helper+0x4fb2/0x5450 [ 27.806893] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.806918] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.806972] ? kasan_save_alloc_info+0x3b/0x50 [ 27.807000] kasan_atomics+0x1dc/0x310 [ 27.807023] ? __pfx_kasan_atomics+0x10/0x10 [ 27.807048] ? __pfx_read_tsc+0x10/0x10 [ 27.807071] ? ktime_get_ts64+0x86/0x230 [ 27.807098] kunit_try_run_case+0x1a5/0x480 [ 27.807121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.807142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.807167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.807192] ? __kthread_parkme+0x82/0x180 [ 27.807215] ? preempt_count_sub+0x50/0x80 [ 27.807239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.807280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.807319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.807346] kthread+0x337/0x6f0 [ 27.807380] ? trace_preempt_on+0x20/0xc0 [ 27.807417] ? __pfx_kthread+0x10/0x10 [ 27.807439] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.807462] ? calculate_sigpending+0x7b/0xa0 [ 27.807486] ? __pfx_kthread+0x10/0x10 [ 27.807509] ret_from_fork+0x116/0x1d0 [ 27.807530] ? __pfx_kthread+0x10/0x10 [ 27.807551] ret_from_fork_asm+0x1a/0x30 [ 27.807584] </TASK> [ 27.807597] [ 27.814836] Allocated by task 315: [ 27.815037] kasan_save_stack+0x45/0x70 [ 27.815244] kasan_save_track+0x18/0x40 [ 27.815424] kasan_save_alloc_info+0x3b/0x50 [ 27.815582] __kasan_kmalloc+0xb7/0xc0 [ 27.815790] __kmalloc_cache_noprof+0x189/0x420 [ 27.816111] kasan_atomics+0x95/0x310 [ 27.816325] kunit_try_run_case+0x1a5/0x480 [ 27.816518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.816753] kthread+0x337/0x6f0 [ 27.816899] ret_from_fork+0x116/0x1d0 [ 27.817025] ret_from_fork_asm+0x1a/0x30 [ 27.817341] [ 27.817433] The buggy address belongs to the object at ffff8881058d6700 [ 27.817433] which belongs to the cache kmalloc-64 of size 64 [ 27.817957] The buggy address is located 0 bytes to the right of [ 27.817957] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.818564] [ 27.818661] The buggy address belongs to the physical page: [ 27.819127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.819467] flags: 0x200000000000000(node=0|zone=2) [ 27.819646] page_type: f5(slab) [ 27.819772] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.819997] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.820211] page dumped because: kasan: bad access detected [ 27.820592] [ 27.820680] Memory state around the buggy address: [ 27.821018] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.821356] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.821702] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.822053] ^ [ 27.822419] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.822754] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.823074] ================================================================== [ 26.552370] ================================================================== [ 26.552652] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 26.552894] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.553111] [ 26.553191] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.553238] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.553253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.553276] Call Trace: [ 26.553292] <TASK> [ 26.553311] dump_stack_lvl+0x73/0xb0 [ 26.553340] print_report+0xd1/0x610 [ 26.553361] ? __virt_addr_valid+0x1db/0x2d0 [ 26.553386] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.553407] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.553433] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.553455] kasan_report+0x141/0x180 [ 26.553476] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.553502] __asan_report_load4_noabort+0x18/0x20 [ 26.553526] kasan_atomics_helper+0x4b88/0x5450 [ 26.553548] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.553572] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.553596] ? kasan_save_alloc_info+0x3b/0x50 [ 26.553624] kasan_atomics+0x1dc/0x310 [ 26.553647] ? __pfx_kasan_atomics+0x10/0x10 [ 26.553671] ? __pfx_read_tsc+0x10/0x10 [ 26.553704] ? ktime_get_ts64+0x86/0x230 [ 26.553732] kunit_try_run_case+0x1a5/0x480 [ 26.553754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.553775] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.553800] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.553824] ? __kthread_parkme+0x82/0x180 [ 26.553845] ? preempt_count_sub+0x50/0x80 [ 26.553868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.553890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.553915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.553941] kthread+0x337/0x6f0 [ 26.553961] ? trace_preempt_on+0x20/0xc0 [ 26.553985] ? __pfx_kthread+0x10/0x10 [ 26.554006] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.554027] ? calculate_sigpending+0x7b/0xa0 [ 26.554105] ? __pfx_kthread+0x10/0x10 [ 26.554132] ret_from_fork+0x116/0x1d0 [ 26.554153] ? __pfx_kthread+0x10/0x10 [ 26.554176] ret_from_fork_asm+0x1a/0x30 [ 26.554208] </TASK> [ 26.554221] [ 26.561419] Allocated by task 315: [ 26.561568] kasan_save_stack+0x45/0x70 [ 26.561736] kasan_save_track+0x18/0x40 [ 26.561918] kasan_save_alloc_info+0x3b/0x50 [ 26.562132] __kasan_kmalloc+0xb7/0xc0 [ 26.562265] __kmalloc_cache_noprof+0x189/0x420 [ 26.562417] kasan_atomics+0x95/0x310 [ 26.562549] kunit_try_run_case+0x1a5/0x480 [ 26.562705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.563109] kthread+0x337/0x6f0 [ 26.563283] ret_from_fork+0x116/0x1d0 [ 26.563468] ret_from_fork_asm+0x1a/0x30 [ 26.563660] [ 26.563761] The buggy address belongs to the object at ffff8881058d6700 [ 26.563761] which belongs to the cache kmalloc-64 of size 64 [ 26.564422] The buggy address is located 0 bytes to the right of [ 26.564422] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.564794] [ 26.564953] The buggy address belongs to the physical page: [ 26.565175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.565413] flags: 0x200000000000000(node=0|zone=2) [ 26.565573] page_type: f5(slab) [ 26.565709] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.566342] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.566648] page dumped because: kasan: bad access detected [ 26.566931] [ 26.567004] Memory state around the buggy address: [ 26.567157] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.567368] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.567578] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.567856] ^ [ 26.568025] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.568332] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.568649] ================================================================== [ 26.644500] ================================================================== [ 26.644906] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 26.645353] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.645598] [ 26.645679] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.645743] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.645757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.645779] Call Trace: [ 26.645793] <TASK> [ 26.645811] dump_stack_lvl+0x73/0xb0 [ 26.645840] print_report+0xd1/0x610 [ 26.646085] ? __virt_addr_valid+0x1db/0x2d0 [ 26.646116] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.646140] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.646167] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.646189] kasan_report+0x141/0x180 [ 26.646212] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.646239] __asan_report_store4_noabort+0x1b/0x30 [ 26.646264] kasan_atomics_helper+0x4b3a/0x5450 [ 26.646287] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.646310] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.646335] ? kasan_save_alloc_info+0x3b/0x50 [ 26.646363] kasan_atomics+0x1dc/0x310 [ 26.646391] ? __pfx_kasan_atomics+0x10/0x10 [ 26.646418] ? __pfx_read_tsc+0x10/0x10 [ 26.646442] ? ktime_get_ts64+0x86/0x230 [ 26.646468] kunit_try_run_case+0x1a5/0x480 [ 26.646491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.646513] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.646538] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.646563] ? __kthread_parkme+0x82/0x180 [ 26.646585] ? preempt_count_sub+0x50/0x80 [ 26.646611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.646654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.646681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.646718] kthread+0x337/0x6f0 [ 26.646740] ? trace_preempt_on+0x20/0xc0 [ 26.646765] ? __pfx_kthread+0x10/0x10 [ 26.646797] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.646821] ? calculate_sigpending+0x7b/0xa0 [ 26.646846] ? __pfx_kthread+0x10/0x10 [ 26.646869] ret_from_fork+0x116/0x1d0 [ 26.646938] ? __pfx_kthread+0x10/0x10 [ 26.646961] ret_from_fork_asm+0x1a/0x30 [ 26.646993] </TASK> [ 26.647005] [ 26.654756] Allocated by task 315: [ 26.655005] kasan_save_stack+0x45/0x70 [ 26.655291] kasan_save_track+0x18/0x40 [ 26.655509] kasan_save_alloc_info+0x3b/0x50 [ 26.655704] __kasan_kmalloc+0xb7/0xc0 [ 26.655973] __kmalloc_cache_noprof+0x189/0x420 [ 26.656368] kasan_atomics+0x95/0x310 [ 26.656503] kunit_try_run_case+0x1a5/0x480 [ 26.656714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.656967] kthread+0x337/0x6f0 [ 26.657195] ret_from_fork+0x116/0x1d0 [ 26.657404] ret_from_fork_asm+0x1a/0x30 [ 26.657546] [ 26.657614] The buggy address belongs to the object at ffff8881058d6700 [ 26.657614] which belongs to the cache kmalloc-64 of size 64 [ 26.658135] The buggy address is located 0 bytes to the right of [ 26.658135] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.658595] [ 26.658804] The buggy address belongs to the physical page: [ 26.659119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.659481] flags: 0x200000000000000(node=0|zone=2) [ 26.659645] page_type: f5(slab) [ 26.659776] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.660008] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.660647] page dumped because: kasan: bad access detected [ 26.660890] [ 26.660958] Memory state around the buggy address: [ 26.661109] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.661423] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.661736] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.662537] ^ [ 26.662918] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.663278] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.663520] ================================================================== [ 26.624119] ================================================================== [ 26.624531] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 26.625337] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.626012] [ 26.626143] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.626339] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.626355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.626379] Call Trace: [ 26.626401] <TASK> [ 26.626418] dump_stack_lvl+0x73/0xb0 [ 26.626449] print_report+0xd1/0x610 [ 26.626471] ? __virt_addr_valid+0x1db/0x2d0 [ 26.626496] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.626519] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.626545] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.626568] kasan_report+0x141/0x180 [ 26.626591] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.626617] kasan_check_range+0x10c/0x1c0 [ 26.626641] __kasan_check_write+0x18/0x20 [ 26.626665] kasan_atomics_helper+0x4a0/0x5450 [ 26.626688] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.626722] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.626747] ? kasan_save_alloc_info+0x3b/0x50 [ 26.626776] kasan_atomics+0x1dc/0x310 [ 26.626799] ? __pfx_kasan_atomics+0x10/0x10 [ 26.626824] ? __pfx_read_tsc+0x10/0x10 [ 26.626847] ? ktime_get_ts64+0x86/0x230 [ 26.626873] kunit_try_run_case+0x1a5/0x480 [ 26.626905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.626926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.626952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.626977] ? __kthread_parkme+0x82/0x180 [ 26.626999] ? preempt_count_sub+0x50/0x80 [ 26.627023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.627046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.627074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.627100] kthread+0x337/0x6f0 [ 26.627121] ? trace_preempt_on+0x20/0xc0 [ 26.627145] ? __pfx_kthread+0x10/0x10 [ 26.627167] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.627190] ? calculate_sigpending+0x7b/0xa0 [ 26.627215] ? __pfx_kthread+0x10/0x10 [ 26.627238] ret_from_fork+0x116/0x1d0 [ 26.627259] ? __pfx_kthread+0x10/0x10 [ 26.627281] ret_from_fork_asm+0x1a/0x30 [ 26.627313] </TASK> [ 26.627326] [ 26.635730] Allocated by task 315: [ 26.636011] kasan_save_stack+0x45/0x70 [ 26.636165] kasan_save_track+0x18/0x40 [ 26.636301] kasan_save_alloc_info+0x3b/0x50 [ 26.636524] __kasan_kmalloc+0xb7/0xc0 [ 26.636714] __kmalloc_cache_noprof+0x189/0x420 [ 26.636867] kasan_atomics+0x95/0x310 [ 26.637212] kunit_try_run_case+0x1a5/0x480 [ 26.637427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.637656] kthread+0x337/0x6f0 [ 26.637786] ret_from_fork+0x116/0x1d0 [ 26.637917] ret_from_fork_asm+0x1a/0x30 [ 26.638056] [ 26.638139] The buggy address belongs to the object at ffff8881058d6700 [ 26.638139] which belongs to the cache kmalloc-64 of size 64 [ 26.638769] The buggy address is located 0 bytes to the right of [ 26.638769] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.639578] [ 26.639714] The buggy address belongs to the physical page: [ 26.640246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.640532] flags: 0x200000000000000(node=0|zone=2) [ 26.640796] page_type: f5(slab) [ 26.641053] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.641281] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.641495] page dumped because: kasan: bad access detected [ 26.641657] [ 26.641752] Memory state around the buggy address: [ 26.641979] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.642302] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.642623] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.643050] ^ [ 26.643279] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.643569] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.643939] ================================================================== [ 26.765430] ================================================================== [ 26.765706] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 26.766056] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.766368] [ 26.766455] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.766522] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.766538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.766561] Call Trace: [ 26.766580] <TASK> [ 26.766599] dump_stack_lvl+0x73/0xb0 [ 26.766630] print_report+0xd1/0x610 [ 26.766655] ? __virt_addr_valid+0x1db/0x2d0 [ 26.766681] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.766717] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.766744] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.766765] kasan_report+0x141/0x180 [ 26.766789] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.766817] kasan_check_range+0x10c/0x1c0 [ 26.766852] __kasan_check_write+0x18/0x20 [ 26.766877] kasan_atomics_helper+0x7c7/0x5450 [ 26.766916] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.766940] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.766965] ? kasan_save_alloc_info+0x3b/0x50 [ 26.766993] kasan_atomics+0x1dc/0x310 [ 26.767017] ? __pfx_kasan_atomics+0x10/0x10 [ 26.767041] ? __pfx_read_tsc+0x10/0x10 [ 26.767065] ? ktime_get_ts64+0x86/0x230 [ 26.767091] kunit_try_run_case+0x1a5/0x480 [ 26.767116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.767136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.767162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.767187] ? __kthread_parkme+0x82/0x180 [ 26.767208] ? preempt_count_sub+0x50/0x80 [ 26.767234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.767256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.767282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.767308] kthread+0x337/0x6f0 [ 26.767328] ? trace_preempt_on+0x20/0xc0 [ 26.767353] ? __pfx_kthread+0x10/0x10 [ 26.767376] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.767399] ? calculate_sigpending+0x7b/0xa0 [ 26.767425] ? __pfx_kthread+0x10/0x10 [ 26.767448] ret_from_fork+0x116/0x1d0 [ 26.767470] ? __pfx_kthread+0x10/0x10 [ 26.767492] ret_from_fork_asm+0x1a/0x30 [ 26.767525] </TASK> [ 26.767538] [ 26.778466] Allocated by task 315: [ 26.778607] kasan_save_stack+0x45/0x70 [ 26.778967] kasan_save_track+0x18/0x40 [ 26.780815] kasan_save_alloc_info+0x3b/0x50 [ 26.781510] __kasan_kmalloc+0xb7/0xc0 [ 26.781676] __kmalloc_cache_noprof+0x189/0x420 [ 26.781853] kasan_atomics+0x95/0x310 [ 26.781985] kunit_try_run_case+0x1a5/0x480 [ 26.782126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.782297] kthread+0x337/0x6f0 [ 26.782415] ret_from_fork+0x116/0x1d0 [ 26.782546] ret_from_fork_asm+0x1a/0x30 [ 26.782685] [ 26.784142] The buggy address belongs to the object at ffff8881058d6700 [ 26.784142] which belongs to the cache kmalloc-64 of size 64 [ 26.786138] The buggy address is located 0 bytes to the right of [ 26.786138] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.787852] [ 26.788269] The buggy address belongs to the physical page: [ 26.789333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.790389] flags: 0x200000000000000(node=0|zone=2) [ 26.791029] page_type: f5(slab) [ 26.791490] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.791989] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.793030] page dumped because: kasan: bad access detected [ 26.793714] [ 26.794095] Memory state around the buggy address: [ 26.794602] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.795650] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.796372] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.796605] ^ [ 26.797040] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.798032] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.798796] ================================================================== [ 27.823629] ================================================================== [ 27.824096] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 27.824485] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.826983] [ 27.827517] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.827578] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.827594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.827618] Call Trace: [ 27.827638] <TASK> [ 27.827658] dump_stack_lvl+0x73/0xb0 [ 27.827709] print_report+0xd1/0x610 [ 27.827733] ? __virt_addr_valid+0x1db/0x2d0 [ 27.827892] ? kasan_atomics_helper+0x218a/0x5450 [ 27.827929] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.827959] ? kasan_atomics_helper+0x218a/0x5450 [ 27.827982] kasan_report+0x141/0x180 [ 27.828006] ? kasan_atomics_helper+0x218a/0x5450 [ 27.828034] kasan_check_range+0x10c/0x1c0 [ 27.828095] __kasan_check_write+0x18/0x20 [ 27.828160] kasan_atomics_helper+0x218a/0x5450 [ 27.828186] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.828221] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.828247] ? kasan_save_alloc_info+0x3b/0x50 [ 27.828279] kasan_atomics+0x1dc/0x310 [ 27.828305] ? __pfx_kasan_atomics+0x10/0x10 [ 27.828330] ? __pfx_read_tsc+0x10/0x10 [ 27.828354] ? ktime_get_ts64+0x86/0x230 [ 27.828382] kunit_try_run_case+0x1a5/0x480 [ 27.828405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.828427] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.828453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.828478] ? __kthread_parkme+0x82/0x180 [ 27.828499] ? preempt_count_sub+0x50/0x80 [ 27.828524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.828547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.828573] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.828599] kthread+0x337/0x6f0 [ 27.828619] ? trace_preempt_on+0x20/0xc0 [ 27.828644] ? __pfx_kthread+0x10/0x10 [ 27.828666] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.828689] ? calculate_sigpending+0x7b/0xa0 [ 27.828727] ? __pfx_kthread+0x10/0x10 [ 27.828751] ret_from_fork+0x116/0x1d0 [ 27.828778] ? __pfx_kthread+0x10/0x10 [ 27.828800] ret_from_fork_asm+0x1a/0x30 [ 27.828831] </TASK> [ 27.828844] [ 27.841478] Allocated by task 315: [ 27.841648] kasan_save_stack+0x45/0x70 [ 27.841813] kasan_save_track+0x18/0x40 [ 27.841946] kasan_save_alloc_info+0x3b/0x50 [ 27.842091] __kasan_kmalloc+0xb7/0xc0 [ 27.842386] __kmalloc_cache_noprof+0x189/0x420 [ 27.842641] kasan_atomics+0x95/0x310 [ 27.842904] kunit_try_run_case+0x1a5/0x480 [ 27.843053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.843224] kthread+0x337/0x6f0 [ 27.843383] ret_from_fork+0x116/0x1d0 [ 27.843571] ret_from_fork_asm+0x1a/0x30 [ 27.843801] [ 27.843901] The buggy address belongs to the object at ffff8881058d6700 [ 27.843901] which belongs to the cache kmalloc-64 of size 64 [ 27.844385] The buggy address is located 0 bytes to the right of [ 27.844385] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.845065] [ 27.845143] The buggy address belongs to the physical page: [ 27.845374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.845706] flags: 0x200000000000000(node=0|zone=2) [ 27.845865] page_type: f5(slab) [ 27.845981] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.846275] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.846865] page dumped because: kasan: bad access detected [ 27.847104] [ 27.847171] Memory state around the buggy address: [ 27.847316] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.847565] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.848085] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.848459] ^ [ 27.848734] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.849049] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.849346] ================================================================== [ 27.466557] ================================================================== [ 27.467333] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 27.468072] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.468391] [ 27.468545] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.468614] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.468629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.468683] Call Trace: [ 27.468723] <TASK> [ 27.468744] dump_stack_lvl+0x73/0xb0 [ 27.468809] print_report+0xd1/0x610 [ 27.468832] ? __virt_addr_valid+0x1db/0x2d0 [ 27.468870] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.468903] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.468929] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.468952] kasan_report+0x141/0x180 [ 27.468974] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.469031] kasan_check_range+0x10c/0x1c0 [ 27.469056] __kasan_check_write+0x18/0x20 [ 27.469089] kasan_atomics_helper+0x18b1/0x5450 [ 27.469113] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.469136] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.469161] ? kasan_save_alloc_info+0x3b/0x50 [ 27.469190] kasan_atomics+0x1dc/0x310 [ 27.469214] ? __pfx_kasan_atomics+0x10/0x10 [ 27.469238] ? __pfx_read_tsc+0x10/0x10 [ 27.469262] ? ktime_get_ts64+0x86/0x230 [ 27.469290] kunit_try_run_case+0x1a5/0x480 [ 27.469313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.469335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.469361] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.469387] ? __kthread_parkme+0x82/0x180 [ 27.469409] ? preempt_count_sub+0x50/0x80 [ 27.469433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.469456] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.469482] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.469508] kthread+0x337/0x6f0 [ 27.469529] ? trace_preempt_on+0x20/0xc0 [ 27.469554] ? __pfx_kthread+0x10/0x10 [ 27.469576] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.469599] ? calculate_sigpending+0x7b/0xa0 [ 27.469624] ? __pfx_kthread+0x10/0x10 [ 27.469647] ret_from_fork+0x116/0x1d0 [ 27.469668] ? __pfx_kthread+0x10/0x10 [ 27.469700] ret_from_fork_asm+0x1a/0x30 [ 27.469733] </TASK> [ 27.469746] [ 27.477272] Allocated by task 315: [ 27.477502] kasan_save_stack+0x45/0x70 [ 27.477717] kasan_save_track+0x18/0x40 [ 27.477942] kasan_save_alloc_info+0x3b/0x50 [ 27.478230] __kasan_kmalloc+0xb7/0xc0 [ 27.478430] __kmalloc_cache_noprof+0x189/0x420 [ 27.478641] kasan_atomics+0x95/0x310 [ 27.478803] kunit_try_run_case+0x1a5/0x480 [ 27.479078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.479311] kthread+0x337/0x6f0 [ 27.479487] ret_from_fork+0x116/0x1d0 [ 27.479679] ret_from_fork_asm+0x1a/0x30 [ 27.479977] [ 27.480094] The buggy address belongs to the object at ffff8881058d6700 [ 27.480094] which belongs to the cache kmalloc-64 of size 64 [ 27.480500] The buggy address is located 0 bytes to the right of [ 27.480500] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.481145] [ 27.481216] The buggy address belongs to the physical page: [ 27.481386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.481624] flags: 0x200000000000000(node=0|zone=2) [ 27.482008] page_type: f5(slab) [ 27.482224] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.482571] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.482918] page dumped because: kasan: bad access detected [ 27.483097] [ 27.483261] Memory state around the buggy address: [ 27.483515] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.483932] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.484214] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.484428] ^ [ 27.484579] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.484958] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.485207] ================================================================== [ 27.899289] ================================================================== [ 27.900200] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 27.900887] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.901965] [ 27.902166] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.902224] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.902239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.902263] Call Trace: [ 27.902283] <TASK> [ 27.902304] dump_stack_lvl+0x73/0xb0 [ 27.902338] print_report+0xd1/0x610 [ 27.902361] ? __virt_addr_valid+0x1db/0x2d0 [ 27.902387] ? kasan_atomics_helper+0x5115/0x5450 [ 27.902409] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.902436] ? kasan_atomics_helper+0x5115/0x5450 [ 27.902458] kasan_report+0x141/0x180 [ 27.902481] ? kasan_atomics_helper+0x5115/0x5450 [ 27.902508] __asan_report_load8_noabort+0x18/0x20 [ 27.902533] kasan_atomics_helper+0x5115/0x5450 [ 27.902556] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.902579] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.902605] ? kasan_save_alloc_info+0x3b/0x50 [ 27.902634] kasan_atomics+0x1dc/0x310 [ 27.902657] ? __pfx_kasan_atomics+0x10/0x10 [ 27.902681] ? __pfx_read_tsc+0x10/0x10 [ 27.902716] ? ktime_get_ts64+0x86/0x230 [ 27.902742] kunit_try_run_case+0x1a5/0x480 [ 27.902765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.902804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.902832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.902856] ? __kthread_parkme+0x82/0x180 [ 27.902879] ? preempt_count_sub+0x50/0x80 [ 27.902904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.902926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.902952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.902978] kthread+0x337/0x6f0 [ 27.902998] ? trace_preempt_on+0x20/0xc0 [ 27.903024] ? __pfx_kthread+0x10/0x10 [ 27.903045] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.903068] ? calculate_sigpending+0x7b/0xa0 [ 27.903094] ? __pfx_kthread+0x10/0x10 [ 27.903116] ret_from_fork+0x116/0x1d0 [ 27.903137] ? __pfx_kthread+0x10/0x10 [ 27.903158] ret_from_fork_asm+0x1a/0x30 [ 27.903190] </TASK> [ 27.903203] [ 27.911964] Allocated by task 315: [ 27.912094] kasan_save_stack+0x45/0x70 [ 27.912232] kasan_save_track+0x18/0x40 [ 27.912419] kasan_save_alloc_info+0x3b/0x50 [ 27.912623] __kasan_kmalloc+0xb7/0xc0 [ 27.912839] __kmalloc_cache_noprof+0x189/0x420 [ 27.913056] kasan_atomics+0x95/0x310 [ 27.913236] kunit_try_run_case+0x1a5/0x480 [ 27.913422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.913595] kthread+0x337/0x6f0 [ 27.913726] ret_from_fork+0x116/0x1d0 [ 27.914102] ret_from_fork_asm+0x1a/0x30 [ 27.914299] [ 27.914394] The buggy address belongs to the object at ffff8881058d6700 [ 27.914394] which belongs to the cache kmalloc-64 of size 64 [ 27.914904] The buggy address is located 0 bytes to the right of [ 27.914904] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.915319] [ 27.915411] The buggy address belongs to the physical page: [ 27.915663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.916035] flags: 0x200000000000000(node=0|zone=2) [ 27.916208] page_type: f5(slab) [ 27.916380] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.916686] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.917071] page dumped because: kasan: bad access detected [ 27.917237] [ 27.917301] Memory state around the buggy address: [ 27.917449] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.917660] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.918198] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.918505] ^ [ 27.918668] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.919178] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.919388] ================================================================== [ 26.918356] ================================================================== [ 26.918709] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 26.918953] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.919492] [ 26.919604] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.919657] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.919671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.919708] Call Trace: [ 26.919731] <TASK> [ 26.919767] dump_stack_lvl+0x73/0xb0 [ 26.919802] print_report+0xd1/0x610 [ 26.919834] ? __virt_addr_valid+0x1db/0x2d0 [ 26.919861] ? kasan_atomics_helper+0xac7/0x5450 [ 26.919883] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.919910] ? kasan_atomics_helper+0xac7/0x5450 [ 26.919933] kasan_report+0x141/0x180 [ 26.919955] ? kasan_atomics_helper+0xac7/0x5450 [ 26.920025] kasan_check_range+0x10c/0x1c0 [ 26.920052] __kasan_check_write+0x18/0x20 [ 26.920088] kasan_atomics_helper+0xac7/0x5450 [ 26.920111] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.920134] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.920161] ? kasan_save_alloc_info+0x3b/0x50 [ 26.920190] kasan_atomics+0x1dc/0x310 [ 26.920214] ? __pfx_kasan_atomics+0x10/0x10 [ 26.920239] ? __pfx_read_tsc+0x10/0x10 [ 26.920264] ? ktime_get_ts64+0x86/0x230 [ 26.920292] kunit_try_run_case+0x1a5/0x480 [ 26.920317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.920339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.920365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.920390] ? __kthread_parkme+0x82/0x180 [ 26.920413] ? preempt_count_sub+0x50/0x80 [ 26.920438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.920460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.920486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.920512] kthread+0x337/0x6f0 [ 26.920534] ? trace_preempt_on+0x20/0xc0 [ 26.920559] ? __pfx_kthread+0x10/0x10 [ 26.920581] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.920604] ? calculate_sigpending+0x7b/0xa0 [ 26.920638] ? __pfx_kthread+0x10/0x10 [ 26.920660] ret_from_fork+0x116/0x1d0 [ 26.920681] ? __pfx_kthread+0x10/0x10 [ 26.920719] ret_from_fork_asm+0x1a/0x30 [ 26.920752] </TASK> [ 26.920766] [ 26.928216] Allocated by task 315: [ 26.928345] kasan_save_stack+0x45/0x70 [ 26.928488] kasan_save_track+0x18/0x40 [ 26.928621] kasan_save_alloc_info+0x3b/0x50 [ 26.928956] __kasan_kmalloc+0xb7/0xc0 [ 26.929147] __kmalloc_cache_noprof+0x189/0x420 [ 26.929401] kasan_atomics+0x95/0x310 [ 26.929630] kunit_try_run_case+0x1a5/0x480 [ 26.929959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.930257] kthread+0x337/0x6f0 [ 26.930378] ret_from_fork+0x116/0x1d0 [ 26.930553] ret_from_fork_asm+0x1a/0x30 [ 26.930750] [ 26.930848] The buggy address belongs to the object at ffff8881058d6700 [ 26.930848] which belongs to the cache kmalloc-64 of size 64 [ 26.931440] The buggy address is located 0 bytes to the right of [ 26.931440] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.932011] [ 26.932091] The buggy address belongs to the physical page: [ 26.932341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.932670] flags: 0x200000000000000(node=0|zone=2) [ 26.932934] page_type: f5(slab) [ 26.933098] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.933418] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.933672] page dumped because: kasan: bad access detected [ 26.934076] [ 26.934191] Memory state around the buggy address: [ 26.934391] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.934628] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.935155] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.935458] ^ [ 26.935649] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.935985] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.936288] ================================================================== [ 27.369268] ================================================================== [ 27.369505] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 27.369796] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.370358] [ 27.370538] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.370587] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.370615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.370638] Call Trace: [ 27.370657] <TASK> [ 27.370685] dump_stack_lvl+0x73/0xb0 [ 27.370723] print_report+0xd1/0x610 [ 27.370745] ? __virt_addr_valid+0x1db/0x2d0 [ 27.370770] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.370793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.370819] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.370841] kasan_report+0x141/0x180 [ 27.370863] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.370890] kasan_check_range+0x10c/0x1c0 [ 27.370913] __kasan_check_write+0x18/0x20 [ 27.370936] kasan_atomics_helper+0x15b6/0x5450 [ 27.370959] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.370981] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.371005] ? kasan_save_alloc_info+0x3b/0x50 [ 27.371033] kasan_atomics+0x1dc/0x310 [ 27.371056] ? __pfx_kasan_atomics+0x10/0x10 [ 27.371080] ? __pfx_read_tsc+0x10/0x10 [ 27.371103] ? ktime_get_ts64+0x86/0x230 [ 27.371129] kunit_try_run_case+0x1a5/0x480 [ 27.371152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.371172] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.371197] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.371221] ? __kthread_parkme+0x82/0x180 [ 27.371241] ? preempt_count_sub+0x50/0x80 [ 27.371266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.371304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.371341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.371367] kthread+0x337/0x6f0 [ 27.371399] ? trace_preempt_on+0x20/0xc0 [ 27.371424] ? __pfx_kthread+0x10/0x10 [ 27.371445] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.371469] ? calculate_sigpending+0x7b/0xa0 [ 27.371494] ? __pfx_kthread+0x10/0x10 [ 27.371516] ret_from_fork+0x116/0x1d0 [ 27.371538] ? __pfx_kthread+0x10/0x10 [ 27.371559] ret_from_fork_asm+0x1a/0x30 [ 27.371592] </TASK> [ 27.371604] [ 27.379035] Allocated by task 315: [ 27.379260] kasan_save_stack+0x45/0x70 [ 27.379456] kasan_save_track+0x18/0x40 [ 27.379644] kasan_save_alloc_info+0x3b/0x50 [ 27.379971] __kasan_kmalloc+0xb7/0xc0 [ 27.380147] __kmalloc_cache_noprof+0x189/0x420 [ 27.380415] kasan_atomics+0x95/0x310 [ 27.380617] kunit_try_run_case+0x1a5/0x480 [ 27.380783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.381038] kthread+0x337/0x6f0 [ 27.381263] ret_from_fork+0x116/0x1d0 [ 27.381486] ret_from_fork_asm+0x1a/0x30 [ 27.381626] [ 27.381703] The buggy address belongs to the object at ffff8881058d6700 [ 27.381703] which belongs to the cache kmalloc-64 of size 64 [ 27.382049] The buggy address is located 0 bytes to the right of [ 27.382049] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.382830] [ 27.382924] The buggy address belongs to the physical page: [ 27.383217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.383563] flags: 0x200000000000000(node=0|zone=2) [ 27.383732] page_type: f5(slab) [ 27.383854] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.384135] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.384604] page dumped because: kasan: bad access detected [ 27.385115] [ 27.385209] Memory state around the buggy address: [ 27.385433] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.385806] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.386124] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.386398] ^ [ 27.386646] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.386997] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.387298] ================================================================== [ 27.722327] ================================================================== [ 27.722672] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 27.723040] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.723303] [ 27.723393] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.723447] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.723463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.723486] Call Trace: [ 27.723507] <TASK> [ 27.723529] dump_stack_lvl+0x73/0xb0 [ 27.723561] print_report+0xd1/0x610 [ 27.723584] ? __virt_addr_valid+0x1db/0x2d0 [ 27.723620] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.723642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.723668] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.723702] kasan_report+0x141/0x180 [ 27.723725] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.723752] __asan_report_load8_noabort+0x18/0x20 [ 27.723776] kasan_atomics_helper+0x4f71/0x5450 [ 27.723800] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.723826] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.723852] ? kasan_save_alloc_info+0x3b/0x50 [ 27.723881] kasan_atomics+0x1dc/0x310 [ 27.723905] ? __pfx_kasan_atomics+0x10/0x10 [ 27.723930] ? __pfx_read_tsc+0x10/0x10 [ 27.723979] ? ktime_get_ts64+0x86/0x230 [ 27.724019] kunit_try_run_case+0x1a5/0x480 [ 27.724043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.724082] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.724108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.724147] ? __kthread_parkme+0x82/0x180 [ 27.724182] ? preempt_count_sub+0x50/0x80 [ 27.724207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.724230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.724255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.724283] kthread+0x337/0x6f0 [ 27.724303] ? trace_preempt_on+0x20/0xc0 [ 27.724328] ? __pfx_kthread+0x10/0x10 [ 27.724351] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.724374] ? calculate_sigpending+0x7b/0xa0 [ 27.724399] ? __pfx_kthread+0x10/0x10 [ 27.724422] ret_from_fork+0x116/0x1d0 [ 27.724444] ? __pfx_kthread+0x10/0x10 [ 27.724466] ret_from_fork_asm+0x1a/0x30 [ 27.724501] </TASK> [ 27.724514] [ 27.732772] Allocated by task 315: [ 27.732913] kasan_save_stack+0x45/0x70 [ 27.733060] kasan_save_track+0x18/0x40 [ 27.733191] kasan_save_alloc_info+0x3b/0x50 [ 27.733333] __kasan_kmalloc+0xb7/0xc0 [ 27.733531] __kmalloc_cache_noprof+0x189/0x420 [ 27.733798] kasan_atomics+0x95/0x310 [ 27.734014] kunit_try_run_case+0x1a5/0x480 [ 27.734244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.734521] kthread+0x337/0x6f0 [ 27.734712] ret_from_fork+0x116/0x1d0 [ 27.735077] ret_from_fork_asm+0x1a/0x30 [ 27.735270] [ 27.735363] The buggy address belongs to the object at ffff8881058d6700 [ 27.735363] which belongs to the cache kmalloc-64 of size 64 [ 27.735860] The buggy address is located 0 bytes to the right of [ 27.735860] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.736414] [ 27.736522] The buggy address belongs to the physical page: [ 27.736728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.737237] flags: 0x200000000000000(node=0|zone=2) [ 27.737462] page_type: f5(slab) [ 27.737630] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.737994] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.738318] page dumped because: kasan: bad access detected [ 27.738551] [ 27.738655] Memory state around the buggy address: [ 27.738907] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.739216] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.739516] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.739887] ^ [ 27.740100] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.740342] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.740554] ================================================================== [ 27.250445] ================================================================== [ 27.250803] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 27.251187] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.251526] [ 27.251617] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.251669] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.251683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.251718] Call Trace: [ 27.251738] <TASK> [ 27.251759] dump_stack_lvl+0x73/0xb0 [ 27.251801] print_report+0xd1/0x610 [ 27.251840] ? __virt_addr_valid+0x1db/0x2d0 [ 27.251865] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.251898] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.251926] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.251948] kasan_report+0x141/0x180 [ 27.251971] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.251998] __asan_report_load4_noabort+0x18/0x20 [ 27.252022] kasan_atomics_helper+0x49ce/0x5450 [ 27.252045] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.252068] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.252093] ? kasan_save_alloc_info+0x3b/0x50 [ 27.252122] kasan_atomics+0x1dc/0x310 [ 27.252145] ? __pfx_kasan_atomics+0x10/0x10 [ 27.252170] ? __pfx_read_tsc+0x10/0x10 [ 27.252194] ? ktime_get_ts64+0x86/0x230 [ 27.252221] kunit_try_run_case+0x1a5/0x480 [ 27.252245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.252266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.252301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.252325] ? __kthread_parkme+0x82/0x180 [ 27.252348] ? preempt_count_sub+0x50/0x80 [ 27.252383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.252406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.252432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.252458] kthread+0x337/0x6f0 [ 27.252480] ? trace_preempt_on+0x20/0xc0 [ 27.252507] ? __pfx_kthread+0x10/0x10 [ 27.252529] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.252552] ? calculate_sigpending+0x7b/0xa0 [ 27.252578] ? __pfx_kthread+0x10/0x10 [ 27.252601] ret_from_fork+0x116/0x1d0 [ 27.252631] ? __pfx_kthread+0x10/0x10 [ 27.252653] ret_from_fork_asm+0x1a/0x30 [ 27.252685] </TASK> [ 27.252713] [ 27.260382] Allocated by task 315: [ 27.260508] kasan_save_stack+0x45/0x70 [ 27.260650] kasan_save_track+0x18/0x40 [ 27.260841] kasan_save_alloc_info+0x3b/0x50 [ 27.261050] __kasan_kmalloc+0xb7/0xc0 [ 27.261256] __kmalloc_cache_noprof+0x189/0x420 [ 27.261476] kasan_atomics+0x95/0x310 [ 27.261658] kunit_try_run_case+0x1a5/0x480 [ 27.262189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.262475] kthread+0x337/0x6f0 [ 27.262646] ret_from_fork+0x116/0x1d0 [ 27.263559] ret_from_fork_asm+0x1a/0x30 [ 27.263874] [ 27.264010] The buggy address belongs to the object at ffff8881058d6700 [ 27.264010] which belongs to the cache kmalloc-64 of size 64 [ 27.264467] The buggy address is located 0 bytes to the right of [ 27.264467] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.265547] [ 27.265835] The buggy address belongs to the physical page: [ 27.266227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.266768] flags: 0x200000000000000(node=0|zone=2) [ 27.267021] page_type: f5(slab) [ 27.267182] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.267490] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.268063] page dumped because: kasan: bad access detected [ 27.268569] [ 27.268674] Memory state around the buggy address: [ 27.269093] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.269432] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.269733] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.270545] ^ [ 27.270794] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.271077] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.271357] ================================================================== [ 26.739858] ================================================================== [ 26.740182] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 26.740492] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.740798] [ 26.740916] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.740969] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.740984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.741008] Call Trace: [ 26.741028] <TASK> [ 26.741047] dump_stack_lvl+0x73/0xb0 [ 26.741077] print_report+0xd1/0x610 [ 26.741101] ? __virt_addr_valid+0x1db/0x2d0 [ 26.741136] ? kasan_atomics_helper+0x72f/0x5450 [ 26.741159] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.741186] ? kasan_atomics_helper+0x72f/0x5450 [ 26.741208] kasan_report+0x141/0x180 [ 26.741231] ? kasan_atomics_helper+0x72f/0x5450 [ 26.741258] kasan_check_range+0x10c/0x1c0 [ 26.741283] __kasan_check_write+0x18/0x20 [ 26.741307] kasan_atomics_helper+0x72f/0x5450 [ 26.741332] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.741355] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.741380] ? kasan_save_alloc_info+0x3b/0x50 [ 26.741408] kasan_atomics+0x1dc/0x310 [ 26.741432] ? __pfx_kasan_atomics+0x10/0x10 [ 26.741457] ? __pfx_read_tsc+0x10/0x10 [ 26.741480] ? ktime_get_ts64+0x86/0x230 [ 26.741507] kunit_try_run_case+0x1a5/0x480 [ 26.741531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.741552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.741578] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.741603] ? __kthread_parkme+0x82/0x180 [ 26.741624] ? preempt_count_sub+0x50/0x80 [ 26.741649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.741673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.741710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.741736] kthread+0x337/0x6f0 [ 26.741758] ? trace_preempt_on+0x20/0xc0 [ 26.741783] ? __pfx_kthread+0x10/0x10 [ 26.741816] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.741840] ? calculate_sigpending+0x7b/0xa0 [ 26.741866] ? __pfx_kthread+0x10/0x10 [ 26.741889] ret_from_fork+0x116/0x1d0 [ 26.741917] ? __pfx_kthread+0x10/0x10 [ 26.741939] ret_from_fork_asm+0x1a/0x30 [ 26.741972] </TASK> [ 26.741984] [ 26.753426] Allocated by task 315: [ 26.753591] kasan_save_stack+0x45/0x70 [ 26.754035] kasan_save_track+0x18/0x40 [ 26.754272] kasan_save_alloc_info+0x3b/0x50 [ 26.754569] __kasan_kmalloc+0xb7/0xc0 [ 26.754772] __kmalloc_cache_noprof+0x189/0x420 [ 26.755171] kasan_atomics+0x95/0x310 [ 26.755381] kunit_try_run_case+0x1a5/0x480 [ 26.755566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.755797] kthread+0x337/0x6f0 [ 26.756295] ret_from_fork+0x116/0x1d0 [ 26.756603] ret_from_fork_asm+0x1a/0x30 [ 26.757042] [ 26.757295] The buggy address belongs to the object at ffff8881058d6700 [ 26.757295] which belongs to the cache kmalloc-64 of size 64 [ 26.757936] The buggy address is located 0 bytes to the right of [ 26.757936] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.758440] [ 26.758533] The buggy address belongs to the physical page: [ 26.758771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.759446] flags: 0x200000000000000(node=0|zone=2) [ 26.759897] page_type: f5(slab) [ 26.760278] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.760850] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.761409] page dumped because: kasan: bad access detected [ 26.761773] [ 26.762025] Memory state around the buggy address: [ 26.762245] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.762530] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.763123] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.763589] ^ [ 26.764046] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.764475] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.764933] ================================================================== [ 27.351068] ================================================================== [ 27.351423] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 27.351765] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.352089] [ 27.352194] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.352243] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.352258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.352280] Call Trace: [ 27.352298] <TASK> [ 27.352316] dump_stack_lvl+0x73/0xb0 [ 27.352346] print_report+0xd1/0x610 [ 27.352368] ? __virt_addr_valid+0x1db/0x2d0 [ 27.352392] ? kasan_atomics_helper+0x151d/0x5450 [ 27.352412] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.352438] ? kasan_atomics_helper+0x151d/0x5450 [ 27.352459] kasan_report+0x141/0x180 [ 27.352482] ? kasan_atomics_helper+0x151d/0x5450 [ 27.352508] kasan_check_range+0x10c/0x1c0 [ 27.352532] __kasan_check_write+0x18/0x20 [ 27.352554] kasan_atomics_helper+0x151d/0x5450 [ 27.352577] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.352598] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.352622] ? kasan_save_alloc_info+0x3b/0x50 [ 27.352650] kasan_atomics+0x1dc/0x310 [ 27.352673] ? __pfx_kasan_atomics+0x10/0x10 [ 27.352707] ? __pfx_read_tsc+0x10/0x10 [ 27.352730] ? ktime_get_ts64+0x86/0x230 [ 27.352757] kunit_try_run_case+0x1a5/0x480 [ 27.352779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.352800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.352824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.352848] ? __kthread_parkme+0x82/0x180 [ 27.352869] ? preempt_count_sub+0x50/0x80 [ 27.352911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.352934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.352960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.352989] kthread+0x337/0x6f0 [ 27.353010] ? trace_preempt_on+0x20/0xc0 [ 27.353035] ? __pfx_kthread+0x10/0x10 [ 27.353057] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.353092] ? calculate_sigpending+0x7b/0xa0 [ 27.353117] ? __pfx_kthread+0x10/0x10 [ 27.353151] ret_from_fork+0x116/0x1d0 [ 27.353172] ? __pfx_kthread+0x10/0x10 [ 27.353195] ret_from_fork_asm+0x1a/0x30 [ 27.353227] </TASK> [ 27.353239] [ 27.361097] Allocated by task 315: [ 27.361224] kasan_save_stack+0x45/0x70 [ 27.361441] kasan_save_track+0x18/0x40 [ 27.361607] kasan_save_alloc_info+0x3b/0x50 [ 27.361828] __kasan_kmalloc+0xb7/0xc0 [ 27.362004] __kmalloc_cache_noprof+0x189/0x420 [ 27.362226] kasan_atomics+0x95/0x310 [ 27.362393] kunit_try_run_case+0x1a5/0x480 [ 27.362590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.362855] kthread+0x337/0x6f0 [ 27.363024] ret_from_fork+0x116/0x1d0 [ 27.363218] ret_from_fork_asm+0x1a/0x30 [ 27.363395] [ 27.363474] The buggy address belongs to the object at ffff8881058d6700 [ 27.363474] which belongs to the cache kmalloc-64 of size 64 [ 27.364022] The buggy address is located 0 bytes to the right of [ 27.364022] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.364437] [ 27.364505] The buggy address belongs to the physical page: [ 27.364677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.364926] flags: 0x200000000000000(node=0|zone=2) [ 27.365087] page_type: f5(slab) [ 27.365203] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.365903] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.366248] page dumped because: kasan: bad access detected [ 27.366493] [ 27.366582] Memory state around the buggy address: [ 27.366843] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.367153] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.367444] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.367652] ^ [ 27.367926] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.368246] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.368587] ================================================================== [ 27.741155] ================================================================== [ 27.741507] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 27.742041] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.742333] [ 27.742422] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.742476] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.742492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.742516] Call Trace: [ 27.742540] <TASK> [ 27.742561] dump_stack_lvl+0x73/0xb0 [ 27.742594] print_report+0xd1/0x610 [ 27.742617] ? __virt_addr_valid+0x1db/0x2d0 [ 27.742642] ? kasan_atomics_helper+0x2006/0x5450 [ 27.742664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.742690] ? kasan_atomics_helper+0x2006/0x5450 [ 27.742727] kasan_report+0x141/0x180 [ 27.742749] ? kasan_atomics_helper+0x2006/0x5450 [ 27.742776] kasan_check_range+0x10c/0x1c0 [ 27.742800] __kasan_check_write+0x18/0x20 [ 27.742824] kasan_atomics_helper+0x2006/0x5450 [ 27.742848] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.742870] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.742895] ? kasan_save_alloc_info+0x3b/0x50 [ 27.742923] kasan_atomics+0x1dc/0x310 [ 27.742947] ? __pfx_kasan_atomics+0x10/0x10 [ 27.742972] ? __pfx_read_tsc+0x10/0x10 [ 27.742995] ? ktime_get_ts64+0x86/0x230 [ 27.743022] kunit_try_run_case+0x1a5/0x480 [ 27.743045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.743067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.743103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.743150] ? __kthread_parkme+0x82/0x180 [ 27.743173] ? preempt_count_sub+0x50/0x80 [ 27.743200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.743223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.743264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.743290] kthread+0x337/0x6f0 [ 27.743325] ? trace_preempt_on+0x20/0xc0 [ 27.743363] ? __pfx_kthread+0x10/0x10 [ 27.743398] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.743421] ? calculate_sigpending+0x7b/0xa0 [ 27.743447] ? __pfx_kthread+0x10/0x10 [ 27.743469] ret_from_fork+0x116/0x1d0 [ 27.743490] ? __pfx_kthread+0x10/0x10 [ 27.743512] ret_from_fork_asm+0x1a/0x30 [ 27.743544] </TASK> [ 27.743557] [ 27.751985] Allocated by task 315: [ 27.752207] kasan_save_stack+0x45/0x70 [ 27.752355] kasan_save_track+0x18/0x40 [ 27.752540] kasan_save_alloc_info+0x3b/0x50 [ 27.752718] __kasan_kmalloc+0xb7/0xc0 [ 27.752946] __kmalloc_cache_noprof+0x189/0x420 [ 27.753202] kasan_atomics+0x95/0x310 [ 27.753435] kunit_try_run_case+0x1a5/0x480 [ 27.753659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.754127] kthread+0x337/0x6f0 [ 27.754293] ret_from_fork+0x116/0x1d0 [ 27.754477] ret_from_fork_asm+0x1a/0x30 [ 27.754669] [ 27.754770] The buggy address belongs to the object at ffff8881058d6700 [ 27.754770] which belongs to the cache kmalloc-64 of size 64 [ 27.755302] The buggy address is located 0 bytes to the right of [ 27.755302] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.755956] [ 27.756045] The buggy address belongs to the physical page: [ 27.756213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.756450] flags: 0x200000000000000(node=0|zone=2) [ 27.756610] page_type: f5(slab) [ 27.756739] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.757422] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.757771] page dumped because: kasan: bad access detected [ 27.758049] [ 27.758159] Memory state around the buggy address: [ 27.758551] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.758949] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.759304] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.759610] ^ [ 27.759963] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.760276] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.760526] ================================================================== [ 27.091064] ================================================================== [ 27.091497] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 27.091985] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.092397] [ 27.092504] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.092558] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.092584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.092608] Call Trace: [ 27.092628] <TASK> [ 27.092648] dump_stack_lvl+0x73/0xb0 [ 27.092681] print_report+0xd1/0x610 [ 27.092713] ? __virt_addr_valid+0x1db/0x2d0 [ 27.092739] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.092761] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.092789] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.092812] kasan_report+0x141/0x180 [ 27.092845] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.092872] __asan_report_load4_noabort+0x18/0x20 [ 27.092897] kasan_atomics_helper+0x4a36/0x5450 [ 27.092921] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.092954] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.092978] ? kasan_save_alloc_info+0x3b/0x50 [ 27.093017] kasan_atomics+0x1dc/0x310 [ 27.093041] ? __pfx_kasan_atomics+0x10/0x10 [ 27.093067] ? __pfx_read_tsc+0x10/0x10 [ 27.093091] ? ktime_get_ts64+0x86/0x230 [ 27.093118] kunit_try_run_case+0x1a5/0x480 [ 27.093142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093163] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.093189] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.093213] ? __kthread_parkme+0x82/0x180 [ 27.093236] ? preempt_count_sub+0x50/0x80 [ 27.093262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.093311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.093338] kthread+0x337/0x6f0 [ 27.093359] ? trace_preempt_on+0x20/0xc0 [ 27.093384] ? __pfx_kthread+0x10/0x10 [ 27.093415] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.093438] ? calculate_sigpending+0x7b/0xa0 [ 27.093464] ? __pfx_kthread+0x10/0x10 [ 27.093497] ret_from_fork+0x116/0x1d0 [ 27.093518] ? __pfx_kthread+0x10/0x10 [ 27.093539] ret_from_fork_asm+0x1a/0x30 [ 27.093572] </TASK> [ 27.093584] [ 27.101252] Allocated by task 315: [ 27.101420] kasan_save_stack+0x45/0x70 [ 27.101568] kasan_save_track+0x18/0x40 [ 27.101767] kasan_save_alloc_info+0x3b/0x50 [ 27.102005] __kasan_kmalloc+0xb7/0xc0 [ 27.102183] __kmalloc_cache_noprof+0x189/0x420 [ 27.102400] kasan_atomics+0x95/0x310 [ 27.102591] kunit_try_run_case+0x1a5/0x480 [ 27.102774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.103033] kthread+0x337/0x6f0 [ 27.103198] ret_from_fork+0x116/0x1d0 [ 27.103352] ret_from_fork_asm+0x1a/0x30 [ 27.103546] [ 27.103624] The buggy address belongs to the object at ffff8881058d6700 [ 27.103624] which belongs to the cache kmalloc-64 of size 64 [ 27.104147] The buggy address is located 0 bytes to the right of [ 27.104147] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.104618] [ 27.104709] The buggy address belongs to the physical page: [ 27.105007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.105346] flags: 0x200000000000000(node=0|zone=2) [ 27.105570] page_type: f5(slab) [ 27.105705] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.106046] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.106265] page dumped because: kasan: bad access detected [ 27.106433] [ 27.106497] Memory state around the buggy address: [ 27.106647] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.107519] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.108115] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.108823] ^ [ 27.109225] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.109959] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.110555] ================================================================== [ 26.936850] ================================================================== [ 26.937136] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 26.937476] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.937921] [ 26.938030] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.938079] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.938094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.938117] Call Trace: [ 26.938135] <TASK> [ 26.938154] dump_stack_lvl+0x73/0xb0 [ 26.938186] print_report+0xd1/0x610 [ 26.938209] ? __virt_addr_valid+0x1db/0x2d0 [ 26.938235] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.938257] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.938284] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.938305] kasan_report+0x141/0x180 [ 26.938328] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.938355] kasan_check_range+0x10c/0x1c0 [ 26.938380] __kasan_check_write+0x18/0x20 [ 26.938403] kasan_atomics_helper+0xb6a/0x5450 [ 26.938426] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.938449] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.938475] ? kasan_save_alloc_info+0x3b/0x50 [ 26.938504] kasan_atomics+0x1dc/0x310 [ 26.938528] ? __pfx_kasan_atomics+0x10/0x10 [ 26.938567] ? __pfx_read_tsc+0x10/0x10 [ 26.938591] ? ktime_get_ts64+0x86/0x230 [ 26.938618] kunit_try_run_case+0x1a5/0x480 [ 26.938642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.938663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.938689] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.938725] ? __kthread_parkme+0x82/0x180 [ 26.938748] ? preempt_count_sub+0x50/0x80 [ 26.938773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.938805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.938832] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.938858] kthread+0x337/0x6f0 [ 26.938879] ? trace_preempt_on+0x20/0xc0 [ 26.938903] ? __pfx_kthread+0x10/0x10 [ 26.938925] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.938959] ? calculate_sigpending+0x7b/0xa0 [ 26.938985] ? __pfx_kthread+0x10/0x10 [ 26.939008] ret_from_fork+0x116/0x1d0 [ 26.939040] ? __pfx_kthread+0x10/0x10 [ 26.939062] ret_from_fork_asm+0x1a/0x30 [ 26.939095] </TASK> [ 26.939107] [ 26.946931] Allocated by task 315: [ 26.947167] kasan_save_stack+0x45/0x70 [ 26.947309] kasan_save_track+0x18/0x40 [ 26.947440] kasan_save_alloc_info+0x3b/0x50 [ 26.947645] __kasan_kmalloc+0xb7/0xc0 [ 26.947922] __kmalloc_cache_noprof+0x189/0x420 [ 26.948155] kasan_atomics+0x95/0x310 [ 26.948327] kunit_try_run_case+0x1a5/0x480 [ 26.948527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.948826] kthread+0x337/0x6f0 [ 26.948955] ret_from_fork+0x116/0x1d0 [ 26.949149] ret_from_fork_asm+0x1a/0x30 [ 26.949284] [ 26.949351] The buggy address belongs to the object at ffff8881058d6700 [ 26.949351] which belongs to the cache kmalloc-64 of size 64 [ 26.949703] The buggy address is located 0 bytes to the right of [ 26.949703] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.950250] [ 26.950345] The buggy address belongs to the physical page: [ 26.950595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.951061] flags: 0x200000000000000(node=0|zone=2) [ 26.951296] page_type: f5(slab) [ 26.951414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.951721] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.952227] page dumped because: kasan: bad access detected [ 26.952426] [ 26.952536] Memory state around the buggy address: [ 26.952727] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.953057] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.953376] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.953664] ^ [ 26.953966] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.954237] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.954448] ================================================================== [ 26.569090] ================================================================== [ 26.569320] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 26.569651] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.569982] [ 26.570084] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.570134] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.570149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.570171] Call Trace: [ 26.570191] <TASK> [ 26.570210] dump_stack_lvl+0x73/0xb0 [ 26.570239] print_report+0xd1/0x610 [ 26.570261] ? __virt_addr_valid+0x1db/0x2d0 [ 26.570285] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.570306] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.570332] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.570354] kasan_report+0x141/0x180 [ 26.570376] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.570403] __asan_report_store4_noabort+0x1b/0x30 [ 26.570428] kasan_atomics_helper+0x4b6e/0x5450 [ 26.570451] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.570474] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.570498] ? kasan_save_alloc_info+0x3b/0x50 [ 26.570526] kasan_atomics+0x1dc/0x310 [ 26.570549] ? __pfx_kasan_atomics+0x10/0x10 [ 26.570573] ? __pfx_read_tsc+0x10/0x10 [ 26.570596] ? ktime_get_ts64+0x86/0x230 [ 26.570622] kunit_try_run_case+0x1a5/0x480 [ 26.570644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.570665] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.570690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.570962] ? __kthread_parkme+0x82/0x180 [ 26.570985] ? preempt_count_sub+0x50/0x80 [ 26.571011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.571034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.571062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.571088] kthread+0x337/0x6f0 [ 26.571109] ? trace_preempt_on+0x20/0xc0 [ 26.571135] ? __pfx_kthread+0x10/0x10 [ 26.571157] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.571181] ? calculate_sigpending+0x7b/0xa0 [ 26.571207] ? __pfx_kthread+0x10/0x10 [ 26.571229] ret_from_fork+0x116/0x1d0 [ 26.571250] ? __pfx_kthread+0x10/0x10 [ 26.571273] ret_from_fork_asm+0x1a/0x30 [ 26.571309] </TASK> [ 26.571324] [ 26.578549] Allocated by task 315: [ 26.578752] kasan_save_stack+0x45/0x70 [ 26.578947] kasan_save_track+0x18/0x40 [ 26.579145] kasan_save_alloc_info+0x3b/0x50 [ 26.579354] __kasan_kmalloc+0xb7/0xc0 [ 26.579512] __kmalloc_cache_noprof+0x189/0x420 [ 26.579664] kasan_atomics+0x95/0x310 [ 26.579802] kunit_try_run_case+0x1a5/0x480 [ 26.579947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.580118] kthread+0x337/0x6f0 [ 26.580238] ret_from_fork+0x116/0x1d0 [ 26.580366] ret_from_fork_asm+0x1a/0x30 [ 26.580501] [ 26.580566] The buggy address belongs to the object at ffff8881058d6700 [ 26.580566] which belongs to the cache kmalloc-64 of size 64 [ 26.580921] The buggy address is located 0 bytes to the right of [ 26.580921] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.581277] [ 26.581346] The buggy address belongs to the physical page: [ 26.581712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.582527] flags: 0x200000000000000(node=0|zone=2) [ 26.582722] page_type: f5(slab) [ 26.582842] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.583067] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.583285] page dumped because: kasan: bad access detected [ 26.583451] [ 26.583515] Memory state around the buggy address: [ 26.583665] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.583891] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.584101] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.584307] ^ [ 26.584457] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.584671] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.584887] ================================================================== [ 27.486191] ================================================================== [ 27.486540] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 27.486863] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.487237] [ 27.487343] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.487397] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.487413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.487437] Call Trace: [ 27.487459] <TASK> [ 27.487479] dump_stack_lvl+0x73/0xb0 [ 27.487512] print_report+0xd1/0x610 [ 27.487535] ? __virt_addr_valid+0x1db/0x2d0 [ 27.487597] ? kasan_atomics_helper+0x194a/0x5450 [ 27.487620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.487658] ? kasan_atomics_helper+0x194a/0x5450 [ 27.487715] kasan_report+0x141/0x180 [ 27.487738] ? kasan_atomics_helper+0x194a/0x5450 [ 27.487776] kasan_check_range+0x10c/0x1c0 [ 27.487811] __kasan_check_write+0x18/0x20 [ 27.487840] kasan_atomics_helper+0x194a/0x5450 [ 27.487863] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.487886] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.487940] ? kasan_save_alloc_info+0x3b/0x50 [ 27.487990] kasan_atomics+0x1dc/0x310 [ 27.488014] ? __pfx_kasan_atomics+0x10/0x10 [ 27.488039] ? __pfx_read_tsc+0x10/0x10 [ 27.488064] ? ktime_get_ts64+0x86/0x230 [ 27.488091] kunit_try_run_case+0x1a5/0x480 [ 27.488115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.488136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.488162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.488187] ? __kthread_parkme+0x82/0x180 [ 27.488209] ? preempt_count_sub+0x50/0x80 [ 27.488234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.488257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.488283] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.488309] kthread+0x337/0x6f0 [ 27.488330] ? trace_preempt_on+0x20/0xc0 [ 27.488354] ? __pfx_kthread+0x10/0x10 [ 27.488376] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.488399] ? calculate_sigpending+0x7b/0xa0 [ 27.488425] ? __pfx_kthread+0x10/0x10 [ 27.488447] ret_from_fork+0x116/0x1d0 [ 27.488468] ? __pfx_kthread+0x10/0x10 [ 27.488491] ret_from_fork_asm+0x1a/0x30 [ 27.488523] </TASK> [ 27.488535] [ 27.496285] Allocated by task 315: [ 27.496509] kasan_save_stack+0x45/0x70 [ 27.496700] kasan_save_track+0x18/0x40 [ 27.496833] kasan_save_alloc_info+0x3b/0x50 [ 27.497025] __kasan_kmalloc+0xb7/0xc0 [ 27.497347] __kmalloc_cache_noprof+0x189/0x420 [ 27.498249] kasan_atomics+0x95/0x310 [ 27.499015] kunit_try_run_case+0x1a5/0x480 [ 27.499184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.499450] kthread+0x337/0x6f0 [ 27.499622] ret_from_fork+0x116/0x1d0 [ 27.499831] ret_from_fork_asm+0x1a/0x30 [ 27.500024] [ 27.500372] The buggy address belongs to the object at ffff8881058d6700 [ 27.500372] which belongs to the cache kmalloc-64 of size 64 [ 27.500998] The buggy address is located 0 bytes to the right of [ 27.500998] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.501421] [ 27.501534] The buggy address belongs to the physical page: [ 27.501811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.502256] flags: 0x200000000000000(node=0|zone=2) [ 27.502462] page_type: f5(slab) [ 27.502586] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.503115] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.503397] page dumped because: kasan: bad access detected [ 27.503652] [ 27.503730] Memory state around the buggy address: [ 27.503913] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.504334] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.504635] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.504969] ^ [ 27.505138] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.505455] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.505766] ================================================================== [ 27.620579] ================================================================== [ 27.621259] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 27.621676] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.622160] [ 27.622269] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.622321] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.622336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.622429] Call Trace: [ 27.622448] <TASK> [ 27.622466] dump_stack_lvl+0x73/0xb0 [ 27.622500] print_report+0xd1/0x610 [ 27.622523] ? __virt_addr_valid+0x1db/0x2d0 [ 27.622548] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.622570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.622597] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.622619] kasan_report+0x141/0x180 [ 27.622642] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.622668] kasan_check_range+0x10c/0x1c0 [ 27.622704] __kasan_check_write+0x18/0x20 [ 27.622728] kasan_atomics_helper+0x1ce1/0x5450 [ 27.622752] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.622783] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.622808] ? kasan_save_alloc_info+0x3b/0x50 [ 27.622837] kasan_atomics+0x1dc/0x310 [ 27.622861] ? __pfx_kasan_atomics+0x10/0x10 [ 27.622885] ? __pfx_read_tsc+0x10/0x10 [ 27.622908] ? ktime_get_ts64+0x86/0x230 [ 27.622935] kunit_try_run_case+0x1a5/0x480 [ 27.622958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.622980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.623005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.623030] ? __kthread_parkme+0x82/0x180 [ 27.623051] ? preempt_count_sub+0x50/0x80 [ 27.623076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.623098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.623124] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.623151] kthread+0x337/0x6f0 [ 27.623171] ? trace_preempt_on+0x20/0xc0 [ 27.623195] ? __pfx_kthread+0x10/0x10 [ 27.623217] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.623240] ? calculate_sigpending+0x7b/0xa0 [ 27.623266] ? __pfx_kthread+0x10/0x10 [ 27.623288] ret_from_fork+0x116/0x1d0 [ 27.623309] ? __pfx_kthread+0x10/0x10 [ 27.623330] ret_from_fork_asm+0x1a/0x30 [ 27.623363] </TASK> [ 27.623376] [ 27.632982] Allocated by task 315: [ 27.633179] kasan_save_stack+0x45/0x70 [ 27.633381] kasan_save_track+0x18/0x40 [ 27.633568] kasan_save_alloc_info+0x3b/0x50 [ 27.633768] __kasan_kmalloc+0xb7/0xc0 [ 27.634354] __kmalloc_cache_noprof+0x189/0x420 [ 27.634554] kasan_atomics+0x95/0x310 [ 27.634760] kunit_try_run_case+0x1a5/0x480 [ 27.635145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.635401] kthread+0x337/0x6f0 [ 27.635666] ret_from_fork+0x116/0x1d0 [ 27.635859] ret_from_fork_asm+0x1a/0x30 [ 27.636202] [ 27.636288] The buggy address belongs to the object at ffff8881058d6700 [ 27.636288] which belongs to the cache kmalloc-64 of size 64 [ 27.636968] The buggy address is located 0 bytes to the right of [ 27.636968] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.637579] [ 27.637684] The buggy address belongs to the physical page: [ 27.637950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.638444] flags: 0x200000000000000(node=0|zone=2) [ 27.638670] page_type: f5(slab) [ 27.638822] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.639312] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.639677] page dumped because: kasan: bad access detected [ 27.639965] [ 27.640050] Memory state around the buggy address: [ 27.640262] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.640556] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.640866] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.641429] ^ [ 27.641611] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.642122] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.642501] ================================================================== [ 27.546279] ================================================================== [ 27.546744] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 27.547470] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.547795] [ 27.547950] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.548005] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.548020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.548043] Call Trace: [ 27.548060] <TASK> [ 27.548081] dump_stack_lvl+0x73/0xb0 [ 27.548114] print_report+0xd1/0x610 [ 27.548138] ? __virt_addr_valid+0x1db/0x2d0 [ 27.548164] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.548186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.548212] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.548235] kasan_report+0x141/0x180 [ 27.548257] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.548284] kasan_check_range+0x10c/0x1c0 [ 27.548309] __kasan_check_write+0x18/0x20 [ 27.548333] kasan_atomics_helper+0x1b22/0x5450 [ 27.548356] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.548379] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.548403] ? kasan_save_alloc_info+0x3b/0x50 [ 27.548433] kasan_atomics+0x1dc/0x310 [ 27.548456] ? __pfx_kasan_atomics+0x10/0x10 [ 27.548481] ? __pfx_read_tsc+0x10/0x10 [ 27.548504] ? ktime_get_ts64+0x86/0x230 [ 27.548530] kunit_try_run_case+0x1a5/0x480 [ 27.548553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.548575] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.548600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.548625] ? __kthread_parkme+0x82/0x180 [ 27.548646] ? preempt_count_sub+0x50/0x80 [ 27.548671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.548706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.548732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.548758] kthread+0x337/0x6f0 [ 27.548790] ? trace_preempt_on+0x20/0xc0 [ 27.548815] ? __pfx_kthread+0x10/0x10 [ 27.548836] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.548861] ? calculate_sigpending+0x7b/0xa0 [ 27.548888] ? __pfx_kthread+0x10/0x10 [ 27.548911] ret_from_fork+0x116/0x1d0 [ 27.548931] ? __pfx_kthread+0x10/0x10 [ 27.548953] ret_from_fork_asm+0x1a/0x30 [ 27.548985] </TASK> [ 27.548999] [ 27.557155] Allocated by task 315: [ 27.557282] kasan_save_stack+0x45/0x70 [ 27.557424] kasan_save_track+0x18/0x40 [ 27.557611] kasan_save_alloc_info+0x3b/0x50 [ 27.557827] __kasan_kmalloc+0xb7/0xc0 [ 27.558189] __kmalloc_cache_noprof+0x189/0x420 [ 27.558410] kasan_atomics+0x95/0x310 [ 27.558589] kunit_try_run_case+0x1a5/0x480 [ 27.558787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.558992] kthread+0x337/0x6f0 [ 27.559111] ret_from_fork+0x116/0x1d0 [ 27.559239] ret_from_fork_asm+0x1a/0x30 [ 27.559374] [ 27.559441] The buggy address belongs to the object at ffff8881058d6700 [ 27.559441] which belongs to the cache kmalloc-64 of size 64 [ 27.560008] The buggy address is located 0 bytes to the right of [ 27.560008] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.560563] [ 27.560659] The buggy address belongs to the physical page: [ 27.560978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.561276] flags: 0x200000000000000(node=0|zone=2) [ 27.561433] page_type: f5(slab) [ 27.561551] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.562649] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.563595] page dumped because: kasan: bad access detected [ 27.564415] [ 27.564591] Memory state around the buggy address: [ 27.565403] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.566125] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.566684] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.567528] ^ [ 27.568184] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.568420] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.568632] ================================================================== [ 27.683562] ================================================================== [ 27.684112] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 27.684451] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.684774] [ 27.684869] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.684919] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.684933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.684956] Call Trace: [ 27.684973] <TASK> [ 27.684991] dump_stack_lvl+0x73/0xb0 [ 27.685022] print_report+0xd1/0x610 [ 27.685045] ? __virt_addr_valid+0x1db/0x2d0 [ 27.685070] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.685091] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.685118] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.685141] kasan_report+0x141/0x180 [ 27.685164] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.685190] kasan_check_range+0x10c/0x1c0 [ 27.685214] __kasan_check_write+0x18/0x20 [ 27.685238] kasan_atomics_helper+0x1eaa/0x5450 [ 27.685260] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.685283] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.685307] ? kasan_save_alloc_info+0x3b/0x50 [ 27.685335] kasan_atomics+0x1dc/0x310 [ 27.685359] ? __pfx_kasan_atomics+0x10/0x10 [ 27.685383] ? __pfx_read_tsc+0x10/0x10 [ 27.685406] ? ktime_get_ts64+0x86/0x230 [ 27.685432] kunit_try_run_case+0x1a5/0x480 [ 27.685455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.685476] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.685503] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.685530] ? __kthread_parkme+0x82/0x180 [ 27.685552] ? preempt_count_sub+0x50/0x80 [ 27.685576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.685598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.685624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.685649] kthread+0x337/0x6f0 [ 27.685671] ? trace_preempt_on+0x20/0xc0 [ 27.685706] ? __pfx_kthread+0x10/0x10 [ 27.685729] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.685752] ? calculate_sigpending+0x7b/0xa0 [ 27.685777] ? __pfx_kthread+0x10/0x10 [ 27.685800] ret_from_fork+0x116/0x1d0 [ 27.685821] ? __pfx_kthread+0x10/0x10 [ 27.685843] ret_from_fork_asm+0x1a/0x30 [ 27.685874] </TASK> [ 27.685887] [ 27.693470] Allocated by task 315: [ 27.693650] kasan_save_stack+0x45/0x70 [ 27.693913] kasan_save_track+0x18/0x40 [ 27.694089] kasan_save_alloc_info+0x3b/0x50 [ 27.694270] __kasan_kmalloc+0xb7/0xc0 [ 27.694430] __kmalloc_cache_noprof+0x189/0x420 [ 27.694580] kasan_atomics+0x95/0x310 [ 27.694720] kunit_try_run_case+0x1a5/0x480 [ 27.694927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.695175] kthread+0x337/0x6f0 [ 27.695338] ret_from_fork+0x116/0x1d0 [ 27.695548] ret_from_fork_asm+0x1a/0x30 [ 27.695749] [ 27.695891] The buggy address belongs to the object at ffff8881058d6700 [ 27.695891] which belongs to the cache kmalloc-64 of size 64 [ 27.696337] The buggy address is located 0 bytes to the right of [ 27.696337] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.696834] [ 27.696915] The buggy address belongs to the physical page: [ 27.697146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.697449] flags: 0x200000000000000(node=0|zone=2) [ 27.697647] page_type: f5(slab) [ 27.697786] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.698089] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.698412] page dumped because: kasan: bad access detected [ 27.698613] [ 27.698714] Memory state around the buggy address: [ 27.698925] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.699210] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.699450] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.699660] ^ [ 27.700025] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.700353] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.700608] ================================================================== [ 27.052925] ================================================================== [ 27.053224] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 27.053560] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.054190] [ 27.054288] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.054344] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.054359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.054383] Call Trace: [ 27.054405] <TASK> [ 27.054425] dump_stack_lvl+0x73/0xb0 [ 27.054474] print_report+0xd1/0x610 [ 27.054499] ? __virt_addr_valid+0x1db/0x2d0 [ 27.054524] ? kasan_atomics_helper+0xf10/0x5450 [ 27.054559] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.054586] ? kasan_atomics_helper+0xf10/0x5450 [ 27.054617] kasan_report+0x141/0x180 [ 27.054640] ? kasan_atomics_helper+0xf10/0x5450 [ 27.054666] kasan_check_range+0x10c/0x1c0 [ 27.054720] __kasan_check_write+0x18/0x20 [ 27.054745] kasan_atomics_helper+0xf10/0x5450 [ 27.054768] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.054801] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.054827] ? kasan_save_alloc_info+0x3b/0x50 [ 27.054855] kasan_atomics+0x1dc/0x310 [ 27.054879] ? __pfx_kasan_atomics+0x10/0x10 [ 27.054903] ? __pfx_read_tsc+0x10/0x10 [ 27.054927] ? ktime_get_ts64+0x86/0x230 [ 27.054963] kunit_try_run_case+0x1a5/0x480 [ 27.054986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.055008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.055045] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.055071] ? __kthread_parkme+0x82/0x180 [ 27.055102] ? preempt_count_sub+0x50/0x80 [ 27.055127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.055149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.055183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.055210] kthread+0x337/0x6f0 [ 27.055230] ? trace_preempt_on+0x20/0xc0 [ 27.055274] ? __pfx_kthread+0x10/0x10 [ 27.055295] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.055318] ? calculate_sigpending+0x7b/0xa0 [ 27.055354] ? __pfx_kthread+0x10/0x10 [ 27.055377] ret_from_fork+0x116/0x1d0 [ 27.055398] ? __pfx_kthread+0x10/0x10 [ 27.055419] ret_from_fork_asm+0x1a/0x30 [ 27.055453] </TASK> [ 27.055465] [ 27.062969] Allocated by task 315: [ 27.063104] kasan_save_stack+0x45/0x70 [ 27.063246] kasan_save_track+0x18/0x40 [ 27.063377] kasan_save_alloc_info+0x3b/0x50 [ 27.063520] __kasan_kmalloc+0xb7/0xc0 [ 27.063646] __kmalloc_cache_noprof+0x189/0x420 [ 27.063900] kasan_atomics+0x95/0x310 [ 27.064091] kunit_try_run_case+0x1a5/0x480 [ 27.064301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.064557] kthread+0x337/0x6f0 [ 27.064737] ret_from_fork+0x116/0x1d0 [ 27.064940] ret_from_fork_asm+0x1a/0x30 [ 27.065133] [ 27.065228] The buggy address belongs to the object at ffff8881058d6700 [ 27.065228] which belongs to the cache kmalloc-64 of size 64 [ 27.065841] The buggy address is located 0 bytes to the right of [ 27.065841] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.066276] [ 27.066347] The buggy address belongs to the physical page: [ 27.066516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.066795] flags: 0x200000000000000(node=0|zone=2) [ 27.067214] page_type: f5(slab) [ 27.067563] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.068134] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.068480] page dumped because: kasan: bad access detected [ 27.068714] [ 27.068796] Memory state around the buggy address: [ 27.069050] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.069391] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.069654] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.070148] ^ [ 27.070400] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.070728] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.071094] ================================================================== [ 27.570165] ================================================================== [ 27.571606] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 27.572461] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.573030] [ 27.573407] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.573474] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.573490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.573514] Call Trace: [ 27.573533] <TASK> [ 27.573552] dump_stack_lvl+0x73/0xb0 [ 27.573591] print_report+0xd1/0x610 [ 27.573616] ? __virt_addr_valid+0x1db/0x2d0 [ 27.573643] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.573665] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.573702] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.573724] kasan_report+0x141/0x180 [ 27.573747] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.573950] kasan_check_range+0x10c/0x1c0 [ 27.574026] __kasan_check_write+0x18/0x20 [ 27.574054] kasan_atomics_helper+0x1c18/0x5450 [ 27.574080] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.574104] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.574132] ? kasan_save_alloc_info+0x3b/0x50 [ 27.574161] kasan_atomics+0x1dc/0x310 [ 27.574184] ? __pfx_kasan_atomics+0x10/0x10 [ 27.574209] ? __pfx_read_tsc+0x10/0x10 [ 27.574234] ? ktime_get_ts64+0x86/0x230 [ 27.574260] kunit_try_run_case+0x1a5/0x480 [ 27.574284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.574305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.574331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.574356] ? __kthread_parkme+0x82/0x180 [ 27.574378] ? preempt_count_sub+0x50/0x80 [ 27.574403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.574426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.574451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.574478] kthread+0x337/0x6f0 [ 27.574499] ? trace_preempt_on+0x20/0xc0 [ 27.574524] ? __pfx_kthread+0x10/0x10 [ 27.574546] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.574569] ? calculate_sigpending+0x7b/0xa0 [ 27.574594] ? __pfx_kthread+0x10/0x10 [ 27.574617] ret_from_fork+0x116/0x1d0 [ 27.574638] ? __pfx_kthread+0x10/0x10 [ 27.574660] ret_from_fork_asm+0x1a/0x30 [ 27.574704] </TASK> [ 27.574717] [ 27.587388] Allocated by task 315: [ 27.587580] kasan_save_stack+0x45/0x70 [ 27.587773] kasan_save_track+0x18/0x40 [ 27.588283] kasan_save_alloc_info+0x3b/0x50 [ 27.588448] __kasan_kmalloc+0xb7/0xc0 [ 27.588752] __kmalloc_cache_noprof+0x189/0x420 [ 27.589067] kasan_atomics+0x95/0x310 [ 27.589299] kunit_try_run_case+0x1a5/0x480 [ 27.589562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.589895] kthread+0x337/0x6f0 [ 27.590077] ret_from_fork+0x116/0x1d0 [ 27.590368] ret_from_fork_asm+0x1a/0x30 [ 27.590561] [ 27.590654] The buggy address belongs to the object at ffff8881058d6700 [ 27.590654] which belongs to the cache kmalloc-64 of size 64 [ 27.591298] The buggy address is located 0 bytes to the right of [ 27.591298] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.591982] [ 27.592093] The buggy address belongs to the physical page: [ 27.592303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.592637] flags: 0x200000000000000(node=0|zone=2) [ 27.592864] page_type: f5(slab) [ 27.593333] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.593622] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.594137] page dumped because: kasan: bad access detected [ 27.594454] [ 27.594529] Memory state around the buggy address: [ 27.594823] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.595284] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.595599] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.596079] ^ [ 27.596359] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.596610] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.597039] ================================================================== [ 26.711507] ================================================================== [ 26.712217] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 26.712545] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.713152] [ 26.713281] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.713546] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.713564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.713587] Call Trace: [ 26.713611] <TASK> [ 26.713674] dump_stack_lvl+0x73/0xb0 [ 26.713726] print_report+0xd1/0x610 [ 26.713749] ? __virt_addr_valid+0x1db/0x2d0 [ 26.713783] ? kasan_atomics_helper+0x697/0x5450 [ 26.713805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.713832] ? kasan_atomics_helper+0x697/0x5450 [ 26.713854] kasan_report+0x141/0x180 [ 26.713876] ? kasan_atomics_helper+0x697/0x5450 [ 26.713966] kasan_check_range+0x10c/0x1c0 [ 26.713991] __kasan_check_write+0x18/0x20 [ 26.714015] kasan_atomics_helper+0x697/0x5450 [ 26.714039] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.714062] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.714089] ? kasan_save_alloc_info+0x3b/0x50 [ 26.714120] kasan_atomics+0x1dc/0x310 [ 26.714144] ? __pfx_kasan_atomics+0x10/0x10 [ 26.714170] ? __pfx_read_tsc+0x10/0x10 [ 26.714193] ? ktime_get_ts64+0x86/0x230 [ 26.714221] kunit_try_run_case+0x1a5/0x480 [ 26.714245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.714266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.714293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.714318] ? __kthread_parkme+0x82/0x180 [ 26.714340] ? preempt_count_sub+0x50/0x80 [ 26.714365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.714389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.714416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.714442] kthread+0x337/0x6f0 [ 26.714463] ? trace_preempt_on+0x20/0xc0 [ 26.714488] ? __pfx_kthread+0x10/0x10 [ 26.714510] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.714533] ? calculate_sigpending+0x7b/0xa0 [ 26.714558] ? __pfx_kthread+0x10/0x10 [ 26.714581] ret_from_fork+0x116/0x1d0 [ 26.714602] ? __pfx_kthread+0x10/0x10 [ 26.714623] ret_from_fork_asm+0x1a/0x30 [ 26.714657] </TASK> [ 26.714670] [ 26.727425] Allocated by task 315: [ 26.727620] kasan_save_stack+0x45/0x70 [ 26.727863] kasan_save_track+0x18/0x40 [ 26.728221] kasan_save_alloc_info+0x3b/0x50 [ 26.728585] __kasan_kmalloc+0xb7/0xc0 [ 26.728932] __kmalloc_cache_noprof+0x189/0x420 [ 26.729266] kasan_atomics+0x95/0x310 [ 26.729444] kunit_try_run_case+0x1a5/0x480 [ 26.729635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.730087] kthread+0x337/0x6f0 [ 26.730386] ret_from_fork+0x116/0x1d0 [ 26.730769] ret_from_fork_asm+0x1a/0x30 [ 26.731106] [ 26.731332] The buggy address belongs to the object at ffff8881058d6700 [ 26.731332] which belongs to the cache kmalloc-64 of size 64 [ 26.732133] The buggy address is located 0 bytes to the right of [ 26.732133] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.732958] [ 26.733195] The buggy address belongs to the physical page: [ 26.733434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.733756] flags: 0x200000000000000(node=0|zone=2) [ 26.734293] page_type: f5(slab) [ 26.734725] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.735310] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.735629] page dumped because: kasan: bad access detected [ 26.736218] [ 26.736319] Memory state around the buggy address: [ 26.736748] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.737274] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.737743] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.738059] ^ [ 26.738431] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.739072] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.739377] ================================================================== [ 26.800248] ================================================================== [ 26.801160] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 26.802038] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.802604] [ 26.802715] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.802778] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.802794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.802819] Call Trace: [ 26.802837] <TASK> [ 26.802857] dump_stack_lvl+0x73/0xb0 [ 26.802893] print_report+0xd1/0x610 [ 26.802916] ? __virt_addr_valid+0x1db/0x2d0 [ 26.802942] ? kasan_atomics_helper+0x860/0x5450 [ 26.802964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.802992] ? kasan_atomics_helper+0x860/0x5450 [ 26.803014] kasan_report+0x141/0x180 [ 26.803037] ? kasan_atomics_helper+0x860/0x5450 [ 26.803063] kasan_check_range+0x10c/0x1c0 [ 26.803087] __kasan_check_write+0x18/0x20 [ 26.803111] kasan_atomics_helper+0x860/0x5450 [ 26.803135] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.803158] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.803183] ? kasan_save_alloc_info+0x3b/0x50 [ 26.803212] kasan_atomics+0x1dc/0x310 [ 26.803235] ? __pfx_kasan_atomics+0x10/0x10 [ 26.803259] ? __pfx_read_tsc+0x10/0x10 [ 26.803282] ? ktime_get_ts64+0x86/0x230 [ 26.803310] kunit_try_run_case+0x1a5/0x480 [ 26.803333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.803355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.803380] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.803405] ? __kthread_parkme+0x82/0x180 [ 26.803427] ? preempt_count_sub+0x50/0x80 [ 26.803451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.803474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.803500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.803527] kthread+0x337/0x6f0 [ 26.803547] ? trace_preempt_on+0x20/0xc0 [ 26.803571] ? __pfx_kthread+0x10/0x10 [ 26.803593] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.803616] ? calculate_sigpending+0x7b/0xa0 [ 26.803641] ? __pfx_kthread+0x10/0x10 [ 26.803663] ret_from_fork+0x116/0x1d0 [ 26.803684] ? __pfx_kthread+0x10/0x10 [ 26.803904] ret_from_fork_asm+0x1a/0x30 [ 26.803967] </TASK> [ 26.803981] [ 26.820839] Allocated by task 315: [ 26.821121] kasan_save_stack+0x45/0x70 [ 26.821644] kasan_save_track+0x18/0x40 [ 26.821979] kasan_save_alloc_info+0x3b/0x50 [ 26.822441] __kasan_kmalloc+0xb7/0xc0 [ 26.822813] __kmalloc_cache_noprof+0x189/0x420 [ 26.823256] kasan_atomics+0x95/0x310 [ 26.823594] kunit_try_run_case+0x1a5/0x480 [ 26.823943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.824532] kthread+0x337/0x6f0 [ 26.824762] ret_from_fork+0x116/0x1d0 [ 26.825223] ret_from_fork_asm+0x1a/0x30 [ 26.825590] [ 26.825684] The buggy address belongs to the object at ffff8881058d6700 [ 26.825684] which belongs to the cache kmalloc-64 of size 64 [ 26.826767] The buggy address is located 0 bytes to the right of [ 26.826767] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.828033] [ 26.828151] The buggy address belongs to the physical page: [ 26.828609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.828948] flags: 0x200000000000000(node=0|zone=2) [ 26.829651] page_type: f5(slab) [ 26.830096] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.830847] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.831416] page dumped because: kasan: bad access detected [ 26.831934] [ 26.832005] Memory state around the buggy address: [ 26.832156] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.832799] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.833540] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.834269] ^ [ 26.834607] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.834984] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.835721] ================================================================== [ 26.688305] ================================================================== [ 26.688611] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 26.689057] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.689288] [ 26.689404] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.689460] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.689476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.689501] Call Trace: [ 26.689524] <TASK> [ 26.689550] dump_stack_lvl+0x73/0xb0 [ 26.689584] print_report+0xd1/0x610 [ 26.689608] ? __virt_addr_valid+0x1db/0x2d0 [ 26.689633] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.689655] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.689683] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.689719] kasan_report+0x141/0x180 [ 26.689742] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.689769] kasan_check_range+0x10c/0x1c0 [ 26.689793] __kasan_check_write+0x18/0x20 [ 26.689834] kasan_atomics_helper+0x5fe/0x5450 [ 26.689856] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.689879] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.689905] ? kasan_save_alloc_info+0x3b/0x50 [ 26.689933] kasan_atomics+0x1dc/0x310 [ 26.689957] ? __pfx_kasan_atomics+0x10/0x10 [ 26.689982] ? __pfx_read_tsc+0x10/0x10 [ 26.690033] ? ktime_get_ts64+0x86/0x230 [ 26.690061] kunit_try_run_case+0x1a5/0x480 [ 26.690086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.690106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.690132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.690157] ? __kthread_parkme+0x82/0x180 [ 26.690180] ? preempt_count_sub+0x50/0x80 [ 26.690205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.690228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.690255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.690281] kthread+0x337/0x6f0 [ 26.690302] ? trace_preempt_on+0x20/0xc0 [ 26.690327] ? __pfx_kthread+0x10/0x10 [ 26.690349] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.690372] ? calculate_sigpending+0x7b/0xa0 [ 26.690399] ? __pfx_kthread+0x10/0x10 [ 26.690422] ret_from_fork+0x116/0x1d0 [ 26.690443] ? __pfx_kthread+0x10/0x10 [ 26.690464] ret_from_fork_asm+0x1a/0x30 [ 26.690497] </TASK> [ 26.690510] [ 26.698205] Allocated by task 315: [ 26.698336] kasan_save_stack+0x45/0x70 [ 26.698732] kasan_save_track+0x18/0x40 [ 26.699105] kasan_save_alloc_info+0x3b/0x50 [ 26.699300] __kasan_kmalloc+0xb7/0xc0 [ 26.699477] __kmalloc_cache_noprof+0x189/0x420 [ 26.699702] kasan_atomics+0x95/0x310 [ 26.699911] kunit_try_run_case+0x1a5/0x480 [ 26.700091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.700306] kthread+0x337/0x6f0 [ 26.700502] ret_from_fork+0x116/0x1d0 [ 26.700676] ret_from_fork_asm+0x1a/0x30 [ 26.700853] [ 26.700920] The buggy address belongs to the object at ffff8881058d6700 [ 26.700920] which belongs to the cache kmalloc-64 of size 64 [ 26.702949] The buggy address is located 0 bytes to the right of [ 26.702949] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.703374] [ 26.703449] The buggy address belongs to the physical page: [ 26.703623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.704611] flags: 0x200000000000000(node=0|zone=2) [ 26.705257] page_type: f5(slab) [ 26.705565] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.706163] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.706509] page dumped because: kasan: bad access detected [ 26.706955] [ 26.707191] Memory state around the buggy address: [ 26.707655] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.708313] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.708599] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.709154] ^ [ 26.709611] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.710270] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.710685] ================================================================== [ 27.188150] ================================================================== [ 27.188509] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 27.189021] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.189631] [ 27.189785] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.189862] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.189878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.189902] Call Trace: [ 27.189936] <TASK> [ 27.189959] dump_stack_lvl+0x73/0xb0 [ 27.190004] print_report+0xd1/0x610 [ 27.190028] ? __virt_addr_valid+0x1db/0x2d0 [ 27.190065] ? kasan_atomics_helper+0x1217/0x5450 [ 27.190087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.190114] ? kasan_atomics_helper+0x1217/0x5450 [ 27.190137] kasan_report+0x141/0x180 [ 27.190159] ? kasan_atomics_helper+0x1217/0x5450 [ 27.190186] kasan_check_range+0x10c/0x1c0 [ 27.190211] __kasan_check_write+0x18/0x20 [ 27.190235] kasan_atomics_helper+0x1217/0x5450 [ 27.190258] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.190281] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.190306] ? kasan_save_alloc_info+0x3b/0x50 [ 27.190336] kasan_atomics+0x1dc/0x310 [ 27.190369] ? __pfx_kasan_atomics+0x10/0x10 [ 27.190394] ? __pfx_read_tsc+0x10/0x10 [ 27.190418] ? ktime_get_ts64+0x86/0x230 [ 27.190455] kunit_try_run_case+0x1a5/0x480 [ 27.190480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.190501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.190527] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.190561] ? __kthread_parkme+0x82/0x180 [ 27.190583] ? preempt_count_sub+0x50/0x80 [ 27.190609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.190641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.190668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.190702] kthread+0x337/0x6f0 [ 27.190722] ? trace_preempt_on+0x20/0xc0 [ 27.190756] ? __pfx_kthread+0x10/0x10 [ 27.190778] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.190812] ? calculate_sigpending+0x7b/0xa0 [ 27.190850] ? __pfx_kthread+0x10/0x10 [ 27.190873] ret_from_fork+0x116/0x1d0 [ 27.190894] ? __pfx_kthread+0x10/0x10 [ 27.190916] ret_from_fork_asm+0x1a/0x30 [ 27.190958] </TASK> [ 27.190972] [ 27.198748] Allocated by task 315: [ 27.198993] kasan_save_stack+0x45/0x70 [ 27.199167] kasan_save_track+0x18/0x40 [ 27.199359] kasan_save_alloc_info+0x3b/0x50 [ 27.199541] __kasan_kmalloc+0xb7/0xc0 [ 27.199753] __kmalloc_cache_noprof+0x189/0x420 [ 27.200198] kasan_atomics+0x95/0x310 [ 27.200383] kunit_try_run_case+0x1a5/0x480 [ 27.200575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.201804] kthread+0x337/0x6f0 [ 27.202051] ret_from_fork+0x116/0x1d0 [ 27.202206] ret_from_fork_asm+0x1a/0x30 [ 27.202348] [ 27.202419] The buggy address belongs to the object at ffff8881058d6700 [ 27.202419] which belongs to the cache kmalloc-64 of size 64 [ 27.203473] The buggy address is located 0 bytes to the right of [ 27.203473] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.204544] [ 27.204748] The buggy address belongs to the physical page: [ 27.205284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.205788] flags: 0x200000000000000(node=0|zone=2) [ 27.206225] page_type: f5(slab) [ 27.206526] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.207565] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.208056] page dumped because: kasan: bad access detected [ 27.208305] [ 27.208393] Memory state around the buggy address: [ 27.208603] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.209357] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.209912] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.210213] ^ [ 27.210424] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.210730] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.210942] ================================================================== [ 27.506468] ================================================================== [ 27.506841] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 27.507130] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.507572] [ 27.507711] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.507764] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.507779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.507802] Call Trace: [ 27.507831] <TASK> [ 27.507871] dump_stack_lvl+0x73/0xb0 [ 27.507904] print_report+0xd1/0x610 [ 27.507938] ? __virt_addr_valid+0x1db/0x2d0 [ 27.507963] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.507987] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.508013] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.508036] kasan_report+0x141/0x180 [ 27.508068] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.508094] kasan_check_range+0x10c/0x1c0 [ 27.508129] __kasan_check_write+0x18/0x20 [ 27.508152] kasan_atomics_helper+0x19e3/0x5450 [ 27.508176] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.508198] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.508224] ? kasan_save_alloc_info+0x3b/0x50 [ 27.508253] kasan_atomics+0x1dc/0x310 [ 27.508275] ? __pfx_kasan_atomics+0x10/0x10 [ 27.508300] ? __pfx_read_tsc+0x10/0x10 [ 27.508325] ? ktime_get_ts64+0x86/0x230 [ 27.508352] kunit_try_run_case+0x1a5/0x480 [ 27.508375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.508397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.508423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.508448] ? __kthread_parkme+0x82/0x180 [ 27.508471] ? preempt_count_sub+0x50/0x80 [ 27.508496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.508519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.508545] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.508571] kthread+0x337/0x6f0 [ 27.508591] ? trace_preempt_on+0x20/0xc0 [ 27.508616] ? __pfx_kthread+0x10/0x10 [ 27.508638] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.508662] ? calculate_sigpending+0x7b/0xa0 [ 27.508688] ? __pfx_kthread+0x10/0x10 [ 27.508719] ret_from_fork+0x116/0x1d0 [ 27.508749] ? __pfx_kthread+0x10/0x10 [ 27.508771] ret_from_fork_asm+0x1a/0x30 [ 27.508804] </TASK> [ 27.508827] [ 27.516331] Allocated by task 315: [ 27.516505] kasan_save_stack+0x45/0x70 [ 27.516744] kasan_save_track+0x18/0x40 [ 27.516944] kasan_save_alloc_info+0x3b/0x50 [ 27.517137] __kasan_kmalloc+0xb7/0xc0 [ 27.517328] __kmalloc_cache_noprof+0x189/0x420 [ 27.517529] kasan_atomics+0x95/0x310 [ 27.517713] kunit_try_run_case+0x1a5/0x480 [ 27.518017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.518256] kthread+0x337/0x6f0 [ 27.518424] ret_from_fork+0x116/0x1d0 [ 27.518607] ret_from_fork_asm+0x1a/0x30 [ 27.518856] [ 27.518936] The buggy address belongs to the object at ffff8881058d6700 [ 27.518936] which belongs to the cache kmalloc-64 of size 64 [ 27.519437] The buggy address is located 0 bytes to the right of [ 27.519437] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.520040] [ 27.520113] The buggy address belongs to the physical page: [ 27.520397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.520726] flags: 0x200000000000000(node=0|zone=2) [ 27.521030] page_type: f5(slab) [ 27.521181] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.521526] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.521762] page dumped because: kasan: bad access detected [ 27.521939] [ 27.522005] Memory state around the buggy address: [ 27.522196] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.522628] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.523141] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.523352] ^ [ 27.523503] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.523736] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.524288] ================================================================== [ 26.955053] ================================================================== [ 26.955392] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 26.955728] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.956052] [ 26.956154] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.956201] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.956216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.956237] Call Trace: [ 26.956254] <TASK> [ 26.956271] dump_stack_lvl+0x73/0xb0 [ 26.956300] print_report+0xd1/0x610 [ 26.956323] ? __virt_addr_valid+0x1db/0x2d0 [ 26.956347] ? kasan_atomics_helper+0xc70/0x5450 [ 26.956368] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.956394] ? kasan_atomics_helper+0xc70/0x5450 [ 26.956415] kasan_report+0x141/0x180 [ 26.956437] ? kasan_atomics_helper+0xc70/0x5450 [ 26.956463] kasan_check_range+0x10c/0x1c0 [ 26.956486] __kasan_check_write+0x18/0x20 [ 26.956509] kasan_atomics_helper+0xc70/0x5450 [ 26.956531] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.956553] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.956577] ? kasan_save_alloc_info+0x3b/0x50 [ 26.956605] kasan_atomics+0x1dc/0x310 [ 26.956630] ? __pfx_kasan_atomics+0x10/0x10 [ 26.956654] ? __pfx_read_tsc+0x10/0x10 [ 26.956713] ? ktime_get_ts64+0x86/0x230 [ 26.956741] kunit_try_run_case+0x1a5/0x480 [ 26.956765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.956787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.956812] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.956837] ? __kthread_parkme+0x82/0x180 [ 26.956859] ? preempt_count_sub+0x50/0x80 [ 26.956884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.956908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.956934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.956960] kthread+0x337/0x6f0 [ 26.956981] ? trace_preempt_on+0x20/0xc0 [ 26.957006] ? __pfx_kthread+0x10/0x10 [ 26.957028] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.957051] ? calculate_sigpending+0x7b/0xa0 [ 26.957077] ? __pfx_kthread+0x10/0x10 [ 26.957100] ret_from_fork+0x116/0x1d0 [ 26.957133] ? __pfx_kthread+0x10/0x10 [ 26.957154] ret_from_fork_asm+0x1a/0x30 [ 26.957186] </TASK> [ 26.957199] [ 26.964954] Allocated by task 315: [ 26.965127] kasan_save_stack+0x45/0x70 [ 26.965326] kasan_save_track+0x18/0x40 [ 26.965513] kasan_save_alloc_info+0x3b/0x50 [ 26.965724] __kasan_kmalloc+0xb7/0xc0 [ 26.965975] __kmalloc_cache_noprof+0x189/0x420 [ 26.966174] kasan_atomics+0x95/0x310 [ 26.966365] kunit_try_run_case+0x1a5/0x480 [ 26.966543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.966820] kthread+0x337/0x6f0 [ 26.966986] ret_from_fork+0x116/0x1d0 [ 26.967161] ret_from_fork_asm+0x1a/0x30 [ 26.967297] [ 26.967364] The buggy address belongs to the object at ffff8881058d6700 [ 26.967364] which belongs to the cache kmalloc-64 of size 64 [ 26.967714] The buggy address is located 0 bytes to the right of [ 26.967714] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.968080] [ 26.968150] The buggy address belongs to the physical page: [ 26.968332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.968708] flags: 0x200000000000000(node=0|zone=2) [ 26.968939] page_type: f5(slab) [ 26.969101] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.969434] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.969771] page dumped because: kasan: bad access detected [ 26.970020] [ 26.970109] Memory state around the buggy address: [ 26.970457] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.970746] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.971038] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.971249] ^ [ 26.971403] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.971612] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.972080] ================================================================== [ 26.895412] ================================================================== [ 26.896092] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 26.896748] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.897398] [ 26.897590] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.897646] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.897661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.897685] Call Trace: [ 26.897710] <TASK> [ 26.897743] dump_stack_lvl+0x73/0xb0 [ 26.897776] print_report+0xd1/0x610 [ 26.897799] ? __virt_addr_valid+0x1db/0x2d0 [ 26.897837] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.897859] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.897886] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.897909] kasan_report+0x141/0x180 [ 26.897933] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.897959] kasan_check_range+0x10c/0x1c0 [ 26.897984] __kasan_check_write+0x18/0x20 [ 26.898008] kasan_atomics_helper+0xa2b/0x5450 [ 26.898043] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.898068] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.898095] ? kasan_save_alloc_info+0x3b/0x50 [ 26.898124] kasan_atomics+0x1dc/0x310 [ 26.898148] ? __pfx_kasan_atomics+0x10/0x10 [ 26.898172] ? __pfx_read_tsc+0x10/0x10 [ 26.898197] ? ktime_get_ts64+0x86/0x230 [ 26.898224] kunit_try_run_case+0x1a5/0x480 [ 26.898248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.898269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.898296] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.898320] ? __kthread_parkme+0x82/0x180 [ 26.898343] ? preempt_count_sub+0x50/0x80 [ 26.898368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.898390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.898417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.898443] kthread+0x337/0x6f0 [ 26.898464] ? trace_preempt_on+0x20/0xc0 [ 26.898490] ? __pfx_kthread+0x10/0x10 [ 26.898513] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.898536] ? calculate_sigpending+0x7b/0xa0 [ 26.898562] ? __pfx_kthread+0x10/0x10 [ 26.898585] ret_from_fork+0x116/0x1d0 [ 26.898606] ? __pfx_kthread+0x10/0x10 [ 26.898628] ret_from_fork_asm+0x1a/0x30 [ 26.898662] </TASK> [ 26.898675] [ 26.910184] Allocated by task 315: [ 26.910507] kasan_save_stack+0x45/0x70 [ 26.910842] kasan_save_track+0x18/0x40 [ 26.910981] kasan_save_alloc_info+0x3b/0x50 [ 26.911127] __kasan_kmalloc+0xb7/0xc0 [ 26.911254] __kmalloc_cache_noprof+0x189/0x420 [ 26.911405] kasan_atomics+0x95/0x310 [ 26.911533] kunit_try_run_case+0x1a5/0x480 [ 26.911672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.911915] kthread+0x337/0x6f0 [ 26.912114] ret_from_fork+0x116/0x1d0 [ 26.912305] ret_from_fork_asm+0x1a/0x30 [ 26.912458] [ 26.912526] The buggy address belongs to the object at ffff8881058d6700 [ 26.912526] which belongs to the cache kmalloc-64 of size 64 [ 26.913000] The buggy address is located 0 bytes to the right of [ 26.913000] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.913418] [ 26.913526] The buggy address belongs to the physical page: [ 26.913845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.914263] flags: 0x200000000000000(node=0|zone=2) [ 26.914509] page_type: f5(slab) [ 26.914667] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.915028] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.915343] page dumped because: kasan: bad access detected [ 26.915582] [ 26.915672] Memory state around the buggy address: [ 26.915905] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.916201] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.916460] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.916759] ^ [ 26.916999] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.917286] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.917592] ================================================================== [ 27.290446] ================================================================== [ 27.291154] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 27.291501] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.291860] [ 27.291951] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.292006] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.292021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.292045] Call Trace: [ 27.292066] <TASK> [ 27.292088] dump_stack_lvl+0x73/0xb0 [ 27.292121] print_report+0xd1/0x610 [ 27.292146] ? __virt_addr_valid+0x1db/0x2d0 [ 27.292172] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.292195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.292222] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.292244] kasan_report+0x141/0x180 [ 27.292267] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.292294] __asan_report_load8_noabort+0x18/0x20 [ 27.292331] kasan_atomics_helper+0x4eae/0x5450 [ 27.292354] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.292377] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.292422] ? kasan_save_alloc_info+0x3b/0x50 [ 27.292452] kasan_atomics+0x1dc/0x310 [ 27.292475] ? __pfx_kasan_atomics+0x10/0x10 [ 27.292511] ? __pfx_read_tsc+0x10/0x10 [ 27.292537] ? ktime_get_ts64+0x86/0x230 [ 27.292564] kunit_try_run_case+0x1a5/0x480 [ 27.292588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.292610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.292635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.292660] ? __kthread_parkme+0x82/0x180 [ 27.292683] ? preempt_count_sub+0x50/0x80 [ 27.292723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.292746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.292772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.292819] kthread+0x337/0x6f0 [ 27.292840] ? trace_preempt_on+0x20/0xc0 [ 27.292866] ? __pfx_kthread+0x10/0x10 [ 27.292897] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.292920] ? calculate_sigpending+0x7b/0xa0 [ 27.292946] ? __pfx_kthread+0x10/0x10 [ 27.292968] ret_from_fork+0x116/0x1d0 [ 27.292989] ? __pfx_kthread+0x10/0x10 [ 27.293011] ret_from_fork_asm+0x1a/0x30 [ 27.293043] </TASK> [ 27.293056] [ 27.300547] Allocated by task 315: [ 27.300745] kasan_save_stack+0x45/0x70 [ 27.300937] kasan_save_track+0x18/0x40 [ 27.301071] kasan_save_alloc_info+0x3b/0x50 [ 27.301308] __kasan_kmalloc+0xb7/0xc0 [ 27.301508] __kmalloc_cache_noprof+0x189/0x420 [ 27.301702] kasan_atomics+0x95/0x310 [ 27.302006] kunit_try_run_case+0x1a5/0x480 [ 27.302178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.302397] kthread+0x337/0x6f0 [ 27.302563] ret_from_fork+0x116/0x1d0 [ 27.303880] ret_from_fork_asm+0x1a/0x30 [ 27.304084] [ 27.304179] The buggy address belongs to the object at ffff8881058d6700 [ 27.304179] which belongs to the cache kmalloc-64 of size 64 [ 27.305902] The buggy address is located 0 bytes to the right of [ 27.305902] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.306284] [ 27.306359] The buggy address belongs to the physical page: [ 27.306528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.306812] flags: 0x200000000000000(node=0|zone=2) [ 27.307045] page_type: f5(slab) [ 27.307209] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.307541] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.307934] page dumped because: kasan: bad access detected [ 27.308200] [ 27.308270] Memory state around the buggy address: [ 27.308416] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.309456] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.310933] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.311995] ^ [ 27.312172] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.312392] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.312603] ================================================================== [ 27.427191] ================================================================== [ 27.427539] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 27.428333] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.428749] [ 27.428871] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.428957] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.428973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.428995] Call Trace: [ 27.429023] <TASK> [ 27.429043] dump_stack_lvl+0x73/0xb0 [ 27.429076] print_report+0xd1/0x610 [ 27.429099] ? __virt_addr_valid+0x1db/0x2d0 [ 27.429125] ? kasan_atomics_helper+0x177f/0x5450 [ 27.429147] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.429173] ? kasan_atomics_helper+0x177f/0x5450 [ 27.429198] kasan_report+0x141/0x180 [ 27.429221] ? kasan_atomics_helper+0x177f/0x5450 [ 27.429277] kasan_check_range+0x10c/0x1c0 [ 27.429302] __kasan_check_write+0x18/0x20 [ 27.429336] kasan_atomics_helper+0x177f/0x5450 [ 27.429360] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.429382] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.429408] ? kasan_save_alloc_info+0x3b/0x50 [ 27.429437] kasan_atomics+0x1dc/0x310 [ 27.429461] ? __pfx_kasan_atomics+0x10/0x10 [ 27.429486] ? __pfx_read_tsc+0x10/0x10 [ 27.429539] ? ktime_get_ts64+0x86/0x230 [ 27.429577] kunit_try_run_case+0x1a5/0x480 [ 27.429613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.429636] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.429663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.429689] ? __kthread_parkme+0x82/0x180 [ 27.429721] ? preempt_count_sub+0x50/0x80 [ 27.429746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.429770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.429808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.429835] kthread+0x337/0x6f0 [ 27.429856] ? trace_preempt_on+0x20/0xc0 [ 27.429881] ? __pfx_kthread+0x10/0x10 [ 27.429904] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.429928] ? calculate_sigpending+0x7b/0xa0 [ 27.429954] ? __pfx_kthread+0x10/0x10 [ 27.429978] ret_from_fork+0x116/0x1d0 [ 27.429999] ? __pfx_kthread+0x10/0x10 [ 27.430021] ret_from_fork_asm+0x1a/0x30 [ 27.430055] </TASK> [ 27.430068] [ 27.438022] Allocated by task 315: [ 27.438378] kasan_save_stack+0x45/0x70 [ 27.438622] kasan_save_track+0x18/0x40 [ 27.438873] kasan_save_alloc_info+0x3b/0x50 [ 27.439085] __kasan_kmalloc+0xb7/0xc0 [ 27.439303] __kmalloc_cache_noprof+0x189/0x420 [ 27.439474] kasan_atomics+0x95/0x310 [ 27.439610] kunit_try_run_case+0x1a5/0x480 [ 27.439878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.440158] kthread+0x337/0x6f0 [ 27.440280] ret_from_fork+0x116/0x1d0 [ 27.440410] ret_from_fork_asm+0x1a/0x30 [ 27.440650] [ 27.440752] The buggy address belongs to the object at ffff8881058d6700 [ 27.440752] which belongs to the cache kmalloc-64 of size 64 [ 27.441322] The buggy address is located 0 bytes to the right of [ 27.441322] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.441687] [ 27.441785] The buggy address belongs to the physical page: [ 27.442087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.442577] flags: 0x200000000000000(node=0|zone=2) [ 27.442828] page_type: f5(slab) [ 27.443044] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.443340] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.443571] page dumped because: kasan: bad access detected [ 27.443909] [ 27.444048] Memory state around the buggy address: [ 27.444243] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.444540] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.445004] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.445351] ^ [ 27.445581] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.445902] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.446113] ================================================================== [ 26.995871] ================================================================== [ 26.996135] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 26.996498] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.996774] [ 26.996877] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.996927] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.996942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.996974] Call Trace: [ 26.996992] <TASK> [ 26.997011] dump_stack_lvl+0x73/0xb0 [ 26.997054] print_report+0xd1/0x610 [ 26.997078] ? __virt_addr_valid+0x1db/0x2d0 [ 26.997125] ? kasan_atomics_helper+0xd47/0x5450 [ 26.997147] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.997174] ? kasan_atomics_helper+0xd47/0x5450 [ 26.997207] kasan_report+0x141/0x180 [ 26.997229] ? kasan_atomics_helper+0xd47/0x5450 [ 26.997256] kasan_check_range+0x10c/0x1c0 [ 26.997280] __kasan_check_write+0x18/0x20 [ 26.997304] kasan_atomics_helper+0xd47/0x5450 [ 26.997327] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.997350] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.997374] ? kasan_save_alloc_info+0x3b/0x50 [ 26.997403] kasan_atomics+0x1dc/0x310 [ 26.997426] ? __pfx_kasan_atomics+0x10/0x10 [ 26.997451] ? __pfx_read_tsc+0x10/0x10 [ 26.997483] ? ktime_get_ts64+0x86/0x230 [ 26.997509] kunit_try_run_case+0x1a5/0x480 [ 26.997543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.997564] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.997589] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.997614] ? __kthread_parkme+0x82/0x180 [ 26.997635] ? preempt_count_sub+0x50/0x80 [ 26.997660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.997682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.997717] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.997743] kthread+0x337/0x6f0 [ 26.997764] ? trace_preempt_on+0x20/0xc0 [ 26.997788] ? __pfx_kthread+0x10/0x10 [ 26.997810] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.997833] ? calculate_sigpending+0x7b/0xa0 [ 26.997858] ? __pfx_kthread+0x10/0x10 [ 26.997890] ret_from_fork+0x116/0x1d0 [ 26.997921] ? __pfx_kthread+0x10/0x10 [ 26.997943] ret_from_fork_asm+0x1a/0x30 [ 26.997986] </TASK> [ 26.997998] [ 27.005771] Allocated by task 315: [ 27.006020] kasan_save_stack+0x45/0x70 [ 27.006229] kasan_save_track+0x18/0x40 [ 27.006396] kasan_save_alloc_info+0x3b/0x50 [ 27.006611] __kasan_kmalloc+0xb7/0xc0 [ 27.006817] __kmalloc_cache_noprof+0x189/0x420 [ 27.007003] kasan_atomics+0x95/0x310 [ 27.007134] kunit_try_run_case+0x1a5/0x480 [ 27.007316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.007590] kthread+0x337/0x6f0 [ 27.007762] ret_from_fork+0x116/0x1d0 [ 27.007902] ret_from_fork_asm+0x1a/0x30 [ 27.008038] [ 27.008114] The buggy address belongs to the object at ffff8881058d6700 [ 27.008114] which belongs to the cache kmalloc-64 of size 64 [ 27.008656] The buggy address is located 0 bytes to the right of [ 27.008656] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.009081] [ 27.009151] The buggy address belongs to the physical page: [ 27.009320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.009818] flags: 0x200000000000000(node=0|zone=2) [ 27.010051] page_type: f5(slab) [ 27.010215] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.010549] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.010911] page dumped because: kasan: bad access detected [ 27.011079] [ 27.011144] Memory state around the buggy address: [ 27.011297] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.011542] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.011994] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.012337] ^ [ 27.012535] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.012907] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.013187] ================================================================== [ 27.597543] ================================================================== [ 27.597828] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 27.598105] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.599219] [ 27.599459] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.599518] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.599590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.599614] Call Trace: [ 27.599634] <TASK> [ 27.599657] dump_stack_lvl+0x73/0xb0 [ 27.599704] print_report+0xd1/0x610 [ 27.599728] ? __virt_addr_valid+0x1db/0x2d0 [ 27.599753] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.599788] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.599819] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.599842] kasan_report+0x141/0x180 [ 27.599865] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.599892] __asan_report_load8_noabort+0x18/0x20 [ 27.599917] kasan_atomics_helper+0x4f30/0x5450 [ 27.599940] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.599963] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.599987] ? kasan_save_alloc_info+0x3b/0x50 [ 27.600016] kasan_atomics+0x1dc/0x310 [ 27.600040] ? __pfx_kasan_atomics+0x10/0x10 [ 27.600065] ? __pfx_read_tsc+0x10/0x10 [ 27.600089] ? ktime_get_ts64+0x86/0x230 [ 27.600116] kunit_try_run_case+0x1a5/0x480 [ 27.600138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.600160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.600185] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.600210] ? __kthread_parkme+0x82/0x180 [ 27.600232] ? preempt_count_sub+0x50/0x80 [ 27.600257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.600280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.600305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.600332] kthread+0x337/0x6f0 [ 27.600353] ? trace_preempt_on+0x20/0xc0 [ 27.600378] ? __pfx_kthread+0x10/0x10 [ 27.600400] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.600423] ? calculate_sigpending+0x7b/0xa0 [ 27.600449] ? __pfx_kthread+0x10/0x10 [ 27.600472] ret_from_fork+0x116/0x1d0 [ 27.600492] ? __pfx_kthread+0x10/0x10 [ 27.600516] ret_from_fork_asm+0x1a/0x30 [ 27.600551] </TASK> [ 27.600564] [ 27.610084] Allocated by task 315: [ 27.610260] kasan_save_stack+0x45/0x70 [ 27.610430] kasan_save_track+0x18/0x40 [ 27.610594] kasan_save_alloc_info+0x3b/0x50 [ 27.611193] __kasan_kmalloc+0xb7/0xc0 [ 27.611380] __kmalloc_cache_noprof+0x189/0x420 [ 27.611549] kasan_atomics+0x95/0x310 [ 27.611834] kunit_try_run_case+0x1a5/0x480 [ 27.612074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.612432] kthread+0x337/0x6f0 [ 27.612580] ret_from_fork+0x116/0x1d0 [ 27.613000] ret_from_fork_asm+0x1a/0x30 [ 27.613260] [ 27.613361] The buggy address belongs to the object at ffff8881058d6700 [ 27.613361] which belongs to the cache kmalloc-64 of size 64 [ 27.614048] The buggy address is located 0 bytes to the right of [ 27.614048] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.614624] [ 27.614723] The buggy address belongs to the physical page: [ 27.615199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.615597] flags: 0x200000000000000(node=0|zone=2) [ 27.615937] page_type: f5(slab) [ 27.616073] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.616523] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.616969] page dumped because: kasan: bad access detected [ 27.617230] [ 27.617388] Memory state around the buggy address: [ 27.617713] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.618106] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.618399] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.618685] ^ [ 27.619103] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.619462] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.619747] ================================================================== [ 27.032477] ================================================================== [ 27.032866] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 27.033142] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.033362] [ 27.033444] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.033493] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.033507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.033531] Call Trace: [ 27.033549] <TASK> [ 27.033566] dump_stack_lvl+0x73/0xb0 [ 27.033610] print_report+0xd1/0x610 [ 27.033633] ? __virt_addr_valid+0x1db/0x2d0 [ 27.033658] ? kasan_atomics_helper+0xe78/0x5450 [ 27.033701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.033728] ? kasan_atomics_helper+0xe78/0x5450 [ 27.033752] kasan_report+0x141/0x180 [ 27.033775] ? kasan_atomics_helper+0xe78/0x5450 [ 27.033821] kasan_check_range+0x10c/0x1c0 [ 27.033845] __kasan_check_write+0x18/0x20 [ 27.033869] kasan_atomics_helper+0xe78/0x5450 [ 27.033903] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.033926] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.033951] ? kasan_save_alloc_info+0x3b/0x50 [ 27.033980] kasan_atomics+0x1dc/0x310 [ 27.034012] ? __pfx_kasan_atomics+0x10/0x10 [ 27.034037] ? __pfx_read_tsc+0x10/0x10 [ 27.034060] ? ktime_get_ts64+0x86/0x230 [ 27.034097] kunit_try_run_case+0x1a5/0x480 [ 27.034120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.034143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.034171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.034197] ? __kthread_parkme+0x82/0x180 [ 27.034220] ? preempt_count_sub+0x50/0x80 [ 27.034245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.034268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.034294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.034319] kthread+0x337/0x6f0 [ 27.034340] ? trace_preempt_on+0x20/0xc0 [ 27.034365] ? __pfx_kthread+0x10/0x10 [ 27.034387] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.034410] ? calculate_sigpending+0x7b/0xa0 [ 27.034435] ? __pfx_kthread+0x10/0x10 [ 27.034457] ret_from_fork+0x116/0x1d0 [ 27.034477] ? __pfx_kthread+0x10/0x10 [ 27.034499] ret_from_fork_asm+0x1a/0x30 [ 27.034531] </TASK> [ 27.034543] [ 27.041323] Allocated by task 315: [ 27.041502] kasan_save_stack+0x45/0x70 [ 27.041710] kasan_save_track+0x18/0x40 [ 27.042064] kasan_save_alloc_info+0x3b/0x50 [ 27.042274] __kasan_kmalloc+0xb7/0xc0 [ 27.042455] __kmalloc_cache_noprof+0x189/0x420 [ 27.042682] kasan_atomics+0x95/0x310 [ 27.043020] kunit_try_run_case+0x1a5/0x480 [ 27.043228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.043478] kthread+0x337/0x6f0 [ 27.043645] ret_from_fork+0x116/0x1d0 [ 27.043927] ret_from_fork_asm+0x1a/0x30 [ 27.044125] [ 27.044218] The buggy address belongs to the object at ffff8881058d6700 [ 27.044218] which belongs to the cache kmalloc-64 of size 64 [ 27.044572] The buggy address is located 0 bytes to the right of [ 27.044572] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.045480] [ 27.045572] The buggy address belongs to the physical page: [ 27.045760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.046988] flags: 0x200000000000000(node=0|zone=2) [ 27.047157] page_type: f5(slab) [ 27.047283] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.047556] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.048666] page dumped because: kasan: bad access detected [ 27.048865] [ 27.048934] Memory state around the buggy address: [ 27.049083] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.049359] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.049613] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.050213] ^ [ 27.050445] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.050829] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.051147] ================================================================== [ 27.407435] ================================================================== [ 27.407796] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 27.408437] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.408784] [ 27.408899] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.408983] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.408999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.409024] Call Trace: [ 27.409046] <TASK> [ 27.409092] dump_stack_lvl+0x73/0xb0 [ 27.409137] print_report+0xd1/0x610 [ 27.409188] ? __virt_addr_valid+0x1db/0x2d0 [ 27.409225] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.409259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.409314] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.409349] kasan_report+0x141/0x180 [ 27.409382] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.409410] kasan_check_range+0x10c/0x1c0 [ 27.409434] __kasan_check_write+0x18/0x20 [ 27.409458] kasan_atomics_helper+0x16e7/0x5450 [ 27.409482] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.409505] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.409531] ? kasan_save_alloc_info+0x3b/0x50 [ 27.409560] kasan_atomics+0x1dc/0x310 [ 27.409584] ? __pfx_kasan_atomics+0x10/0x10 [ 27.409608] ? __pfx_read_tsc+0x10/0x10 [ 27.409633] ? ktime_get_ts64+0x86/0x230 [ 27.409660] kunit_try_run_case+0x1a5/0x480 [ 27.409684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.409714] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.409740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.409765] ? __kthread_parkme+0x82/0x180 [ 27.409798] ? preempt_count_sub+0x50/0x80 [ 27.409824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.409847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.409873] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.409913] kthread+0x337/0x6f0 [ 27.409934] ? trace_preempt_on+0x20/0xc0 [ 27.409960] ? __pfx_kthread+0x10/0x10 [ 27.409982] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.410004] ? calculate_sigpending+0x7b/0xa0 [ 27.410030] ? __pfx_kthread+0x10/0x10 [ 27.410053] ret_from_fork+0x116/0x1d0 [ 27.410074] ? __pfx_kthread+0x10/0x10 [ 27.410096] ret_from_fork_asm+0x1a/0x30 [ 27.410130] </TASK> [ 27.410144] [ 27.418259] Allocated by task 315: [ 27.418482] kasan_save_stack+0x45/0x70 [ 27.418648] kasan_save_track+0x18/0x40 [ 27.418890] kasan_save_alloc_info+0x3b/0x50 [ 27.419132] __kasan_kmalloc+0xb7/0xc0 [ 27.419263] __kmalloc_cache_noprof+0x189/0x420 [ 27.419415] kasan_atomics+0x95/0x310 [ 27.419544] kunit_try_run_case+0x1a5/0x480 [ 27.419760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.420138] kthread+0x337/0x6f0 [ 27.420322] ret_from_fork+0x116/0x1d0 [ 27.420559] ret_from_fork_asm+0x1a/0x30 [ 27.420890] [ 27.420977] The buggy address belongs to the object at ffff8881058d6700 [ 27.420977] which belongs to the cache kmalloc-64 of size 64 [ 27.421389] The buggy address is located 0 bytes to the right of [ 27.421389] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.421956] [ 27.422063] The buggy address belongs to the physical page: [ 27.422367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.422720] flags: 0x200000000000000(node=0|zone=2) [ 27.422880] page_type: f5(slab) [ 27.423082] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.423408] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.423629] page dumped because: kasan: bad access detected [ 27.423807] [ 27.423896] Memory state around the buggy address: [ 27.424193] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.424559] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.424886] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.425202] ^ [ 27.425362] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.425907] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.426179] ================================================================== [ 27.850192] ================================================================== [ 27.850598] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 27.851384] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.851690] [ 27.851993] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.852052] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.852068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.852092] Call Trace: [ 27.852112] <TASK> [ 27.852133] dump_stack_lvl+0x73/0xb0 [ 27.852169] print_report+0xd1/0x610 [ 27.852195] ? __virt_addr_valid+0x1db/0x2d0 [ 27.852220] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.852243] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.852271] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.852293] kasan_report+0x141/0x180 [ 27.852316] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.852343] __asan_report_load8_noabort+0x18/0x20 [ 27.852368] kasan_atomics_helper+0x4fa5/0x5450 [ 27.852392] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.852416] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.852441] ? kasan_save_alloc_info+0x3b/0x50 [ 27.852470] kasan_atomics+0x1dc/0x310 [ 27.852494] ? __pfx_kasan_atomics+0x10/0x10 [ 27.852518] ? __pfx_read_tsc+0x10/0x10 [ 27.852541] ? ktime_get_ts64+0x86/0x230 [ 27.852568] kunit_try_run_case+0x1a5/0x480 [ 27.852590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.852612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.852637] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.852662] ? __kthread_parkme+0x82/0x180 [ 27.852683] ? preempt_count_sub+0x50/0x80 [ 27.852721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.852744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.852769] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.853210] kthread+0x337/0x6f0 [ 27.853234] ? trace_preempt_on+0x20/0xc0 [ 27.853261] ? __pfx_kthread+0x10/0x10 [ 27.853287] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.853351] ? calculate_sigpending+0x7b/0xa0 [ 27.853380] ? __pfx_kthread+0x10/0x10 [ 27.853404] ret_from_fork+0x116/0x1d0 [ 27.853425] ? __pfx_kthread+0x10/0x10 [ 27.853447] ret_from_fork_asm+0x1a/0x30 [ 27.853480] </TASK> [ 27.853494] [ 27.864532] Allocated by task 315: [ 27.864842] kasan_save_stack+0x45/0x70 [ 27.865216] kasan_save_track+0x18/0x40 [ 27.865502] kasan_save_alloc_info+0x3b/0x50 [ 27.865726] __kasan_kmalloc+0xb7/0xc0 [ 27.866222] __kmalloc_cache_noprof+0x189/0x420 [ 27.866467] kasan_atomics+0x95/0x310 [ 27.866782] kunit_try_run_case+0x1a5/0x480 [ 27.867109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.867348] kthread+0x337/0x6f0 [ 27.867495] ret_from_fork+0x116/0x1d0 [ 27.867667] ret_from_fork_asm+0x1a/0x30 [ 27.867822] [ 27.867894] The buggy address belongs to the object at ffff8881058d6700 [ 27.867894] which belongs to the cache kmalloc-64 of size 64 [ 27.868497] The buggy address is located 0 bytes to the right of [ 27.868497] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.869152] [ 27.869245] The buggy address belongs to the physical page: [ 27.869462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.869843] flags: 0x200000000000000(node=0|zone=2) [ 27.870059] page_type: f5(slab) [ 27.870226] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.870531] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.870898] page dumped because: kasan: bad access detected [ 27.871099] [ 27.871165] Memory state around the buggy address: [ 27.871311] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.871515] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.871867] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.872186] ^ [ 27.872431] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.873336] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.873714] ================================================================== [ 27.211598] ================================================================== [ 27.212525] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 27.212972] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.213341] [ 27.213459] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.213514] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.213530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.213656] Call Trace: [ 27.213681] <TASK> [ 27.213713] dump_stack_lvl+0x73/0xb0 [ 27.213747] print_report+0xd1/0x610 [ 27.213793] ? __virt_addr_valid+0x1db/0x2d0 [ 27.213821] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.213854] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.213881] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.213904] kasan_report+0x141/0x180 [ 27.213927] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.213954] __asan_report_load4_noabort+0x18/0x20 [ 27.213988] kasan_atomics_helper+0x49e8/0x5450 [ 27.214012] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.214035] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.214070] ? kasan_save_alloc_info+0x3b/0x50 [ 27.214099] kasan_atomics+0x1dc/0x310 [ 27.214122] ? __pfx_kasan_atomics+0x10/0x10 [ 27.214147] ? __pfx_read_tsc+0x10/0x10 [ 27.214171] ? ktime_get_ts64+0x86/0x230 [ 27.214197] kunit_try_run_case+0x1a5/0x480 [ 27.214221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.214243] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.214268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.214293] ? __kthread_parkme+0x82/0x180 [ 27.214315] ? preempt_count_sub+0x50/0x80 [ 27.214350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.214372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.214398] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.214435] kthread+0x337/0x6f0 [ 27.214455] ? trace_preempt_on+0x20/0xc0 [ 27.214482] ? __pfx_kthread+0x10/0x10 [ 27.214504] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.214527] ? calculate_sigpending+0x7b/0xa0 [ 27.214561] ? __pfx_kthread+0x10/0x10 [ 27.214584] ret_from_fork+0x116/0x1d0 [ 27.214605] ? __pfx_kthread+0x10/0x10 [ 27.214638] ret_from_fork_asm+0x1a/0x30 [ 27.214671] </TASK> [ 27.214683] [ 27.222414] Allocated by task 315: [ 27.222560] kasan_save_stack+0x45/0x70 [ 27.222716] kasan_save_track+0x18/0x40 [ 27.223055] kasan_save_alloc_info+0x3b/0x50 [ 27.223261] __kasan_kmalloc+0xb7/0xc0 [ 27.223452] __kmalloc_cache_noprof+0x189/0x420 [ 27.223606] kasan_atomics+0x95/0x310 [ 27.223768] kunit_try_run_case+0x1a5/0x480 [ 27.223980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.224246] kthread+0x337/0x6f0 [ 27.224445] ret_from_fork+0x116/0x1d0 [ 27.224631] ret_from_fork_asm+0x1a/0x30 [ 27.224782] [ 27.224851] The buggy address belongs to the object at ffff8881058d6700 [ 27.224851] which belongs to the cache kmalloc-64 of size 64 [ 27.225418] The buggy address is located 0 bytes to the right of [ 27.225418] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.225999] [ 27.226072] The buggy address belongs to the physical page: [ 27.226294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.226645] flags: 0x200000000000000(node=0|zone=2) [ 27.226940] page_type: f5(slab) [ 27.227097] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.227425] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.227753] page dumped because: kasan: bad access detected [ 27.227959] [ 27.228026] Memory state around the buggy address: [ 27.228176] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.228389] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.228684] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.229003] ^ [ 27.229378] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.229701] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.230160] ================================================================== [ 27.387829] ================================================================== [ 27.388069] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 27.388298] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.388831] [ 27.389097] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.389154] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.389168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.389192] Call Trace: [ 27.389246] <TASK> [ 27.389278] dump_stack_lvl+0x73/0xb0 [ 27.389325] print_report+0xd1/0x610 [ 27.389377] ? __virt_addr_valid+0x1db/0x2d0 [ 27.389424] ? kasan_atomics_helper+0x164f/0x5450 [ 27.389448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.389501] ? kasan_atomics_helper+0x164f/0x5450 [ 27.389525] kasan_report+0x141/0x180 [ 27.389569] ? kasan_atomics_helper+0x164f/0x5450 [ 27.389596] kasan_check_range+0x10c/0x1c0 [ 27.389645] __kasan_check_write+0x18/0x20 [ 27.389669] kasan_atomics_helper+0x164f/0x5450 [ 27.389709] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.389733] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.389758] ? kasan_save_alloc_info+0x3b/0x50 [ 27.389799] kasan_atomics+0x1dc/0x310 [ 27.389823] ? __pfx_kasan_atomics+0x10/0x10 [ 27.389848] ? __pfx_read_tsc+0x10/0x10 [ 27.389872] ? ktime_get_ts64+0x86/0x230 [ 27.389900] kunit_try_run_case+0x1a5/0x480 [ 27.389924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.389945] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.389972] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.389997] ? __kthread_parkme+0x82/0x180 [ 27.390020] ? preempt_count_sub+0x50/0x80 [ 27.390044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.390068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.390095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.390120] kthread+0x337/0x6f0 [ 27.390141] ? trace_preempt_on+0x20/0xc0 [ 27.390166] ? __pfx_kthread+0x10/0x10 [ 27.390188] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.390212] ? calculate_sigpending+0x7b/0xa0 [ 27.390238] ? __pfx_kthread+0x10/0x10 [ 27.390261] ret_from_fork+0x116/0x1d0 [ 27.390281] ? __pfx_kthread+0x10/0x10 [ 27.390303] ret_from_fork_asm+0x1a/0x30 [ 27.390336] </TASK> [ 27.390349] [ 27.398150] Allocated by task 315: [ 27.398444] kasan_save_stack+0x45/0x70 [ 27.398716] kasan_save_track+0x18/0x40 [ 27.399097] kasan_save_alloc_info+0x3b/0x50 [ 27.399272] __kasan_kmalloc+0xb7/0xc0 [ 27.399401] __kmalloc_cache_noprof+0x189/0x420 [ 27.399665] kasan_atomics+0x95/0x310 [ 27.400073] kunit_try_run_case+0x1a5/0x480 [ 27.400328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.400543] kthread+0x337/0x6f0 [ 27.400664] ret_from_fork+0x116/0x1d0 [ 27.400981] ret_from_fork_asm+0x1a/0x30 [ 27.401256] [ 27.401388] The buggy address belongs to the object at ffff8881058d6700 [ 27.401388] which belongs to the cache kmalloc-64 of size 64 [ 27.401927] The buggy address is located 0 bytes to the right of [ 27.401927] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.402497] [ 27.402596] The buggy address belongs to the physical page: [ 27.402807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.403202] flags: 0x200000000000000(node=0|zone=2) [ 27.403487] page_type: f5(slab) [ 27.403644] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.404022] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.404305] page dumped because: kasan: bad access detected [ 27.404556] [ 27.404640] Memory state around the buggy address: [ 27.404890] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.405217] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.405480] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.405829] ^ [ 27.406037] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.406338] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.406564] ================================================================== [ 27.761118] ================================================================== [ 27.761503] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 27.761906] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.762122] [ 27.762204] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.762256] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.762271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.762294] Call Trace: [ 27.762312] <TASK> [ 27.762331] dump_stack_lvl+0x73/0xb0 [ 27.762361] print_report+0xd1/0x610 [ 27.762384] ? __virt_addr_valid+0x1db/0x2d0 [ 27.762410] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.762432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.762460] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.762481] kasan_report+0x141/0x180 [ 27.762504] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.762530] __asan_report_load8_noabort+0x18/0x20 [ 27.762554] kasan_atomics_helper+0x4f98/0x5450 [ 27.762578] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.762601] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.762625] ? kasan_save_alloc_info+0x3b/0x50 [ 27.762654] kasan_atomics+0x1dc/0x310 [ 27.762678] ? __pfx_kasan_atomics+0x10/0x10 [ 27.762716] ? __pfx_read_tsc+0x10/0x10 [ 27.762740] ? ktime_get_ts64+0x86/0x230 [ 27.762790] kunit_try_run_case+0x1a5/0x480 [ 27.762814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.762849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.762877] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.762915] ? __kthread_parkme+0x82/0x180 [ 27.762950] ? preempt_count_sub+0x50/0x80 [ 27.762975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.763011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.763049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.763101] kthread+0x337/0x6f0 [ 27.763132] ? trace_preempt_on+0x20/0xc0 [ 27.763157] ? __pfx_kthread+0x10/0x10 [ 27.763180] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.763203] ? calculate_sigpending+0x7b/0xa0 [ 27.763230] ? __pfx_kthread+0x10/0x10 [ 27.763253] ret_from_fork+0x116/0x1d0 [ 27.763273] ? __pfx_kthread+0x10/0x10 [ 27.763296] ret_from_fork_asm+0x1a/0x30 [ 27.763329] </TASK> [ 27.763342] [ 27.772819] Allocated by task 315: [ 27.773122] kasan_save_stack+0x45/0x70 [ 27.773460] kasan_save_track+0x18/0x40 [ 27.773649] kasan_save_alloc_info+0x3b/0x50 [ 27.774130] __kasan_kmalloc+0xb7/0xc0 [ 27.774382] __kmalloc_cache_noprof+0x189/0x420 [ 27.774737] kasan_atomics+0x95/0x310 [ 27.775011] kunit_try_run_case+0x1a5/0x480 [ 27.775317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.775548] kthread+0x337/0x6f0 [ 27.775707] ret_from_fork+0x116/0x1d0 [ 27.775868] ret_from_fork_asm+0x1a/0x30 [ 27.776111] [ 27.776205] The buggy address belongs to the object at ffff8881058d6700 [ 27.776205] which belongs to the cache kmalloc-64 of size 64 [ 27.776639] The buggy address is located 0 bytes to the right of [ 27.776639] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.777301] [ 27.777400] The buggy address belongs to the physical page: [ 27.777631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.778012] flags: 0x200000000000000(node=0|zone=2) [ 27.778230] page_type: f5(slab) [ 27.778345] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.778890] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.779239] page dumped because: kasan: bad access detected [ 27.779481] [ 27.779574] Memory state around the buggy address: [ 27.779790] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.780130] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.780444] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.780726] ^ [ 27.781026] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.781269] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.781496] ================================================================== [ 26.972529] ================================================================== [ 26.973177] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 26.973519] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.973754] [ 26.973963] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.974024] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.974039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.974073] Call Trace: [ 26.974089] <TASK> [ 26.974106] dump_stack_lvl+0x73/0xb0 [ 26.974135] print_report+0xd1/0x610 [ 26.974159] ? __virt_addr_valid+0x1db/0x2d0 [ 26.974182] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.974204] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.974231] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.974254] kasan_report+0x141/0x180 [ 26.974276] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.974302] __asan_report_load4_noabort+0x18/0x20 [ 26.974327] kasan_atomics_helper+0x4a84/0x5450 [ 26.974350] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.974372] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.974397] ? kasan_save_alloc_info+0x3b/0x50 [ 26.974426] kasan_atomics+0x1dc/0x310 [ 26.974449] ? __pfx_kasan_atomics+0x10/0x10 [ 26.974474] ? __pfx_read_tsc+0x10/0x10 [ 26.974500] ? ktime_get_ts64+0x86/0x230 [ 26.974527] kunit_try_run_case+0x1a5/0x480 [ 26.974550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.974572] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.974597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.974621] ? __kthread_parkme+0x82/0x180 [ 26.974650] ? preempt_count_sub+0x50/0x80 [ 26.974676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.974715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.974742] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.974768] kthread+0x337/0x6f0 [ 26.974797] ? trace_preempt_on+0x20/0xc0 [ 26.974822] ? __pfx_kthread+0x10/0x10 [ 26.974844] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.974867] ? calculate_sigpending+0x7b/0xa0 [ 26.974892] ? __pfx_kthread+0x10/0x10 [ 26.974915] ret_from_fork+0x116/0x1d0 [ 26.974936] ? __pfx_kthread+0x10/0x10 [ 26.974957] ret_from_fork_asm+0x1a/0x30 [ 26.974990] </TASK> [ 26.975003] [ 26.982232] Allocated by task 315: [ 26.982406] kasan_save_stack+0x45/0x70 [ 26.982601] kasan_save_track+0x18/0x40 [ 26.983032] kasan_save_alloc_info+0x3b/0x50 [ 26.983259] __kasan_kmalloc+0xb7/0xc0 [ 26.983416] __kmalloc_cache_noprof+0x189/0x420 [ 26.983568] kasan_atomics+0x95/0x310 [ 26.983709] kunit_try_run_case+0x1a5/0x480 [ 26.985108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.985385] kthread+0x337/0x6f0 [ 26.985555] ret_from_fork+0x116/0x1d0 [ 26.986078] ret_from_fork_asm+0x1a/0x30 [ 26.986503] [ 26.986752] The buggy address belongs to the object at ffff8881058d6700 [ 26.986752] which belongs to the cache kmalloc-64 of size 64 [ 26.987285] The buggy address is located 0 bytes to the right of [ 26.987285] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.988023] [ 26.988276] The buggy address belongs to the physical page: [ 26.988537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.989156] flags: 0x200000000000000(node=0|zone=2) [ 26.989517] page_type: f5(slab) [ 26.989919] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.990438] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.991292] page dumped because: kasan: bad access detected [ 26.991927] [ 26.992171] Memory state around the buggy address: [ 26.992486] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.992982] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.993462] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.993981] ^ [ 26.994413] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.994974] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.995289] ================================================================== [ 27.782288] ================================================================== [ 27.782605] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 27.782949] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.783340] [ 27.783431] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.783507] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.783523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.783563] Call Trace: [ 27.783583] <TASK> [ 27.783615] dump_stack_lvl+0x73/0xb0 [ 27.783661] print_report+0xd1/0x610 [ 27.783684] ? __virt_addr_valid+0x1db/0x2d0 [ 27.783721] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.783757] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.783784] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.783806] kasan_report+0x141/0x180 [ 27.783834] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.783861] kasan_check_range+0x10c/0x1c0 [ 27.783886] __kasan_check_write+0x18/0x20 [ 27.783909] kasan_atomics_helper+0x20c8/0x5450 [ 27.783932] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.783956] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.783980] ? kasan_save_alloc_info+0x3b/0x50 [ 27.784010] kasan_atomics+0x1dc/0x310 [ 27.784035] ? __pfx_kasan_atomics+0x10/0x10 [ 27.784060] ? __pfx_read_tsc+0x10/0x10 [ 27.784094] ? ktime_get_ts64+0x86/0x230 [ 27.784122] kunit_try_run_case+0x1a5/0x480 [ 27.784145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.784167] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.784192] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.784217] ? __kthread_parkme+0x82/0x180 [ 27.784239] ? preempt_count_sub+0x50/0x80 [ 27.784263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.784286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.784313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.784339] kthread+0x337/0x6f0 [ 27.784359] ? trace_preempt_on+0x20/0xc0 [ 27.784383] ? __pfx_kthread+0x10/0x10 [ 27.784405] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.784447] ? calculate_sigpending+0x7b/0xa0 [ 27.784474] ? __pfx_kthread+0x10/0x10 [ 27.784496] ret_from_fork+0x116/0x1d0 [ 27.784517] ? __pfx_kthread+0x10/0x10 [ 27.784538] ret_from_fork_asm+0x1a/0x30 [ 27.784571] </TASK> [ 27.784584] [ 27.792747] Allocated by task 315: [ 27.793043] kasan_save_stack+0x45/0x70 [ 27.793226] kasan_save_track+0x18/0x40 [ 27.793399] kasan_save_alloc_info+0x3b/0x50 [ 27.793579] __kasan_kmalloc+0xb7/0xc0 [ 27.793756] __kmalloc_cache_noprof+0x189/0x420 [ 27.793952] kasan_atomics+0x95/0x310 [ 27.794122] kunit_try_run_case+0x1a5/0x480 [ 27.794302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.794524] kthread+0x337/0x6f0 [ 27.794670] ret_from_fork+0x116/0x1d0 [ 27.795869] ret_from_fork_asm+0x1a/0x30 [ 27.796295] [ 27.796372] The buggy address belongs to the object at ffff8881058d6700 [ 27.796372] which belongs to the cache kmalloc-64 of size 64 [ 27.796792] The buggy address is located 0 bytes to the right of [ 27.796792] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.798007] [ 27.798126] The buggy address belongs to the physical page: [ 27.798589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.799142] flags: 0x200000000000000(node=0|zone=2) [ 27.799357] page_type: f5(slab) [ 27.799524] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.800106] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.800385] page dumped because: kasan: bad access detected [ 27.800611] [ 27.800712] Memory state around the buggy address: [ 27.801411] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.801955] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.802263] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.802557] ^ [ 27.802770] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.803349] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.803612] ================================================================== [ 26.530655] ================================================================== [ 26.531439] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 26.532143] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.532889] [ 26.533048] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.533104] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.533119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.533144] Call Trace: [ 26.533158] <TASK> [ 26.533179] dump_stack_lvl+0x73/0xb0 [ 26.533214] print_report+0xd1/0x610 [ 26.533239] ? __virt_addr_valid+0x1db/0x2d0 [ 26.533265] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.533287] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.533314] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.533336] kasan_report+0x141/0x180 [ 26.533359] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.533385] __asan_report_store4_noabort+0x1b/0x30 [ 26.533410] kasan_atomics_helper+0x4ba2/0x5450 [ 26.533434] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.533456] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.533482] ? kasan_save_alloc_info+0x3b/0x50 [ 26.533511] kasan_atomics+0x1dc/0x310 [ 26.533534] ? __pfx_kasan_atomics+0x10/0x10 [ 26.533559] ? __pfx_read_tsc+0x10/0x10 [ 26.533583] ? ktime_get_ts64+0x86/0x230 [ 26.533610] kunit_try_run_case+0x1a5/0x480 [ 26.533633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.533655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.533680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.533719] ? __kthread_parkme+0x82/0x180 [ 26.533742] ? preempt_count_sub+0x50/0x80 [ 26.533767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.533789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.533815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.533842] kthread+0x337/0x6f0 [ 26.533862] ? trace_preempt_on+0x20/0xc0 [ 26.533887] ? __pfx_kthread+0x10/0x10 [ 26.533909] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.533932] ? calculate_sigpending+0x7b/0xa0 [ 26.533957] ? __pfx_kthread+0x10/0x10 [ 26.533980] ret_from_fork+0x116/0x1d0 [ 26.534000] ? __pfx_kthread+0x10/0x10 [ 26.534021] ret_from_fork_asm+0x1a/0x30 [ 26.534054] </TASK> [ 26.534113] [ 26.544342] Allocated by task 315: [ 26.544519] kasan_save_stack+0x45/0x70 [ 26.544731] kasan_save_track+0x18/0x40 [ 26.544969] kasan_save_alloc_info+0x3b/0x50 [ 26.545112] __kasan_kmalloc+0xb7/0xc0 [ 26.545240] __kmalloc_cache_noprof+0x189/0x420 [ 26.545390] kasan_atomics+0x95/0x310 [ 26.545516] kunit_try_run_case+0x1a5/0x480 [ 26.545653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.545970] kthread+0x337/0x6f0 [ 26.546093] ret_from_fork+0x116/0x1d0 [ 26.546226] ret_from_fork_asm+0x1a/0x30 [ 26.546361] [ 26.546429] The buggy address belongs to the object at ffff8881058d6700 [ 26.546429] which belongs to the cache kmalloc-64 of size 64 [ 26.547133] The buggy address is located 0 bytes to the right of [ 26.547133] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.547719] [ 26.547790] The buggy address belongs to the physical page: [ 26.548113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.548405] flags: 0x200000000000000(node=0|zone=2) [ 26.548564] page_type: f5(slab) [ 26.548684] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.549217] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.549525] page dumped because: kasan: bad access detected [ 26.549734] [ 26.549800] Memory state around the buggy address: [ 26.549954] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.550386] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.550732] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.551052] ^ [ 26.551246] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.551457] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.551666] ================================================================== [ 27.231258] ================================================================== [ 27.231598] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 27.231956] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.232337] [ 27.232447] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.232514] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.232541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.232565] Call Trace: [ 27.232587] <TASK> [ 27.232611] dump_stack_lvl+0x73/0xb0 [ 27.232651] print_report+0xd1/0x610 [ 27.232674] ? __virt_addr_valid+0x1db/0x2d0 [ 27.232718] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.232740] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.232767] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.232799] kasan_report+0x141/0x180 [ 27.232822] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.232858] kasan_check_range+0x10c/0x1c0 [ 27.232882] __kasan_check_write+0x18/0x20 [ 27.232906] kasan_atomics_helper+0x12e6/0x5450 [ 27.232940] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.232963] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.232989] ? kasan_save_alloc_info+0x3b/0x50 [ 27.233028] kasan_atomics+0x1dc/0x310 [ 27.233052] ? __pfx_kasan_atomics+0x10/0x10 [ 27.233078] ? __pfx_read_tsc+0x10/0x10 [ 27.233114] ? ktime_get_ts64+0x86/0x230 [ 27.233142] kunit_try_run_case+0x1a5/0x480 [ 27.233166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.233196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.233222] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.233247] ? __kthread_parkme+0x82/0x180 [ 27.233280] ? preempt_count_sub+0x50/0x80 [ 27.233305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.233328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.233356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.233392] kthread+0x337/0x6f0 [ 27.233413] ? trace_preempt_on+0x20/0xc0 [ 27.233448] ? __pfx_kthread+0x10/0x10 [ 27.233471] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.233495] ? calculate_sigpending+0x7b/0xa0 [ 27.233521] ? __pfx_kthread+0x10/0x10 [ 27.233544] ret_from_fork+0x116/0x1d0 [ 27.233565] ? __pfx_kthread+0x10/0x10 [ 27.233590] ret_from_fork_asm+0x1a/0x30 [ 27.233625] </TASK> [ 27.233646] [ 27.241038] Allocated by task 315: [ 27.241169] kasan_save_stack+0x45/0x70 [ 27.241398] kasan_save_track+0x18/0x40 [ 27.241752] kasan_save_alloc_info+0x3b/0x50 [ 27.242212] __kasan_kmalloc+0xb7/0xc0 [ 27.242406] __kmalloc_cache_noprof+0x189/0x420 [ 27.242659] kasan_atomics+0x95/0x310 [ 27.243016] kunit_try_run_case+0x1a5/0x480 [ 27.243236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.243513] kthread+0x337/0x6f0 [ 27.243661] ret_from_fork+0x116/0x1d0 [ 27.243857] ret_from_fork_asm+0x1a/0x30 [ 27.244007] [ 27.244073] The buggy address belongs to the object at ffff8881058d6700 [ 27.244073] which belongs to the cache kmalloc-64 of size 64 [ 27.244414] The buggy address is located 0 bytes to the right of [ 27.244414] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.245183] [ 27.245279] The buggy address belongs to the physical page: [ 27.245538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.245975] flags: 0x200000000000000(node=0|zone=2) [ 27.246143] page_type: f5(slab) [ 27.246263] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.246491] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.246721] page dumped because: kasan: bad access detected [ 27.247226] [ 27.247317] Memory state around the buggy address: [ 27.247551] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.247924] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.248268] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.248545] ^ [ 27.248717] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.249298] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.249599] ================================================================== [ 27.271996] ================================================================== [ 27.272502] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 27.272832] Read of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.273284] [ 27.273408] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.273472] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.273488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.273523] Call Trace: [ 27.273545] <TASK> [ 27.273570] dump_stack_lvl+0x73/0xb0 [ 27.273603] print_report+0xd1/0x610 [ 27.273627] ? __virt_addr_valid+0x1db/0x2d0 [ 27.273653] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.273684] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.273723] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.273746] kasan_report+0x141/0x180 [ 27.273780] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.273817] kasan_check_range+0x10c/0x1c0 [ 27.273841] __kasan_check_read+0x15/0x20 [ 27.273865] kasan_atomics_helper+0x13b5/0x5450 [ 27.273888] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.273920] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.273946] ? kasan_save_alloc_info+0x3b/0x50 [ 27.273985] kasan_atomics+0x1dc/0x310 [ 27.274009] ? __pfx_kasan_atomics+0x10/0x10 [ 27.274033] ? __pfx_read_tsc+0x10/0x10 [ 27.274058] ? ktime_get_ts64+0x86/0x230 [ 27.274094] kunit_try_run_case+0x1a5/0x480 [ 27.274117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.274141] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.274177] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.274202] ? __kthread_parkme+0x82/0x180 [ 27.274225] ? preempt_count_sub+0x50/0x80 [ 27.274259] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.274281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.274308] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.274344] kthread+0x337/0x6f0 [ 27.274364] ? trace_preempt_on+0x20/0xc0 [ 27.274390] ? __pfx_kthread+0x10/0x10 [ 27.274412] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.274435] ? calculate_sigpending+0x7b/0xa0 [ 27.274462] ? __pfx_kthread+0x10/0x10 [ 27.274484] ret_from_fork+0x116/0x1d0 [ 27.274506] ? __pfx_kthread+0x10/0x10 [ 27.274527] ret_from_fork_asm+0x1a/0x30 [ 27.274561] </TASK> [ 27.274575] [ 27.282440] Allocated by task 315: [ 27.282611] kasan_save_stack+0x45/0x70 [ 27.282819] kasan_save_track+0x18/0x40 [ 27.282995] kasan_save_alloc_info+0x3b/0x50 [ 27.283142] __kasan_kmalloc+0xb7/0xc0 [ 27.283270] __kmalloc_cache_noprof+0x189/0x420 [ 27.283506] kasan_atomics+0x95/0x310 [ 27.283688] kunit_try_run_case+0x1a5/0x480 [ 27.283899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.284188] kthread+0x337/0x6f0 [ 27.284308] ret_from_fork+0x116/0x1d0 [ 27.284495] ret_from_fork_asm+0x1a/0x30 [ 27.284686] [ 27.284798] The buggy address belongs to the object at ffff8881058d6700 [ 27.284798] which belongs to the cache kmalloc-64 of size 64 [ 27.285291] The buggy address is located 0 bytes to the right of [ 27.285291] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.285830] [ 27.285944] The buggy address belongs to the physical page: [ 27.286182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.286512] flags: 0x200000000000000(node=0|zone=2) [ 27.286737] page_type: f5(slab) [ 27.286968] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.287289] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.287571] page dumped because: kasan: bad access detected [ 27.287752] [ 27.287823] Memory state around the buggy address: [ 27.287973] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.288184] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.288843] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.289158] ^ [ 27.289362] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289572] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289838] ================================================================== [ 27.333172] ================================================================== [ 27.333573] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 27.333936] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.334172] [ 27.334255] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.334316] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.334332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.334356] Call Trace: [ 27.334373] <TASK> [ 27.334402] dump_stack_lvl+0x73/0xb0 [ 27.334432] print_report+0xd1/0x610 [ 27.334456] ? __virt_addr_valid+0x1db/0x2d0 [ 27.334480] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.334502] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.334528] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.334551] kasan_report+0x141/0x180 [ 27.334573] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.334599] __asan_report_store8_noabort+0x1b/0x30 [ 27.334624] kasan_atomics_helper+0x50d4/0x5450 [ 27.334647] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.334670] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.334705] ? kasan_save_alloc_info+0x3b/0x50 [ 27.334734] kasan_atomics+0x1dc/0x310 [ 27.334756] ? __pfx_kasan_atomics+0x10/0x10 [ 27.334790] ? __pfx_read_tsc+0x10/0x10 [ 27.334814] ? ktime_get_ts64+0x86/0x230 [ 27.334841] kunit_try_run_case+0x1a5/0x480 [ 27.334887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.334908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.334945] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.334969] ? __kthread_parkme+0x82/0x180 [ 27.335000] ? preempt_count_sub+0x50/0x80 [ 27.335025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.335057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.335083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.335108] kthread+0x337/0x6f0 [ 27.335129] ? trace_preempt_on+0x20/0xc0 [ 27.335154] ? __pfx_kthread+0x10/0x10 [ 27.335175] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.335198] ? calculate_sigpending+0x7b/0xa0 [ 27.335223] ? __pfx_kthread+0x10/0x10 [ 27.335245] ret_from_fork+0x116/0x1d0 [ 27.335266] ? __pfx_kthread+0x10/0x10 [ 27.335288] ret_from_fork_asm+0x1a/0x30 [ 27.335319] </TASK> [ 27.335331] [ 27.342918] Allocated by task 315: [ 27.343081] kasan_save_stack+0x45/0x70 [ 27.343257] kasan_save_track+0x18/0x40 [ 27.343390] kasan_save_alloc_info+0x3b/0x50 [ 27.343534] __kasan_kmalloc+0xb7/0xc0 [ 27.343661] __kmalloc_cache_noprof+0x189/0x420 [ 27.343892] kasan_atomics+0x95/0x310 [ 27.344103] kunit_try_run_case+0x1a5/0x480 [ 27.344307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.344526] kthread+0x337/0x6f0 [ 27.344644] ret_from_fork+0x116/0x1d0 [ 27.344784] ret_from_fork_asm+0x1a/0x30 [ 27.344920] [ 27.344987] The buggy address belongs to the object at ffff8881058d6700 [ 27.344987] which belongs to the cache kmalloc-64 of size 64 [ 27.345525] The buggy address is located 0 bytes to the right of [ 27.345525] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.346345] [ 27.346438] The buggy address belongs to the physical page: [ 27.346717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.347148] flags: 0x200000000000000(node=0|zone=2) [ 27.347361] page_type: f5(slab) [ 27.347504] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.347871] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.348188] page dumped because: kasan: bad access detected [ 27.348438] [ 27.348526] Memory state around the buggy address: [ 27.348748] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.349056] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.349371] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.349679] ^ [ 27.349921] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.350233] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.350479] ================================================================== [ 27.446618] ================================================================== [ 27.447153] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 27.447826] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.448189] [ 27.448284] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.448364] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.448380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.448414] Call Trace: [ 27.448431] <TASK> [ 27.448450] dump_stack_lvl+0x73/0xb0 [ 27.448483] print_report+0xd1/0x610 [ 27.448507] ? __virt_addr_valid+0x1db/0x2d0 [ 27.448532] ? kasan_atomics_helper+0x1818/0x5450 [ 27.448554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.448581] ? kasan_atomics_helper+0x1818/0x5450 [ 27.448635] kasan_report+0x141/0x180 [ 27.448659] ? kasan_atomics_helper+0x1818/0x5450 [ 27.448717] kasan_check_range+0x10c/0x1c0 [ 27.448769] __kasan_check_write+0x18/0x20 [ 27.448805] kasan_atomics_helper+0x1818/0x5450 [ 27.448867] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.448890] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.448925] ? kasan_save_alloc_info+0x3b/0x50 [ 27.448955] kasan_atomics+0x1dc/0x310 [ 27.448978] ? __pfx_kasan_atomics+0x10/0x10 [ 27.449003] ? __pfx_read_tsc+0x10/0x10 [ 27.449028] ? ktime_get_ts64+0x86/0x230 [ 27.449053] kunit_try_run_case+0x1a5/0x480 [ 27.449076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.449098] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.449123] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.449149] ? __kthread_parkme+0x82/0x180 [ 27.449170] ? preempt_count_sub+0x50/0x80 [ 27.449195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.449218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.449244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.449271] kthread+0x337/0x6f0 [ 27.449320] ? trace_preempt_on+0x20/0xc0 [ 27.449346] ? __pfx_kthread+0x10/0x10 [ 27.449368] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.449429] ? calculate_sigpending+0x7b/0xa0 [ 27.449455] ? __pfx_kthread+0x10/0x10 [ 27.449488] ret_from_fork+0x116/0x1d0 [ 27.449509] ? __pfx_kthread+0x10/0x10 [ 27.449531] ret_from_fork_asm+0x1a/0x30 [ 27.449564] </TASK> [ 27.449577] [ 27.457846] Allocated by task 315: [ 27.458074] kasan_save_stack+0x45/0x70 [ 27.458274] kasan_save_track+0x18/0x40 [ 27.458437] kasan_save_alloc_info+0x3b/0x50 [ 27.458581] __kasan_kmalloc+0xb7/0xc0 [ 27.458814] __kmalloc_cache_noprof+0x189/0x420 [ 27.459033] kasan_atomics+0x95/0x310 [ 27.459202] kunit_try_run_case+0x1a5/0x480 [ 27.459345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.459560] kthread+0x337/0x6f0 [ 27.459735] ret_from_fork+0x116/0x1d0 [ 27.460126] ret_from_fork_asm+0x1a/0x30 [ 27.460327] [ 27.460398] The buggy address belongs to the object at ffff8881058d6700 [ 27.460398] which belongs to the cache kmalloc-64 of size 64 [ 27.460854] The buggy address is located 0 bytes to the right of [ 27.460854] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.461618] [ 27.461741] The buggy address belongs to the physical page: [ 27.461914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.462159] flags: 0x200000000000000(node=0|zone=2) [ 27.462489] page_type: f5(slab) [ 27.462720] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.463060] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.463296] page dumped because: kasan: bad access detected [ 27.463592] [ 27.463724] Memory state around the buggy address: [ 27.464008] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.464226] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.464438] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.464719] ^ [ 27.464993] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.465315] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.465713] ================================================================== [ 27.701219] ================================================================== [ 27.701563] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 27.701986] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.702267] [ 27.702359] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.702407] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.702421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.702444] Call Trace: [ 27.702460] <TASK> [ 27.702477] dump_stack_lvl+0x73/0xb0 [ 27.702508] print_report+0xd1/0x610 [ 27.702530] ? __virt_addr_valid+0x1db/0x2d0 [ 27.702556] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.702577] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.702604] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.702627] kasan_report+0x141/0x180 [ 27.702650] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.702677] kasan_check_range+0x10c/0x1c0 [ 27.702713] __kasan_check_write+0x18/0x20 [ 27.702736] kasan_atomics_helper+0x1f43/0x5450 [ 27.702759] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.702782] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.702806] ? kasan_save_alloc_info+0x3b/0x50 [ 27.702843] kasan_atomics+0x1dc/0x310 [ 27.702867] ? __pfx_kasan_atomics+0x10/0x10 [ 27.702891] ? __pfx_read_tsc+0x10/0x10 [ 27.702915] ? ktime_get_ts64+0x86/0x230 [ 27.702941] kunit_try_run_case+0x1a5/0x480 [ 27.702964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.702985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.703011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.703037] ? __kthread_parkme+0x82/0x180 [ 27.703058] ? preempt_count_sub+0x50/0x80 [ 27.703083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.703106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.703132] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.703157] kthread+0x337/0x6f0 [ 27.703178] ? trace_preempt_on+0x20/0xc0 [ 27.703202] ? __pfx_kthread+0x10/0x10 [ 27.703226] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.703248] ? calculate_sigpending+0x7b/0xa0 [ 27.703274] ? __pfx_kthread+0x10/0x10 [ 27.703297] ret_from_fork+0x116/0x1d0 [ 27.703318] ? __pfx_kthread+0x10/0x10 [ 27.703339] ret_from_fork_asm+0x1a/0x30 [ 27.703371] </TASK> [ 27.703383] [ 27.713582] Allocated by task 315: [ 27.713811] kasan_save_stack+0x45/0x70 [ 27.713991] kasan_save_track+0x18/0x40 [ 27.714126] kasan_save_alloc_info+0x3b/0x50 [ 27.714270] __kasan_kmalloc+0xb7/0xc0 [ 27.714447] __kmalloc_cache_noprof+0x189/0x420 [ 27.714666] kasan_atomics+0x95/0x310 [ 27.714897] kunit_try_run_case+0x1a5/0x480 [ 27.715129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.715489] kthread+0x337/0x6f0 [ 27.715686] ret_from_fork+0x116/0x1d0 [ 27.715914] ret_from_fork_asm+0x1a/0x30 [ 27.716053] [ 27.716120] The buggy address belongs to the object at ffff8881058d6700 [ 27.716120] which belongs to the cache kmalloc-64 of size 64 [ 27.716593] The buggy address is located 0 bytes to the right of [ 27.716593] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.717354] [ 27.717455] The buggy address belongs to the physical page: [ 27.717717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.718144] flags: 0x200000000000000(node=0|zone=2) [ 27.718331] page_type: f5(slab) [ 27.718498] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.718937] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.719278] page dumped because: kasan: bad access detected [ 27.719520] [ 27.719599] Memory state around the buggy address: [ 27.719774] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.720117] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.720450] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.720680] ^ [ 27.720941] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.721277] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.721538] ================================================================== [ 27.525180] ================================================================== [ 27.525529] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 27.526072] Write of size 8 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.526501] [ 27.526614] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.526713] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.526729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.526753] Call Trace: [ 27.526778] <TASK> [ 27.526801] dump_stack_lvl+0x73/0xb0 [ 27.526834] print_report+0xd1/0x610 [ 27.526859] ? __virt_addr_valid+0x1db/0x2d0 [ 27.526916] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.526961] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.526987] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.527010] kasan_report+0x141/0x180 [ 27.527034] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.527061] kasan_check_range+0x10c/0x1c0 [ 27.527085] __kasan_check_write+0x18/0x20 [ 27.527109] kasan_atomics_helper+0x1a7f/0x5450 [ 27.527133] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.527155] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.527181] ? kasan_save_alloc_info+0x3b/0x50 [ 27.527210] kasan_atomics+0x1dc/0x310 [ 27.527234] ? __pfx_kasan_atomics+0x10/0x10 [ 27.527259] ? __pfx_read_tsc+0x10/0x10 [ 27.527283] ? ktime_get_ts64+0x86/0x230 [ 27.527310] kunit_try_run_case+0x1a5/0x480 [ 27.527334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.527355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.527381] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.527406] ? __kthread_parkme+0x82/0x180 [ 27.527429] ? preempt_count_sub+0x50/0x80 [ 27.527454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.527477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.527503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.527559] kthread+0x337/0x6f0 [ 27.527581] ? trace_preempt_on+0x20/0xc0 [ 27.527617] ? __pfx_kthread+0x10/0x10 [ 27.527638] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.527661] ? calculate_sigpending+0x7b/0xa0 [ 27.527687] ? __pfx_kthread+0x10/0x10 [ 27.527719] ret_from_fork+0x116/0x1d0 [ 27.527740] ? __pfx_kthread+0x10/0x10 [ 27.527761] ret_from_fork_asm+0x1a/0x30 [ 27.527806] </TASK> [ 27.527826] [ 27.536027] Allocated by task 315: [ 27.536213] kasan_save_stack+0x45/0x70 [ 27.536418] kasan_save_track+0x18/0x40 [ 27.536612] kasan_save_alloc_info+0x3b/0x50 [ 27.536884] __kasan_kmalloc+0xb7/0xc0 [ 27.537085] __kmalloc_cache_noprof+0x189/0x420 [ 27.537284] kasan_atomics+0x95/0x310 [ 27.537505] kunit_try_run_case+0x1a5/0x480 [ 27.537686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.537992] kthread+0x337/0x6f0 [ 27.538114] ret_from_fork+0x116/0x1d0 [ 27.538267] ret_from_fork_asm+0x1a/0x30 [ 27.538497] [ 27.538606] The buggy address belongs to the object at ffff8881058d6700 [ 27.538606] which belongs to the cache kmalloc-64 of size 64 [ 27.539417] The buggy address is located 0 bytes to the right of [ 27.539417] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.540021] [ 27.540095] The buggy address belongs to the physical page: [ 27.540289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.540706] flags: 0x200000000000000(node=0|zone=2) [ 27.541026] page_type: f5(slab) [ 27.541258] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.541571] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.541892] page dumped because: kasan: bad access detected [ 27.542176] [ 27.542279] Memory state around the buggy address: [ 27.542506] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.542760] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.543123] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.543396] ^ [ 27.543548] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.543804] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.544140] ================================================================== [ 26.664037] ================================================================== [ 26.664289] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 26.664578] Write of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 26.665136] [ 26.665236] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.665288] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.665303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.665326] Call Trace: [ 26.665343] <TASK> [ 26.665360] dump_stack_lvl+0x73/0xb0 [ 26.665393] print_report+0xd1/0x610 [ 26.665416] ? __virt_addr_valid+0x1db/0x2d0 [ 26.665441] ? kasan_atomics_helper+0x565/0x5450 [ 26.665462] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.665489] ? kasan_atomics_helper+0x565/0x5450 [ 26.665512] kasan_report+0x141/0x180 [ 26.665535] ? kasan_atomics_helper+0x565/0x5450 [ 26.665562] kasan_check_range+0x10c/0x1c0 [ 26.665586] __kasan_check_write+0x18/0x20 [ 26.665611] kasan_atomics_helper+0x565/0x5450 [ 26.665633] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.665656] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.665680] ? kasan_save_alloc_info+0x3b/0x50 [ 26.665725] kasan_atomics+0x1dc/0x310 [ 26.665748] ? __pfx_kasan_atomics+0x10/0x10 [ 26.665773] ? __pfx_read_tsc+0x10/0x10 [ 26.665833] ? ktime_get_ts64+0x86/0x230 [ 26.665861] kunit_try_run_case+0x1a5/0x480 [ 26.665884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.665962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.665989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.666015] ? __kthread_parkme+0x82/0x180 [ 26.666060] ? preempt_count_sub+0x50/0x80 [ 26.666084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.666107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.666134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.666161] kthread+0x337/0x6f0 [ 26.666182] ? trace_preempt_on+0x20/0xc0 [ 26.666224] ? __pfx_kthread+0x10/0x10 [ 26.666246] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.666269] ? calculate_sigpending+0x7b/0xa0 [ 26.666294] ? __pfx_kthread+0x10/0x10 [ 26.666318] ret_from_fork+0x116/0x1d0 [ 26.666339] ? __pfx_kthread+0x10/0x10 [ 26.666361] ret_from_fork_asm+0x1a/0x30 [ 26.666392] </TASK> [ 26.666405] [ 26.675309] Allocated by task 315: [ 26.675451] kasan_save_stack+0x45/0x70 [ 26.675633] kasan_save_track+0x18/0x40 [ 26.675827] kasan_save_alloc_info+0x3b/0x50 [ 26.676421] __kasan_kmalloc+0xb7/0xc0 [ 26.676731] __kmalloc_cache_noprof+0x189/0x420 [ 26.677165] kasan_atomics+0x95/0x310 [ 26.677344] kunit_try_run_case+0x1a5/0x480 [ 26.677551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.678124] kthread+0x337/0x6f0 [ 26.678546] ret_from_fork+0x116/0x1d0 [ 26.678833] ret_from_fork_asm+0x1a/0x30 [ 26.679160] [ 26.679385] The buggy address belongs to the object at ffff8881058d6700 [ 26.679385] which belongs to the cache kmalloc-64 of size 64 [ 26.680415] The buggy address is located 0 bytes to the right of [ 26.680415] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 26.681219] [ 26.681312] The buggy address belongs to the physical page: [ 26.681793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 26.682313] flags: 0x200000000000000(node=0|zone=2) [ 26.682552] page_type: f5(slab) [ 26.682728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.683303] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.683952] page dumped because: kasan: bad access detected [ 26.684209] [ 26.684296] Memory state around the buggy address: [ 26.684497] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.685110] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.685472] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.686120] ^ [ 26.686465] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.687214] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.687502] ================================================================== [ 27.169534] ================================================================== [ 27.169982] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 27.170223] Read of size 4 at addr ffff8881058d6730 by task kunit_try_catch/315 [ 27.170596] [ 27.170735] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 27.170811] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.170827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.170851] Call Trace: [ 27.170879] <TASK> [ 27.170903] dump_stack_lvl+0x73/0xb0 [ 27.170936] print_report+0xd1/0x610 [ 27.170960] ? __virt_addr_valid+0x1db/0x2d0 [ 27.170986] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.171008] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.171035] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.171057] kasan_report+0x141/0x180 [ 27.171080] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.171107] __asan_report_load4_noabort+0x18/0x20 [ 27.171132] kasan_atomics_helper+0x4a02/0x5450 [ 27.171155] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.171178] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.171203] ? kasan_save_alloc_info+0x3b/0x50 [ 27.171232] kasan_atomics+0x1dc/0x310 [ 27.171255] ? __pfx_kasan_atomics+0x10/0x10 [ 27.171280] ? __pfx_read_tsc+0x10/0x10 [ 27.171304] ? ktime_get_ts64+0x86/0x230 [ 27.171330] kunit_try_run_case+0x1a5/0x480 [ 27.171354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.171375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.171402] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.171427] ? __kthread_parkme+0x82/0x180 [ 27.171450] ? preempt_count_sub+0x50/0x80 [ 27.171475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.171498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.171524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.171550] kthread+0x337/0x6f0 [ 27.171571] ? trace_preempt_on+0x20/0xc0 [ 27.171596] ? __pfx_kthread+0x10/0x10 [ 27.171618] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.171642] ? calculate_sigpending+0x7b/0xa0 [ 27.171668] ? __pfx_kthread+0x10/0x10 [ 27.171690] ret_from_fork+0x116/0x1d0 [ 27.171722] ? __pfx_kthread+0x10/0x10 [ 27.171744] ret_from_fork_asm+0x1a/0x30 [ 27.171777] </TASK> [ 27.171791] [ 27.179129] Allocated by task 315: [ 27.179316] kasan_save_stack+0x45/0x70 [ 27.179514] kasan_save_track+0x18/0x40 [ 27.179710] kasan_save_alloc_info+0x3b/0x50 [ 27.180117] __kasan_kmalloc+0xb7/0xc0 [ 27.180256] __kmalloc_cache_noprof+0x189/0x420 [ 27.180409] kasan_atomics+0x95/0x310 [ 27.180538] kunit_try_run_case+0x1a5/0x480 [ 27.180679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.181181] kthread+0x337/0x6f0 [ 27.181360] ret_from_fork+0x116/0x1d0 [ 27.181574] ret_from_fork_asm+0x1a/0x30 [ 27.181797] [ 27.181889] The buggy address belongs to the object at ffff8881058d6700 [ 27.181889] which belongs to the cache kmalloc-64 of size 64 [ 27.182385] The buggy address is located 0 bytes to the right of [ 27.182385] allocated 48-byte region [ffff8881058d6700, ffff8881058d6730) [ 27.182949] [ 27.183037] The buggy address belongs to the physical page: [ 27.183292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 27.183640] flags: 0x200000000000000(node=0|zone=2) [ 27.183863] page_type: f5(slab) [ 27.184043] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.184270] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.184491] page dumped because: kasan: bad access detected [ 27.184658] [ 27.184748] Memory state around the buggy address: [ 27.185037] ffff8881058d6600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.185352] ffff8881058d6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.185667] >ffff8881058d6700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.186112] ^ [ 27.186411] ffff8881058d6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.186626] ffff8881058d6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.186845] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 26.332102] ================================================================== [ 26.332401] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.332705] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.333083] [ 26.333207] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.333254] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.333268] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.333289] Call Trace: [ 26.333302] <TASK> [ 26.333317] dump_stack_lvl+0x73/0xb0 [ 26.333357] print_report+0xd1/0x610 [ 26.333378] ? __virt_addr_valid+0x1db/0x2d0 [ 26.333401] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.333438] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.333463] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.333490] kasan_report+0x141/0x180 [ 26.333512] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.333542] kasan_check_range+0x10c/0x1c0 [ 26.333565] __kasan_check_write+0x18/0x20 [ 26.333588] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.333614] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.333641] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.333664] ? trace_hardirqs_on+0x37/0xe0 [ 26.333685] ? kasan_bitops_generic+0x92/0x1c0 [ 26.333720] kasan_bitops_generic+0x121/0x1c0 [ 26.333744] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.333786] ? __pfx_read_tsc+0x10/0x10 [ 26.333817] ? ktime_get_ts64+0x86/0x230 [ 26.333842] kunit_try_run_case+0x1a5/0x480 [ 26.333863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.333895] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.333920] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.333944] ? __kthread_parkme+0x82/0x180 [ 26.333964] ? preempt_count_sub+0x50/0x80 [ 26.333987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.334009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.334034] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.334058] kthread+0x337/0x6f0 [ 26.334078] ? trace_preempt_on+0x20/0xc0 [ 26.334100] ? __pfx_kthread+0x10/0x10 [ 26.334120] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.334142] ? calculate_sigpending+0x7b/0xa0 [ 26.334166] ? __pfx_kthread+0x10/0x10 [ 26.334187] ret_from_fork+0x116/0x1d0 [ 26.334206] ? __pfx_kthread+0x10/0x10 [ 26.334226] ret_from_fork_asm+0x1a/0x30 [ 26.334257] </TASK> [ 26.334269] [ 26.342233] Allocated by task 311: [ 26.342409] kasan_save_stack+0x45/0x70 [ 26.342565] kasan_save_track+0x18/0x40 [ 26.342706] kasan_save_alloc_info+0x3b/0x50 [ 26.342908] __kasan_kmalloc+0xb7/0xc0 [ 26.343104] __kmalloc_cache_noprof+0x189/0x420 [ 26.343318] kasan_bitops_generic+0x92/0x1c0 [ 26.343517] kunit_try_run_case+0x1a5/0x480 [ 26.343703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.343902] kthread+0x337/0x6f0 [ 26.344067] ret_from_fork+0x116/0x1d0 [ 26.344249] ret_from_fork_asm+0x1a/0x30 [ 26.344457] [ 26.344555] The buggy address belongs to the object at ffff8881058a8240 [ 26.344555] which belongs to the cache kmalloc-16 of size 16 [ 26.345073] The buggy address is located 8 bytes inside of [ 26.345073] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.345548] [ 26.345614] The buggy address belongs to the physical page: [ 26.345810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.346041] flags: 0x200000000000000(node=0|zone=2) [ 26.346193] page_type: f5(slab) [ 26.346351] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.346750] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.347146] page dumped because: kasan: bad access detected [ 26.347437] [ 26.347526] Memory state around the buggy address: [ 26.347742] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.347971] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.348177] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.348453] ^ [ 26.348712] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.349055] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.349390] ================================================================== [ 26.424212] ================================================================== [ 26.424548] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.424980] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.425214] [ 26.425292] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.425339] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.425352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.425372] Call Trace: [ 26.425385] <TASK> [ 26.425401] dump_stack_lvl+0x73/0xb0 [ 26.425431] print_report+0xd1/0x610 [ 26.425452] ? __virt_addr_valid+0x1db/0x2d0 [ 26.425475] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.425501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.425527] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.425555] kasan_report+0x141/0x180 [ 26.425576] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.425607] kasan_check_range+0x10c/0x1c0 [ 26.425630] __kasan_check_write+0x18/0x20 [ 26.425653] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.425680] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.425719] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.425742] ? trace_hardirqs_on+0x37/0xe0 [ 26.425763] ? kasan_bitops_generic+0x92/0x1c0 [ 26.425790] kasan_bitops_generic+0x121/0x1c0 [ 26.425813] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.425838] ? __pfx_read_tsc+0x10/0x10 [ 26.425860] ? ktime_get_ts64+0x86/0x230 [ 26.425884] kunit_try_run_case+0x1a5/0x480 [ 26.425906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.425926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.425949] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.425974] ? __kthread_parkme+0x82/0x180 [ 26.425994] ? preempt_count_sub+0x50/0x80 [ 26.426017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.426039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.426064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.426090] kthread+0x337/0x6f0 [ 26.426110] ? trace_preempt_on+0x20/0xc0 [ 26.426134] ? __pfx_kthread+0x10/0x10 [ 26.426156] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.426178] ? calculate_sigpending+0x7b/0xa0 [ 26.426202] ? __pfx_kthread+0x10/0x10 [ 26.426224] ret_from_fork+0x116/0x1d0 [ 26.426243] ? __pfx_kthread+0x10/0x10 [ 26.426263] ret_from_fork_asm+0x1a/0x30 [ 26.426295] </TASK> [ 26.426306] [ 26.433873] Allocated by task 311: [ 26.434017] kasan_save_stack+0x45/0x70 [ 26.434205] kasan_save_track+0x18/0x40 [ 26.434389] kasan_save_alloc_info+0x3b/0x50 [ 26.434576] __kasan_kmalloc+0xb7/0xc0 [ 26.434712] __kmalloc_cache_noprof+0x189/0x420 [ 26.434919] kasan_bitops_generic+0x92/0x1c0 [ 26.435124] kunit_try_run_case+0x1a5/0x480 [ 26.435326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.435570] kthread+0x337/0x6f0 [ 26.435728] ret_from_fork+0x116/0x1d0 [ 26.435934] ret_from_fork_asm+0x1a/0x30 [ 26.436107] [ 26.436171] The buggy address belongs to the object at ffff8881058a8240 [ 26.436171] which belongs to the cache kmalloc-16 of size 16 [ 26.436658] The buggy address is located 8 bytes inside of [ 26.436658] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.438717] [ 26.439095] The buggy address belongs to the physical page: [ 26.439583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.440231] flags: 0x200000000000000(node=0|zone=2) [ 26.441074] page_type: f5(slab) [ 26.441518] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.441767] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.442904] page dumped because: kasan: bad access detected [ 26.443487] [ 26.443563] Memory state around the buggy address: [ 26.443728] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.444384] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.445088] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.445457] ^ [ 26.445957] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.446298] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.446945] ================================================================== [ 26.402417] ================================================================== [ 26.402751] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.403269] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.403594] [ 26.403703] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.403750] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.403781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.403801] Call Trace: [ 26.403819] <TASK> [ 26.403835] dump_stack_lvl+0x73/0xb0 [ 26.403862] print_report+0xd1/0x610 [ 26.403884] ? __virt_addr_valid+0x1db/0x2d0 [ 26.403906] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.403933] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.403958] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.403984] kasan_report+0x141/0x180 [ 26.404006] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.404036] kasan_check_range+0x10c/0x1c0 [ 26.404059] __kasan_check_write+0x18/0x20 [ 26.404082] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.404109] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.404137] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.404159] ? trace_hardirqs_on+0x37/0xe0 [ 26.404181] ? kasan_bitops_generic+0x92/0x1c0 [ 26.404208] kasan_bitops_generic+0x121/0x1c0 [ 26.404231] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.404255] ? __pfx_read_tsc+0x10/0x10 [ 26.404276] ? ktime_get_ts64+0x86/0x230 [ 26.404300] kunit_try_run_case+0x1a5/0x480 [ 26.404321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.404342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.404365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.404389] ? __kthread_parkme+0x82/0x180 [ 26.404409] ? preempt_count_sub+0x50/0x80 [ 26.404432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.404453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.404478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.404503] kthread+0x337/0x6f0 [ 26.404522] ? trace_preempt_on+0x20/0xc0 [ 26.404544] ? __pfx_kthread+0x10/0x10 [ 26.404565] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.404586] ? calculate_sigpending+0x7b/0xa0 [ 26.404609] ? __pfx_kthread+0x10/0x10 [ 26.404631] ret_from_fork+0x116/0x1d0 [ 26.404650] ? __pfx_kthread+0x10/0x10 [ 26.404670] ret_from_fork_asm+0x1a/0x30 [ 26.405243] </TASK> [ 26.405264] [ 26.415898] Allocated by task 311: [ 26.416083] kasan_save_stack+0x45/0x70 [ 26.416283] kasan_save_track+0x18/0x40 [ 26.416449] kasan_save_alloc_info+0x3b/0x50 [ 26.416627] __kasan_kmalloc+0xb7/0xc0 [ 26.416790] __kmalloc_cache_noprof+0x189/0x420 [ 26.416954] kasan_bitops_generic+0x92/0x1c0 [ 26.417160] kunit_try_run_case+0x1a5/0x480 [ 26.417357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.417608] kthread+0x337/0x6f0 [ 26.417810] ret_from_fork+0x116/0x1d0 [ 26.417960] ret_from_fork_asm+0x1a/0x30 [ 26.418136] [ 26.418225] The buggy address belongs to the object at ffff8881058a8240 [ 26.418225] which belongs to the cache kmalloc-16 of size 16 [ 26.418594] The buggy address is located 8 bytes inside of [ 26.418594] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.419063] [ 26.419153] The buggy address belongs to the physical page: [ 26.419398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.419665] flags: 0x200000000000000(node=0|zone=2) [ 26.419859] page_type: f5(slab) [ 26.419979] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.420313] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.420648] page dumped because: kasan: bad access detected [ 26.420934] [ 26.421020] Memory state around the buggy address: [ 26.421185] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.421474] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.421780] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.422059] ^ [ 26.422250] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.422502] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.422836] ================================================================== [ 26.469008] ================================================================== [ 26.469638] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.470212] Read of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.470511] [ 26.470590] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.470639] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.470652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.470672] Call Trace: [ 26.470686] <TASK> [ 26.470712] dump_stack_lvl+0x73/0xb0 [ 26.470740] print_report+0xd1/0x610 [ 26.470761] ? __virt_addr_valid+0x1db/0x2d0 [ 26.470784] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.470812] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.470838] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.470865] kasan_report+0x141/0x180 [ 26.470887] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.470918] __asan_report_load8_noabort+0x18/0x20 [ 26.470942] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.470980] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.471007] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.471042] ? trace_hardirqs_on+0x37/0xe0 [ 26.471064] ? kasan_bitops_generic+0x92/0x1c0 [ 26.471091] kasan_bitops_generic+0x121/0x1c0 [ 26.471113] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.471138] ? __pfx_read_tsc+0x10/0x10 [ 26.471159] ? ktime_get_ts64+0x86/0x230 [ 26.471185] kunit_try_run_case+0x1a5/0x480 [ 26.471208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.471248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.471272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.471307] ? __kthread_parkme+0x82/0x180 [ 26.471327] ? preempt_count_sub+0x50/0x80 [ 26.471350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.471372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.471397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.471423] kthread+0x337/0x6f0 [ 26.471442] ? trace_preempt_on+0x20/0xc0 [ 26.471463] ? __pfx_kthread+0x10/0x10 [ 26.471484] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.471506] ? calculate_sigpending+0x7b/0xa0 [ 26.471530] ? __pfx_kthread+0x10/0x10 [ 26.471551] ret_from_fork+0x116/0x1d0 [ 26.471570] ? __pfx_kthread+0x10/0x10 [ 26.471591] ret_from_fork_asm+0x1a/0x30 [ 26.471622] </TASK> [ 26.471633] [ 26.480143] Allocated by task 311: [ 26.480484] kasan_save_stack+0x45/0x70 [ 26.480946] kasan_save_track+0x18/0x40 [ 26.481118] kasan_save_alloc_info+0x3b/0x50 [ 26.481833] __kasan_kmalloc+0xb7/0xc0 [ 26.482162] __kmalloc_cache_noprof+0x189/0x420 [ 26.482640] kasan_bitops_generic+0x92/0x1c0 [ 26.482840] kunit_try_run_case+0x1a5/0x480 [ 26.483228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.483729] kthread+0x337/0x6f0 [ 26.484710] ret_from_fork+0x116/0x1d0 [ 26.485133] ret_from_fork_asm+0x1a/0x30 [ 26.485384] [ 26.485450] The buggy address belongs to the object at ffff8881058a8240 [ 26.485450] which belongs to the cache kmalloc-16 of size 16 [ 26.485838] The buggy address is located 8 bytes inside of [ 26.485838] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.486290] [ 26.486356] The buggy address belongs to the physical page: [ 26.486608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.486863] flags: 0x200000000000000(node=0|zone=2) [ 26.487061] page_type: f5(slab) [ 26.487258] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.487596] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.488008] page dumped because: kasan: bad access detected [ 26.488234] [ 26.488297] Memory state around the buggy address: [ 26.488444] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.488662] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.489041] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.489331] ^ [ 26.489567] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.489890] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.490297] ================================================================== [ 26.385616] ================================================================== [ 26.386117] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.386485] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.386825] [ 26.386933] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.386992] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.387005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.387038] Call Trace: [ 26.387050] <TASK> [ 26.387065] dump_stack_lvl+0x73/0xb0 [ 26.387094] print_report+0xd1/0x610 [ 26.387123] ? __virt_addr_valid+0x1db/0x2d0 [ 26.387146] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.387182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.387208] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.387234] kasan_report+0x141/0x180 [ 26.387265] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.387298] kasan_check_range+0x10c/0x1c0 [ 26.387323] __kasan_check_write+0x18/0x20 [ 26.387356] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.387382] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.387418] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.387442] ? trace_hardirqs_on+0x37/0xe0 [ 26.387463] ? kasan_bitops_generic+0x92/0x1c0 [ 26.387502] kasan_bitops_generic+0x121/0x1c0 [ 26.387525] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.387549] ? __pfx_read_tsc+0x10/0x10 [ 26.387580] ? ktime_get_ts64+0x86/0x230 [ 26.387605] kunit_try_run_case+0x1a5/0x480 [ 26.387627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.387647] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.387670] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.387702] ? __kthread_parkme+0x82/0x180 [ 26.387722] ? preempt_count_sub+0x50/0x80 [ 26.387745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.387785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.387811] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.387839] kthread+0x337/0x6f0 [ 26.387859] ? trace_preempt_on+0x20/0xc0 [ 26.387881] ? __pfx_kthread+0x10/0x10 [ 26.387902] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.387924] ? calculate_sigpending+0x7b/0xa0 [ 26.387948] ? __pfx_kthread+0x10/0x10 [ 26.387969] ret_from_fork+0x116/0x1d0 [ 26.387988] ? __pfx_kthread+0x10/0x10 [ 26.388009] ret_from_fork_asm+0x1a/0x30 [ 26.388040] </TASK> [ 26.388051] [ 26.395276] Allocated by task 311: [ 26.395426] kasan_save_stack+0x45/0x70 [ 26.395595] kasan_save_track+0x18/0x40 [ 26.395818] kasan_save_alloc_info+0x3b/0x50 [ 26.396000] __kasan_kmalloc+0xb7/0xc0 [ 26.396148] __kmalloc_cache_noprof+0x189/0x420 [ 26.396340] kasan_bitops_generic+0x92/0x1c0 [ 26.396521] kunit_try_run_case+0x1a5/0x480 [ 26.396703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.396963] kthread+0x337/0x6f0 [ 26.397110] ret_from_fork+0x116/0x1d0 [ 26.397250] ret_from_fork_asm+0x1a/0x30 [ 26.397431] [ 26.397507] The buggy address belongs to the object at ffff8881058a8240 [ 26.397507] which belongs to the cache kmalloc-16 of size 16 [ 26.398004] The buggy address is located 8 bytes inside of [ 26.398004] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.398462] [ 26.398531] The buggy address belongs to the physical page: [ 26.398798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.399124] flags: 0x200000000000000(node=0|zone=2) [ 26.399319] page_type: f5(slab) [ 26.399465] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.399758] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.400096] page dumped because: kasan: bad access detected [ 26.400287] [ 26.400351] Memory state around the buggy address: [ 26.400565] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.400853] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.401157] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.401426] ^ [ 26.401598] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.401838] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.402046] ================================================================== [ 26.367852] ================================================================== [ 26.368233] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.368638] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.368980] [ 26.369087] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.369133] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.369147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.369178] Call Trace: [ 26.369192] <TASK> [ 26.369205] dump_stack_lvl+0x73/0xb0 [ 26.369234] print_report+0xd1/0x610 [ 26.369264] ? __virt_addr_valid+0x1db/0x2d0 [ 26.369287] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.369323] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.369350] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.369376] kasan_report+0x141/0x180 [ 26.369407] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.369438] kasan_check_range+0x10c/0x1c0 [ 26.369460] __kasan_check_write+0x18/0x20 [ 26.369494] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.369521] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.369558] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.369582] ? trace_hardirqs_on+0x37/0xe0 [ 26.369603] ? kasan_bitops_generic+0x92/0x1c0 [ 26.369629] kasan_bitops_generic+0x121/0x1c0 [ 26.369652] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.369676] ? __pfx_read_tsc+0x10/0x10 [ 26.369705] ? ktime_get_ts64+0x86/0x230 [ 26.369730] kunit_try_run_case+0x1a5/0x480 [ 26.369751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.369791] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.369814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.369838] ? __kthread_parkme+0x82/0x180 [ 26.369867] ? preempt_count_sub+0x50/0x80 [ 26.369891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.369912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.369947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.369972] kthread+0x337/0x6f0 [ 26.369991] ? trace_preempt_on+0x20/0xc0 [ 26.370013] ? __pfx_kthread+0x10/0x10 [ 26.370034] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.370056] ? calculate_sigpending+0x7b/0xa0 [ 26.370080] ? __pfx_kthread+0x10/0x10 [ 26.370101] ret_from_fork+0x116/0x1d0 [ 26.370120] ? __pfx_kthread+0x10/0x10 [ 26.370140] ret_from_fork_asm+0x1a/0x30 [ 26.370171] </TASK> [ 26.370182] [ 26.378121] Allocated by task 311: [ 26.378289] kasan_save_stack+0x45/0x70 [ 26.378472] kasan_save_track+0x18/0x40 [ 26.378651] kasan_save_alloc_info+0x3b/0x50 [ 26.378870] __kasan_kmalloc+0xb7/0xc0 [ 26.379065] __kmalloc_cache_noprof+0x189/0x420 [ 26.379238] kasan_bitops_generic+0x92/0x1c0 [ 26.379379] kunit_try_run_case+0x1a5/0x480 [ 26.379515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.379683] kthread+0x337/0x6f0 [ 26.379832] ret_from_fork+0x116/0x1d0 [ 26.379958] ret_from_fork_asm+0x1a/0x30 [ 26.380090] [ 26.380192] The buggy address belongs to the object at ffff8881058a8240 [ 26.380192] which belongs to the cache kmalloc-16 of size 16 [ 26.380723] The buggy address is located 8 bytes inside of [ 26.380723] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.381253] [ 26.381342] The buggy address belongs to the physical page: [ 26.381536] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.381801] flags: 0x200000000000000(node=0|zone=2) [ 26.381955] page_type: f5(slab) [ 26.382069] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.382293] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.382586] page dumped because: kasan: bad access detected [ 26.382886] [ 26.382989] Memory state around the buggy address: [ 26.383247] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.383599] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.383980] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.384289] ^ [ 26.384534] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.384893] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.385164] ================================================================== [ 26.312298] ================================================================== [ 26.312629] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.314746] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.315049] [ 26.315179] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.315230] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.315243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.315264] Call Trace: [ 26.315280] <TASK> [ 26.315297] dump_stack_lvl+0x73/0xb0 [ 26.315339] print_report+0xd1/0x610 [ 26.315361] ? __virt_addr_valid+0x1db/0x2d0 [ 26.315384] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.315422] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.315447] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.315474] kasan_report+0x141/0x180 [ 26.315504] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.315535] kasan_check_range+0x10c/0x1c0 [ 26.315568] __kasan_check_write+0x18/0x20 [ 26.315591] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.315618] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.315645] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.315668] ? trace_hardirqs_on+0x37/0xe0 [ 26.315699] ? kasan_bitops_generic+0x92/0x1c0 [ 26.315728] kasan_bitops_generic+0x121/0x1c0 [ 26.315752] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.315798] ? __pfx_read_tsc+0x10/0x10 [ 26.315834] ? ktime_get_ts64+0x86/0x230 [ 26.315859] kunit_try_run_case+0x1a5/0x480 [ 26.315881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.315915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.315938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.315962] ? __kthread_parkme+0x82/0x180 [ 26.315982] ? preempt_count_sub+0x50/0x80 [ 26.316016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.316038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.316074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.316100] kthread+0x337/0x6f0 [ 26.316120] ? trace_preempt_on+0x20/0xc0 [ 26.316144] ? __pfx_kthread+0x10/0x10 [ 26.316165] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.316187] ? calculate_sigpending+0x7b/0xa0 [ 26.316211] ? __pfx_kthread+0x10/0x10 [ 26.316233] ret_from_fork+0x116/0x1d0 [ 26.316252] ? __pfx_kthread+0x10/0x10 [ 26.316272] ret_from_fork_asm+0x1a/0x30 [ 26.316302] </TASK> [ 26.316314] [ 26.324255] Allocated by task 311: [ 26.324422] kasan_save_stack+0x45/0x70 [ 26.324603] kasan_save_track+0x18/0x40 [ 26.324836] kasan_save_alloc_info+0x3b/0x50 [ 26.324980] __kasan_kmalloc+0xb7/0xc0 [ 26.325116] __kmalloc_cache_noprof+0x189/0x420 [ 26.325351] kasan_bitops_generic+0x92/0x1c0 [ 26.325578] kunit_try_run_case+0x1a5/0x480 [ 26.325798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.325998] kthread+0x337/0x6f0 [ 26.326159] ret_from_fork+0x116/0x1d0 [ 26.326334] ret_from_fork_asm+0x1a/0x30 [ 26.326520] [ 26.326624] The buggy address belongs to the object at ffff8881058a8240 [ 26.326624] which belongs to the cache kmalloc-16 of size 16 [ 26.327121] The buggy address is located 8 bytes inside of [ 26.327121] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.327616] [ 26.327710] The buggy address belongs to the physical page: [ 26.328000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.328248] flags: 0x200000000000000(node=0|zone=2) [ 26.328405] page_type: f5(slab) [ 26.328518] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.328798] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.329146] page dumped because: kasan: bad access detected [ 26.329386] [ 26.329472] Memory state around the buggy address: [ 26.329682] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.329972] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.330186] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.330420] ^ [ 26.330690] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.331036] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.331368] ================================================================== [ 26.447560] ================================================================== [ 26.447902] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.448680] Read of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.449304] [ 26.449404] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.449465] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.449479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.449499] Call Trace: [ 26.449526] <TASK> [ 26.449551] dump_stack_lvl+0x73/0xb0 [ 26.449581] print_report+0xd1/0x610 [ 26.449603] ? __virt_addr_valid+0x1db/0x2d0 [ 26.449637] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.449663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.449689] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.449725] kasan_report+0x141/0x180 [ 26.449747] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.449787] kasan_check_range+0x10c/0x1c0 [ 26.449811] __kasan_check_read+0x15/0x20 [ 26.449833] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.449861] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.449889] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.449912] ? trace_hardirqs_on+0x37/0xe0 [ 26.449934] ? kasan_bitops_generic+0x92/0x1c0 [ 26.449960] kasan_bitops_generic+0x121/0x1c0 [ 26.449983] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.450008] ? __pfx_read_tsc+0x10/0x10 [ 26.450028] ? ktime_get_ts64+0x86/0x230 [ 26.450053] kunit_try_run_case+0x1a5/0x480 [ 26.450075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.450095] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.450118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.450142] ? __kthread_parkme+0x82/0x180 [ 26.450163] ? preempt_count_sub+0x50/0x80 [ 26.450186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.450208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.450234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.450260] kthread+0x337/0x6f0 [ 26.450280] ? trace_preempt_on+0x20/0xc0 [ 26.450304] ? __pfx_kthread+0x10/0x10 [ 26.450326] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.450348] ? calculate_sigpending+0x7b/0xa0 [ 26.450372] ? __pfx_kthread+0x10/0x10 [ 26.450393] ret_from_fork+0x116/0x1d0 [ 26.450412] ? __pfx_kthread+0x10/0x10 [ 26.450433] ret_from_fork_asm+0x1a/0x30 [ 26.450463] </TASK> [ 26.450474] [ 26.460920] Allocated by task 311: [ 26.461058] kasan_save_stack+0x45/0x70 [ 26.461193] kasan_save_track+0x18/0x40 [ 26.461366] kasan_save_alloc_info+0x3b/0x50 [ 26.461594] __kasan_kmalloc+0xb7/0xc0 [ 26.461779] __kmalloc_cache_noprof+0x189/0x420 [ 26.462189] kasan_bitops_generic+0x92/0x1c0 [ 26.462391] kunit_try_run_case+0x1a5/0x480 [ 26.462539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.462836] kthread+0x337/0x6f0 [ 26.462961] ret_from_fork+0x116/0x1d0 [ 26.463086] ret_from_fork_asm+0x1a/0x30 [ 26.463218] [ 26.463307] The buggy address belongs to the object at ffff8881058a8240 [ 26.463307] which belongs to the cache kmalloc-16 of size 16 [ 26.463992] The buggy address is located 8 bytes inside of [ 26.463992] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.464471] [ 26.464549] The buggy address belongs to the physical page: [ 26.464802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.465138] flags: 0x200000000000000(node=0|zone=2) [ 26.465346] page_type: f5(slab) [ 26.465530] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.465846] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.466186] page dumped because: kasan: bad access detected [ 26.466451] [ 26.466530] Memory state around the buggy address: [ 26.466712] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.467167] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.467461] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.467785] ^ [ 26.467975] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.468184] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.468388] ================================================================== [ 26.350163] ================================================================== [ 26.350550] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.350988] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.351300] [ 26.351408] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.351456] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.351480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.351499] Call Trace: [ 26.351514] <TASK> [ 26.351529] dump_stack_lvl+0x73/0xb0 [ 26.351568] print_report+0xd1/0x610 [ 26.351590] ? __virt_addr_valid+0x1db/0x2d0 [ 26.351613] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.351639] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.351664] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.351691] kasan_report+0x141/0x180 [ 26.351720] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.351752] kasan_check_range+0x10c/0x1c0 [ 26.351794] __kasan_check_write+0x18/0x20 [ 26.351823] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.351852] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.351879] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.351903] ? trace_hardirqs_on+0x37/0xe0 [ 26.351925] ? kasan_bitops_generic+0x92/0x1c0 [ 26.351951] kasan_bitops_generic+0x121/0x1c0 [ 26.351974] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.351999] ? __pfx_read_tsc+0x10/0x10 [ 26.352019] ? ktime_get_ts64+0x86/0x230 [ 26.352042] kunit_try_run_case+0x1a5/0x480 [ 26.352064] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.352084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.352108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.352131] ? __kthread_parkme+0x82/0x180 [ 26.352152] ? preempt_count_sub+0x50/0x80 [ 26.352175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.352196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.352231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.352256] kthread+0x337/0x6f0 [ 26.352275] ? trace_preempt_on+0x20/0xc0 [ 26.352309] ? __pfx_kthread+0x10/0x10 [ 26.352330] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.352351] ? calculate_sigpending+0x7b/0xa0 [ 26.352386] ? __pfx_kthread+0x10/0x10 [ 26.352408] ret_from_fork+0x116/0x1d0 [ 26.352427] ? __pfx_kthread+0x10/0x10 [ 26.352459] ret_from_fork_asm+0x1a/0x30 [ 26.352490] </TASK> [ 26.352502] [ 26.360264] Allocated by task 311: [ 26.360430] kasan_save_stack+0x45/0x70 [ 26.360620] kasan_save_track+0x18/0x40 [ 26.360826] kasan_save_alloc_info+0x3b/0x50 [ 26.361029] __kasan_kmalloc+0xb7/0xc0 [ 26.361202] __kmalloc_cache_noprof+0x189/0x420 [ 26.361349] kasan_bitops_generic+0x92/0x1c0 [ 26.361523] kunit_try_run_case+0x1a5/0x480 [ 26.361743] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.362006] kthread+0x337/0x6f0 [ 26.362165] ret_from_fork+0x116/0x1d0 [ 26.362306] ret_from_fork_asm+0x1a/0x30 [ 26.362495] [ 26.362583] The buggy address belongs to the object at ffff8881058a8240 [ 26.362583] which belongs to the cache kmalloc-16 of size 16 [ 26.363107] The buggy address is located 8 bytes inside of [ 26.363107] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.363495] [ 26.363560] The buggy address belongs to the physical page: [ 26.363736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.363990] flags: 0x200000000000000(node=0|zone=2) [ 26.364218] page_type: f5(slab) [ 26.364397] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.364736] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.365079] page dumped because: kasan: bad access detected [ 26.365244] [ 26.365305] Memory state around the buggy address: [ 26.365452] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.365661] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.365926] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.366239] ^ [ 26.366510] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.366856] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.367184] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 26.295086] ================================================================== [ 26.295423] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.295960] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.296298] [ 26.296403] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.296450] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.296463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.296484] Call Trace: [ 26.296499] <TASK> [ 26.296514] dump_stack_lvl+0x73/0xb0 [ 26.296543] print_report+0xd1/0x610 [ 26.296564] ? __virt_addr_valid+0x1db/0x2d0 [ 26.296587] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.296611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.296636] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.296661] kasan_report+0x141/0x180 [ 26.296682] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.296723] kasan_check_range+0x10c/0x1c0 [ 26.296747] __kasan_check_write+0x18/0x20 [ 26.296788] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.296814] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.296840] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.296863] ? trace_hardirqs_on+0x37/0xe0 [ 26.296885] ? kasan_bitops_generic+0x92/0x1c0 [ 26.296911] kasan_bitops_generic+0x116/0x1c0 [ 26.296934] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.296958] ? __pfx_read_tsc+0x10/0x10 [ 26.296979] ? ktime_get_ts64+0x86/0x230 [ 26.297004] kunit_try_run_case+0x1a5/0x480 [ 26.297025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.297046] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.297070] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.297093] ? __kthread_parkme+0x82/0x180 [ 26.297113] ? preempt_count_sub+0x50/0x80 [ 26.297136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.297158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.297183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.297208] kthread+0x337/0x6f0 [ 26.297227] ? trace_preempt_on+0x20/0xc0 [ 26.297249] ? __pfx_kthread+0x10/0x10 [ 26.297269] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.297291] ? calculate_sigpending+0x7b/0xa0 [ 26.297315] ? __pfx_kthread+0x10/0x10 [ 26.297336] ret_from_fork+0x116/0x1d0 [ 26.297355] ? __pfx_kthread+0x10/0x10 [ 26.297375] ret_from_fork_asm+0x1a/0x30 [ 26.297406] </TASK> [ 26.297416] [ 26.304802] Allocated by task 311: [ 26.304982] kasan_save_stack+0x45/0x70 [ 26.305156] kasan_save_track+0x18/0x40 [ 26.305326] kasan_save_alloc_info+0x3b/0x50 [ 26.305504] __kasan_kmalloc+0xb7/0xc0 [ 26.305683] __kmalloc_cache_noprof+0x189/0x420 [ 26.305865] kasan_bitops_generic+0x92/0x1c0 [ 26.306074] kunit_try_run_case+0x1a5/0x480 [ 26.306278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.306493] kthread+0x337/0x6f0 [ 26.306650] ret_from_fork+0x116/0x1d0 [ 26.306808] ret_from_fork_asm+0x1a/0x30 [ 26.307003] [ 26.307090] The buggy address belongs to the object at ffff8881058a8240 [ 26.307090] which belongs to the cache kmalloc-16 of size 16 [ 26.307506] The buggy address is located 8 bytes inside of [ 26.307506] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.308060] [ 26.308138] The buggy address belongs to the physical page: [ 26.308352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.308656] flags: 0x200000000000000(node=0|zone=2) [ 26.308903] page_type: f5(slab) [ 26.309055] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.309350] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.309654] page dumped because: kasan: bad access detected [ 26.309861] [ 26.309925] Memory state around the buggy address: [ 26.310072] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.310280] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.310486] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.310745] ^ [ 26.311016] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.311326] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.311627] ================================================================== [ 26.207251] ================================================================== [ 26.207527] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.207879] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.208246] [ 26.208355] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.208405] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.208418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.208440] Call Trace: [ 26.208457] <TASK> [ 26.208474] dump_stack_lvl+0x73/0xb0 [ 26.208504] print_report+0xd1/0x610 [ 26.208525] ? __virt_addr_valid+0x1db/0x2d0 [ 26.208549] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.208573] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.208599] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.208624] kasan_report+0x141/0x180 [ 26.208645] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.208674] kasan_check_range+0x10c/0x1c0 [ 26.208710] __kasan_check_write+0x18/0x20 [ 26.208734] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.208759] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.208785] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.208808] ? trace_hardirqs_on+0x37/0xe0 [ 26.208829] ? kasan_bitops_generic+0x92/0x1c0 [ 26.208855] kasan_bitops_generic+0x116/0x1c0 [ 26.208878] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.208902] ? __pfx_read_tsc+0x10/0x10 [ 26.208923] ? ktime_get_ts64+0x86/0x230 [ 26.208947] kunit_try_run_case+0x1a5/0x480 [ 26.208968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.208989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.209014] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.209037] ? __kthread_parkme+0x82/0x180 [ 26.209058] ? preempt_count_sub+0x50/0x80 [ 26.209081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.209103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.209127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.209204] kthread+0x337/0x6f0 [ 26.209224] ? trace_preempt_on+0x20/0xc0 [ 26.209246] ? __pfx_kthread+0x10/0x10 [ 26.209266] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.209288] ? calculate_sigpending+0x7b/0xa0 [ 26.209311] ? __pfx_kthread+0x10/0x10 [ 26.209332] ret_from_fork+0x116/0x1d0 [ 26.209351] ? __pfx_kthread+0x10/0x10 [ 26.209371] ret_from_fork_asm+0x1a/0x30 [ 26.209402] </TASK> [ 26.209413] [ 26.217343] Allocated by task 311: [ 26.217523] kasan_save_stack+0x45/0x70 [ 26.217720] kasan_save_track+0x18/0x40 [ 26.218083] kasan_save_alloc_info+0x3b/0x50 [ 26.218241] __kasan_kmalloc+0xb7/0xc0 [ 26.218395] __kmalloc_cache_noprof+0x189/0x420 [ 26.218604] kasan_bitops_generic+0x92/0x1c0 [ 26.218818] kunit_try_run_case+0x1a5/0x480 [ 26.218955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.219124] kthread+0x337/0x6f0 [ 26.219236] ret_from_fork+0x116/0x1d0 [ 26.219360] ret_from_fork_asm+0x1a/0x30 [ 26.219547] [ 26.219639] The buggy address belongs to the object at ffff8881058a8240 [ 26.219639] which belongs to the cache kmalloc-16 of size 16 [ 26.220362] The buggy address is located 8 bytes inside of [ 26.220362] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.220811] [ 26.220927] The buggy address belongs to the physical page: [ 26.221146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.221516] flags: 0x200000000000000(node=0|zone=2) [ 26.221809] page_type: f5(slab) [ 26.222008] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.222431] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.222771] page dumped because: kasan: bad access detected [ 26.222947] [ 26.223008] Memory state around the buggy address: [ 26.223418] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.223756] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.224184] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.224486] ^ [ 26.224733] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.225148] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.225459] ================================================================== [ 26.226919] ================================================================== [ 26.227749] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.229183] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.229551] [ 26.229640] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.229691] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.229716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.229737] Call Trace: [ 26.229751] <TASK> [ 26.229767] dump_stack_lvl+0x73/0xb0 [ 26.229796] print_report+0xd1/0x610 [ 26.229819] ? __virt_addr_valid+0x1db/0x2d0 [ 26.229841] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.229866] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.230228] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.230258] kasan_report+0x141/0x180 [ 26.230297] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.230329] kasan_check_range+0x10c/0x1c0 [ 26.230359] __kasan_check_write+0x18/0x20 [ 26.230382] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.230407] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.230432] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.230456] ? trace_hardirqs_on+0x37/0xe0 [ 26.230478] ? kasan_bitops_generic+0x92/0x1c0 [ 26.230504] kasan_bitops_generic+0x116/0x1c0 [ 26.230528] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.230553] ? __pfx_read_tsc+0x10/0x10 [ 26.230575] ? ktime_get_ts64+0x86/0x230 [ 26.230600] kunit_try_run_case+0x1a5/0x480 [ 26.230623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.230644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.230667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.230691] ? __kthread_parkme+0x82/0x180 [ 26.230720] ? preempt_count_sub+0x50/0x80 [ 26.230744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.230766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.230823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.230847] kthread+0x337/0x6f0 [ 26.230867] ? trace_preempt_on+0x20/0xc0 [ 26.230890] ? __pfx_kthread+0x10/0x10 [ 26.230920] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.230943] ? calculate_sigpending+0x7b/0xa0 [ 26.230967] ? __pfx_kthread+0x10/0x10 [ 26.230988] ret_from_fork+0x116/0x1d0 [ 26.231007] ? __pfx_kthread+0x10/0x10 [ 26.231026] ret_from_fork_asm+0x1a/0x30 [ 26.231056] </TASK> [ 26.231068] [ 26.246193] Allocated by task 311: [ 26.246383] kasan_save_stack+0x45/0x70 [ 26.246783] kasan_save_track+0x18/0x40 [ 26.247223] kasan_save_alloc_info+0x3b/0x50 [ 26.247456] __kasan_kmalloc+0xb7/0xc0 [ 26.247847] __kmalloc_cache_noprof+0x189/0x420 [ 26.248302] kasan_bitops_generic+0x92/0x1c0 [ 26.248636] kunit_try_run_case+0x1a5/0x480 [ 26.249023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.249204] kthread+0x337/0x6f0 [ 26.249320] ret_from_fork+0x116/0x1d0 [ 26.249446] ret_from_fork_asm+0x1a/0x30 [ 26.249578] [ 26.249642] The buggy address belongs to the object at ffff8881058a8240 [ 26.249642] which belongs to the cache kmalloc-16 of size 16 [ 26.250040] The buggy address is located 8 bytes inside of [ 26.250040] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.250599] [ 26.250668] The buggy address belongs to the physical page: [ 26.250843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.251280] flags: 0x200000000000000(node=0|zone=2) [ 26.251590] page_type: f5(slab) [ 26.251748] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.252215] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.252490] page dumped because: kasan: bad access detected [ 26.253125] [ 26.253393] Memory state around the buggy address: [ 26.253633] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.254543] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.254979] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.256260] ^ [ 26.257120] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.257355] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.257568] ================================================================== [ 26.278229] ================================================================== [ 26.278563] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.279100] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.279439] [ 26.279534] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.279580] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.279593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.279614] Call Trace: [ 26.279628] <TASK> [ 26.279642] dump_stack_lvl+0x73/0xb0 [ 26.279672] print_report+0xd1/0x610 [ 26.279704] ? __virt_addr_valid+0x1db/0x2d0 [ 26.279728] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.279753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.279799] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.279829] kasan_report+0x141/0x180 [ 26.279851] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.279879] kasan_check_range+0x10c/0x1c0 [ 26.279902] __kasan_check_write+0x18/0x20 [ 26.279924] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.279949] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.279974] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.279997] ? trace_hardirqs_on+0x37/0xe0 [ 26.280018] ? kasan_bitops_generic+0x92/0x1c0 [ 26.280044] kasan_bitops_generic+0x116/0x1c0 [ 26.280067] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.280091] ? __pfx_read_tsc+0x10/0x10 [ 26.280111] ? ktime_get_ts64+0x86/0x230 [ 26.280135] kunit_try_run_case+0x1a5/0x480 [ 26.280157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.280176] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.280200] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.280224] ? __kthread_parkme+0x82/0x180 [ 26.280244] ? preempt_count_sub+0x50/0x80 [ 26.280267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.280289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.280313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.280338] kthread+0x337/0x6f0 [ 26.280358] ? trace_preempt_on+0x20/0xc0 [ 26.280379] ? __pfx_kthread+0x10/0x10 [ 26.280399] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.280421] ? calculate_sigpending+0x7b/0xa0 [ 26.280444] ? __pfx_kthread+0x10/0x10 [ 26.280465] ret_from_fork+0x116/0x1d0 [ 26.280483] ? __pfx_kthread+0x10/0x10 [ 26.280504] ret_from_fork_asm+0x1a/0x30 [ 26.280535] </TASK> [ 26.280546] [ 26.287932] Allocated by task 311: [ 26.288085] kasan_save_stack+0x45/0x70 [ 26.288220] kasan_save_track+0x18/0x40 [ 26.288346] kasan_save_alloc_info+0x3b/0x50 [ 26.288531] __kasan_kmalloc+0xb7/0xc0 [ 26.288715] __kmalloc_cache_noprof+0x189/0x420 [ 26.288954] kasan_bitops_generic+0x92/0x1c0 [ 26.289154] kunit_try_run_case+0x1a5/0x480 [ 26.289348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.289538] kthread+0x337/0x6f0 [ 26.289656] ret_from_fork+0x116/0x1d0 [ 26.289861] ret_from_fork_asm+0x1a/0x30 [ 26.290055] [ 26.290144] The buggy address belongs to the object at ffff8881058a8240 [ 26.290144] which belongs to the cache kmalloc-16 of size 16 [ 26.290646] The buggy address is located 8 bytes inside of [ 26.290646] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.291134] [ 26.291227] The buggy address belongs to the physical page: [ 26.291393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.291625] flags: 0x200000000000000(node=0|zone=2) [ 26.291812] page_type: f5(slab) [ 26.291927] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.292212] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.292534] page dumped because: kasan: bad access detected [ 26.292802] [ 26.292887] Memory state around the buggy address: [ 26.293098] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.293374] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.293580] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.293817] ^ [ 26.293982] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.294237] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.294547] ================================================================== [ 26.135649] ================================================================== [ 26.136247] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.136624] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.137615] [ 26.137758] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.137816] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.137830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.137853] Call Trace: [ 26.137866] <TASK> [ 26.137887] dump_stack_lvl+0x73/0xb0 [ 26.137921] print_report+0xd1/0x610 [ 26.137944] ? __virt_addr_valid+0x1db/0x2d0 [ 26.137970] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.138186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.138215] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.138239] kasan_report+0x141/0x180 [ 26.138263] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.138292] kasan_check_range+0x10c/0x1c0 [ 26.138314] __kasan_check_write+0x18/0x20 [ 26.138338] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.138363] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.138388] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.138412] ? trace_hardirqs_on+0x37/0xe0 [ 26.138436] ? kasan_bitops_generic+0x92/0x1c0 [ 26.138462] kasan_bitops_generic+0x116/0x1c0 [ 26.138485] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.138509] ? __pfx_read_tsc+0x10/0x10 [ 26.138532] ? ktime_get_ts64+0x86/0x230 [ 26.138557] kunit_try_run_case+0x1a5/0x480 [ 26.138580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.138600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.138625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.138648] ? __kthread_parkme+0x82/0x180 [ 26.138669] ? preempt_count_sub+0x50/0x80 [ 26.138709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.138731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.138756] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.138781] kthread+0x337/0x6f0 [ 26.138801] ? trace_preempt_on+0x20/0xc0 [ 26.138822] ? __pfx_kthread+0x10/0x10 [ 26.138843] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.138864] ? calculate_sigpending+0x7b/0xa0 [ 26.138900] ? __pfx_kthread+0x10/0x10 [ 26.138922] ret_from_fork+0x116/0x1d0 [ 26.138940] ? __pfx_kthread+0x10/0x10 [ 26.138961] ret_from_fork_asm+0x1a/0x30 [ 26.138992] </TASK> [ 26.139004] [ 26.147562] Allocated by task 311: [ 26.147707] kasan_save_stack+0x45/0x70 [ 26.147904] kasan_save_track+0x18/0x40 [ 26.148089] kasan_save_alloc_info+0x3b/0x50 [ 26.148297] __kasan_kmalloc+0xb7/0xc0 [ 26.148532] __kmalloc_cache_noprof+0x189/0x420 [ 26.148733] kasan_bitops_generic+0x92/0x1c0 [ 26.149092] kunit_try_run_case+0x1a5/0x480 [ 26.149262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.149469] kthread+0x337/0x6f0 [ 26.149587] ret_from_fork+0x116/0x1d0 [ 26.149722] ret_from_fork_asm+0x1a/0x30 [ 26.149855] [ 26.149921] The buggy address belongs to the object at ffff8881058a8240 [ 26.149921] which belongs to the cache kmalloc-16 of size 16 [ 26.150452] The buggy address is located 8 bytes inside of [ 26.150452] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.150960] [ 26.151059] The buggy address belongs to the physical page: [ 26.151301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.151615] flags: 0x200000000000000(node=0|zone=2) [ 26.153057] page_type: f5(slab) [ 26.153232] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.153685] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.154141] page dumped because: kasan: bad access detected [ 26.154461] [ 26.154535] Memory state around the buggy address: [ 26.154837] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.155470] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.155901] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.156298] ^ [ 26.156644] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.157098] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.157494] ================================================================== [ 26.259352] ================================================================== [ 26.260682] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.261810] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.262357] [ 26.262467] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.262521] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.262535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.262557] Call Trace: [ 26.262572] <TASK> [ 26.262589] dump_stack_lvl+0x73/0xb0 [ 26.262622] print_report+0xd1/0x610 [ 26.262643] ? __virt_addr_valid+0x1db/0x2d0 [ 26.262666] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.262721] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.262746] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.262794] kasan_report+0x141/0x180 [ 26.262816] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.262844] kasan_check_range+0x10c/0x1c0 [ 26.262867] __kasan_check_write+0x18/0x20 [ 26.262890] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.262915] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.262941] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.262964] ? trace_hardirqs_on+0x37/0xe0 [ 26.262986] ? kasan_bitops_generic+0x92/0x1c0 [ 26.263012] kasan_bitops_generic+0x116/0x1c0 [ 26.263035] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.263059] ? __pfx_read_tsc+0x10/0x10 [ 26.263080] ? ktime_get_ts64+0x86/0x230 [ 26.263105] kunit_try_run_case+0x1a5/0x480 [ 26.263126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.263146] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.263170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.263193] ? __kthread_parkme+0x82/0x180 [ 26.263215] ? preempt_count_sub+0x50/0x80 [ 26.263239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.263261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.263286] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.263311] kthread+0x337/0x6f0 [ 26.263331] ? trace_preempt_on+0x20/0xc0 [ 26.263355] ? __pfx_kthread+0x10/0x10 [ 26.263377] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.263398] ? calculate_sigpending+0x7b/0xa0 [ 26.263423] ? __pfx_kthread+0x10/0x10 [ 26.263444] ret_from_fork+0x116/0x1d0 [ 26.263463] ? __pfx_kthread+0x10/0x10 [ 26.263483] ret_from_fork_asm+0x1a/0x30 [ 26.263514] </TASK> [ 26.263526] [ 26.270981] Allocated by task 311: [ 26.271120] kasan_save_stack+0x45/0x70 [ 26.271295] kasan_save_track+0x18/0x40 [ 26.271464] kasan_save_alloc_info+0x3b/0x50 [ 26.271656] __kasan_kmalloc+0xb7/0xc0 [ 26.271857] __kmalloc_cache_noprof+0x189/0x420 [ 26.272012] kasan_bitops_generic+0x92/0x1c0 [ 26.272170] kunit_try_run_case+0x1a5/0x480 [ 26.272375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.272625] kthread+0x337/0x6f0 [ 26.272824] ret_from_fork+0x116/0x1d0 [ 26.272953] ret_from_fork_asm+0x1a/0x30 [ 26.273085] [ 26.273174] The buggy address belongs to the object at ffff8881058a8240 [ 26.273174] which belongs to the cache kmalloc-16 of size 16 [ 26.273712] The buggy address is located 8 bytes inside of [ 26.273712] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.274171] [ 26.274262] The buggy address belongs to the physical page: [ 26.274487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.274782] flags: 0x200000000000000(node=0|zone=2) [ 26.274936] page_type: f5(slab) [ 26.275047] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.275268] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.275563] page dumped because: kasan: bad access detected [ 26.275837] [ 26.275924] Memory state around the buggy address: [ 26.276137] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.276445] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.276783] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.277080] ^ [ 26.277244] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.277448] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.277650] ================================================================== [ 26.158277] ================================================================== [ 26.158834] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.159334] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.159731] [ 26.159828] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.160149] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.160170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.160194] Call Trace: [ 26.160209] <TASK> [ 26.160227] dump_stack_lvl+0x73/0xb0 [ 26.160260] print_report+0xd1/0x610 [ 26.160283] ? __virt_addr_valid+0x1db/0x2d0 [ 26.160307] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.160331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.160357] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.160382] kasan_report+0x141/0x180 [ 26.160403] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.160433] kasan_check_range+0x10c/0x1c0 [ 26.160456] __kasan_check_write+0x18/0x20 [ 26.160478] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.160502] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.160527] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.160550] ? trace_hardirqs_on+0x37/0xe0 [ 26.160574] ? kasan_bitops_generic+0x92/0x1c0 [ 26.160600] kasan_bitops_generic+0x116/0x1c0 [ 26.160622] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.160646] ? __pfx_read_tsc+0x10/0x10 [ 26.160668] ? ktime_get_ts64+0x86/0x230 [ 26.160708] kunit_try_run_case+0x1a5/0x480 [ 26.160732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.160752] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.160776] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.160799] ? __kthread_parkme+0x82/0x180 [ 26.160843] ? preempt_count_sub+0x50/0x80 [ 26.160866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.160952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.160978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.161002] kthread+0x337/0x6f0 [ 26.161022] ? trace_preempt_on+0x20/0xc0 [ 26.161043] ? __pfx_kthread+0x10/0x10 [ 26.161064] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.161087] ? calculate_sigpending+0x7b/0xa0 [ 26.161111] ? __pfx_kthread+0x10/0x10 [ 26.161133] ret_from_fork+0x116/0x1d0 [ 26.161151] ? __pfx_kthread+0x10/0x10 [ 26.161172] ret_from_fork_asm+0x1a/0x30 [ 26.161202] </TASK> [ 26.161213] [ 26.172447] Allocated by task 311: [ 26.172622] kasan_save_stack+0x45/0x70 [ 26.173078] kasan_save_track+0x18/0x40 [ 26.173340] kasan_save_alloc_info+0x3b/0x50 [ 26.173599] __kasan_kmalloc+0xb7/0xc0 [ 26.173865] __kmalloc_cache_noprof+0x189/0x420 [ 26.174272] kasan_bitops_generic+0x92/0x1c0 [ 26.174463] kunit_try_run_case+0x1a5/0x480 [ 26.174665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.175089] kthread+0x337/0x6f0 [ 26.175218] ret_from_fork+0x116/0x1d0 [ 26.175398] ret_from_fork_asm+0x1a/0x30 [ 26.175597] [ 26.175691] The buggy address belongs to the object at ffff8881058a8240 [ 26.175691] which belongs to the cache kmalloc-16 of size 16 [ 26.176247] The buggy address is located 8 bytes inside of [ 26.176247] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.176654] [ 26.176757] The buggy address belongs to the physical page: [ 26.177108] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.177384] flags: 0x200000000000000(node=0|zone=2) [ 26.177611] page_type: f5(slab) [ 26.177741] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.178233] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.178482] page dumped because: kasan: bad access detected [ 26.178732] [ 26.178873] Memory state around the buggy address: [ 26.179078] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.179390] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.179635] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.179926] ^ [ 26.180399] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.180622] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.181155] ================================================================== [ 26.181581] ================================================================== [ 26.181906] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.182235] Write of size 8 at addr ffff8881058a8248 by task kunit_try_catch/311 [ 26.182569] [ 26.182669] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.182729] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.182743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.182766] Call Trace: [ 26.182783] <TASK> [ 26.182801] dump_stack_lvl+0x73/0xb0 [ 26.182830] print_report+0xd1/0x610 [ 26.182852] ? __virt_addr_valid+0x1db/0x2d0 [ 26.182875] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.182900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.182926] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.182951] kasan_report+0x141/0x180 [ 26.182972] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.183001] kasan_check_range+0x10c/0x1c0 [ 26.183024] __kasan_check_write+0x18/0x20 [ 26.183048] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.183073] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.183148] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.183172] ? trace_hardirqs_on+0x37/0xe0 [ 26.183194] ? kasan_bitops_generic+0x92/0x1c0 [ 26.183220] kasan_bitops_generic+0x116/0x1c0 [ 26.183243] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.183266] ? __pfx_read_tsc+0x10/0x10 [ 26.183287] ? ktime_get_ts64+0x86/0x230 [ 26.183312] kunit_try_run_case+0x1a5/0x480 [ 26.183334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.183353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.183377] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.183400] ? __kthread_parkme+0x82/0x180 [ 26.183420] ? preempt_count_sub+0x50/0x80 [ 26.183444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.183465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.183489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.183513] kthread+0x337/0x6f0 [ 26.183532] ? trace_preempt_on+0x20/0xc0 [ 26.183554] ? __pfx_kthread+0x10/0x10 [ 26.183574] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.183596] ? calculate_sigpending+0x7b/0xa0 [ 26.183619] ? __pfx_kthread+0x10/0x10 [ 26.183641] ret_from_fork+0x116/0x1d0 [ 26.183659] ? __pfx_kthread+0x10/0x10 [ 26.183680] ret_from_fork_asm+0x1a/0x30 [ 26.183722] </TASK> [ 26.183733] [ 26.194765] Allocated by task 311: [ 26.195214] kasan_save_stack+0x45/0x70 [ 26.195473] kasan_save_track+0x18/0x40 [ 26.195662] kasan_save_alloc_info+0x3b/0x50 [ 26.196081] __kasan_kmalloc+0xb7/0xc0 [ 26.196401] __kmalloc_cache_noprof+0x189/0x420 [ 26.196598] kasan_bitops_generic+0x92/0x1c0 [ 26.197040] kunit_try_run_case+0x1a5/0x480 [ 26.197291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.197705] kthread+0x337/0x6f0 [ 26.197993] ret_from_fork+0x116/0x1d0 [ 26.198174] ret_from_fork_asm+0x1a/0x30 [ 26.198353] [ 26.198434] The buggy address belongs to the object at ffff8881058a8240 [ 26.198434] which belongs to the cache kmalloc-16 of size 16 [ 26.199480] The buggy address is located 8 bytes inside of [ 26.199480] allocated 9-byte region [ffff8881058a8240, ffff8881058a8249) [ 26.200401] [ 26.200621] The buggy address belongs to the physical page: [ 26.201132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 26.201569] flags: 0x200000000000000(node=0|zone=2) [ 26.201980] page_type: f5(slab) [ 26.202170] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.202445] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.202742] page dumped because: kasan: bad access detected [ 26.203230] [ 26.203322] Memory state around the buggy address: [ 26.203754] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.204281] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 26.204752] >ffff8881058a8200: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.205307] ^ [ 26.205540] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.206033] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.206555] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 26.109908] ================================================================== [ 26.110262] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 26.110522] Read of size 1 at addr ffff88810539c3d0 by task kunit_try_catch/309 [ 26.110849] [ 26.110940] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.111041] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.111055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.111077] Call Trace: [ 26.111096] <TASK> [ 26.111113] dump_stack_lvl+0x73/0xb0 [ 26.111143] print_report+0xd1/0x610 [ 26.111165] ? __virt_addr_valid+0x1db/0x2d0 [ 26.111190] ? strnlen+0x73/0x80 [ 26.111209] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.111235] ? strnlen+0x73/0x80 [ 26.111254] kasan_report+0x141/0x180 [ 26.111278] ? strnlen+0x73/0x80 [ 26.111301] __asan_report_load1_noabort+0x18/0x20 [ 26.111325] strnlen+0x73/0x80 [ 26.111345] kasan_strings+0x615/0xe80 [ 26.111364] ? trace_hardirqs_on+0x37/0xe0 [ 26.111388] ? __pfx_kasan_strings+0x10/0x10 [ 26.111408] ? finish_task_switch.isra.0+0x153/0x700 [ 26.111432] ? __switch_to+0x47/0xf80 [ 26.111458] ? __schedule+0x10cc/0x2b60 [ 26.111482] ? __pfx_read_tsc+0x10/0x10 [ 26.111504] ? ktime_get_ts64+0x86/0x230 [ 26.111530] kunit_try_run_case+0x1a5/0x480 [ 26.111551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.111571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.111594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.111618] ? __kthread_parkme+0x82/0x180 [ 26.111638] ? preempt_count_sub+0x50/0x80 [ 26.111661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.111682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.111719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.111744] kthread+0x337/0x6f0 [ 26.111764] ? trace_preempt_on+0x20/0xc0 [ 26.111785] ? __pfx_kthread+0x10/0x10 [ 26.111806] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.111834] ? calculate_sigpending+0x7b/0xa0 [ 26.111858] ? __pfx_kthread+0x10/0x10 [ 26.111879] ret_from_fork+0x116/0x1d0 [ 26.111899] ? __pfx_kthread+0x10/0x10 [ 26.111920] ret_from_fork_asm+0x1a/0x30 [ 26.111950] </TASK> [ 26.111961] [ 26.120010] Allocated by task 309: [ 26.120146] kasan_save_stack+0x45/0x70 [ 26.120290] kasan_save_track+0x18/0x40 [ 26.120420] kasan_save_alloc_info+0x3b/0x50 [ 26.120563] __kasan_kmalloc+0xb7/0xc0 [ 26.120690] __kmalloc_cache_noprof+0x189/0x420 [ 26.120854] kasan_strings+0xc0/0xe80 [ 26.120978] kunit_try_run_case+0x1a5/0x480 [ 26.121175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.121422] kthread+0x337/0x6f0 [ 26.121793] ret_from_fork+0x116/0x1d0 [ 26.121983] ret_from_fork_asm+0x1a/0x30 [ 26.122172] [ 26.122259] Freed by task 309: [ 26.122549] kasan_save_stack+0x45/0x70 [ 26.122757] kasan_save_track+0x18/0x40 [ 26.123084] kasan_save_free_info+0x3f/0x60 [ 26.123291] __kasan_slab_free+0x56/0x70 [ 26.123482] kfree+0x222/0x3f0 [ 26.123640] kasan_strings+0x2aa/0xe80 [ 26.123871] kunit_try_run_case+0x1a5/0x480 [ 26.124079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.124330] kthread+0x337/0x6f0 [ 26.124442] ret_from_fork+0x116/0x1d0 [ 26.124564] ret_from_fork_asm+0x1a/0x30 [ 26.124704] [ 26.124769] The buggy address belongs to the object at ffff88810539c3c0 [ 26.124769] which belongs to the cache kmalloc-32 of size 32 [ 26.125530] The buggy address is located 16 bytes inside of [ 26.125530] freed 32-byte region [ffff88810539c3c0, ffff88810539c3e0) [ 26.126402] [ 26.126520] The buggy address belongs to the physical page: [ 26.126747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539c [ 26.127161] flags: 0x200000000000000(node=0|zone=2) [ 26.127378] page_type: f5(slab) [ 26.127493] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.127720] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.128084] page dumped because: kasan: bad access detected [ 26.128433] [ 26.128528] Memory state around the buggy address: [ 26.128689] ffff88810539c280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.129277] ffff88810539c300: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.129558] >ffff88810539c380: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.129846] ^ [ 26.130339] ffff88810539c400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.130587] ffff88810539c480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.130798] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 26.087793] ================================================================== [ 26.088431] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 26.089305] Read of size 1 at addr ffff88810539c3d0 by task kunit_try_catch/309 [ 26.089604] [ 26.089705] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.089758] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.089772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.090384] Call Trace: [ 26.090404] <TASK> [ 26.090423] dump_stack_lvl+0x73/0xb0 [ 26.090467] print_report+0xd1/0x610 [ 26.090490] ? __virt_addr_valid+0x1db/0x2d0 [ 26.090515] ? strlen+0x8f/0xb0 [ 26.090534] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.090561] ? strlen+0x8f/0xb0 [ 26.090583] kasan_report+0x141/0x180 [ 26.090605] ? strlen+0x8f/0xb0 [ 26.090629] __asan_report_load1_noabort+0x18/0x20 [ 26.090653] strlen+0x8f/0xb0 [ 26.090672] kasan_strings+0x57b/0xe80 [ 26.090690] ? trace_hardirqs_on+0x37/0xe0 [ 26.090724] ? __pfx_kasan_strings+0x10/0x10 [ 26.090744] ? finish_task_switch.isra.0+0x153/0x700 [ 26.090765] ? __switch_to+0x47/0xf80 [ 26.090804] ? __schedule+0x10cc/0x2b60 [ 26.090828] ? __pfx_read_tsc+0x10/0x10 [ 26.090850] ? ktime_get_ts64+0x86/0x230 [ 26.090875] kunit_try_run_case+0x1a5/0x480 [ 26.090937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.090961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.090985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.091008] ? __kthread_parkme+0x82/0x180 [ 26.091029] ? preempt_count_sub+0x50/0x80 [ 26.091052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.091073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.091098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.091123] kthread+0x337/0x6f0 [ 26.091141] ? trace_preempt_on+0x20/0xc0 [ 26.091164] ? __pfx_kthread+0x10/0x10 [ 26.091184] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.091206] ? calculate_sigpending+0x7b/0xa0 [ 26.091229] ? __pfx_kthread+0x10/0x10 [ 26.091251] ret_from_fork+0x116/0x1d0 [ 26.091270] ? __pfx_kthread+0x10/0x10 [ 26.091291] ret_from_fork_asm+0x1a/0x30 [ 26.091321] </TASK> [ 26.091334] [ 26.099011] Allocated by task 309: [ 26.099233] kasan_save_stack+0x45/0x70 [ 26.099403] kasan_save_track+0x18/0x40 [ 26.099556] kasan_save_alloc_info+0x3b/0x50 [ 26.099761] __kasan_kmalloc+0xb7/0xc0 [ 26.099938] __kmalloc_cache_noprof+0x189/0x420 [ 26.100136] kasan_strings+0xc0/0xe80 [ 26.100293] kunit_try_run_case+0x1a5/0x480 [ 26.100447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.100687] kthread+0x337/0x6f0 [ 26.100875] ret_from_fork+0x116/0x1d0 [ 26.101042] ret_from_fork_asm+0x1a/0x30 [ 26.101203] [ 26.101268] Freed by task 309: [ 26.101373] kasan_save_stack+0x45/0x70 [ 26.101558] kasan_save_track+0x18/0x40 [ 26.101759] kasan_save_free_info+0x3f/0x60 [ 26.102223] __kasan_slab_free+0x56/0x70 [ 26.102361] kfree+0x222/0x3f0 [ 26.102475] kasan_strings+0x2aa/0xe80 [ 26.102601] kunit_try_run_case+0x1a5/0x480 [ 26.102839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.103140] kthread+0x337/0x6f0 [ 26.103309] ret_from_fork+0x116/0x1d0 [ 26.103489] ret_from_fork_asm+0x1a/0x30 [ 26.103676] [ 26.103786] The buggy address belongs to the object at ffff88810539c3c0 [ 26.103786] which belongs to the cache kmalloc-32 of size 32 [ 26.104412] The buggy address is located 16 bytes inside of [ 26.104412] freed 32-byte region [ffff88810539c3c0, ffff88810539c3e0) [ 26.105181] [ 26.105293] The buggy address belongs to the physical page: [ 26.105534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539c [ 26.105970] flags: 0x200000000000000(node=0|zone=2) [ 26.106150] page_type: f5(slab) [ 26.106321] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.106619] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.107040] page dumped because: kasan: bad access detected [ 26.107259] [ 26.107349] Memory state around the buggy address: [ 26.107574] ffff88810539c280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.107876] ffff88810539c300: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.108167] >ffff88810539c380: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.108452] ^ [ 26.108626] ffff88810539c400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.109176] ffff88810539c480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.109484] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 26.067560] ================================================================== [ 26.067853] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 26.068222] Read of size 1 at addr ffff88810539c3d0 by task kunit_try_catch/309 [ 26.068585] [ 26.068708] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.068762] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.068776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.068812] Call Trace: [ 26.068831] <TASK> [ 26.068851] dump_stack_lvl+0x73/0xb0 [ 26.068882] print_report+0xd1/0x610 [ 26.068905] ? __virt_addr_valid+0x1db/0x2d0 [ 26.068929] ? kasan_strings+0xcbc/0xe80 [ 26.068949] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.068974] ? kasan_strings+0xcbc/0xe80 [ 26.068996] kasan_report+0x141/0x180 [ 26.069017] ? kasan_strings+0xcbc/0xe80 [ 26.069042] __asan_report_load1_noabort+0x18/0x20 [ 26.069221] kasan_strings+0xcbc/0xe80 [ 26.069246] ? trace_hardirqs_on+0x37/0xe0 [ 26.069271] ? __pfx_kasan_strings+0x10/0x10 [ 26.069291] ? finish_task_switch.isra.0+0x153/0x700 [ 26.069312] ? __switch_to+0x47/0xf80 [ 26.069340] ? __schedule+0x10cc/0x2b60 [ 26.069364] ? __pfx_read_tsc+0x10/0x10 [ 26.069387] ? ktime_get_ts64+0x86/0x230 [ 26.069411] kunit_try_run_case+0x1a5/0x480 [ 26.069434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.069453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.069477] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.069501] ? __kthread_parkme+0x82/0x180 [ 26.069521] ? preempt_count_sub+0x50/0x80 [ 26.069544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.069565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.069589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.069614] kthread+0x337/0x6f0 [ 26.069633] ? trace_preempt_on+0x20/0xc0 [ 26.069655] ? __pfx_kthread+0x10/0x10 [ 26.069675] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.069713] ? calculate_sigpending+0x7b/0xa0 [ 26.069738] ? __pfx_kthread+0x10/0x10 [ 26.069759] ret_from_fork+0x116/0x1d0 [ 26.069788] ? __pfx_kthread+0x10/0x10 [ 26.069810] ret_from_fork_asm+0x1a/0x30 [ 26.069841] </TASK> [ 26.069853] [ 26.077293] Allocated by task 309: [ 26.077475] kasan_save_stack+0x45/0x70 [ 26.077674] kasan_save_track+0x18/0x40 [ 26.078033] kasan_save_alloc_info+0x3b/0x50 [ 26.078253] __kasan_kmalloc+0xb7/0xc0 [ 26.078419] __kmalloc_cache_noprof+0x189/0x420 [ 26.078620] kasan_strings+0xc0/0xe80 [ 26.078772] kunit_try_run_case+0x1a5/0x480 [ 26.079042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.079269] kthread+0x337/0x6f0 [ 26.079384] ret_from_fork+0x116/0x1d0 [ 26.079512] ret_from_fork_asm+0x1a/0x30 [ 26.079645] [ 26.079722] Freed by task 309: [ 26.080063] kasan_save_stack+0x45/0x70 [ 26.080265] kasan_save_track+0x18/0x40 [ 26.080457] kasan_save_free_info+0x3f/0x60 [ 26.080660] __kasan_slab_free+0x56/0x70 [ 26.080865] kfree+0x222/0x3f0 [ 26.081172] kasan_strings+0x2aa/0xe80 [ 26.081367] kunit_try_run_case+0x1a5/0x480 [ 26.081572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.081764] kthread+0x337/0x6f0 [ 26.081879] ret_from_fork+0x116/0x1d0 [ 26.082006] ret_from_fork_asm+0x1a/0x30 [ 26.082141] [ 26.082230] The buggy address belongs to the object at ffff88810539c3c0 [ 26.082230] which belongs to the cache kmalloc-32 of size 32 [ 26.082752] The buggy address is located 16 bytes inside of [ 26.082752] freed 32-byte region [ffff88810539c3c0, ffff88810539c3e0) [ 26.083109] [ 26.083256] The buggy address belongs to the physical page: [ 26.083503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539c [ 26.083983] flags: 0x200000000000000(node=0|zone=2) [ 26.084184] page_type: f5(slab) [ 26.084331] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.084556] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.084789] page dumped because: kasan: bad access detected [ 26.085157] [ 26.085266] Memory state around the buggy address: [ 26.085500] ffff88810539c280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.085834] ffff88810539c300: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.086160] >ffff88810539c380: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.086480] ^ [ 26.086840] ffff88810539c400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.087123] ffff88810539c480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.087337] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 26.039566] ================================================================== [ 26.041230] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 26.041439] Read of size 1 at addr ffff88810539c3d0 by task kunit_try_catch/309 [ 26.041657] [ 26.041764] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.041836] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.041850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.041873] Call Trace: [ 26.041888] <TASK> [ 26.041909] dump_stack_lvl+0x73/0xb0 [ 26.041940] print_report+0xd1/0x610 [ 26.041964] ? __virt_addr_valid+0x1db/0x2d0 [ 26.041988] ? strcmp+0xb0/0xc0 [ 26.042006] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.042033] ? strcmp+0xb0/0xc0 [ 26.042052] kasan_report+0x141/0x180 [ 26.042074] ? strcmp+0xb0/0xc0 [ 26.042096] __asan_report_load1_noabort+0x18/0x20 [ 26.042120] strcmp+0xb0/0xc0 [ 26.042139] kasan_strings+0x431/0xe80 [ 26.042158] ? trace_hardirqs_on+0x37/0xe0 [ 26.042182] ? __pfx_kasan_strings+0x10/0x10 [ 26.042201] ? finish_task_switch.isra.0+0x153/0x700 [ 26.042225] ? __switch_to+0x47/0xf80 [ 26.042253] ? __schedule+0x10cc/0x2b60 [ 26.042277] ? __pfx_read_tsc+0x10/0x10 [ 26.042299] ? ktime_get_ts64+0x86/0x230 [ 26.042324] kunit_try_run_case+0x1a5/0x480 [ 26.042349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.042369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.042393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.042416] ? __kthread_parkme+0x82/0x180 [ 26.042438] ? preempt_count_sub+0x50/0x80 [ 26.042460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.042482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.042506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.042531] kthread+0x337/0x6f0 [ 26.042550] ? trace_preempt_on+0x20/0xc0 [ 26.042574] ? __pfx_kthread+0x10/0x10 [ 26.042595] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.042617] ? calculate_sigpending+0x7b/0xa0 [ 26.042641] ? __pfx_kthread+0x10/0x10 [ 26.042664] ret_from_fork+0x116/0x1d0 [ 26.042683] ? __pfx_kthread+0x10/0x10 [ 26.042715] ret_from_fork_asm+0x1a/0x30 [ 26.042746] </TASK> [ 26.042759] [ 26.052157] Allocated by task 309: [ 26.052471] kasan_save_stack+0x45/0x70 [ 26.052681] kasan_save_track+0x18/0x40 [ 26.053038] kasan_save_alloc_info+0x3b/0x50 [ 26.053367] __kasan_kmalloc+0xb7/0xc0 [ 26.053567] __kmalloc_cache_noprof+0x189/0x420 [ 26.053985] kasan_strings+0xc0/0xe80 [ 26.054227] kunit_try_run_case+0x1a5/0x480 [ 26.054529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.055000] kthread+0x337/0x6f0 [ 26.055194] ret_from_fork+0x116/0x1d0 [ 26.055378] ret_from_fork_asm+0x1a/0x30 [ 26.055556] [ 26.055644] Freed by task 309: [ 26.056054] kasan_save_stack+0x45/0x70 [ 26.056341] kasan_save_track+0x18/0x40 [ 26.056678] kasan_save_free_info+0x3f/0x60 [ 26.057109] __kasan_slab_free+0x56/0x70 [ 26.057302] kfree+0x222/0x3f0 [ 26.057448] kasan_strings+0x2aa/0xe80 [ 26.057620] kunit_try_run_case+0x1a5/0x480 [ 26.058063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.058558] kthread+0x337/0x6f0 [ 26.058845] ret_from_fork+0x116/0x1d0 [ 26.059288] ret_from_fork_asm+0x1a/0x30 [ 26.059479] [ 26.059568] The buggy address belongs to the object at ffff88810539c3c0 [ 26.059568] which belongs to the cache kmalloc-32 of size 32 [ 26.060475] The buggy address is located 16 bytes inside of [ 26.060475] freed 32-byte region [ffff88810539c3c0, ffff88810539c3e0) [ 26.061351] [ 26.061460] The buggy address belongs to the physical page: [ 26.061706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539c [ 26.062440] flags: 0x200000000000000(node=0|zone=2) [ 26.062833] page_type: f5(slab) [ 26.063336] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.063671] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.064281] page dumped because: kasan: bad access detected [ 26.064637] [ 26.064751] Memory state around the buggy address: [ 26.065240] ffff88810539c280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.065538] ffff88810539c300: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.065804] >ffff88810539c380: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.066187] ^ [ 26.066412] ffff88810539c400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.066746] ffff88810539c480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.067060] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 25.999676] ================================================================== [ 26.001545] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 26.002243] Read of size 1 at addr ffff8881058d4918 by task kunit_try_catch/307 [ 26.002481] [ 26.002574] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 26.002631] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.002646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.002679] Call Trace: [ 26.002706] <TASK> [ 26.002729] dump_stack_lvl+0x73/0xb0 [ 26.002791] print_report+0xd1/0x610 [ 26.002820] ? __virt_addr_valid+0x1db/0x2d0 [ 26.002847] ? memcmp+0x1b4/0x1d0 [ 26.003004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.003039] ? memcmp+0x1b4/0x1d0 [ 26.003073] kasan_report+0x141/0x180 [ 26.003096] ? memcmp+0x1b4/0x1d0 [ 26.003121] __asan_report_load1_noabort+0x18/0x20 [ 26.003145] memcmp+0x1b4/0x1d0 [ 26.003165] kasan_memcmp+0x18f/0x390 [ 26.003186] ? trace_hardirqs_on+0x37/0xe0 [ 26.003211] ? __pfx_kasan_memcmp+0x10/0x10 [ 26.003230] ? finish_task_switch.isra.0+0x153/0x700 [ 26.003255] ? __switch_to+0x47/0xf80 [ 26.003284] ? __pfx_read_tsc+0x10/0x10 [ 26.003343] ? ktime_get_ts64+0x86/0x230 [ 26.003403] kunit_try_run_case+0x1a5/0x480 [ 26.003427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.003448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.003473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.003497] ? __kthread_parkme+0x82/0x180 [ 26.003520] ? preempt_count_sub+0x50/0x80 [ 26.003542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.003566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.003590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.003616] kthread+0x337/0x6f0 [ 26.003635] ? trace_preempt_on+0x20/0xc0 [ 26.003657] ? __pfx_kthread+0x10/0x10 [ 26.003677] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.003711] ? calculate_sigpending+0x7b/0xa0 [ 26.003736] ? __pfx_kthread+0x10/0x10 [ 26.003759] ret_from_fork+0x116/0x1d0 [ 26.003797] ? __pfx_kthread+0x10/0x10 [ 26.003823] ret_from_fork_asm+0x1a/0x30 [ 26.003853] </TASK> [ 26.003866] [ 26.018510] Allocated by task 307: [ 26.018961] kasan_save_stack+0x45/0x70 [ 26.019372] kasan_save_track+0x18/0x40 [ 26.019513] kasan_save_alloc_info+0x3b/0x50 [ 26.019659] __kasan_kmalloc+0xb7/0xc0 [ 26.020095] __kmalloc_cache_noprof+0x189/0x420 [ 26.020519] kasan_memcmp+0xb7/0x390 [ 26.021049] kunit_try_run_case+0x1a5/0x480 [ 26.021374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.021542] kthread+0x337/0x6f0 [ 26.021656] ret_from_fork+0x116/0x1d0 [ 26.021791] ret_from_fork_asm+0x1a/0x30 [ 26.022033] [ 26.022211] The buggy address belongs to the object at ffff8881058d4900 [ 26.022211] which belongs to the cache kmalloc-32 of size 32 [ 26.023335] The buggy address is located 0 bytes to the right of [ 26.023335] allocated 24-byte region [ffff8881058d4900, ffff8881058d4918) [ 26.024515] [ 26.024591] The buggy address belongs to the physical page: [ 26.024793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d4 [ 26.025541] flags: 0x200000000000000(node=0|zone=2) [ 26.026048] page_type: f5(slab) [ 26.026210] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.026649] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.027384] page dumped because: kasan: bad access detected [ 26.027712] [ 26.027848] Memory state around the buggy address: [ 26.028333] ffff8881058d4800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.028800] ffff8881058d4880: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.029079] >ffff8881058d4900: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.029286] ^ [ 26.029416] ffff8881058d4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.029620] ffff8881058d4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.030602] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 25.971684] ================================================================== [ 25.972210] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 25.972544] Read of size 1 at addr ffff888106217c4a by task kunit_try_catch/303 [ 25.972859] [ 25.973048] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.973107] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.973121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.973143] Call Trace: [ 25.973159] <TASK> [ 25.973179] dump_stack_lvl+0x73/0xb0 [ 25.973213] print_report+0xd1/0x610 [ 25.973236] ? __virt_addr_valid+0x1db/0x2d0 [ 25.973262] ? kasan_alloca_oob_right+0x329/0x390 [ 25.973284] ? kasan_addr_to_slab+0x11/0xa0 [ 25.973304] ? kasan_alloca_oob_right+0x329/0x390 [ 25.973326] kasan_report+0x141/0x180 [ 25.973348] ? kasan_alloca_oob_right+0x329/0x390 [ 25.973376] __asan_report_load1_noabort+0x18/0x20 [ 25.973400] kasan_alloca_oob_right+0x329/0x390 [ 25.973421] ? __kasan_check_write+0x18/0x20 [ 25.973444] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.973467] ? finish_task_switch.isra.0+0x153/0x700 [ 25.973489] ? __ww_mutex_lock.constprop.0+0x148e/0x1e90 [ 25.973517] ? trace_hardirqs_on+0x37/0xe0 [ 25.973542] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.973567] ? __schedule+0x10cc/0x2b60 [ 25.973589] ? __pfx_read_tsc+0x10/0x10 [ 25.973611] ? ktime_get_ts64+0x86/0x230 [ 25.973637] kunit_try_run_case+0x1a5/0x480 [ 25.973660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.973680] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.973717] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.973741] ? __kthread_parkme+0x82/0x180 [ 25.973782] ? preempt_count_sub+0x50/0x80 [ 25.973805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.973826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.973851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.973892] kthread+0x337/0x6f0 [ 25.973912] ? trace_preempt_on+0x20/0xc0 [ 25.973934] ? __pfx_kthread+0x10/0x10 [ 25.973955] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.973977] ? calculate_sigpending+0x7b/0xa0 [ 25.974001] ? __pfx_kthread+0x10/0x10 [ 25.974022] ret_from_fork+0x116/0x1d0 [ 25.974041] ? __pfx_kthread+0x10/0x10 [ 25.974061] ret_from_fork_asm+0x1a/0x30 [ 25.974093] </TASK> [ 25.974105] [ 25.982153] The buggy address belongs to stack of task kunit_try_catch/303 [ 25.982405] [ 25.982472] The buggy address belongs to the physical page: [ 25.982661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106217 [ 25.983223] flags: 0x200000000000000(node=0|zone=2) [ 25.983460] raw: 0200000000000000 ffffea00041885c8 ffffea00041885c8 0000000000000000 [ 25.983822] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.984184] page dumped because: kasan: bad access detected [ 25.984407] [ 25.984496] Memory state around the buggy address: [ 25.984650] ffff888106217b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.984959] ffff888106217b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.985227] >ffff888106217c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.985532] ^ [ 25.985789] ffff888106217c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.986177] ffff888106217d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.986431] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 25.945655] ================================================================== [ 25.946115] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 25.946357] Read of size 1 at addr ffff8881062bfc3f by task kunit_try_catch/301 [ 25.946571] [ 25.946655] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.946720] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.946735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.946757] Call Trace: [ 25.946771] <TASK> [ 25.946791] dump_stack_lvl+0x73/0xb0 [ 25.946822] print_report+0xd1/0x610 [ 25.946844] ? __virt_addr_valid+0x1db/0x2d0 [ 25.946869] ? kasan_alloca_oob_left+0x320/0x380 [ 25.946890] ? kasan_addr_to_slab+0x11/0xa0 [ 25.946910] ? kasan_alloca_oob_left+0x320/0x380 [ 25.946932] kasan_report+0x141/0x180 [ 25.946952] ? kasan_alloca_oob_left+0x320/0x380 [ 25.946979] __asan_report_load1_noabort+0x18/0x20 [ 25.947003] kasan_alloca_oob_left+0x320/0x380 [ 25.947024] ? __kasan_check_write+0x18/0x20 [ 25.947046] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.947067] ? finish_task_switch.isra.0+0x153/0x700 [ 25.947089] ? __ww_mutex_lock.constprop.0+0x148e/0x1e90 [ 25.947116] ? trace_hardirqs_on+0x37/0xe0 [ 25.947140] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.947163] ? __schedule+0x10cc/0x2b60 [ 25.947185] ? __pfx_read_tsc+0x10/0x10 [ 25.947206] ? ktime_get_ts64+0x86/0x230 [ 25.947230] kunit_try_run_case+0x1a5/0x480 [ 25.947253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.947273] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.947296] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.947319] ? __kthread_parkme+0x82/0x180 [ 25.947340] ? preempt_count_sub+0x50/0x80 [ 25.947361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.947383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.947407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.947432] kthread+0x337/0x6f0 [ 25.947451] ? trace_preempt_on+0x20/0xc0 [ 25.947472] ? __pfx_kthread+0x10/0x10 [ 25.947491] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.947512] ? calculate_sigpending+0x7b/0xa0 [ 25.947536] ? __pfx_kthread+0x10/0x10 [ 25.947556] ret_from_fork+0x116/0x1d0 [ 25.947575] ? __pfx_kthread+0x10/0x10 [ 25.947594] ret_from_fork_asm+0x1a/0x30 [ 25.947625] </TASK> [ 25.947636] [ 25.962918] The buggy address belongs to stack of task kunit_try_catch/301 [ 25.963273] [ 25.963365] The buggy address belongs to the physical page: [ 25.963613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062bf [ 25.964080] flags: 0x200000000000000(node=0|zone=2) [ 25.964320] raw: 0200000000000000 ffffea000418afc8 ffffea000418afc8 0000000000000000 [ 25.964618] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.965175] page dumped because: kasan: bad access detected [ 25.965405] [ 25.965494] Memory state around the buggy address: [ 25.965705] ffff8881062bfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.966074] ffff8881062bfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.966362] >ffff8881062bfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.966620] ^ [ 25.966856] ffff8881062bfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.967117] ffff8881062bfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.967418] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 25.913171] ================================================================== [ 25.915204] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 25.916620] Read of size 1 at addr ffff8881062e7d02 by task kunit_try_catch/299 [ 25.917189] [ 25.917296] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.917354] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.917370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.917394] Call Trace: [ 25.917408] <TASK> [ 25.917430] dump_stack_lvl+0x73/0xb0 [ 25.917469] print_report+0xd1/0x610 [ 25.917495] ? __virt_addr_valid+0x1db/0x2d0 [ 25.917521] ? kasan_stack_oob+0x2b5/0x300 [ 25.917541] ? kasan_addr_to_slab+0x11/0xa0 [ 25.917561] ? kasan_stack_oob+0x2b5/0x300 [ 25.917581] kasan_report+0x141/0x180 [ 25.917603] ? kasan_stack_oob+0x2b5/0x300 [ 25.917627] __asan_report_load1_noabort+0x18/0x20 [ 25.917651] kasan_stack_oob+0x2b5/0x300 [ 25.917671] ? __pfx_kasan_stack_oob+0x10/0x10 [ 25.917690] ? finish_task_switch.isra.0+0x153/0x700 [ 25.917952] ? __switch_to+0x47/0xf80 [ 25.917992] ? __schedule+0x10cc/0x2b60 [ 25.918017] ? __pfx_read_tsc+0x10/0x10 [ 25.918175] ? ktime_get_ts64+0x86/0x230 [ 25.918216] kunit_try_run_case+0x1a5/0x480 [ 25.918244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.918265] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.918289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.918313] ? __kthread_parkme+0x82/0x180 [ 25.918335] ? preempt_count_sub+0x50/0x80 [ 25.918358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.918380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.918406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.918430] kthread+0x337/0x6f0 [ 25.918450] ? trace_preempt_on+0x20/0xc0 [ 25.918475] ? __pfx_kthread+0x10/0x10 [ 25.918495] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.918519] ? calculate_sigpending+0x7b/0xa0 [ 25.918543] ? __pfx_kthread+0x10/0x10 [ 25.918565] ret_from_fork+0x116/0x1d0 [ 25.918584] ? __pfx_kthread+0x10/0x10 [ 25.918605] ret_from_fork_asm+0x1a/0x30 [ 25.918637] </TASK> [ 25.918649] [ 25.931438] The buggy address belongs to stack of task kunit_try_catch/299 [ 25.932291] and is located at offset 138 in frame: [ 25.932773] kasan_stack_oob+0x0/0x300 [ 25.933434] [ 25.933647] This frame has 4 objects: [ 25.934246] [48, 49) '__assertion' [ 25.934276] [64, 72) 'array' [ 25.934619] [96, 112) '__assertion' [ 25.934926] [128, 138) 'stack_array' [ 25.935369] [ 25.935968] The buggy address belongs to the physical page: [ 25.936581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062e7 [ 25.936874] flags: 0x200000000000000(node=0|zone=2) [ 25.937426] raw: 0200000000000000 ffffea000418b9c8 ffffea000418b9c8 0000000000000000 [ 25.938194] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.938823] page dumped because: kasan: bad access detected [ 25.939273] [ 25.939357] Memory state around the buggy address: [ 25.939764] ffff8881062e7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.940062] ffff8881062e7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 25.940715] >ffff8881062e7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.941320] ^ [ 25.941440] ffff8881062e7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.941645] ffff8881062e7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.941876] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 25.892328] ================================================================== [ 25.892854] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 25.893210] Read of size 1 at addr ffffffff93eacf4d by task kunit_try_catch/295 [ 25.893506] [ 25.893646] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.893712] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.893726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.893749] Call Trace: [ 25.893763] <TASK> [ 25.893782] dump_stack_lvl+0x73/0xb0 [ 25.893813] print_report+0xd1/0x610 [ 25.893836] ? __virt_addr_valid+0x1db/0x2d0 [ 25.893861] ? kasan_global_oob_right+0x286/0x2d0 [ 25.893883] ? kasan_addr_to_slab+0x11/0xa0 [ 25.893904] ? kasan_global_oob_right+0x286/0x2d0 [ 25.893926] kasan_report+0x141/0x180 [ 25.894002] ? kasan_global_oob_right+0x286/0x2d0 [ 25.894029] __asan_report_load1_noabort+0x18/0x20 [ 25.894053] kasan_global_oob_right+0x286/0x2d0 [ 25.894074] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.894100] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.894125] kunit_try_run_case+0x1a5/0x480 [ 25.894149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.894170] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.894194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.894220] ? __kthread_parkme+0x82/0x180 [ 25.894240] ? preempt_count_sub+0x50/0x80 [ 25.894264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.894286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.894310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.894335] kthread+0x337/0x6f0 [ 25.894354] ? trace_preempt_on+0x20/0xc0 [ 25.894378] ? __pfx_kthread+0x10/0x10 [ 25.894398] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.894420] ? calculate_sigpending+0x7b/0xa0 [ 25.894444] ? __pfx_kthread+0x10/0x10 [ 25.894466] ret_from_fork+0x116/0x1d0 [ 25.894486] ? __pfx_kthread+0x10/0x10 [ 25.894507] ret_from_fork_asm+0x1a/0x30 [ 25.894537] </TASK> [ 25.894550] [ 25.901393] The buggy address belongs to the variable: [ 25.901562] global_array+0xd/0x40 [ 25.901788] [ 25.902016] The buggy address belongs to the physical page: [ 25.902280] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12b6ac [ 25.902613] flags: 0x200000000002000(reserved|node=0|zone=2) [ 25.903113] raw: 0200000000002000 ffffea0004adab08 ffffea0004adab08 0000000000000000 [ 25.903445] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.903827] page dumped because: kasan: bad access detected [ 25.904142] [ 25.904215] Memory state around the buggy address: [ 25.904407] ffffffff93eace00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.904709] ffffffff93eace80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.905080] >ffffffff93eacf00: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 25.905367] ^ [ 25.905595] ffffffff93eacf80: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 25.905929] ffffffff93ead000: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 25.906208] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 25.840441] ================================================================== [ 25.841171] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.841527] Free of addr ffff8881058d8301 by task kunit_try_catch/291 [ 25.842159] [ 25.842274] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.842501] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.842521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.842545] Call Trace: [ 25.842560] <TASK> [ 25.842579] dump_stack_lvl+0x73/0xb0 [ 25.842612] print_report+0xd1/0x610 [ 25.842635] ? __virt_addr_valid+0x1db/0x2d0 [ 25.842662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.842688] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842727] kasan_report_invalid_free+0x10a/0x130 [ 25.842752] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842789] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842814] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842838] check_slab_allocation+0x11f/0x130 [ 25.842859] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.842883] mempool_free+0x2ec/0x380 [ 25.842908] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.842933] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.842962] ? finish_task_switch.isra.0+0x153/0x700 [ 25.842989] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.843012] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.843041] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.843065] ? __pfx_mempool_kfree+0x10/0x10 [ 25.843090] ? __pfx_read_tsc+0x10/0x10 [ 25.843113] ? ktime_get_ts64+0x86/0x230 [ 25.843138] kunit_try_run_case+0x1a5/0x480 [ 25.843162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.843183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.843208] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.843231] ? __kthread_parkme+0x82/0x180 [ 25.843253] ? preempt_count_sub+0x50/0x80 [ 25.843275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.843297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.843322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.843346] kthread+0x337/0x6f0 [ 25.843366] ? trace_preempt_on+0x20/0xc0 [ 25.843389] ? __pfx_kthread+0x10/0x10 [ 25.843409] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.843431] ? calculate_sigpending+0x7b/0xa0 [ 25.843455] ? __pfx_kthread+0x10/0x10 [ 25.843477] ret_from_fork+0x116/0x1d0 [ 25.843496] ? __pfx_kthread+0x10/0x10 [ 25.843516] ret_from_fork_asm+0x1a/0x30 [ 25.843547] </TASK> [ 25.843559] [ 25.855297] Allocated by task 291: [ 25.855661] kasan_save_stack+0x45/0x70 [ 25.855984] kasan_save_track+0x18/0x40 [ 25.856225] kasan_save_alloc_info+0x3b/0x50 [ 25.856639] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.857160] remove_element+0x11e/0x190 [ 25.857294] mempool_alloc_preallocated+0x4d/0x90 [ 25.857441] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.857607] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.857779] kunit_try_run_case+0x1a5/0x480 [ 25.858251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.858745] kthread+0x337/0x6f0 [ 25.859122] ret_from_fork+0x116/0x1d0 [ 25.859559] ret_from_fork_asm+0x1a/0x30 [ 25.860010] [ 25.860203] The buggy address belongs to the object at ffff8881058d8300 [ 25.860203] which belongs to the cache kmalloc-128 of size 128 [ 25.861310] The buggy address is located 1 bytes inside of [ 25.861310] 128-byte region [ffff8881058d8300, ffff8881058d8380) [ 25.861897] [ 25.862085] The buggy address belongs to the physical page: [ 25.862593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d8 [ 25.863302] flags: 0x200000000000000(node=0|zone=2) [ 25.863461] page_type: f5(slab) [ 25.863576] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.864002] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.864826] page dumped because: kasan: bad access detected [ 25.865323] [ 25.865496] Memory state around the buggy address: [ 25.865930] ffff8881058d8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.866134] ffff8881058d8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.866334] >ffff8881058d8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.866532] ^ [ 25.866638] ffff8881058d8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.866853] ffff8881058d8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.867259] ================================================================== [ 25.870010] ================================================================== [ 25.870499] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.870786] Free of addr ffff888106234001 by task kunit_try_catch/293 [ 25.871955] [ 25.872084] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.872141] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.872156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.872179] Call Trace: [ 25.872193] <TASK> [ 25.872212] dump_stack_lvl+0x73/0xb0 [ 25.872245] print_report+0xd1/0x610 [ 25.872268] ? __virt_addr_valid+0x1db/0x2d0 [ 25.872293] ? kasan_addr_to_slab+0x11/0xa0 [ 25.872313] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872339] kasan_report_invalid_free+0x10a/0x130 [ 25.872363] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872392] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872416] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.872440] mempool_free+0x2ec/0x380 [ 25.872465] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.872489] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.872517] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.872539] ? finish_task_switch.isra.0+0x153/0x700 [ 25.872565] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.872590] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.872618] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.872640] ? __pfx_mempool_kfree+0x10/0x10 [ 25.872663] ? __pfx_read_tsc+0x10/0x10 [ 25.872685] ? ktime_get_ts64+0x86/0x230 [ 25.872723] kunit_try_run_case+0x1a5/0x480 [ 25.872746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.872767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.872791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.872815] ? __kthread_parkme+0x82/0x180 [ 25.872835] ? preempt_count_sub+0x50/0x80 [ 25.872858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.872879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.872956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.872982] kthread+0x337/0x6f0 [ 25.873002] ? trace_preempt_on+0x20/0xc0 [ 25.873026] ? __pfx_kthread+0x10/0x10 [ 25.873046] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.873069] ? calculate_sigpending+0x7b/0xa0 [ 25.873093] ? __pfx_kthread+0x10/0x10 [ 25.873114] ret_from_fork+0x116/0x1d0 [ 25.873133] ? __pfx_kthread+0x10/0x10 [ 25.873153] ret_from_fork_asm+0x1a/0x30 [ 25.873184] </TASK> [ 25.873196] [ 25.881802] The buggy address belongs to the physical page: [ 25.881996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106234 [ 25.882341] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.882583] flags: 0x200000000000040(head|node=0|zone=2) [ 25.882770] page_type: f8(unknown) [ 25.882893] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.883211] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.883537] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.884002] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.884326] head: 0200000000000002 ffffea0004188d01 00000000ffffffff 00000000ffffffff [ 25.884566] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.885001] page dumped because: kasan: bad access detected [ 25.885259] [ 25.885349] Memory state around the buggy address: [ 25.885563] ffff888106233f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.885853] ffff888106233f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.886196] >ffff888106234000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.886449] ^ [ 25.886562] ffff888106234080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.886852] ffff888106234100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.887165] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 25.782735] ================================================================== [ 25.784124] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.784369] Free of addr ffff888106234000 by task kunit_try_catch/287 [ 25.784566] [ 25.784656] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.784753] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.784784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.784829] Call Trace: [ 25.784844] <TASK> [ 25.784866] dump_stack_lvl+0x73/0xb0 [ 25.784901] print_report+0xd1/0x610 [ 25.784925] ? __virt_addr_valid+0x1db/0x2d0 [ 25.784952] ? kasan_addr_to_slab+0x11/0xa0 [ 25.784972] ? mempool_double_free_helper+0x184/0x370 [ 25.784996] kasan_report_invalid_free+0x10a/0x130 [ 25.785021] ? mempool_double_free_helper+0x184/0x370 [ 25.785049] ? mempool_double_free_helper+0x184/0x370 [ 25.785073] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 25.785097] mempool_free+0x2ec/0x380 [ 25.785123] mempool_double_free_helper+0x184/0x370 [ 25.785146] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.785171] ? __kasan_check_write+0x18/0x20 [ 25.785239] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.785263] ? finish_task_switch.isra.0+0x153/0x700 [ 25.785314] mempool_kmalloc_large_double_free+0xed/0x140 [ 25.785359] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 25.785394] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.785417] ? __pfx_mempool_kfree+0x10/0x10 [ 25.785442] ? __pfx_read_tsc+0x10/0x10 [ 25.785463] ? ktime_get_ts64+0x86/0x230 [ 25.785489] kunit_try_run_case+0x1a5/0x480 [ 25.785512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.785533] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.785559] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.785583] ? __kthread_parkme+0x82/0x180 [ 25.785603] ? preempt_count_sub+0x50/0x80 [ 25.785626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.785647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.785672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.785707] kthread+0x337/0x6f0 [ 25.785728] ? trace_preempt_on+0x20/0xc0 [ 25.785751] ? __pfx_kthread+0x10/0x10 [ 25.785788] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.785810] ? calculate_sigpending+0x7b/0xa0 [ 25.785835] ? __pfx_kthread+0x10/0x10 [ 25.785905] ret_from_fork+0x116/0x1d0 [ 25.785926] ? __pfx_kthread+0x10/0x10 [ 25.785948] ret_from_fork_asm+0x1a/0x30 [ 25.785992] </TASK> [ 25.786006] [ 25.802053] The buggy address belongs to the physical page: [ 25.802578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106234 [ 25.803079] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.803620] flags: 0x200000000000040(head|node=0|zone=2) [ 25.803839] page_type: f8(unknown) [ 25.804215] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.805033] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.805743] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.806153] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.806935] head: 0200000000000002 ffffea0004188d01 00000000ffffffff 00000000ffffffff [ 25.807531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.808166] page dumped because: kasan: bad access detected [ 25.808429] [ 25.808494] Memory state around the buggy address: [ 25.808646] ffff888106233f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.808892] ffff888106233f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.809214] >ffff888106234000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.809811] ^ [ 25.809965] ffff888106234080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.810480] ffff888106234100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.811098] ================================================================== [ 25.815113] ================================================================== [ 25.816444] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.817528] Free of addr ffff888106234000 by task kunit_try_catch/289 [ 25.818187] [ 25.818394] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.818453] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.818468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.818492] Call Trace: [ 25.818507] <TASK> [ 25.818529] dump_stack_lvl+0x73/0xb0 [ 25.818587] print_report+0xd1/0x610 [ 25.818612] ? __virt_addr_valid+0x1db/0x2d0 [ 25.818640] ? kasan_addr_to_slab+0x11/0xa0 [ 25.818660] ? mempool_double_free_helper+0x184/0x370 [ 25.818685] kasan_report_invalid_free+0x10a/0x130 [ 25.818721] ? mempool_double_free_helper+0x184/0x370 [ 25.818747] ? mempool_double_free_helper+0x184/0x370 [ 25.818770] __kasan_mempool_poison_pages+0x115/0x130 [ 25.818805] mempool_free+0x290/0x380 [ 25.818833] mempool_double_free_helper+0x184/0x370 [ 25.818856] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.818924] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.818950] ? irqentry_exit+0x2a/0x60 [ 25.818974] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.819002] mempool_page_alloc_double_free+0xe8/0x140 [ 25.819027] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.819053] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.819076] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.819101] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.819128] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.819156] kunit_try_run_case+0x1a5/0x480 [ 25.819181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.819201] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.819225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.819248] ? __kthread_parkme+0x82/0x180 [ 25.819272] ? preempt_count_sub+0x50/0x80 [ 25.819295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.819317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.819343] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.819370] kthread+0x337/0x6f0 [ 25.819391] ? trace_preempt_on+0x20/0xc0 [ 25.819417] ? __pfx_kthread+0x10/0x10 [ 25.819437] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.819460] ? calculate_sigpending+0x7b/0xa0 [ 25.819485] ? __pfx_kthread+0x10/0x10 [ 25.819507] ret_from_fork+0x116/0x1d0 [ 25.819529] ? __pfx_kthread+0x10/0x10 [ 25.819549] ret_from_fork_asm+0x1a/0x30 [ 25.819581] </TASK> [ 25.819595] [ 25.831184] The buggy address belongs to the physical page: [ 25.831429] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106234 [ 25.831767] flags: 0x200000000000000(node=0|zone=2) [ 25.832231] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.832681] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.833224] page dumped because: kasan: bad access detected [ 25.833654] [ 25.833901] Memory state around the buggy address: [ 25.834340] ffff888106233f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.834636] ffff888106233f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.835277] >ffff888106234000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.835734] ^ [ 25.836029] ffff888106234080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.836470] ffff888106234100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.836769] ================================================================== [ 25.746712] ================================================================== [ 25.747935] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.748657] Free of addr ffff8881058c1f00 by task kunit_try_catch/285 [ 25.749409] [ 25.749623] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.749706] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.749721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.749745] Call Trace: [ 25.749759] <TASK> [ 25.749781] dump_stack_lvl+0x73/0xb0 [ 25.749848] print_report+0xd1/0x610 [ 25.749873] ? __virt_addr_valid+0x1db/0x2d0 [ 25.749912] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.749938] ? mempool_double_free_helper+0x184/0x370 [ 25.749962] kasan_report_invalid_free+0x10a/0x130 [ 25.749986] ? mempool_double_free_helper+0x184/0x370 [ 25.750012] ? mempool_double_free_helper+0x184/0x370 [ 25.750034] ? mempool_double_free_helper+0x184/0x370 [ 25.750056] check_slab_allocation+0x101/0x130 [ 25.750079] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.750102] mempool_free+0x2ec/0x380 [ 25.750131] mempool_double_free_helper+0x184/0x370 [ 25.750154] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.750176] ? update_load_avg+0x1be/0x21b0 [ 25.750204] ? finish_task_switch.isra.0+0x153/0x700 [ 25.750231] mempool_kmalloc_double_free+0xed/0x140 [ 25.750254] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 25.750280] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.750302] ? __pfx_mempool_kfree+0x10/0x10 [ 25.750327] ? __pfx_read_tsc+0x10/0x10 [ 25.750350] ? ktime_get_ts64+0x86/0x230 [ 25.750376] kunit_try_run_case+0x1a5/0x480 [ 25.750400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.750420] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.750446] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.750470] ? __kthread_parkme+0x82/0x180 [ 25.750491] ? preempt_count_sub+0x50/0x80 [ 25.750568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.750590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.750617] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.750642] kthread+0x337/0x6f0 [ 25.750662] ? trace_preempt_on+0x20/0xc0 [ 25.750686] ? __pfx_kthread+0x10/0x10 [ 25.750721] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.750744] ? calculate_sigpending+0x7b/0xa0 [ 25.750769] ? __pfx_kthread+0x10/0x10 [ 25.750801] ret_from_fork+0x116/0x1d0 [ 25.750821] ? __pfx_kthread+0x10/0x10 [ 25.750841] ret_from_fork_asm+0x1a/0x30 [ 25.750874] </TASK> [ 25.750920] [ 25.764823] Allocated by task 285: [ 25.765146] kasan_save_stack+0x45/0x70 [ 25.765430] kasan_save_track+0x18/0x40 [ 25.765681] kasan_save_alloc_info+0x3b/0x50 [ 25.765907] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.766183] remove_element+0x11e/0x190 [ 25.766347] mempool_alloc_preallocated+0x4d/0x90 [ 25.766620] mempool_double_free_helper+0x8a/0x370 [ 25.766970] mempool_kmalloc_double_free+0xed/0x140 [ 25.767408] kunit_try_run_case+0x1a5/0x480 [ 25.767632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.768036] kthread+0x337/0x6f0 [ 25.768228] ret_from_fork+0x116/0x1d0 [ 25.768435] ret_from_fork_asm+0x1a/0x30 [ 25.768655] [ 25.768745] Freed by task 285: [ 25.768912] kasan_save_stack+0x45/0x70 [ 25.769115] kasan_save_track+0x18/0x40 [ 25.769356] kasan_save_free_info+0x3f/0x60 [ 25.769489] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.769758] mempool_free+0x2ec/0x380 [ 25.770106] mempool_double_free_helper+0x109/0x370 [ 25.770469] mempool_kmalloc_double_free+0xed/0x140 [ 25.770765] kunit_try_run_case+0x1a5/0x480 [ 25.770968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.771138] kthread+0x337/0x6f0 [ 25.771419] ret_from_fork+0x116/0x1d0 [ 25.771707] ret_from_fork_asm+0x1a/0x30 [ 25.771975] [ 25.772046] The buggy address belongs to the object at ffff8881058c1f00 [ 25.772046] which belongs to the cache kmalloc-128 of size 128 [ 25.773064] The buggy address is located 0 bytes inside of [ 25.773064] 128-byte region [ffff8881058c1f00, ffff8881058c1f80) [ 25.773541] [ 25.773616] The buggy address belongs to the physical page: [ 25.774059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 25.774381] flags: 0x200000000000000(node=0|zone=2) [ 25.774614] page_type: f5(slab) [ 25.774797] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.775230] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 25.775539] page dumped because: kasan: bad access detected [ 25.775762] [ 25.775855] Memory state around the buggy address: [ 25.776146] ffff8881058c1e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.776455] ffff8881058c1e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.776803] >ffff8881058c1f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.777113] ^ [ 25.777447] ffff8881058c1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.777763] ffff8881058c2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.778083] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 25.712621] ================================================================== [ 25.714064] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.714576] Read of size 1 at addr ffff888106158000 by task kunit_try_catch/283 [ 25.715183] [ 25.715476] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.715578] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.715604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.715629] Call Trace: [ 25.715644] <TASK> [ 25.715667] dump_stack_lvl+0x73/0xb0 [ 25.715712] print_report+0xd1/0x610 [ 25.715737] ? __virt_addr_valid+0x1db/0x2d0 [ 25.715762] ? mempool_uaf_helper+0x392/0x400 [ 25.715785] ? kasan_addr_to_slab+0x11/0xa0 [ 25.715805] ? mempool_uaf_helper+0x392/0x400 [ 25.715830] kasan_report+0x141/0x180 [ 25.715852] ? mempool_uaf_helper+0x392/0x400 [ 25.715879] __asan_report_load1_noabort+0x18/0x20 [ 25.715914] mempool_uaf_helper+0x392/0x400 [ 25.715937] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.715960] ? __kasan_check_write+0x18/0x20 [ 25.715984] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.716007] ? finish_task_switch.isra.0+0x153/0x700 [ 25.716035] mempool_page_alloc_uaf+0xed/0x140 [ 25.716058] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 25.716084] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.716111] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.716137] ? __pfx_read_tsc+0x10/0x10 [ 25.716160] ? ktime_get_ts64+0x86/0x230 [ 25.716187] kunit_try_run_case+0x1a5/0x480 [ 25.716214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.716236] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.716262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.716286] ? __kthread_parkme+0x82/0x180 [ 25.716307] ? preempt_count_sub+0x50/0x80 [ 25.716330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.716352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.716377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.716402] kthread+0x337/0x6f0 [ 25.716422] ? trace_preempt_on+0x20/0xc0 [ 25.716446] ? __pfx_kthread+0x10/0x10 [ 25.716467] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.716489] ? calculate_sigpending+0x7b/0xa0 [ 25.716514] ? __pfx_kthread+0x10/0x10 [ 25.716536] ret_from_fork+0x116/0x1d0 [ 25.716557] ? __pfx_kthread+0x10/0x10 [ 25.716578] ret_from_fork_asm+0x1a/0x30 [ 25.716610] </TASK> [ 25.716622] [ 25.733104] The buggy address belongs to the physical page: [ 25.733675] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106158 [ 25.734242] flags: 0x200000000000000(node=0|zone=2) [ 25.735157] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.735731] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.735989] page dumped because: kasan: bad access detected [ 25.736161] [ 25.736229] Memory state around the buggy address: [ 25.736383] ffff888106157f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.736596] ffff888106157f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.737432] >ffff888106158000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.739014] ^ [ 25.739749] ffff888106158080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.740626] ffff888106158100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.740945] ================================================================== [ 25.637608] ================================================================== [ 25.638474] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.638721] Read of size 1 at addr ffff888106230000 by task kunit_try_catch/279 [ 25.639475] [ 25.639734] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.639812] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.639833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.639856] Call Trace: [ 25.639870] <TASK> [ 25.639892] dump_stack_lvl+0x73/0xb0 [ 25.639928] print_report+0xd1/0x610 [ 25.639951] ? __virt_addr_valid+0x1db/0x2d0 [ 25.639977] ? mempool_uaf_helper+0x392/0x400 [ 25.640000] ? kasan_addr_to_slab+0x11/0xa0 [ 25.640020] ? mempool_uaf_helper+0x392/0x400 [ 25.640042] kasan_report+0x141/0x180 [ 25.640082] ? mempool_uaf_helper+0x392/0x400 [ 25.640119] __asan_report_load1_noabort+0x18/0x20 [ 25.640144] mempool_uaf_helper+0x392/0x400 [ 25.640175] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.640201] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.640224] ? finish_task_switch.isra.0+0x153/0x700 [ 25.640250] mempool_kmalloc_large_uaf+0xef/0x140 [ 25.640273] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 25.640298] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.640322] ? __pfx_mempool_kfree+0x10/0x10 [ 25.640346] ? __pfx_read_tsc+0x10/0x10 [ 25.640368] ? ktime_get_ts64+0x86/0x230 [ 25.640393] kunit_try_run_case+0x1a5/0x480 [ 25.640417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.640437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.640463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.640486] ? __kthread_parkme+0x82/0x180 [ 25.640507] ? preempt_count_sub+0x50/0x80 [ 25.640530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.640552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.640577] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.640602] kthread+0x337/0x6f0 [ 25.640622] ? trace_preempt_on+0x20/0xc0 [ 25.640646] ? __pfx_kthread+0x10/0x10 [ 25.640667] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.640689] ? calculate_sigpending+0x7b/0xa0 [ 25.640724] ? __pfx_kthread+0x10/0x10 [ 25.640746] ret_from_fork+0x116/0x1d0 [ 25.640783] ? __pfx_kthread+0x10/0x10 [ 25.640803] ret_from_fork_asm+0x1a/0x30 [ 25.640836] </TASK> [ 25.640849] [ 25.654086] The buggy address belongs to the physical page: [ 25.654748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106230 [ 25.655617] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.656413] flags: 0x200000000000040(head|node=0|zone=2) [ 25.656998] page_type: f8(unknown) [ 25.657351] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.658111] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.658907] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.659716] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.660546] head: 0200000000000002 ffffea0004188c01 00000000ffffffff 00000000ffffffff [ 25.661359] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.662165] page dumped because: kasan: bad access detected [ 25.662661] [ 25.662839] Memory state around the buggy address: [ 25.663356] ffff88810622ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.664055] ffff88810622ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.664771] >ffff888106230000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.665311] ^ [ 25.665449] ffff888106230080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.665653] ffff888106230100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.665939] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 25.607625] ================================================================== [ 25.608076] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.608333] Read of size 1 at addr ffff8881058c1b00 by task kunit_try_catch/277 [ 25.608550] [ 25.608640] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.608714] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.608728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.608753] Call Trace: [ 25.608767] <TASK> [ 25.608789] dump_stack_lvl+0x73/0xb0 [ 25.608823] print_report+0xd1/0x610 [ 25.608847] ? __virt_addr_valid+0x1db/0x2d0 [ 25.608873] ? mempool_uaf_helper+0x392/0x400 [ 25.608894] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.608920] ? mempool_uaf_helper+0x392/0x400 [ 25.608941] kasan_report+0x141/0x180 [ 25.608963] ? mempool_uaf_helper+0x392/0x400 [ 25.608989] __asan_report_load1_noabort+0x18/0x20 [ 25.609012] mempool_uaf_helper+0x392/0x400 [ 25.609034] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.609056] ? __kasan_check_write+0x18/0x20 [ 25.609079] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.609102] ? finish_task_switch.isra.0+0x153/0x700 [ 25.609129] mempool_kmalloc_uaf+0xef/0x140 [ 25.609151] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 25.609175] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.609200] ? __pfx_mempool_kfree+0x10/0x10 [ 25.609224] ? __pfx_read_tsc+0x10/0x10 [ 25.609246] ? ktime_get_ts64+0x86/0x230 [ 25.609272] kunit_try_run_case+0x1a5/0x480 [ 25.609295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.609315] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.609340] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.609363] ? __kthread_parkme+0x82/0x180 [ 25.609383] ? preempt_count_sub+0x50/0x80 [ 25.609405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.609426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.609450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.609475] kthread+0x337/0x6f0 [ 25.609493] ? trace_preempt_on+0x20/0xc0 [ 25.609517] ? __pfx_kthread+0x10/0x10 [ 25.609537] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.609558] ? calculate_sigpending+0x7b/0xa0 [ 25.609583] ? __pfx_kthread+0x10/0x10 [ 25.609604] ret_from_fork+0x116/0x1d0 [ 25.609623] ? __pfx_kthread+0x10/0x10 [ 25.609642] ret_from_fork_asm+0x1a/0x30 [ 25.609674] </TASK> [ 25.609686] [ 25.619948] Allocated by task 277: [ 25.620132] kasan_save_stack+0x45/0x70 [ 25.620286] kasan_save_track+0x18/0x40 [ 25.620413] kasan_save_alloc_info+0x3b/0x50 [ 25.620550] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.620843] remove_element+0x11e/0x190 [ 25.620995] mempool_alloc_preallocated+0x4d/0x90 [ 25.621144] mempool_uaf_helper+0x96/0x400 [ 25.621275] mempool_kmalloc_uaf+0xef/0x140 [ 25.621406] kunit_try_run_case+0x1a5/0x480 [ 25.621571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.621892] kthread+0x337/0x6f0 [ 25.622065] ret_from_fork+0x116/0x1d0 [ 25.622533] ret_from_fork_asm+0x1a/0x30 [ 25.622758] [ 25.623039] Freed by task 277: [ 25.623201] kasan_save_stack+0x45/0x70 [ 25.623401] kasan_save_track+0x18/0x40 [ 25.623530] kasan_save_free_info+0x3f/0x60 [ 25.623668] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.624348] mempool_free+0x2ec/0x380 [ 25.624573] mempool_uaf_helper+0x11a/0x400 [ 25.624777] mempool_kmalloc_uaf+0xef/0x140 [ 25.624971] kunit_try_run_case+0x1a5/0x480 [ 25.625271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.625434] kthread+0x337/0x6f0 [ 25.625546] ret_from_fork+0x116/0x1d0 [ 25.625668] ret_from_fork_asm+0x1a/0x30 [ 25.625805] [ 25.625872] The buggy address belongs to the object at ffff8881058c1b00 [ 25.625872] which belongs to the cache kmalloc-128 of size 128 [ 25.626755] The buggy address is located 0 bytes inside of [ 25.626755] freed 128-byte region [ffff8881058c1b00, ffff8881058c1b80) [ 25.627649] [ 25.627806] The buggy address belongs to the physical page: [ 25.628198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 25.628615] flags: 0x200000000000000(node=0|zone=2) [ 25.628873] page_type: f5(slab) [ 25.629091] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.629310] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.629522] page dumped because: kasan: bad access detected [ 25.629735] [ 25.630023] Memory state around the buggy address: [ 25.630373] ffff8881058c1a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.630683] ffff8881058c1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.631361] >ffff8881058c1b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.632241] ^ [ 25.632382] ffff8881058c1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.632722] ffff8881058c1c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.633078] ================================================================== [ 25.670567] ================================================================== [ 25.671756] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.672419] Read of size 1 at addr ffff8881058d6240 by task kunit_try_catch/281 [ 25.673049] [ 25.673241] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.673312] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.673327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.673350] Call Trace: [ 25.673365] <TASK> [ 25.673388] dump_stack_lvl+0x73/0xb0 [ 25.673421] print_report+0xd1/0x610 [ 25.673446] ? __virt_addr_valid+0x1db/0x2d0 [ 25.673470] ? mempool_uaf_helper+0x392/0x400 [ 25.673491] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.673517] ? mempool_uaf_helper+0x392/0x400 [ 25.673539] kasan_report+0x141/0x180 [ 25.673561] ? mempool_uaf_helper+0x392/0x400 [ 25.673587] __asan_report_load1_noabort+0x18/0x20 [ 25.673610] mempool_uaf_helper+0x392/0x400 [ 25.673633] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.673657] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.673679] ? finish_task_switch.isra.0+0x153/0x700 [ 25.673715] mempool_slab_uaf+0xea/0x140 [ 25.673737] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 25.673762] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.673797] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.673821] ? __pfx_read_tsc+0x10/0x10 [ 25.673845] ? ktime_get_ts64+0x86/0x230 [ 25.673870] kunit_try_run_case+0x1a5/0x480 [ 25.673894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.673914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.673939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.673963] ? __kthread_parkme+0x82/0x180 [ 25.673984] ? preempt_count_sub+0x50/0x80 [ 25.674006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.674027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.674053] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.674078] kthread+0x337/0x6f0 [ 25.674098] ? trace_preempt_on+0x20/0xc0 [ 25.674121] ? __pfx_kthread+0x10/0x10 [ 25.674142] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.674164] ? calculate_sigpending+0x7b/0xa0 [ 25.674189] ? __pfx_kthread+0x10/0x10 [ 25.674211] ret_from_fork+0x116/0x1d0 [ 25.674230] ? __pfx_kthread+0x10/0x10 [ 25.674251] ret_from_fork_asm+0x1a/0x30 [ 25.674284] </TASK> [ 25.674296] [ 25.686796] Allocated by task 281: [ 25.687139] kasan_save_stack+0x45/0x70 [ 25.687491] kasan_save_track+0x18/0x40 [ 25.687885] kasan_save_alloc_info+0x3b/0x50 [ 25.688252] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.688711] remove_element+0x11e/0x190 [ 25.689138] mempool_alloc_preallocated+0x4d/0x90 [ 25.689564] mempool_uaf_helper+0x96/0x400 [ 25.689961] mempool_slab_uaf+0xea/0x140 [ 25.690345] kunit_try_run_case+0x1a5/0x480 [ 25.690713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.691111] kthread+0x337/0x6f0 [ 25.691229] ret_from_fork+0x116/0x1d0 [ 25.691357] ret_from_fork_asm+0x1a/0x30 [ 25.691490] [ 25.691555] Freed by task 281: [ 25.691662] kasan_save_stack+0x45/0x70 [ 25.691811] kasan_save_track+0x18/0x40 [ 25.692003] kasan_save_free_info+0x3f/0x60 [ 25.692152] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.692377] mempool_free+0x2ec/0x380 [ 25.692560] mempool_uaf_helper+0x11a/0x400 [ 25.692724] mempool_slab_uaf+0xea/0x140 [ 25.692858] kunit_try_run_case+0x1a5/0x480 [ 25.693130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.693495] kthread+0x337/0x6f0 [ 25.693632] ret_from_fork+0x116/0x1d0 [ 25.693837] ret_from_fork_asm+0x1a/0x30 [ 25.693972] [ 25.694039] The buggy address belongs to the object at ffff8881058d6240 [ 25.694039] which belongs to the cache test_cache of size 123 [ 25.694690] The buggy address is located 0 bytes inside of [ 25.694690] freed 123-byte region [ffff8881058d6240, ffff8881058d62bb) [ 25.695340] [ 25.695429] The buggy address belongs to the physical page: [ 25.695631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d6 [ 25.695909] flags: 0x200000000000000(node=0|zone=2) [ 25.696144] page_type: f5(slab) [ 25.696312] raw: 0200000000000000 ffff888101d20640 dead000000000122 0000000000000000 [ 25.696720] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.696938] page dumped because: kasan: bad access detected [ 25.697332] [ 25.697402] Memory state around the buggy address: [ 25.697587] ffff8881058d6100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.697897] ffff8881058d6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.698213] >ffff8881058d6200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.698489] ^ [ 25.698708] ffff8881058d6280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.698958] ffff8881058d6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.699257] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 25.516384] ================================================================== [ 25.516834] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.517222] Read of size 1 at addr ffff8881060ac173 by task kunit_try_catch/271 [ 25.517564] [ 25.517661] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.517732] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.517746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.517770] Call Trace: [ 25.517798] <TASK> [ 25.517889] dump_stack_lvl+0x73/0xb0 [ 25.517938] print_report+0xd1/0x610 [ 25.517996] ? __virt_addr_valid+0x1db/0x2d0 [ 25.518069] ? mempool_oob_right_helper+0x318/0x380 [ 25.518093] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.518120] ? mempool_oob_right_helper+0x318/0x380 [ 25.518143] kasan_report+0x141/0x180 [ 25.518167] ? mempool_oob_right_helper+0x318/0x380 [ 25.518194] __asan_report_load1_noabort+0x18/0x20 [ 25.518219] mempool_oob_right_helper+0x318/0x380 [ 25.518242] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.518267] ? __kasan_check_write+0x18/0x20 [ 25.518290] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.518314] ? finish_task_switch.isra.0+0x153/0x700 [ 25.518340] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.518364] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 25.518389] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.518415] ? __pfx_mempool_kfree+0x10/0x10 [ 25.518439] ? __pfx_read_tsc+0x10/0x10 [ 25.518462] ? ktime_get_ts64+0x86/0x230 [ 25.518488] kunit_try_run_case+0x1a5/0x480 [ 25.518512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.518533] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.518558] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.518583] ? __kthread_parkme+0x82/0x180 [ 25.518604] ? preempt_count_sub+0x50/0x80 [ 25.518628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.518650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.518675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.518711] kthread+0x337/0x6f0 [ 25.518730] ? trace_preempt_on+0x20/0xc0 [ 25.518755] ? __pfx_kthread+0x10/0x10 [ 25.518784] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.518806] ? calculate_sigpending+0x7b/0xa0 [ 25.518831] ? __pfx_kthread+0x10/0x10 [ 25.518853] ret_from_fork+0x116/0x1d0 [ 25.518874] ? __pfx_kthread+0x10/0x10 [ 25.518912] ret_from_fork_asm+0x1a/0x30 [ 25.518945] </TASK> [ 25.518957] [ 25.529400] Allocated by task 271: [ 25.529580] kasan_save_stack+0x45/0x70 [ 25.530041] kasan_save_track+0x18/0x40 [ 25.530246] kasan_save_alloc_info+0x3b/0x50 [ 25.530427] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.530650] remove_element+0x11e/0x190 [ 25.531157] mempool_alloc_preallocated+0x4d/0x90 [ 25.531464] mempool_oob_right_helper+0x8a/0x380 [ 25.531630] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.531939] kunit_try_run_case+0x1a5/0x480 [ 25.532216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.532456] kthread+0x337/0x6f0 [ 25.532618] ret_from_fork+0x116/0x1d0 [ 25.532816] ret_from_fork_asm+0x1a/0x30 [ 25.532973] [ 25.533041] The buggy address belongs to the object at ffff8881060ac100 [ 25.533041] which belongs to the cache kmalloc-128 of size 128 [ 25.533849] The buggy address is located 0 bytes to the right of [ 25.533849] allocated 115-byte region [ffff8881060ac100, ffff8881060ac173) [ 25.534977] [ 25.535269] The buggy address belongs to the physical page: [ 25.535651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 25.536057] flags: 0x200000000000000(node=0|zone=2) [ 25.536304] page_type: f5(slab) [ 25.536545] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.536881] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.537264] page dumped because: kasan: bad access detected [ 25.537512] [ 25.537604] Memory state around the buggy address: [ 25.537813] ffff8881060ac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.538100] ffff8881060ac080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.538508] >ffff8881060ac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.538941] ^ [ 25.539186] ffff8881060ac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.539500] ffff8881060ac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.539925] ================================================================== [ 25.568774] ================================================================== [ 25.569558] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.569853] Read of size 1 at addr ffff8881060af2bb by task kunit_try_catch/275 [ 25.570937] [ 25.571185] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.571245] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.571260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.571283] Call Trace: [ 25.571298] <TASK> [ 25.571318] dump_stack_lvl+0x73/0xb0 [ 25.571355] print_report+0xd1/0x610 [ 25.571380] ? __virt_addr_valid+0x1db/0x2d0 [ 25.571407] ? mempool_oob_right_helper+0x318/0x380 [ 25.571430] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.571457] ? mempool_oob_right_helper+0x318/0x380 [ 25.571480] kasan_report+0x141/0x180 [ 25.571502] ? mempool_oob_right_helper+0x318/0x380 [ 25.571530] __asan_report_load1_noabort+0x18/0x20 [ 25.571553] mempool_oob_right_helper+0x318/0x380 [ 25.571577] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.571603] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.571626] ? finish_task_switch.isra.0+0x153/0x700 [ 25.571651] mempool_slab_oob_right+0xed/0x140 [ 25.571675] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 25.571715] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.571739] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.571765] ? __pfx_read_tsc+0x10/0x10 [ 25.571805] ? ktime_get_ts64+0x86/0x230 [ 25.571835] kunit_try_run_case+0x1a5/0x480 [ 25.571860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.571953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.571986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.572011] ? __kthread_parkme+0x82/0x180 [ 25.572032] ? preempt_count_sub+0x50/0x80 [ 25.572055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.572077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.572103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.572128] kthread+0x337/0x6f0 [ 25.572148] ? trace_preempt_on+0x20/0xc0 [ 25.572172] ? __pfx_kthread+0x10/0x10 [ 25.572193] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.572215] ? calculate_sigpending+0x7b/0xa0 [ 25.572240] ? __pfx_kthread+0x10/0x10 [ 25.572261] ret_from_fork+0x116/0x1d0 [ 25.572280] ? __pfx_kthread+0x10/0x10 [ 25.572301] ret_from_fork_asm+0x1a/0x30 [ 25.572333] </TASK> [ 25.572345] [ 25.581824] Allocated by task 275: [ 25.581948] kasan_save_stack+0x45/0x70 [ 25.582221] kasan_save_track+0x18/0x40 [ 25.583149] kasan_save_alloc_info+0x3b/0x50 [ 25.583326] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.583749] remove_element+0x11e/0x190 [ 25.584175] mempool_alloc_preallocated+0x4d/0x90 [ 25.584517] mempool_oob_right_helper+0x8a/0x380 [ 25.584678] mempool_slab_oob_right+0xed/0x140 [ 25.585146] kunit_try_run_case+0x1a5/0x480 [ 25.585677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.586326] kthread+0x337/0x6f0 [ 25.586744] ret_from_fork+0x116/0x1d0 [ 25.587277] ret_from_fork_asm+0x1a/0x30 [ 25.587428] [ 25.587498] The buggy address belongs to the object at ffff8881060af240 [ 25.587498] which belongs to the cache test_cache of size 123 [ 25.587875] The buggy address is located 0 bytes to the right of [ 25.587875] allocated 123-byte region [ffff8881060af240, ffff8881060af2bb) [ 25.589009] [ 25.589111] The buggy address belongs to the physical page: [ 25.589342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060af [ 25.589681] flags: 0x200000000000000(node=0|zone=2) [ 25.590186] page_type: f5(slab) [ 25.590350] raw: 0200000000000000 ffff8881017adc80 dead000000000122 0000000000000000 [ 25.590867] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.591238] page dumped because: kasan: bad access detected [ 25.591430] [ 25.591595] Memory state around the buggy address: [ 25.592130] ffff8881060af180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.592436] ffff8881060af200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 25.592744] >ffff8881060af280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 25.593208] ^ [ 25.593517] ffff8881060af300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.593778] ffff8881060af380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.594334] ================================================================== [ 25.543571] ================================================================== [ 25.544178] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.544703] Read of size 1 at addr ffff888106232001 by task kunit_try_catch/273 [ 25.545105] [ 25.545202] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 25.545292] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.545307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.545341] Call Trace: [ 25.545355] <TASK> [ 25.545376] dump_stack_lvl+0x73/0xb0 [ 25.545438] print_report+0xd1/0x610 [ 25.545461] ? __virt_addr_valid+0x1db/0x2d0 [ 25.545498] ? mempool_oob_right_helper+0x318/0x380 [ 25.545520] ? kasan_addr_to_slab+0x11/0xa0 [ 25.545540] ? mempool_oob_right_helper+0x318/0x380 [ 25.545564] kasan_report+0x141/0x180 [ 25.545613] ? mempool_oob_right_helper+0x318/0x380 [ 25.545658] __asan_report_load1_noabort+0x18/0x20 [ 25.545700] mempool_oob_right_helper+0x318/0x380 [ 25.545725] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.545748] ? update_load_avg+0x1be/0x21b0 [ 25.545774] ? dequeue_entities+0x27e/0x1740 [ 25.545800] ? finish_task_switch.isra.0+0x153/0x700 [ 25.545842] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 25.545866] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 25.545936] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.545963] ? __pfx_mempool_kfree+0x10/0x10 [ 25.545988] ? __pfx_read_tsc+0x10/0x10 [ 25.546011] ? ktime_get_ts64+0x86/0x230 [ 25.546037] kunit_try_run_case+0x1a5/0x480 [ 25.546061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.546082] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.546108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.546131] ? __kthread_parkme+0x82/0x180 [ 25.546153] ? preempt_count_sub+0x50/0x80 [ 25.546176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.546197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.546222] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.546247] kthread+0x337/0x6f0 [ 25.546266] ? trace_preempt_on+0x20/0xc0 [ 25.546290] ? __pfx_kthread+0x10/0x10 [ 25.546311] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.546332] ? calculate_sigpending+0x7b/0xa0 [ 25.546357] ? __pfx_kthread+0x10/0x10 [ 25.546379] ret_from_fork+0x116/0x1d0 [ 25.546397] ? __pfx_kthread+0x10/0x10 [ 25.546418] ret_from_fork_asm+0x1a/0x30 [ 25.546450] </TASK> [ 25.546462] [ 25.556656] The buggy address belongs to the physical page: [ 25.557067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106230 [ 25.557475] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.557722] flags: 0x200000000000040(head|node=0|zone=2) [ 25.558358] page_type: f8(unknown) [ 25.558618] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.559138] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.559447] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.559840] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.560165] head: 0200000000000002 ffffea0004188c01 00000000ffffffff 00000000ffffffff [ 25.560496] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.560905] page dumped because: kasan: bad access detected [ 25.561111] [ 25.561202] Memory state around the buggy address: [ 25.561431] ffff888106231f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.561767] ffff888106231f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.562127] >ffff888106232000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.562452] ^ [ 25.562638] ffff888106232080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.562991] ffff888106232100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.563322] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 24.932168] ================================================================== [ 24.933861] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 24.934159] Read of size 1 at addr ffff8881017ada00 by task kunit_try_catch/265 [ 24.934490] [ 24.934585] CPU: 1 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.934647] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.934662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.934688] Call Trace: [ 24.934715] <TASK> [ 24.934738] dump_stack_lvl+0x73/0xb0 [ 24.934774] print_report+0xd1/0x610 [ 24.935124] ? __virt_addr_valid+0x1db/0x2d0 [ 24.935165] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.935191] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.935220] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.935244] kasan_report+0x141/0x180 [ 24.935268] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.935296] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.935321] __kasan_check_byte+0x3d/0x50 [ 24.935343] kmem_cache_destroy+0x25/0x1d0 [ 24.935370] kmem_cache_double_destroy+0x1bf/0x380 [ 24.935395] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 24.935420] ? finish_task_switch.isra.0+0x153/0x700 [ 24.935444] ? __switch_to+0x47/0xf80 [ 24.935474] ? __pfx_read_tsc+0x10/0x10 [ 24.935496] ? ktime_get_ts64+0x86/0x230 [ 24.935523] kunit_try_run_case+0x1a5/0x480 [ 24.935547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.935569] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.935596] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.935620] ? __kthread_parkme+0x82/0x180 [ 24.935642] ? preempt_count_sub+0x50/0x80 [ 24.935665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.935688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.935729] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.935755] kthread+0x337/0x6f0 [ 24.935784] ? trace_preempt_on+0x20/0xc0 [ 24.935810] ? __pfx_kthread+0x10/0x10 [ 24.935835] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.935858] ? calculate_sigpending+0x7b/0xa0 [ 24.935883] ? __pfx_kthread+0x10/0x10 [ 24.936001] ret_from_fork+0x116/0x1d0 [ 24.936023] ? __pfx_kthread+0x10/0x10 [ 24.936043] ret_from_fork_asm+0x1a/0x30 [ 24.936076] </TASK> [ 24.936089] [ 24.947742] Allocated by task 265: [ 24.948349] kasan_save_stack+0x45/0x70 [ 24.948520] kasan_save_track+0x18/0x40 [ 24.948909] kasan_save_alloc_info+0x3b/0x50 [ 24.949270] __kasan_slab_alloc+0x91/0xa0 [ 24.949606] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.949794] __kmem_cache_create_args+0x169/0x240 [ 24.949949] kmem_cache_double_destroy+0xd5/0x380 [ 24.950099] kunit_try_run_case+0x1a5/0x480 [ 24.950234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.950397] kthread+0x337/0x6f0 [ 24.950595] ret_from_fork+0x116/0x1d0 [ 24.951267] ret_from_fork_asm+0x1a/0x30 [ 24.951458] [ 24.951538] Freed by task 265: [ 24.951672] kasan_save_stack+0x45/0x70 [ 24.952484] kasan_save_track+0x18/0x40 [ 24.952638] kasan_save_free_info+0x3f/0x60 [ 24.952806] __kasan_slab_free+0x56/0x70 [ 24.952940] kmem_cache_free+0x249/0x420 [ 24.953071] slab_kmem_cache_release+0x2e/0x40 [ 24.953220] kmem_cache_release+0x16/0x20 [ 24.953353] kobject_put+0x181/0x450 [ 24.953481] sysfs_slab_release+0x16/0x20 [ 24.953615] kmem_cache_destroy+0xf0/0x1d0 [ 24.953764] kmem_cache_double_destroy+0x14e/0x380 [ 24.953925] kunit_try_run_case+0x1a5/0x480 [ 24.954064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.954234] kthread+0x337/0x6f0 [ 24.954348] ret_from_fork+0x116/0x1d0 [ 24.954474] ret_from_fork_asm+0x1a/0x30 [ 24.954607] [ 24.954675] The buggy address belongs to the object at ffff8881017ada00 [ 24.954675] which belongs to the cache kmem_cache of size 208 [ 24.955899] The buggy address is located 0 bytes inside of [ 24.955899] freed 208-byte region [ffff8881017ada00, ffff8881017adad0) [ 24.957061] [ 24.957230] The buggy address belongs to the physical page: [ 24.957902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017ad [ 24.958280] flags: 0x200000000000000(node=0|zone=2) [ 24.958517] page_type: f5(slab) [ 24.958684] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 24.959039] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 24.959371] page dumped because: kasan: bad access detected [ 24.959567] [ 24.959630] Memory state around the buggy address: [ 24.960333] ffff8881017ad900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.962352] ffff8881017ad980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.962578] >ffff8881017ada00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.962990] ^ [ 24.963637] ffff8881017ada80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 24.964419] ffff8881017adb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.965412] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 24.875195] ================================================================== [ 24.875669] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.876145] Read of size 1 at addr ffff8881050b5000 by task kunit_try_catch/263 [ 24.876444] [ 24.876536] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.876593] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.876608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.876633] Call Trace: [ 24.876648] <TASK> [ 24.876671] dump_stack_lvl+0x73/0xb0 [ 24.876719] print_report+0xd1/0x610 [ 24.876743] ? __virt_addr_valid+0x1db/0x2d0 [ 24.876770] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.876792] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.876818] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.876840] kasan_report+0x141/0x180 [ 24.876862] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.876889] __asan_report_load1_noabort+0x18/0x20 [ 24.876913] kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.876988] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 24.877014] ? finish_task_switch.isra.0+0x153/0x700 [ 24.877038] ? __switch_to+0x47/0xf80 [ 24.877067] ? __pfx_read_tsc+0x10/0x10 [ 24.877090] ? ktime_get_ts64+0x86/0x230 [ 24.877117] kunit_try_run_case+0x1a5/0x480 [ 24.877141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.877161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.877186] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.877210] ? __kthread_parkme+0x82/0x180 [ 24.877232] ? preempt_count_sub+0x50/0x80 [ 24.877254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.877276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.877301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.877328] kthread+0x337/0x6f0 [ 24.877351] ? trace_preempt_on+0x20/0xc0 [ 24.877376] ? __pfx_kthread+0x10/0x10 [ 24.877397] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.877419] ? calculate_sigpending+0x7b/0xa0 [ 24.877443] ? __pfx_kthread+0x10/0x10 [ 24.877465] ret_from_fork+0x116/0x1d0 [ 24.877483] ? __pfx_kthread+0x10/0x10 [ 24.877504] ret_from_fork_asm+0x1a/0x30 [ 24.877536] </TASK> [ 24.877548] [ 24.884359] Allocated by task 263: [ 24.884489] kasan_save_stack+0x45/0x70 [ 24.884857] kasan_save_track+0x18/0x40 [ 24.885121] kasan_save_alloc_info+0x3b/0x50 [ 24.885391] __kasan_slab_alloc+0x91/0xa0 [ 24.885597] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.885938] kmem_cache_rcu_uaf+0x155/0x510 [ 24.886155] kunit_try_run_case+0x1a5/0x480 [ 24.886360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.886612] kthread+0x337/0x6f0 [ 24.886760] ret_from_fork+0x116/0x1d0 [ 24.886950] ret_from_fork_asm+0x1a/0x30 [ 24.887088] [ 24.887153] Freed by task 0: [ 24.887255] kasan_save_stack+0x45/0x70 [ 24.887381] kasan_save_track+0x18/0x40 [ 24.887561] kasan_save_free_info+0x3f/0x60 [ 24.887750] __kasan_slab_free+0x56/0x70 [ 24.887888] slab_free_after_rcu_debug+0xe4/0x310 [ 24.888042] rcu_core+0x66f/0x1c40 [ 24.888164] rcu_core_si+0x12/0x20 [ 24.888282] handle_softirqs+0x209/0x730 [ 24.888412] __irq_exit_rcu+0xc9/0x110 [ 24.888538] irq_exit_rcu+0x12/0x20 [ 24.888659] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.888825] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.889225] [ 24.889306] Last potentially related work creation: [ 24.889530] kasan_save_stack+0x45/0x70 [ 24.889733] kasan_record_aux_stack+0xb2/0xc0 [ 24.890029] kmem_cache_free+0x131/0x420 [ 24.890187] kmem_cache_rcu_uaf+0x194/0x510 [ 24.890329] kunit_try_run_case+0x1a5/0x480 [ 24.890472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.890643] kthread+0x337/0x6f0 [ 24.890772] ret_from_fork+0x116/0x1d0 [ 24.890899] ret_from_fork_asm+0x1a/0x30 [ 24.891033] [ 24.891096] The buggy address belongs to the object at ffff8881050b5000 [ 24.891096] which belongs to the cache test_cache of size 200 [ 24.891446] The buggy address is located 0 bytes inside of [ 24.891446] freed 200-byte region [ffff8881050b5000, ffff8881050b50c8) [ 24.893123] [ 24.893281] The buggy address belongs to the physical page: [ 24.893486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b5 [ 24.893954] flags: 0x200000000000000(node=0|zone=2) [ 24.894176] page_type: f5(slab) [ 24.894350] raw: 0200000000000000 ffff888101d203c0 dead000000000122 0000000000000000 [ 24.894666] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.895079] page dumped because: kasan: bad access detected [ 24.895253] [ 24.895315] Memory state around the buggy address: [ 24.895465] ffff8881050b4f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 24.895675] ffff8881050b4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.895899] >ffff8881050b5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.896104] ^ [ 24.896214] ffff8881050b5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.896420] ffff8881050b5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.896681] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 24.799526] ================================================================== [ 24.800683] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 24.801741] Free of addr ffff8881060a8001 by task kunit_try_catch/261 [ 24.802226] [ 24.802318] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.802374] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.802388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.802411] Call Trace: [ 24.802426] <TASK> [ 24.802446] dump_stack_lvl+0x73/0xb0 [ 24.802481] print_report+0xd1/0x610 [ 24.802504] ? __virt_addr_valid+0x1db/0x2d0 [ 24.802530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.802555] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.802580] kasan_report_invalid_free+0x10a/0x130 [ 24.802604] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.802629] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.802652] check_slab_allocation+0x11f/0x130 [ 24.802674] __kasan_slab_pre_free+0x28/0x40 [ 24.802714] kmem_cache_free+0xed/0x420 [ 24.802735] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.802780] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.802807] kmem_cache_invalid_free+0x1d8/0x460 [ 24.802910] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 24.802940] ? finish_task_switch.isra.0+0x153/0x700 [ 24.802964] ? __switch_to+0x47/0xf80 [ 24.802994] ? __pfx_read_tsc+0x10/0x10 [ 24.803016] ? ktime_get_ts64+0x86/0x230 [ 24.803060] kunit_try_run_case+0x1a5/0x480 [ 24.803085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.803105] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.803130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.803153] ? __kthread_parkme+0x82/0x180 [ 24.803174] ? preempt_count_sub+0x50/0x80 [ 24.803197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.803218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.803243] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.803268] kthread+0x337/0x6f0 [ 24.803287] ? trace_preempt_on+0x20/0xc0 [ 24.803311] ? __pfx_kthread+0x10/0x10 [ 24.803331] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.803353] ? calculate_sigpending+0x7b/0xa0 [ 24.803377] ? __pfx_kthread+0x10/0x10 [ 24.803399] ret_from_fork+0x116/0x1d0 [ 24.803418] ? __pfx_kthread+0x10/0x10 [ 24.803438] ret_from_fork_asm+0x1a/0x30 [ 24.803469] </TASK> [ 24.803481] [ 24.819742] Allocated by task 261: [ 24.820150] kasan_save_stack+0x45/0x70 [ 24.820550] kasan_save_track+0x18/0x40 [ 24.820922] kasan_save_alloc_info+0x3b/0x50 [ 24.821217] __kasan_slab_alloc+0x91/0xa0 [ 24.821548] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.821711] kmem_cache_invalid_free+0x157/0x460 [ 24.822148] kunit_try_run_case+0x1a5/0x480 [ 24.822550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.823139] kthread+0x337/0x6f0 [ 24.823335] ret_from_fork+0x116/0x1d0 [ 24.823463] ret_from_fork_asm+0x1a/0x30 [ 24.823593] [ 24.823658] The buggy address belongs to the object at ffff8881060a8000 [ 24.823658] which belongs to the cache test_cache of size 200 [ 24.824678] The buggy address is located 1 bytes inside of [ 24.824678] 200-byte region [ffff8881060a8000, ffff8881060a80c8) [ 24.825972] [ 24.826138] The buggy address belongs to the physical page: [ 24.826592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a8 [ 24.827048] flags: 0x200000000000000(node=0|zone=2) [ 24.827559] page_type: f5(slab) [ 24.828007] raw: 0200000000000000 ffff8881017ad8c0 dead000000000122 0000000000000000 [ 24.828322] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.828545] page dumped because: kasan: bad access detected [ 24.828728] [ 24.828820] Memory state around the buggy address: [ 24.829082] ffff8881060a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.829367] ffff8881060a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.829653] >ffff8881060a8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.830014] ^ [ 24.830164] ffff8881060a8080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.830375] ffff8881060a8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.830647] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 24.761298] ================================================================== [ 24.761745] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.762175] Free of addr ffff8881050b5000 by task kunit_try_catch/259 [ 24.762539] [ 24.763196] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.763256] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.763270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.763293] Call Trace: [ 24.763306] <TASK> [ 24.763327] dump_stack_lvl+0x73/0xb0 [ 24.763362] print_report+0xd1/0x610 [ 24.763385] ? __virt_addr_valid+0x1db/0x2d0 [ 24.763411] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.763465] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763490] kasan_report_invalid_free+0x10a/0x130 [ 24.763513] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763539] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763566] check_slab_allocation+0x101/0x130 [ 24.763587] __kasan_slab_pre_free+0x28/0x40 [ 24.763607] kmem_cache_free+0xed/0x420 [ 24.763627] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.763653] ? kmem_cache_double_free+0x1e5/0x480 [ 24.763679] kmem_cache_double_free+0x1e5/0x480 [ 24.763715] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.763737] ? finish_task_switch.isra.0+0x153/0x700 [ 24.763761] ? __switch_to+0x47/0xf80 [ 24.763800] ? __pfx_read_tsc+0x10/0x10 [ 24.763827] ? ktime_get_ts64+0x86/0x230 [ 24.763853] kunit_try_run_case+0x1a5/0x480 [ 24.763877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.763958] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.763986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.764011] ? __kthread_parkme+0x82/0x180 [ 24.764033] ? preempt_count_sub+0x50/0x80 [ 24.764057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.764079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.764105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.764130] kthread+0x337/0x6f0 [ 24.764150] ? trace_preempt_on+0x20/0xc0 [ 24.764175] ? __pfx_kthread+0x10/0x10 [ 24.764196] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.764219] ? calculate_sigpending+0x7b/0xa0 [ 24.764244] ? __pfx_kthread+0x10/0x10 [ 24.764267] ret_from_fork+0x116/0x1d0 [ 24.764286] ? __pfx_kthread+0x10/0x10 [ 24.764307] ret_from_fork_asm+0x1a/0x30 [ 24.764338] </TASK> [ 24.764351] [ 24.773120] Allocated by task 259: [ 24.773247] kasan_save_stack+0x45/0x70 [ 24.773380] kasan_save_track+0x18/0x40 [ 24.773803] kasan_save_alloc_info+0x3b/0x50 [ 24.774045] __kasan_slab_alloc+0x91/0xa0 [ 24.774757] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.775569] kmem_cache_double_free+0x14f/0x480 [ 24.775769] kunit_try_run_case+0x1a5/0x480 [ 24.775916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.776086] kthread+0x337/0x6f0 [ 24.776200] ret_from_fork+0x116/0x1d0 [ 24.776324] ret_from_fork_asm+0x1a/0x30 [ 24.776455] [ 24.776519] Freed by task 259: [ 24.776628] kasan_save_stack+0x45/0x70 [ 24.776769] kasan_save_track+0x18/0x40 [ 24.776900] kasan_save_free_info+0x3f/0x60 [ 24.777040] __kasan_slab_free+0x56/0x70 [ 24.777168] kmem_cache_free+0x249/0x420 [ 24.777295] kmem_cache_double_free+0x16a/0x480 [ 24.777442] kunit_try_run_case+0x1a5/0x480 [ 24.777579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.777866] kthread+0x337/0x6f0 [ 24.778032] ret_from_fork+0x116/0x1d0 [ 24.778212] ret_from_fork_asm+0x1a/0x30 [ 24.778408] [ 24.778497] The buggy address belongs to the object at ffff8881050b5000 [ 24.778497] which belongs to the cache test_cache of size 200 [ 24.779177] The buggy address is located 0 bytes inside of [ 24.779177] 200-byte region [ffff8881050b5000, ffff8881050b50c8) [ 24.780148] [ 24.780286] The buggy address belongs to the physical page: [ 24.780627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b5 [ 24.781207] flags: 0x200000000000000(node=0|zone=2) [ 24.781627] page_type: f5(slab) [ 24.781757] raw: 0200000000000000 ffff8881017ad780 dead000000000122 0000000000000000 [ 24.782582] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.783080] page dumped because: kasan: bad access detected [ 24.783562] [ 24.783721] Memory state around the buggy address: [ 24.783984] ffff8881050b4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.784534] ffff8881050b4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.785248] >ffff8881050b5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.785459] ^ [ 24.785570] ffff8881050b5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.785803] ffff8881050b5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.786078] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 24.715345] ================================================================== [ 24.716643] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 24.717422] Read of size 1 at addr ffff8881050b20c8 by task kunit_try_catch/257 [ 24.717650] [ 24.717754] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.718663] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.718680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.718838] Call Trace: [ 24.718853] <TASK> [ 24.718931] dump_stack_lvl+0x73/0xb0 [ 24.718980] print_report+0xd1/0x610 [ 24.719005] ? __virt_addr_valid+0x1db/0x2d0 [ 24.719033] ? kmem_cache_oob+0x402/0x530 [ 24.719056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.719081] ? kmem_cache_oob+0x402/0x530 [ 24.719103] kasan_report+0x141/0x180 [ 24.719124] ? kmem_cache_oob+0x402/0x530 [ 24.719151] __asan_report_load1_noabort+0x18/0x20 [ 24.719174] kmem_cache_oob+0x402/0x530 [ 24.719195] ? trace_hardirqs_on+0x37/0xe0 [ 24.719219] ? __pfx_kmem_cache_oob+0x10/0x10 [ 24.719240] ? finish_task_switch.isra.0+0x153/0x700 [ 24.719263] ? __switch_to+0x47/0xf80 [ 24.719292] ? __pfx_read_tsc+0x10/0x10 [ 24.719314] ? ktime_get_ts64+0x86/0x230 [ 24.719340] kunit_try_run_case+0x1a5/0x480 [ 24.719363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.719383] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.719408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.719431] ? __kthread_parkme+0x82/0x180 [ 24.719451] ? preempt_count_sub+0x50/0x80 [ 24.719473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.719494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.719518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.719542] kthread+0x337/0x6f0 [ 24.719561] ? trace_preempt_on+0x20/0xc0 [ 24.719582] ? __pfx_kthread+0x10/0x10 [ 24.719602] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.719623] ? calculate_sigpending+0x7b/0xa0 [ 24.719647] ? __pfx_kthread+0x10/0x10 [ 24.719668] ret_from_fork+0x116/0x1d0 [ 24.719687] ? __pfx_kthread+0x10/0x10 [ 24.719719] ret_from_fork_asm+0x1a/0x30 [ 24.719750] </TASK> [ 24.719762] [ 24.727602] Allocated by task 257: [ 24.727778] kasan_save_stack+0x45/0x70 [ 24.728127] kasan_save_track+0x18/0x40 [ 24.728535] kasan_save_alloc_info+0x3b/0x50 [ 24.728813] __kasan_slab_alloc+0x91/0xa0 [ 24.729234] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.729716] kmem_cache_oob+0x157/0x530 [ 24.730830] kunit_try_run_case+0x1a5/0x480 [ 24.731459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.732132] kthread+0x337/0x6f0 [ 24.732283] ret_from_fork+0x116/0x1d0 [ 24.732415] ret_from_fork_asm+0x1a/0x30 [ 24.732550] [ 24.732616] The buggy address belongs to the object at ffff8881050b2000 [ 24.732616] which belongs to the cache test_cache of size 200 [ 24.734344] The buggy address is located 0 bytes to the right of [ 24.734344] allocated 200-byte region [ffff8881050b2000, ffff8881050b20c8) [ 24.736059] [ 24.736452] The buggy address belongs to the physical page: [ 24.737158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050b2 [ 24.737758] flags: 0x200000000000000(node=0|zone=2) [ 24.738535] page_type: f5(slab) [ 24.739013] raw: 0200000000000000 ffff8881017ad640 dead000000000122 0000000000000000 [ 24.739365] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.739717] page dumped because: kasan: bad access detected [ 24.740199] [ 24.740303] Memory state around the buggy address: [ 24.740527] ffff8881050b1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.740830] ffff8881050b2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.741435] >ffff8881050b2080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.741751] ^ [ 24.742113] ffff8881050b2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.742397] ffff8881050b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.742710] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 24.674278] ================================================================== [ 24.674741] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 24.675018] Read of size 8 at addr ffff8881058cf5c0 by task kunit_try_catch/250 [ 24.675550] [ 24.675648] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.675713] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.675727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.675747] Call Trace: [ 24.675759] <TASK> [ 24.675777] dump_stack_lvl+0x73/0xb0 [ 24.675828] print_report+0xd1/0x610 [ 24.675849] ? __virt_addr_valid+0x1db/0x2d0 [ 24.675872] ? workqueue_uaf+0x4d6/0x560 [ 24.675943] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.675971] ? workqueue_uaf+0x4d6/0x560 [ 24.675993] kasan_report+0x141/0x180 [ 24.676015] ? workqueue_uaf+0x4d6/0x560 [ 24.676040] __asan_report_load8_noabort+0x18/0x20 [ 24.676063] workqueue_uaf+0x4d6/0x560 [ 24.676086] ? __pfx_workqueue_uaf+0x10/0x10 [ 24.676109] ? __pfx_workqueue_uaf+0x10/0x10 [ 24.676133] kunit_try_run_case+0x1a5/0x480 [ 24.676155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.676175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.676198] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.676222] ? __kthread_parkme+0x82/0x180 [ 24.676242] ? preempt_count_sub+0x50/0x80 [ 24.676266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.676287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.676311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.676335] kthread+0x337/0x6f0 [ 24.676354] ? trace_preempt_on+0x20/0xc0 [ 24.676378] ? __pfx_kthread+0x10/0x10 [ 24.676398] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.676419] ? calculate_sigpending+0x7b/0xa0 [ 24.676443] ? __pfx_kthread+0x10/0x10 [ 24.676464] ret_from_fork+0x116/0x1d0 [ 24.676483] ? __pfx_kthread+0x10/0x10 [ 24.676502] ret_from_fork_asm+0x1a/0x30 [ 24.676533] </TASK> [ 24.676544] [ 24.683161] Allocated by task 250: [ 24.683284] kasan_save_stack+0x45/0x70 [ 24.683459] kasan_save_track+0x18/0x40 [ 24.683647] kasan_save_alloc_info+0x3b/0x50 [ 24.684580] __kasan_kmalloc+0xb7/0xc0 [ 24.685196] __kmalloc_cache_noprof+0x189/0x420 [ 24.685771] workqueue_uaf+0x152/0x560 [ 24.686187] kunit_try_run_case+0x1a5/0x480 [ 24.686341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.686514] kthread+0x337/0x6f0 [ 24.686629] ret_from_fork+0x116/0x1d0 [ 24.686771] ret_from_fork_asm+0x1a/0x30 [ 24.686905] [ 24.686970] Freed by task 9: [ 24.687072] kasan_save_stack+0x45/0x70 [ 24.687203] kasan_save_track+0x18/0x40 [ 24.687332] kasan_save_free_info+0x3f/0x60 [ 24.687470] __kasan_slab_free+0x56/0x70 [ 24.687599] kfree+0x222/0x3f0 [ 24.687755] workqueue_uaf_work+0x12/0x20 [ 24.688097] process_one_work+0x5ee/0xf60 [ 24.688462] worker_thread+0x758/0x1220 [ 24.688817] kthread+0x337/0x6f0 [ 24.689102] ret_from_fork+0x116/0x1d0 [ 24.689424] ret_from_fork_asm+0x1a/0x30 [ 24.689940] [ 24.690117] Last potentially related work creation: [ 24.690622] kasan_save_stack+0x45/0x70 [ 24.691065] kasan_record_aux_stack+0xb2/0xc0 [ 24.691446] __queue_work+0x61a/0xe70 [ 24.691792] queue_work_on+0xb6/0xc0 [ 24.692188] workqueue_uaf+0x26d/0x560 [ 24.692528] kunit_try_run_case+0x1a5/0x480 [ 24.693019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.693490] kthread+0x337/0x6f0 [ 24.693801] ret_from_fork+0x116/0x1d0 [ 24.694193] ret_from_fork_asm+0x1a/0x30 [ 24.694540] [ 24.694689] The buggy address belongs to the object at ffff8881058cf5c0 [ 24.694689] which belongs to the cache kmalloc-32 of size 32 [ 24.696110] The buggy address is located 0 bytes inside of [ 24.696110] freed 32-byte region [ffff8881058cf5c0, ffff8881058cf5e0) [ 24.697633] [ 24.697911] The buggy address belongs to the physical page: [ 24.698953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058cf [ 24.699269] flags: 0x200000000000000(node=0|zone=2) [ 24.699433] page_type: f5(slab) [ 24.699553] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.699840] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.700159] page dumped because: kasan: bad access detected [ 24.700360] [ 24.700425] Memory state around the buggy address: [ 24.700574] ffff8881058cf480: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 24.702147] ffff8881058cf500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.703342] >ffff8881058cf580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.704033] ^ [ 24.704685] ffff8881058cf600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.705400] ffff8881058cf680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.706088] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 24.641999] ================================================================== [ 24.642446] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 24.642832] Read of size 4 at addr ffff8881058cf540 by task swapper/0/0 [ 24.643186] [ 24.643280] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.643334] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.643348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.643394] Call Trace: [ 24.643422] <IRQ> [ 24.643442] dump_stack_lvl+0x73/0xb0 [ 24.643475] print_report+0xd1/0x610 [ 24.643498] ? __virt_addr_valid+0x1db/0x2d0 [ 24.643522] ? rcu_uaf_reclaim+0x50/0x60 [ 24.643562] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.643590] ? rcu_uaf_reclaim+0x50/0x60 [ 24.643610] kasan_report+0x141/0x180 [ 24.643632] ? rcu_uaf_reclaim+0x50/0x60 [ 24.643656] __asan_report_load4_noabort+0x18/0x20 [ 24.643679] rcu_uaf_reclaim+0x50/0x60 [ 24.643710] rcu_core+0x66f/0x1c40 [ 24.643739] ? __pfx_rcu_core+0x10/0x10 [ 24.643780] ? ktime_get+0x6b/0x150 [ 24.643807] rcu_core_si+0x12/0x20 [ 24.643848] handle_softirqs+0x209/0x730 [ 24.643888] ? hrtimer_interrupt+0x2fe/0x780 [ 24.643911] ? __pfx_handle_softirqs+0x10/0x10 [ 24.643936] __irq_exit_rcu+0xc9/0x110 [ 24.643967] irq_exit_rcu+0x12/0x20 [ 24.643988] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.644014] </IRQ> [ 24.644024] <TASK> [ 24.644036] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.644109] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 24.644139] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d c3 af 19 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 24.644183] RSP: 0000:ffffffff92a07dd8 EFLAGS: 00010206 [ 24.644217] RAX: ffff8881c722b000 RBX: ffffffff92a1cb00 RCX: ffffffff918f0a25 [ 24.644237] RDX: ffffed102b606193 RSI: 0000000000000004 RDI: 0000000000176ff4 [ 24.644256] RBP: ffffffff92a07de0 R08: 0000000000000001 R09: ffffed102b606192 [ 24.644274] R10: ffff88815b030c93 R11: ffffffff93e0a700 R12: 0000000000000000 [ 24.644293] R13: fffffbfff2543960 R14: ffffffff935e8bd0 R15: 0000000000000000 [ 24.644342] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 24.644395] ? default_idle+0xd/0x20 [ 24.644414] arch_cpu_idle+0xd/0x20 [ 24.644432] default_idle_call+0x48/0x80 [ 24.644451] do_idle+0x379/0x4f0 [ 24.644476] ? __pfx_do_idle+0x10/0x10 [ 24.644504] cpu_startup_entry+0x5c/0x70 [ 24.644526] rest_init+0x11a/0x140 [ 24.644545] ? acpi_subsystem_init+0x5d/0x150 [ 24.644572] start_kernel+0x352/0x400 [ 24.644595] x86_64_start_reservations+0x1c/0x30 [ 24.644617] x86_64_start_kernel+0x10d/0x120 [ 24.644640] common_startup_64+0x13e/0x148 [ 24.644672] </TASK> [ 24.644683] [ 24.654708] Allocated by task 248: [ 24.654926] kasan_save_stack+0x45/0x70 [ 24.655127] kasan_save_track+0x18/0x40 [ 24.655260] kasan_save_alloc_info+0x3b/0x50 [ 24.655400] __kasan_kmalloc+0xb7/0xc0 [ 24.655577] __kmalloc_cache_noprof+0x189/0x420 [ 24.656015] rcu_uaf+0xb0/0x330 [ 24.656192] kunit_try_run_case+0x1a5/0x480 [ 24.656386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.656602] kthread+0x337/0x6f0 [ 24.656806] ret_from_fork+0x116/0x1d0 [ 24.657166] ret_from_fork_asm+0x1a/0x30 [ 24.657389] [ 24.657468] Freed by task 0: [ 24.657585] kasan_save_stack+0x45/0x70 [ 24.657729] kasan_save_track+0x18/0x40 [ 24.657861] kasan_save_free_info+0x3f/0x60 [ 24.658161] __kasan_slab_free+0x56/0x70 [ 24.658351] kfree+0x222/0x3f0 [ 24.658506] rcu_uaf_reclaim+0x1f/0x60 [ 24.658686] rcu_core+0x66f/0x1c40 [ 24.658894] rcu_core_si+0x12/0x20 [ 24.659063] handle_softirqs+0x209/0x730 [ 24.659344] __irq_exit_rcu+0xc9/0x110 [ 24.659527] irq_exit_rcu+0x12/0x20 [ 24.659676] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.659950] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.660181] [ 24.660291] Last potentially related work creation: [ 24.660554] kasan_save_stack+0x45/0x70 [ 24.660782] kasan_record_aux_stack+0xb2/0xc0 [ 24.660994] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 24.661464] call_rcu+0x12/0x20 [ 24.661603] rcu_uaf+0x168/0x330 [ 24.661734] kunit_try_run_case+0x1a5/0x480 [ 24.662028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.662306] kthread+0x337/0x6f0 [ 24.662470] ret_from_fork+0x116/0x1d0 [ 24.662607] ret_from_fork_asm+0x1a/0x30 [ 24.662767] [ 24.662851] The buggy address belongs to the object at ffff8881058cf540 [ 24.662851] which belongs to the cache kmalloc-32 of size 32 [ 24.663455] The buggy address is located 0 bytes inside of [ 24.663455] freed 32-byte region [ffff8881058cf540, ffff8881058cf560) [ 24.664120] [ 24.664197] The buggy address belongs to the physical page: [ 24.664360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058cf [ 24.664712] flags: 0x200000000000000(node=0|zone=2) [ 24.665129] page_type: f5(slab) [ 24.665322] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.665629] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.665935] page dumped because: kasan: bad access detected [ 24.666190] [ 24.666305] Memory state around the buggy address: [ 24.666525] ffff8881058cf400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.666948] ffff8881058cf480: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 24.667194] >ffff8881058cf500: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.667489] ^ [ 24.667717] ffff8881058cf580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.667965] ffff8881058cf600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.668272] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 24.588792] ================================================================== [ 24.589259] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 24.589538] Read of size 1 at addr ffff88810456ae00 by task kunit_try_catch/246 [ 24.589941] [ 24.590025] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.590072] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.590085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.590104] Call Trace: [ 24.590120] <TASK> [ 24.590136] dump_stack_lvl+0x73/0xb0 [ 24.590164] print_report+0xd1/0x610 [ 24.590367] ? __virt_addr_valid+0x1db/0x2d0 [ 24.590397] ? ksize_uaf+0x5fe/0x6c0 [ 24.590418] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.590471] ? ksize_uaf+0x5fe/0x6c0 [ 24.590493] kasan_report+0x141/0x180 [ 24.590515] ? ksize_uaf+0x5fe/0x6c0 [ 24.590552] __asan_report_load1_noabort+0x18/0x20 [ 24.590575] ksize_uaf+0x5fe/0x6c0 [ 24.590595] ? __pfx_ksize_uaf+0x10/0x10 [ 24.590616] ? __schedule+0x10cc/0x2b60 [ 24.590639] ? __pfx_read_tsc+0x10/0x10 [ 24.590659] ? ktime_get_ts64+0x86/0x230 [ 24.590683] kunit_try_run_case+0x1a5/0x480 [ 24.590716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.590736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.590759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.590803] ? __kthread_parkme+0x82/0x180 [ 24.590823] ? preempt_count_sub+0x50/0x80 [ 24.590846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.590866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.590962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.590987] kthread+0x337/0x6f0 [ 24.591006] ? trace_preempt_on+0x20/0xc0 [ 24.591028] ? __pfx_kthread+0x10/0x10 [ 24.591049] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.591071] ? calculate_sigpending+0x7b/0xa0 [ 24.591094] ? __pfx_kthread+0x10/0x10 [ 24.591115] ret_from_fork+0x116/0x1d0 [ 24.591133] ? __pfx_kthread+0x10/0x10 [ 24.591153] ret_from_fork_asm+0x1a/0x30 [ 24.591183] </TASK> [ 24.591194] [ 24.598448] Allocated by task 246: [ 24.598590] kasan_save_stack+0x45/0x70 [ 24.598817] kasan_save_track+0x18/0x40 [ 24.599011] kasan_save_alloc_info+0x3b/0x50 [ 24.599184] __kasan_kmalloc+0xb7/0xc0 [ 24.599447] __kmalloc_cache_noprof+0x189/0x420 [ 24.599655] ksize_uaf+0xaa/0x6c0 [ 24.599934] kunit_try_run_case+0x1a5/0x480 [ 24.600094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.600345] kthread+0x337/0x6f0 [ 24.600504] ret_from_fork+0x116/0x1d0 [ 24.600630] ret_from_fork_asm+0x1a/0x30 [ 24.600798] [ 24.600865] Freed by task 246: [ 24.601074] kasan_save_stack+0x45/0x70 [ 24.601265] kasan_save_track+0x18/0x40 [ 24.601448] kasan_save_free_info+0x3f/0x60 [ 24.601668] __kasan_slab_free+0x56/0x70 [ 24.602077] kfree+0x222/0x3f0 [ 24.602273] ksize_uaf+0x12c/0x6c0 [ 24.602458] kunit_try_run_case+0x1a5/0x480 [ 24.602595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.602834] kthread+0x337/0x6f0 [ 24.603037] ret_from_fork+0x116/0x1d0 [ 24.603221] ret_from_fork_asm+0x1a/0x30 [ 24.603385] [ 24.603450] The buggy address belongs to the object at ffff88810456ae00 [ 24.603450] which belongs to the cache kmalloc-128 of size 128 [ 24.603819] The buggy address is located 0 bytes inside of [ 24.603819] freed 128-byte region [ffff88810456ae00, ffff88810456ae80) [ 24.604336] [ 24.604426] The buggy address belongs to the physical page: [ 24.604679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10456a [ 24.605220] flags: 0x200000000000000(node=0|zone=2) [ 24.605385] page_type: f5(slab) [ 24.605566] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.606141] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.606417] page dumped because: kasan: bad access detected [ 24.606672] [ 24.606752] Memory state around the buggy address: [ 24.607056] ffff88810456ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.607313] ffff88810456ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.607519] >ffff88810456ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.607734] ^ [ 24.608009] ffff88810456ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.608350] ffff88810456af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.608668] ================================================================== [ 24.609261] ================================================================== [ 24.609620] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 24.609860] Read of size 1 at addr ffff88810456ae78 by task kunit_try_catch/246 [ 24.610439] [ 24.610569] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.610617] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.610630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.610650] Call Trace: [ 24.610666] <TASK> [ 24.610682] dump_stack_lvl+0x73/0xb0 [ 24.610724] print_report+0xd1/0x610 [ 24.610745] ? __virt_addr_valid+0x1db/0x2d0 [ 24.610788] ? ksize_uaf+0x5e4/0x6c0 [ 24.610808] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.610833] ? ksize_uaf+0x5e4/0x6c0 [ 24.610853] kasan_report+0x141/0x180 [ 24.610874] ? ksize_uaf+0x5e4/0x6c0 [ 24.610899] __asan_report_load1_noabort+0x18/0x20 [ 24.610922] ksize_uaf+0x5e4/0x6c0 [ 24.610941] ? __pfx_ksize_uaf+0x10/0x10 [ 24.610962] ? __schedule+0x10cc/0x2b60 [ 24.611053] ? __pfx_read_tsc+0x10/0x10 [ 24.611076] ? ktime_get_ts64+0x86/0x230 [ 24.611101] kunit_try_run_case+0x1a5/0x480 [ 24.611123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.611143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.611166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.611189] ? __kthread_parkme+0x82/0x180 [ 24.611209] ? preempt_count_sub+0x50/0x80 [ 24.611232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.611253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.611294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.611319] kthread+0x337/0x6f0 [ 24.611338] ? trace_preempt_on+0x20/0xc0 [ 24.611360] ? __pfx_kthread+0x10/0x10 [ 24.611380] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.611401] ? calculate_sigpending+0x7b/0xa0 [ 24.611424] ? __pfx_kthread+0x10/0x10 [ 24.611447] ret_from_fork+0x116/0x1d0 [ 24.611465] ? __pfx_kthread+0x10/0x10 [ 24.611485] ret_from_fork_asm+0x1a/0x30 [ 24.611516] </TASK> [ 24.611526] [ 24.618736] Allocated by task 246: [ 24.618863] kasan_save_stack+0x45/0x70 [ 24.619157] kasan_save_track+0x18/0x40 [ 24.619354] kasan_save_alloc_info+0x3b/0x50 [ 24.619580] __kasan_kmalloc+0xb7/0xc0 [ 24.619778] __kmalloc_cache_noprof+0x189/0x420 [ 24.620099] ksize_uaf+0xaa/0x6c0 [ 24.620281] kunit_try_run_case+0x1a5/0x480 [ 24.620470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.620641] kthread+0x337/0x6f0 [ 24.620784] ret_from_fork+0x116/0x1d0 [ 24.621050] ret_from_fork_asm+0x1a/0x30 [ 24.621269] [ 24.621360] Freed by task 246: [ 24.621509] kasan_save_stack+0x45/0x70 [ 24.621686] kasan_save_track+0x18/0x40 [ 24.622093] kasan_save_free_info+0x3f/0x60 [ 24.622247] __kasan_slab_free+0x56/0x70 [ 24.622376] kfree+0x222/0x3f0 [ 24.622564] ksize_uaf+0x12c/0x6c0 [ 24.622761] kunit_try_run_case+0x1a5/0x480 [ 24.622964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.623233] kthread+0x337/0x6f0 [ 24.623428] ret_from_fork+0x116/0x1d0 [ 24.623566] ret_from_fork_asm+0x1a/0x30 [ 24.623792] [ 24.623945] The buggy address belongs to the object at ffff88810456ae00 [ 24.623945] which belongs to the cache kmalloc-128 of size 128 [ 24.624468] The buggy address is located 120 bytes inside of [ 24.624468] freed 128-byte region [ffff88810456ae00, ffff88810456ae80) [ 24.624982] [ 24.625093] The buggy address belongs to the physical page: [ 24.625336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10456a [ 24.625670] flags: 0x200000000000000(node=0|zone=2) [ 24.626029] page_type: f5(slab) [ 24.626237] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.626568] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.626968] page dumped because: kasan: bad access detected [ 24.627219] [ 24.627298] Memory state around the buggy address: [ 24.627513] ffff88810456ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.627844] ffff88810456ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.628209] >ffff88810456ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.628500] ^ [ 24.628740] ffff88810456ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.629159] ffff88810456af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.629450] ================================================================== [ 24.567448] ================================================================== [ 24.567981] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 24.568393] Read of size 1 at addr ffff88810456ae00 by task kunit_try_catch/246 [ 24.568690] [ 24.568804] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.568857] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.568870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.568890] Call Trace: [ 24.569113] <TASK> [ 24.569137] dump_stack_lvl+0x73/0xb0 [ 24.569172] print_report+0xd1/0x610 [ 24.569194] ? __virt_addr_valid+0x1db/0x2d0 [ 24.569218] ? ksize_uaf+0x19d/0x6c0 [ 24.569237] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.569263] ? ksize_uaf+0x19d/0x6c0 [ 24.569282] kasan_report+0x141/0x180 [ 24.569303] ? ksize_uaf+0x19d/0x6c0 [ 24.569326] ? ksize_uaf+0x19d/0x6c0 [ 24.569346] __kasan_check_byte+0x3d/0x50 [ 24.569367] ksize+0x20/0x60 [ 24.569390] ksize_uaf+0x19d/0x6c0 [ 24.569410] ? __pfx_ksize_uaf+0x10/0x10 [ 24.569430] ? __schedule+0x10cc/0x2b60 [ 24.569453] ? __pfx_read_tsc+0x10/0x10 [ 24.569474] ? ktime_get_ts64+0x86/0x230 [ 24.569499] kunit_try_run_case+0x1a5/0x480 [ 24.569521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.569541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.569563] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.569587] ? __kthread_parkme+0x82/0x180 [ 24.569607] ? preempt_count_sub+0x50/0x80 [ 24.569629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.569650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.569674] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.569713] kthread+0x337/0x6f0 [ 24.569732] ? trace_preempt_on+0x20/0xc0 [ 24.569754] ? __pfx_kthread+0x10/0x10 [ 24.569775] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.569808] ? calculate_sigpending+0x7b/0xa0 [ 24.569832] ? __pfx_kthread+0x10/0x10 [ 24.569852] ret_from_fork+0x116/0x1d0 [ 24.569871] ? __pfx_kthread+0x10/0x10 [ 24.569960] ret_from_fork_asm+0x1a/0x30 [ 24.569992] </TASK> [ 24.570003] [ 24.577420] Allocated by task 246: [ 24.577583] kasan_save_stack+0x45/0x70 [ 24.577764] kasan_save_track+0x18/0x40 [ 24.578015] kasan_save_alloc_info+0x3b/0x50 [ 24.578193] __kasan_kmalloc+0xb7/0xc0 [ 24.578318] __kmalloc_cache_noprof+0x189/0x420 [ 24.578464] ksize_uaf+0xaa/0x6c0 [ 24.578625] kunit_try_run_case+0x1a5/0x480 [ 24.578831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.579255] kthread+0x337/0x6f0 [ 24.579400] ret_from_fork+0x116/0x1d0 [ 24.579528] ret_from_fork_asm+0x1a/0x30 [ 24.579659] [ 24.579736] Freed by task 246: [ 24.579852] kasan_save_stack+0x45/0x70 [ 24.580033] kasan_save_track+0x18/0x40 [ 24.580213] kasan_save_free_info+0x3f/0x60 [ 24.580409] __kasan_slab_free+0x56/0x70 [ 24.580595] kfree+0x222/0x3f0 [ 24.580791] ksize_uaf+0x12c/0x6c0 [ 24.580946] kunit_try_run_case+0x1a5/0x480 [ 24.581130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.581359] kthread+0x337/0x6f0 [ 24.581511] ret_from_fork+0x116/0x1d0 [ 24.581675] ret_from_fork_asm+0x1a/0x30 [ 24.581906] [ 24.581972] The buggy address belongs to the object at ffff88810456ae00 [ 24.581972] which belongs to the cache kmalloc-128 of size 128 [ 24.582321] The buggy address is located 0 bytes inside of [ 24.582321] freed 128-byte region [ffff88810456ae00, ffff88810456ae80) [ 24.583213] [ 24.583316] The buggy address belongs to the physical page: [ 24.583562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10456a [ 24.584039] flags: 0x200000000000000(node=0|zone=2) [ 24.584261] page_type: f5(slab) [ 24.584377] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.584668] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.585108] page dumped because: kasan: bad access detected [ 24.585307] [ 24.585371] Memory state around the buggy address: [ 24.585518] ffff88810456ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.585828] ffff88810456ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.586316] >ffff88810456ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.586633] ^ [ 24.586830] ffff88810456ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.587216] ffff88810456af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.587442] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 24.518602] ================================================================== [ 24.519199] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.519497] Read of size 1 at addr ffff8881058c1878 by task kunit_try_catch/244 [ 24.520002] [ 24.520215] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.520380] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.520395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.520418] Call Trace: [ 24.520433] <TASK> [ 24.520454] dump_stack_lvl+0x73/0xb0 [ 24.520488] print_report+0xd1/0x610 [ 24.520510] ? __virt_addr_valid+0x1db/0x2d0 [ 24.520536] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.520558] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.520582] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.520605] kasan_report+0x141/0x180 [ 24.520625] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.520652] __asan_report_load1_noabort+0x18/0x20 [ 24.520675] ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.520711] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.520734] ? finish_task_switch.isra.0+0x153/0x700 [ 24.520757] ? __switch_to+0x47/0xf80 [ 24.520795] ? __schedule+0x10cc/0x2b60 [ 24.520819] ? __pfx_read_tsc+0x10/0x10 [ 24.520841] ? ktime_get_ts64+0x86/0x230 [ 24.520868] kunit_try_run_case+0x1a5/0x480 [ 24.520892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.520912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.520936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.520959] ? __kthread_parkme+0x82/0x180 [ 24.520980] ? preempt_count_sub+0x50/0x80 [ 24.521002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.521022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.521047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.521070] kthread+0x337/0x6f0 [ 24.521090] ? trace_preempt_on+0x20/0xc0 [ 24.521113] ? __pfx_kthread+0x10/0x10 [ 24.521133] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.521154] ? calculate_sigpending+0x7b/0xa0 [ 24.521179] ? __pfx_kthread+0x10/0x10 [ 24.521199] ret_from_fork+0x116/0x1d0 [ 24.521218] ? __pfx_kthread+0x10/0x10 [ 24.521238] ret_from_fork_asm+0x1a/0x30 [ 24.521270] </TASK> [ 24.521282] [ 24.530557] Allocated by task 244: [ 24.530741] kasan_save_stack+0x45/0x70 [ 24.531077] kasan_save_track+0x18/0x40 [ 24.531230] kasan_save_alloc_info+0x3b/0x50 [ 24.531435] __kasan_kmalloc+0xb7/0xc0 [ 24.531596] __kmalloc_cache_noprof+0x189/0x420 [ 24.531797] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.532273] kunit_try_run_case+0x1a5/0x480 [ 24.532429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.532782] kthread+0x337/0x6f0 [ 24.532944] ret_from_fork+0x116/0x1d0 [ 24.533266] ret_from_fork_asm+0x1a/0x30 [ 24.533450] [ 24.533657] The buggy address belongs to the object at ffff8881058c1800 [ 24.533657] which belongs to the cache kmalloc-128 of size 128 [ 24.534343] The buggy address is located 5 bytes to the right of [ 24.534343] allocated 115-byte region [ffff8881058c1800, ffff8881058c1873) [ 24.534927] [ 24.535031] The buggy address belongs to the physical page: [ 24.535246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.535571] flags: 0x200000000000000(node=0|zone=2) [ 24.535791] page_type: f5(slab) [ 24.536318] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.536623] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.537033] page dumped because: kasan: bad access detected [ 24.537219] [ 24.537312] Memory state around the buggy address: [ 24.537690] ffff8881058c1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.538075] ffff8881058c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.538453] >ffff8881058c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.538889] ^ [ 24.539176] ffff8881058c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.539580] ffff8881058c1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.540018] ================================================================== [ 24.541020] ================================================================== [ 24.541556] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.541991] Read of size 1 at addr ffff8881058c187f by task kunit_try_catch/244 [ 24.542453] [ 24.542564] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.542617] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.542630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.542652] Call Trace: [ 24.542674] <TASK> [ 24.542708] dump_stack_lvl+0x73/0xb0 [ 24.542740] print_report+0xd1/0x610 [ 24.542762] ? __virt_addr_valid+0x1db/0x2d0 [ 24.542953] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.542979] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.543004] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.543027] kasan_report+0x141/0x180 [ 24.543048] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.543075] __asan_report_load1_noabort+0x18/0x20 [ 24.543098] ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.543121] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.543142] ? finish_task_switch.isra.0+0x153/0x700 [ 24.543164] ? __switch_to+0x47/0xf80 [ 24.543190] ? __schedule+0x10cc/0x2b60 [ 24.543214] ? __pfx_read_tsc+0x10/0x10 [ 24.543236] ? ktime_get_ts64+0x86/0x230 [ 24.543261] kunit_try_run_case+0x1a5/0x480 [ 24.543283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.543302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.543325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.543349] ? __kthread_parkme+0x82/0x180 [ 24.543369] ? preempt_count_sub+0x50/0x80 [ 24.543391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.543412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.543437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.543461] kthread+0x337/0x6f0 [ 24.543480] ? trace_preempt_on+0x20/0xc0 [ 24.543503] ? __pfx_kthread+0x10/0x10 [ 24.543523] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.543545] ? calculate_sigpending+0x7b/0xa0 [ 24.543568] ? __pfx_kthread+0x10/0x10 [ 24.543589] ret_from_fork+0x116/0x1d0 [ 24.543608] ? __pfx_kthread+0x10/0x10 [ 24.543628] ret_from_fork_asm+0x1a/0x30 [ 24.543658] </TASK> [ 24.543670] [ 24.552742] Allocated by task 244: [ 24.553189] kasan_save_stack+0x45/0x70 [ 24.553383] kasan_save_track+0x18/0x40 [ 24.553522] kasan_save_alloc_info+0x3b/0x50 [ 24.553742] __kasan_kmalloc+0xb7/0xc0 [ 24.554070] __kmalloc_cache_noprof+0x189/0x420 [ 24.554266] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.554452] kunit_try_run_case+0x1a5/0x480 [ 24.554629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.555138] kthread+0x337/0x6f0 [ 24.555301] ret_from_fork+0x116/0x1d0 [ 24.555446] ret_from_fork_asm+0x1a/0x30 [ 24.555642] [ 24.555836] The buggy address belongs to the object at ffff8881058c1800 [ 24.555836] which belongs to the cache kmalloc-128 of size 128 [ 24.556415] The buggy address is located 12 bytes to the right of [ 24.556415] allocated 115-byte region [ffff8881058c1800, ffff8881058c1873) [ 24.557209] [ 24.557366] The buggy address belongs to the physical page: [ 24.557582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.558068] flags: 0x200000000000000(node=0|zone=2) [ 24.558358] page_type: f5(slab) [ 24.558486] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.558920] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.559189] page dumped because: kasan: bad access detected [ 24.559434] [ 24.559513] Memory state around the buggy address: [ 24.560054] ffff8881058c1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.560372] ffff8881058c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.560743] >ffff8881058c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.561012] ^ [ 24.561421] ffff8881058c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561780] ffff8881058c1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.562114] ================================================================== [ 24.496369] ================================================================== [ 24.496833] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 24.497107] Read of size 1 at addr ffff8881058c1873 by task kunit_try_catch/244 [ 24.497529] [ 24.497620] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.497677] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.497690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.497723] Call Trace: [ 24.497738] <TASK> [ 24.497759] dump_stack_lvl+0x73/0xb0 [ 24.497808] print_report+0xd1/0x610 [ 24.497832] ? __virt_addr_valid+0x1db/0x2d0 [ 24.497857] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.497879] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.497905] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.497928] kasan_report+0x141/0x180 [ 24.497949] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.497976] __asan_report_load1_noabort+0x18/0x20 [ 24.497999] ksize_unpoisons_memory+0x81c/0x9b0 [ 24.498023] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.498044] ? finish_task_switch.isra.0+0x153/0x700 [ 24.498067] ? __switch_to+0x47/0xf80 [ 24.498093] ? __schedule+0x10cc/0x2b60 [ 24.498117] ? __pfx_read_tsc+0x10/0x10 [ 24.498138] ? ktime_get_ts64+0x86/0x230 [ 24.498163] kunit_try_run_case+0x1a5/0x480 [ 24.498187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.498207] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.498230] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.498254] ? __kthread_parkme+0x82/0x180 [ 24.498274] ? preempt_count_sub+0x50/0x80 [ 24.498297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.498318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.498342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.498367] kthread+0x337/0x6f0 [ 24.498386] ? trace_preempt_on+0x20/0xc0 [ 24.498410] ? __pfx_kthread+0x10/0x10 [ 24.498431] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.498452] ? calculate_sigpending+0x7b/0xa0 [ 24.498476] ? __pfx_kthread+0x10/0x10 [ 24.498497] ret_from_fork+0x116/0x1d0 [ 24.498516] ? __pfx_kthread+0x10/0x10 [ 24.498537] ret_from_fork_asm+0x1a/0x30 [ 24.498567] </TASK> [ 24.498579] [ 24.507661] Allocated by task 244: [ 24.507970] kasan_save_stack+0x45/0x70 [ 24.508292] kasan_save_track+0x18/0x40 [ 24.508449] kasan_save_alloc_info+0x3b/0x50 [ 24.508785] __kasan_kmalloc+0xb7/0xc0 [ 24.508988] __kmalloc_cache_noprof+0x189/0x420 [ 24.509270] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.509480] kunit_try_run_case+0x1a5/0x480 [ 24.509659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.510161] kthread+0x337/0x6f0 [ 24.510331] ret_from_fork+0x116/0x1d0 [ 24.510463] ret_from_fork_asm+0x1a/0x30 [ 24.510890] [ 24.510982] The buggy address belongs to the object at ffff8881058c1800 [ 24.510982] which belongs to the cache kmalloc-128 of size 128 [ 24.511561] The buggy address is located 0 bytes to the right of [ 24.511561] allocated 115-byte region [ffff8881058c1800, ffff8881058c1873) [ 24.512409] [ 24.512509] The buggy address belongs to the physical page: [ 24.512727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.513213] flags: 0x200000000000000(node=0|zone=2) [ 24.513510] page_type: f5(slab) [ 24.513718] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.514133] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.514439] page dumped because: kasan: bad access detected [ 24.514660] [ 24.514739] Memory state around the buggy address: [ 24.514937] ffff8881058c1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.515515] ffff8881058c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.515927] >ffff8881058c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.516301] ^ [ 24.516571] ffff8881058c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.517128] ffff8881058c1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.517499] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 24.470578] ================================================================== [ 24.470969] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 24.471257] Free of addr ffff8881058a8220 by task kunit_try_catch/242 [ 24.471515] [ 24.471603] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.471652] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.471665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.471686] Call Trace: [ 24.471711] <TASK> [ 24.471729] dump_stack_lvl+0x73/0xb0 [ 24.471760] print_report+0xd1/0x610 [ 24.471795] ? __virt_addr_valid+0x1db/0x2d0 [ 24.471824] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.471849] ? kfree_sensitive+0x2e/0x90 [ 24.471872] kasan_report_invalid_free+0x10a/0x130 [ 24.471895] ? kfree_sensitive+0x2e/0x90 [ 24.471920] ? kfree_sensitive+0x2e/0x90 [ 24.471985] check_slab_allocation+0x101/0x130 [ 24.472011] __kasan_slab_pre_free+0x28/0x40 [ 24.472031] kfree+0xf0/0x3f0 [ 24.472052] ? kfree_sensitive+0x2e/0x90 [ 24.472076] kfree_sensitive+0x2e/0x90 [ 24.472099] kmalloc_double_kzfree+0x19c/0x350 [ 24.472121] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.472144] ? __schedule+0x10cc/0x2b60 [ 24.472168] ? __pfx_read_tsc+0x10/0x10 [ 24.472188] ? ktime_get_ts64+0x86/0x230 [ 24.472213] kunit_try_run_case+0x1a5/0x480 [ 24.472235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.472254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.472277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.472300] ? __kthread_parkme+0x82/0x180 [ 24.472320] ? preempt_count_sub+0x50/0x80 [ 24.472343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.472364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.472388] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.472412] kthread+0x337/0x6f0 [ 24.472431] ? trace_preempt_on+0x20/0xc0 [ 24.472454] ? __pfx_kthread+0x10/0x10 [ 24.472474] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.472495] ? calculate_sigpending+0x7b/0xa0 [ 24.472519] ? __pfx_kthread+0x10/0x10 [ 24.472540] ret_from_fork+0x116/0x1d0 [ 24.472558] ? __pfx_kthread+0x10/0x10 [ 24.472578] ret_from_fork_asm+0x1a/0x30 [ 24.472607] </TASK> [ 24.472619] [ 24.480198] Allocated by task 242: [ 24.480379] kasan_save_stack+0x45/0x70 [ 24.480582] kasan_save_track+0x18/0x40 [ 24.480788] kasan_save_alloc_info+0x3b/0x50 [ 24.481113] __kasan_kmalloc+0xb7/0xc0 [ 24.481253] __kmalloc_cache_noprof+0x189/0x420 [ 24.481476] kmalloc_double_kzfree+0xa9/0x350 [ 24.481688] kunit_try_run_case+0x1a5/0x480 [ 24.482032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.482251] kthread+0x337/0x6f0 [ 24.482414] ret_from_fork+0x116/0x1d0 [ 24.482584] ret_from_fork_asm+0x1a/0x30 [ 24.482757] [ 24.482854] Freed by task 242: [ 24.483053] kasan_save_stack+0x45/0x70 [ 24.483241] kasan_save_track+0x18/0x40 [ 24.483390] kasan_save_free_info+0x3f/0x60 [ 24.483587] __kasan_slab_free+0x56/0x70 [ 24.483739] kfree+0x222/0x3f0 [ 24.484021] kfree_sensitive+0x67/0x90 [ 24.484191] kmalloc_double_kzfree+0x12b/0x350 [ 24.484370] kunit_try_run_case+0x1a5/0x480 [ 24.484528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.484773] kthread+0x337/0x6f0 [ 24.484980] ret_from_fork+0x116/0x1d0 [ 24.485111] ret_from_fork_asm+0x1a/0x30 [ 24.485243] [ 24.485306] The buggy address belongs to the object at ffff8881058a8220 [ 24.485306] which belongs to the cache kmalloc-16 of size 16 [ 24.485648] The buggy address is located 0 bytes inside of [ 24.485648] 16-byte region [ffff8881058a8220, ffff8881058a8230) [ 24.486046] [ 24.486138] The buggy address belongs to the physical page: [ 24.486385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 24.487024] flags: 0x200000000000000(node=0|zone=2) [ 24.487347] page_type: f5(slab) [ 24.487470] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.488308] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.488666] page dumped because: kasan: bad access detected [ 24.489416] [ 24.489522] Memory state around the buggy address: [ 24.490044] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.490328] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 24.490541] >ffff8881058a8200: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 24.490781] ^ [ 24.491107] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.491386] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.491660] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 24.436573] ================================================================== [ 24.437276] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 24.437519] Read of size 1 at addr ffff8881058a8220 by task kunit_try_catch/242 [ 24.439016] [ 24.439133] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.439191] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.439205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.439228] Call Trace: [ 24.439244] <TASK> [ 24.439266] dump_stack_lvl+0x73/0xb0 [ 24.439300] print_report+0xd1/0x610 [ 24.439322] ? __virt_addr_valid+0x1db/0x2d0 [ 24.439347] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.439369] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.439395] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.439417] kasan_report+0x141/0x180 [ 24.439438] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.439463] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.440114] __kasan_check_byte+0x3d/0x50 [ 24.440143] kfree_sensitive+0x22/0x90 [ 24.440173] kmalloc_double_kzfree+0x19c/0x350 [ 24.440196] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.440220] ? __schedule+0x10cc/0x2b60 [ 24.440244] ? __pfx_read_tsc+0x10/0x10 [ 24.440266] ? ktime_get_ts64+0x86/0x230 [ 24.440291] kunit_try_run_case+0x1a5/0x480 [ 24.440314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.440334] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.440359] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.440382] ? __kthread_parkme+0x82/0x180 [ 24.440404] ? preempt_count_sub+0x50/0x80 [ 24.440428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.440449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.440473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.440497] kthread+0x337/0x6f0 [ 24.440517] ? trace_preempt_on+0x20/0xc0 [ 24.440540] ? __pfx_kthread+0x10/0x10 [ 24.440560] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.440581] ? calculate_sigpending+0x7b/0xa0 [ 24.440605] ? __pfx_kthread+0x10/0x10 [ 24.440626] ret_from_fork+0x116/0x1d0 [ 24.440644] ? __pfx_kthread+0x10/0x10 [ 24.440664] ret_from_fork_asm+0x1a/0x30 [ 24.440711] </TASK> [ 24.440724] [ 24.455057] Allocated by task 242: [ 24.455292] kasan_save_stack+0x45/0x70 [ 24.455484] kasan_save_track+0x18/0x40 [ 24.455656] kasan_save_alloc_info+0x3b/0x50 [ 24.456172] __kasan_kmalloc+0xb7/0xc0 [ 24.456555] __kmalloc_cache_noprof+0x189/0x420 [ 24.456923] kmalloc_double_kzfree+0xa9/0x350 [ 24.457305] kunit_try_run_case+0x1a5/0x480 [ 24.457505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.457746] kthread+0x337/0x6f0 [ 24.458187] ret_from_fork+0x116/0x1d0 [ 24.458494] ret_from_fork_asm+0x1a/0x30 [ 24.458705] [ 24.459172] Freed by task 242: [ 24.459334] kasan_save_stack+0x45/0x70 [ 24.459514] kasan_save_track+0x18/0x40 [ 24.459682] kasan_save_free_info+0x3f/0x60 [ 24.460325] __kasan_slab_free+0x56/0x70 [ 24.460581] kfree+0x222/0x3f0 [ 24.460932] kfree_sensitive+0x67/0x90 [ 24.461263] kmalloc_double_kzfree+0x12b/0x350 [ 24.461460] kunit_try_run_case+0x1a5/0x480 [ 24.461647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.462180] kthread+0x337/0x6f0 [ 24.462506] ret_from_fork+0x116/0x1d0 [ 24.462679] ret_from_fork_asm+0x1a/0x30 [ 24.463223] [ 24.463325] The buggy address belongs to the object at ffff8881058a8220 [ 24.463325] which belongs to the cache kmalloc-16 of size 16 [ 24.464001] The buggy address is located 0 bytes inside of [ 24.464001] freed 16-byte region [ffff8881058a8220, ffff8881058a8230) [ 24.464663] [ 24.464774] The buggy address belongs to the physical page: [ 24.465160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 24.465751] flags: 0x200000000000000(node=0|zone=2) [ 24.466104] page_type: f5(slab) [ 24.466269] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.466570] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.467268] page dumped because: kasan: bad access detected [ 24.467577] [ 24.467668] Memory state around the buggy address: [ 24.468134] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.468604] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 24.469087] >ffff8881058a8200: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 24.469309] ^ [ 24.469453] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.469772] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.470029] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 24.396082] ================================================================== [ 24.396541] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 24.396821] Read of size 1 at addr ffff8881053b3ca8 by task kunit_try_catch/238 [ 24.397755] [ 24.398003] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.398075] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.398090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.398112] Call Trace: [ 24.398126] <TASK> [ 24.398146] dump_stack_lvl+0x73/0xb0 [ 24.398179] print_report+0xd1/0x610 [ 24.398201] ? __virt_addr_valid+0x1db/0x2d0 [ 24.398225] ? kmalloc_uaf2+0x4a8/0x520 [ 24.398244] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.398269] ? kmalloc_uaf2+0x4a8/0x520 [ 24.398288] kasan_report+0x141/0x180 [ 24.398309] ? kmalloc_uaf2+0x4a8/0x520 [ 24.398333] __asan_report_load1_noabort+0x18/0x20 [ 24.398356] kmalloc_uaf2+0x4a8/0x520 [ 24.398375] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 24.398394] ? finish_task_switch.isra.0+0x153/0x700 [ 24.398416] ? __switch_to+0x47/0xf80 [ 24.398441] ? __schedule+0x10cc/0x2b60 [ 24.398464] ? __pfx_read_tsc+0x10/0x10 [ 24.398485] ? ktime_get_ts64+0x86/0x230 [ 24.398510] kunit_try_run_case+0x1a5/0x480 [ 24.398539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398559] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.398581] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.398605] ? __kthread_parkme+0x82/0x180 [ 24.398625] ? preempt_count_sub+0x50/0x80 [ 24.398647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.398703] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.398728] kthread+0x337/0x6f0 [ 24.398798] ? trace_preempt_on+0x20/0xc0 [ 24.398823] ? __pfx_kthread+0x10/0x10 [ 24.398865] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.398887] ? calculate_sigpending+0x7b/0xa0 [ 24.398911] ? __pfx_kthread+0x10/0x10 [ 24.398932] ret_from_fork+0x116/0x1d0 [ 24.398963] ? __pfx_kthread+0x10/0x10 [ 24.398983] ret_from_fork_asm+0x1a/0x30 [ 24.399015] </TASK> [ 24.399027] [ 24.414717] Allocated by task 238: [ 24.415169] kasan_save_stack+0x45/0x70 [ 24.415569] kasan_save_track+0x18/0x40 [ 24.416045] kasan_save_alloc_info+0x3b/0x50 [ 24.416479] __kasan_kmalloc+0xb7/0xc0 [ 24.416898] __kmalloc_cache_noprof+0x189/0x420 [ 24.417414] kmalloc_uaf2+0xc6/0x520 [ 24.417806] kunit_try_run_case+0x1a5/0x480 [ 24.418271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.419019] kthread+0x337/0x6f0 [ 24.419373] ret_from_fork+0x116/0x1d0 [ 24.419750] ret_from_fork_asm+0x1a/0x30 [ 24.420228] [ 24.420417] Freed by task 238: [ 24.420680] kasan_save_stack+0x45/0x70 [ 24.420939] kasan_save_track+0x18/0x40 [ 24.421407] kasan_save_free_info+0x3f/0x60 [ 24.421556] __kasan_slab_free+0x56/0x70 [ 24.421684] kfree+0x222/0x3f0 [ 24.421827] kmalloc_uaf2+0x14c/0x520 [ 24.422300] kunit_try_run_case+0x1a5/0x480 [ 24.422729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.423411] kthread+0x337/0x6f0 [ 24.423743] ret_from_fork+0x116/0x1d0 [ 24.424334] ret_from_fork_asm+0x1a/0x30 [ 24.424593] [ 24.424661] The buggy address belongs to the object at ffff8881053b3c80 [ 24.424661] which belongs to the cache kmalloc-64 of size 64 [ 24.425682] The buggy address is located 40 bytes inside of [ 24.425682] freed 64-byte region [ffff8881053b3c80, ffff8881053b3cc0) [ 24.426455] [ 24.426534] The buggy address belongs to the physical page: [ 24.426715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b3 [ 24.426967] flags: 0x200000000000000(node=0|zone=2) [ 24.427395] page_type: f5(slab) [ 24.427551] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.427820] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.428321] page dumped because: kasan: bad access detected [ 24.428735] [ 24.428936] Memory state around the buggy address: [ 24.429251] ffff8881053b3b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.429544] ffff8881053b3c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.429843] >ffff8881053b3c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.430439] ^ [ 24.430675] ffff8881053b3d00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 24.431062] ffff8881053b3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.431379] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 24.362873] ================================================================== [ 24.363373] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 24.363662] Write of size 33 at addr ffff8881058cb580 by task kunit_try_catch/236 [ 24.364003] [ 24.364123] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.364243] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.364258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.364280] Call Trace: [ 24.364293] <TASK> [ 24.364312] dump_stack_lvl+0x73/0xb0 [ 24.364367] print_report+0xd1/0x610 [ 24.364402] ? __virt_addr_valid+0x1db/0x2d0 [ 24.364427] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.364446] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.364471] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.364492] kasan_report+0x141/0x180 [ 24.364513] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.364538] kasan_check_range+0x10c/0x1c0 [ 24.364561] __asan_memset+0x27/0x50 [ 24.364583] kmalloc_uaf_memset+0x1a3/0x360 [ 24.364604] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 24.364625] ? __schedule+0x10cc/0x2b60 [ 24.364649] ? __pfx_read_tsc+0x10/0x10 [ 24.364671] ? ktime_get_ts64+0x86/0x230 [ 24.364708] kunit_try_run_case+0x1a5/0x480 [ 24.364729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.364749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.364781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.364805] ? __kthread_parkme+0x82/0x180 [ 24.364825] ? preempt_count_sub+0x50/0x80 [ 24.364850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.364872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.364938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.364964] kthread+0x337/0x6f0 [ 24.364983] ? trace_preempt_on+0x20/0xc0 [ 24.365007] ? __pfx_kthread+0x10/0x10 [ 24.365027] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.365048] ? calculate_sigpending+0x7b/0xa0 [ 24.365072] ? __pfx_kthread+0x10/0x10 [ 24.365093] ret_from_fork+0x116/0x1d0 [ 24.365111] ? __pfx_kthread+0x10/0x10 [ 24.365132] ret_from_fork_asm+0x1a/0x30 [ 24.365162] </TASK> [ 24.365174] [ 24.375187] Allocated by task 236: [ 24.375446] kasan_save_stack+0x45/0x70 [ 24.375638] kasan_save_track+0x18/0x40 [ 24.376104] kasan_save_alloc_info+0x3b/0x50 [ 24.376297] __kasan_kmalloc+0xb7/0xc0 [ 24.376453] __kmalloc_cache_noprof+0x189/0x420 [ 24.377036] kmalloc_uaf_memset+0xa9/0x360 [ 24.377218] kunit_try_run_case+0x1a5/0x480 [ 24.377412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.377740] kthread+0x337/0x6f0 [ 24.378321] ret_from_fork+0x116/0x1d0 [ 24.378482] ret_from_fork_asm+0x1a/0x30 [ 24.378686] [ 24.378927] Freed by task 236: [ 24.379236] kasan_save_stack+0x45/0x70 [ 24.379410] kasan_save_track+0x18/0x40 [ 24.379580] kasan_save_free_info+0x3f/0x60 [ 24.379777] __kasan_slab_free+0x56/0x70 [ 24.379941] kfree+0x222/0x3f0 [ 24.380410] kmalloc_uaf_memset+0x12b/0x360 [ 24.380566] kunit_try_run_case+0x1a5/0x480 [ 24.380892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.381308] kthread+0x337/0x6f0 [ 24.381470] ret_from_fork+0x116/0x1d0 [ 24.381639] ret_from_fork_asm+0x1a/0x30 [ 24.381815] [ 24.382182] The buggy address belongs to the object at ffff8881058cb580 [ 24.382182] which belongs to the cache kmalloc-64 of size 64 [ 24.382643] The buggy address is located 0 bytes inside of [ 24.382643] freed 64-byte region [ffff8881058cb580, ffff8881058cb5c0) [ 24.383370] [ 24.383480] The buggy address belongs to the physical page: [ 24.383718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058cb [ 24.384380] flags: 0x200000000000000(node=0|zone=2) [ 24.384729] page_type: f5(slab) [ 24.385064] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.385548] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.386220] page dumped because: kasan: bad access detected [ 24.386577] [ 24.386649] Memory state around the buggy address: [ 24.386866] ffff8881058cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.387778] ffff8881058cb500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.388635] >ffff8881058cb580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.389136] ^ [ 24.389563] ffff8881058cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.390072] ffff8881058cb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.390475] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 24.330062] ================================================================== [ 24.330606] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 24.331396] Read of size 1 at addr ffff8881058a8208 by task kunit_try_catch/234 [ 24.331831] [ 24.332118] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.332184] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.332339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.332369] Call Trace: [ 24.332385] <TASK> [ 24.332409] dump_stack_lvl+0x73/0xb0 [ 24.332446] print_report+0xd1/0x610 [ 24.332470] ? __virt_addr_valid+0x1db/0x2d0 [ 24.332496] ? kmalloc_uaf+0x320/0x380 [ 24.332515] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.332540] ? kmalloc_uaf+0x320/0x380 [ 24.332560] kasan_report+0x141/0x180 [ 24.332581] ? kmalloc_uaf+0x320/0x380 [ 24.332605] __asan_report_load1_noabort+0x18/0x20 [ 24.332628] kmalloc_uaf+0x320/0x380 [ 24.332647] ? __pfx_kmalloc_uaf+0x10/0x10 [ 24.332667] ? __schedule+0x10cc/0x2b60 [ 24.332691] ? __pfx_read_tsc+0x10/0x10 [ 24.332729] ? ktime_get_ts64+0x86/0x230 [ 24.332757] kunit_try_run_case+0x1a5/0x480 [ 24.332797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.332819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.332842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.332866] ? __kthread_parkme+0x82/0x180 [ 24.332900] ? preempt_count_sub+0x50/0x80 [ 24.332924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.332944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.332970] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.332994] kthread+0x337/0x6f0 [ 24.333013] ? trace_preempt_on+0x20/0xc0 [ 24.333037] ? __pfx_kthread+0x10/0x10 [ 24.333061] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.333084] ? calculate_sigpending+0x7b/0xa0 [ 24.333110] ? __pfx_kthread+0x10/0x10 [ 24.333131] ret_from_fork+0x116/0x1d0 [ 24.333150] ? __pfx_kthread+0x10/0x10 [ 24.333170] ret_from_fork_asm+0x1a/0x30 [ 24.333204] </TASK> [ 24.333217] [ 24.344303] Allocated by task 234: [ 24.344688] kasan_save_stack+0x45/0x70 [ 24.345225] kasan_save_track+0x18/0x40 [ 24.345534] kasan_save_alloc_info+0x3b/0x50 [ 24.345857] __kasan_kmalloc+0xb7/0xc0 [ 24.346147] __kmalloc_cache_noprof+0x189/0x420 [ 24.346476] kmalloc_uaf+0xaa/0x380 [ 24.346729] kunit_try_run_case+0x1a5/0x480 [ 24.347159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.347499] kthread+0x337/0x6f0 [ 24.347659] ret_from_fork+0x116/0x1d0 [ 24.347829] ret_from_fork_asm+0x1a/0x30 [ 24.348375] [ 24.348466] Freed by task 234: [ 24.348597] kasan_save_stack+0x45/0x70 [ 24.349051] kasan_save_track+0x18/0x40 [ 24.349334] kasan_save_free_info+0x3f/0x60 [ 24.349648] __kasan_slab_free+0x56/0x70 [ 24.349860] kfree+0x222/0x3f0 [ 24.350411] kmalloc_uaf+0x12c/0x380 [ 24.350633] kunit_try_run_case+0x1a5/0x480 [ 24.350945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.351394] kthread+0x337/0x6f0 [ 24.351574] ret_from_fork+0x116/0x1d0 [ 24.351978] ret_from_fork_asm+0x1a/0x30 [ 24.352303] [ 24.352406] The buggy address belongs to the object at ffff8881058a8200 [ 24.352406] which belongs to the cache kmalloc-16 of size 16 [ 24.353179] The buggy address is located 8 bytes inside of [ 24.353179] freed 16-byte region [ffff8881058a8200, ffff8881058a8210) [ 24.353849] [ 24.353994] The buggy address belongs to the physical page: [ 24.354324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a8 [ 24.354679] flags: 0x200000000000000(node=0|zone=2) [ 24.355308] page_type: f5(slab) [ 24.355463] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.356150] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.356462] page dumped because: kasan: bad access detected [ 24.356868] [ 24.356967] Memory state around the buggy address: [ 24.357359] ffff8881058a8100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.357755] ffff8881058a8180: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc [ 24.358096] >ffff8881058a8200: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.358552] ^ [ 24.358754] ffff8881058a8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.359303] ffff8881058a8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.359588] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 24.305817] ================================================================== [ 24.306355] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.306765] Read of size 64 at addr ffff8881058cb504 by task kunit_try_catch/232 [ 24.307393] [ 24.307508] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.307565] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.307579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.307601] Call Trace: [ 24.307615] <TASK> [ 24.307636] dump_stack_lvl+0x73/0xb0 [ 24.307670] print_report+0xd1/0x610 [ 24.307705] ? __virt_addr_valid+0x1db/0x2d0 [ 24.307730] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.307754] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.307794] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.307821] kasan_report+0x141/0x180 [ 24.307843] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.307870] kasan_check_range+0x10c/0x1c0 [ 24.307937] __asan_memmove+0x27/0x70 [ 24.307962] kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.307986] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 24.308100] ? __schedule+0x10cc/0x2b60 [ 24.308125] ? __pfx_read_tsc+0x10/0x10 [ 24.308158] ? ktime_get_ts64+0x86/0x230 [ 24.308184] kunit_try_run_case+0x1a5/0x480 [ 24.308219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.308239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.308262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.308286] ? __kthread_parkme+0x82/0x180 [ 24.308306] ? preempt_count_sub+0x50/0x80 [ 24.308330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.308351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.308375] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.308399] kthread+0x337/0x6f0 [ 24.308419] ? trace_preempt_on+0x20/0xc0 [ 24.308442] ? __pfx_kthread+0x10/0x10 [ 24.308463] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.308485] ? calculate_sigpending+0x7b/0xa0 [ 24.308509] ? __pfx_kthread+0x10/0x10 [ 24.308530] ret_from_fork+0x116/0x1d0 [ 24.308548] ? __pfx_kthread+0x10/0x10 [ 24.308569] ret_from_fork_asm+0x1a/0x30 [ 24.308600] </TASK> [ 24.308612] [ 24.316284] Allocated by task 232: [ 24.316525] kasan_save_stack+0x45/0x70 [ 24.316782] kasan_save_track+0x18/0x40 [ 24.317421] kasan_save_alloc_info+0x3b/0x50 [ 24.317650] __kasan_kmalloc+0xb7/0xc0 [ 24.318012] __kmalloc_cache_noprof+0x189/0x420 [ 24.318187] kmalloc_memmove_invalid_size+0xac/0x330 [ 24.318346] kunit_try_run_case+0x1a5/0x480 [ 24.318546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.318857] kthread+0x337/0x6f0 [ 24.319058] ret_from_fork+0x116/0x1d0 [ 24.319188] ret_from_fork_asm+0x1a/0x30 [ 24.319322] [ 24.319390] The buggy address belongs to the object at ffff8881058cb500 [ 24.319390] which belongs to the cache kmalloc-64 of size 64 [ 24.320127] The buggy address is located 4 bytes inside of [ 24.320127] allocated 64-byte region [ffff8881058cb500, ffff8881058cb540) [ 24.320640] [ 24.320720] The buggy address belongs to the physical page: [ 24.321138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058cb [ 24.321425] flags: 0x200000000000000(node=0|zone=2) [ 24.321609] page_type: f5(slab) [ 24.321793] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.322384] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.322724] page dumped because: kasan: bad access detected [ 24.323045] [ 24.323151] Memory state around the buggy address: [ 24.323374] ffff8881058cb400: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.323677] ffff8881058cb480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.324064] >ffff8881058cb500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.324331] ^ [ 24.324494] ffff8881058cb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.324787] ffff8881058cb600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.325095] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 24.282189] ================================================================== [ 24.282682] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 24.283145] Read of size 18446744073709551614 at addr ffff8881058cb384 by task kunit_try_catch/230 [ 24.283629] [ 24.283759] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.283827] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.283841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.283874] Call Trace: [ 24.283888] <TASK> [ 24.283908] dump_stack_lvl+0x73/0xb0 [ 24.283940] print_report+0xd1/0x610 [ 24.283963] ? __virt_addr_valid+0x1db/0x2d0 [ 24.283987] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.284052] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.284080] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.284153] kasan_report+0x141/0x180 [ 24.284179] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.284208] kasan_check_range+0x10c/0x1c0 [ 24.284231] __asan_memmove+0x27/0x70 [ 24.284254] kmalloc_memmove_negative_size+0x171/0x330 [ 24.284289] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 24.284315] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 24.284354] kunit_try_run_case+0x1a5/0x480 [ 24.284378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.284398] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.284423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.284455] ? __kthread_parkme+0x82/0x180 [ 24.284476] ? preempt_count_sub+0x50/0x80 [ 24.284500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.284531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.284556] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.284580] kthread+0x337/0x6f0 [ 24.284600] ? trace_preempt_on+0x20/0xc0 [ 24.284624] ? __pfx_kthread+0x10/0x10 [ 24.284644] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.284665] ? calculate_sigpending+0x7b/0xa0 [ 24.284689] ? __pfx_kthread+0x10/0x10 [ 24.284721] ret_from_fork+0x116/0x1d0 [ 24.284741] ? __pfx_kthread+0x10/0x10 [ 24.284762] ret_from_fork_asm+0x1a/0x30 [ 24.284803] </TASK> [ 24.284815] [ 24.292568] Allocated by task 230: [ 24.292788] kasan_save_stack+0x45/0x70 [ 24.292960] kasan_save_track+0x18/0x40 [ 24.293158] kasan_save_alloc_info+0x3b/0x50 [ 24.293568] __kasan_kmalloc+0xb7/0xc0 [ 24.293800] __kmalloc_cache_noprof+0x189/0x420 [ 24.294026] kmalloc_memmove_negative_size+0xac/0x330 [ 24.294345] kunit_try_run_case+0x1a5/0x480 [ 24.294576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.294837] kthread+0x337/0x6f0 [ 24.295057] ret_from_fork+0x116/0x1d0 [ 24.295190] ret_from_fork_asm+0x1a/0x30 [ 24.295323] [ 24.295390] The buggy address belongs to the object at ffff8881058cb380 [ 24.295390] which belongs to the cache kmalloc-64 of size 64 [ 24.295948] The buggy address is located 4 bytes inside of [ 24.295948] 64-byte region [ffff8881058cb380, ffff8881058cb3c0) [ 24.296526] [ 24.296594] The buggy address belongs to the physical page: [ 24.296770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058cb [ 24.297330] flags: 0x200000000000000(node=0|zone=2) [ 24.297600] page_type: f5(slab) [ 24.297773] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.298202] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.298490] page dumped because: kasan: bad access detected [ 24.298767] [ 24.298842] Memory state around the buggy address: [ 24.299179] ffff8881058cb280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.299459] ffff8881058cb300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.299754] >ffff8881058cb380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.300268] ^ [ 24.300452] ffff8881058cb400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.300790] ffff8881058cb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.301154] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 24.258780] ================================================================== [ 24.259274] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 24.259850] Write of size 16 at addr ffff8881058c1769 by task kunit_try_catch/228 [ 24.260219] [ 24.260344] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.260399] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.260423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.260446] Call Trace: [ 24.260459] <TASK> [ 24.260479] dump_stack_lvl+0x73/0xb0 [ 24.260514] print_report+0xd1/0x610 [ 24.260538] ? __virt_addr_valid+0x1db/0x2d0 [ 24.260573] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.260596] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.260621] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.260653] kasan_report+0x141/0x180 [ 24.260675] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.260711] kasan_check_range+0x10c/0x1c0 [ 24.260735] __asan_memset+0x27/0x50 [ 24.260758] kmalloc_oob_memset_16+0x166/0x330 [ 24.260790] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 24.260812] ? __schedule+0x10cc/0x2b60 [ 24.260846] ? __pfx_read_tsc+0x10/0x10 [ 24.260869] ? ktime_get_ts64+0x86/0x230 [ 24.260905] kunit_try_run_case+0x1a5/0x480 [ 24.260940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.260960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.260983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.261006] ? __kthread_parkme+0x82/0x180 [ 24.261027] ? preempt_count_sub+0x50/0x80 [ 24.261050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.261071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.261142] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.261182] kthread+0x337/0x6f0 [ 24.261204] ? trace_preempt_on+0x20/0xc0 [ 24.261228] ? __pfx_kthread+0x10/0x10 [ 24.261249] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.261271] ? calculate_sigpending+0x7b/0xa0 [ 24.261295] ? __pfx_kthread+0x10/0x10 [ 24.261317] ret_from_fork+0x116/0x1d0 [ 24.261336] ? __pfx_kthread+0x10/0x10 [ 24.261356] ret_from_fork_asm+0x1a/0x30 [ 24.261387] </TASK> [ 24.261400] [ 24.269300] Allocated by task 228: [ 24.269477] kasan_save_stack+0x45/0x70 [ 24.269680] kasan_save_track+0x18/0x40 [ 24.269963] kasan_save_alloc_info+0x3b/0x50 [ 24.270113] __kasan_kmalloc+0xb7/0xc0 [ 24.270237] __kmalloc_cache_noprof+0x189/0x420 [ 24.270445] kmalloc_oob_memset_16+0xac/0x330 [ 24.270711] kunit_try_run_case+0x1a5/0x480 [ 24.270996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.271166] kthread+0x337/0x6f0 [ 24.271450] ret_from_fork+0x116/0x1d0 [ 24.271849] ret_from_fork_asm+0x1a/0x30 [ 24.272312] [ 24.272390] The buggy address belongs to the object at ffff8881058c1700 [ 24.272390] which belongs to the cache kmalloc-128 of size 128 [ 24.272769] The buggy address is located 105 bytes inside of [ 24.272769] allocated 120-byte region [ffff8881058c1700, ffff8881058c1778) [ 24.273293] [ 24.273405] The buggy address belongs to the physical page: [ 24.273573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.273820] flags: 0x200000000000000(node=0|zone=2) [ 24.274096] page_type: f5(slab) [ 24.274272] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.274644] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.275085] page dumped because: kasan: bad access detected [ 24.275373] [ 24.275471] Memory state around the buggy address: [ 24.275691] ffff8881058c1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.276157] ffff8881058c1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.276375] >ffff8881058c1700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.276678] ^ [ 24.277193] ffff8881058c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.277493] ffff8881058c1800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.277713] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 24.232680] ================================================================== [ 24.233577] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 24.233940] Write of size 8 at addr ffff8881058c1671 by task kunit_try_catch/226 [ 24.234333] [ 24.234474] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.234530] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.234543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.234566] Call Trace: [ 24.234581] <TASK> [ 24.234602] dump_stack_lvl+0x73/0xb0 [ 24.234636] print_report+0xd1/0x610 [ 24.234668] ? __virt_addr_valid+0x1db/0x2d0 [ 24.234712] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.234733] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.234759] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.234780] kasan_report+0x141/0x180 [ 24.234812] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.234837] kasan_check_range+0x10c/0x1c0 [ 24.234859] __asan_memset+0x27/0x50 [ 24.234882] kmalloc_oob_memset_8+0x166/0x330 [ 24.234955] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 24.234977] ? __schedule+0x10cc/0x2b60 [ 24.235002] ? __pfx_read_tsc+0x10/0x10 [ 24.235043] ? ktime_get_ts64+0x86/0x230 [ 24.235069] kunit_try_run_case+0x1a5/0x480 [ 24.235093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.235121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.235144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.235167] ? __kthread_parkme+0x82/0x180 [ 24.235199] ? preempt_count_sub+0x50/0x80 [ 24.235223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.235245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.235269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.235293] kthread+0x337/0x6f0 [ 24.235312] ? trace_preempt_on+0x20/0xc0 [ 24.235336] ? __pfx_kthread+0x10/0x10 [ 24.235356] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.235378] ? calculate_sigpending+0x7b/0xa0 [ 24.235402] ? __pfx_kthread+0x10/0x10 [ 24.235422] ret_from_fork+0x116/0x1d0 [ 24.235441] ? __pfx_kthread+0x10/0x10 [ 24.235461] ret_from_fork_asm+0x1a/0x30 [ 24.235493] </TASK> [ 24.235505] [ 24.242876] Allocated by task 226: [ 24.243105] kasan_save_stack+0x45/0x70 [ 24.243247] kasan_save_track+0x18/0x40 [ 24.243372] kasan_save_alloc_info+0x3b/0x50 [ 24.243552] __kasan_kmalloc+0xb7/0xc0 [ 24.243755] __kmalloc_cache_noprof+0x189/0x420 [ 24.243976] kmalloc_oob_memset_8+0xac/0x330 [ 24.244171] kunit_try_run_case+0x1a5/0x480 [ 24.244366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.244528] kthread+0x337/0x6f0 [ 24.244640] ret_from_fork+0x116/0x1d0 [ 24.244849] ret_from_fork_asm+0x1a/0x30 [ 24.245021] [ 24.245106] The buggy address belongs to the object at ffff8881058c1600 [ 24.245106] which belongs to the cache kmalloc-128 of size 128 [ 24.245576] The buggy address is located 113 bytes inside of [ 24.245576] allocated 120-byte region [ffff8881058c1600, ffff8881058c1678) [ 24.247484] [ 24.247610] The buggy address belongs to the physical page: [ 24.248140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.248639] flags: 0x200000000000000(node=0|zone=2) [ 24.249200] page_type: f5(slab) [ 24.249457] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.250221] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.250544] page dumped because: kasan: bad access detected [ 24.251033] [ 24.251136] Memory state around the buggy address: [ 24.251559] ffff8881058c1500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.252232] ffff8881058c1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.252817] >ffff8881058c1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.253314] ^ [ 24.253955] ffff8881058c1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.254484] ffff8881058c1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.255212] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 24.209071] ================================================================== [ 24.209912] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 24.210624] Write of size 4 at addr ffff88810456ad75 by task kunit_try_catch/224 [ 24.211073] [ 24.211170] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.211222] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.211236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.211257] Call Trace: [ 24.211271] <TASK> [ 24.211290] dump_stack_lvl+0x73/0xb0 [ 24.211323] print_report+0xd1/0x610 [ 24.211358] ? __virt_addr_valid+0x1db/0x2d0 [ 24.211383] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.211416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.211442] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.211463] kasan_report+0x141/0x180 [ 24.211484] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.211510] kasan_check_range+0x10c/0x1c0 [ 24.211532] __asan_memset+0x27/0x50 [ 24.211555] kmalloc_oob_memset_4+0x166/0x330 [ 24.211576] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 24.211598] ? __schedule+0x10cc/0x2b60 [ 24.211622] ? __pfx_read_tsc+0x10/0x10 [ 24.211643] ? ktime_get_ts64+0x86/0x230 [ 24.211669] kunit_try_run_case+0x1a5/0x480 [ 24.211691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.211720] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.211743] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.211767] ? __kthread_parkme+0x82/0x180 [ 24.211801] ? preempt_count_sub+0x50/0x80 [ 24.211829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.211850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.211874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.211951] kthread+0x337/0x6f0 [ 24.211972] ? trace_preempt_on+0x20/0xc0 [ 24.211995] ? __pfx_kthread+0x10/0x10 [ 24.212016] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.212038] ? calculate_sigpending+0x7b/0xa0 [ 24.212062] ? __pfx_kthread+0x10/0x10 [ 24.212083] ret_from_fork+0x116/0x1d0 [ 24.212101] ? __pfx_kthread+0x10/0x10 [ 24.212122] ret_from_fork_asm+0x1a/0x30 [ 24.212153] </TASK> [ 24.212164] [ 24.220192] Allocated by task 224: [ 24.220377] kasan_save_stack+0x45/0x70 [ 24.220520] kasan_save_track+0x18/0x40 [ 24.220729] kasan_save_alloc_info+0x3b/0x50 [ 24.221180] __kasan_kmalloc+0xb7/0xc0 [ 24.221387] __kmalloc_cache_noprof+0x189/0x420 [ 24.221576] kmalloc_oob_memset_4+0xac/0x330 [ 24.221773] kunit_try_run_case+0x1a5/0x480 [ 24.221908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.222258] kthread+0x337/0x6f0 [ 24.222451] ret_from_fork+0x116/0x1d0 [ 24.222650] ret_from_fork_asm+0x1a/0x30 [ 24.222826] [ 24.222893] The buggy address belongs to the object at ffff88810456ad00 [ 24.222893] which belongs to the cache kmalloc-128 of size 128 [ 24.223291] The buggy address is located 117 bytes inside of [ 24.223291] allocated 120-byte region [ffff88810456ad00, ffff88810456ad78) [ 24.223846] [ 24.224028] The buggy address belongs to the physical page: [ 24.224208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10456a [ 24.224443] flags: 0x200000000000000(node=0|zone=2) [ 24.224672] page_type: f5(slab) [ 24.224963] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.225309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.225803] page dumped because: kasan: bad access detected [ 24.226186] [ 24.226283] Memory state around the buggy address: [ 24.226497] ffff88810456ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.226845] ffff88810456ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.227228] >ffff88810456ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.227494] ^ [ 24.227715] ffff88810456ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.228317] ffff88810456ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.228875] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 24.186655] ================================================================== [ 24.187471] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 24.187840] Write of size 2 at addr ffff8881058c1577 by task kunit_try_catch/222 [ 24.188363] [ 24.188464] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.188580] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.188594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.188615] Call Trace: [ 24.188628] <TASK> [ 24.188648] dump_stack_lvl+0x73/0xb0 [ 24.188688] print_report+0xd1/0x610 [ 24.188735] ? __virt_addr_valid+0x1db/0x2d0 [ 24.188760] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.188790] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.188815] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.188836] kasan_report+0x141/0x180 [ 24.188857] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.188927] kasan_check_range+0x10c/0x1c0 [ 24.188953] __asan_memset+0x27/0x50 [ 24.188976] kmalloc_oob_memset_2+0x166/0x330 [ 24.188996] ? __kasan_check_write+0x18/0x20 [ 24.189019] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 24.189054] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.189080] ? __pfx_read_tsc+0x10/0x10 [ 24.189101] ? ktime_get_ts64+0x86/0x230 [ 24.189137] kunit_try_run_case+0x1a5/0x480 [ 24.189159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.189179] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.189201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.189224] ? __kthread_parkme+0x82/0x180 [ 24.189245] ? preempt_count_sub+0x50/0x80 [ 24.189268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.189289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.189313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.189337] kthread+0x337/0x6f0 [ 24.189356] ? trace_preempt_on+0x20/0xc0 [ 24.189379] ? __pfx_kthread+0x10/0x10 [ 24.189399] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.189421] ? calculate_sigpending+0x7b/0xa0 [ 24.189445] ? __pfx_kthread+0x10/0x10 [ 24.189466] ret_from_fork+0x116/0x1d0 [ 24.189485] ? __pfx_kthread+0x10/0x10 [ 24.189505] ret_from_fork_asm+0x1a/0x30 [ 24.189535] </TASK> [ 24.189546] [ 24.197260] Allocated by task 222: [ 24.197437] kasan_save_stack+0x45/0x70 [ 24.197862] kasan_save_track+0x18/0x40 [ 24.198099] kasan_save_alloc_info+0x3b/0x50 [ 24.198244] __kasan_kmalloc+0xb7/0xc0 [ 24.198409] __kmalloc_cache_noprof+0x189/0x420 [ 24.198641] kmalloc_oob_memset_2+0xac/0x330 [ 24.198992] kunit_try_run_case+0x1a5/0x480 [ 24.199164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.199408] kthread+0x337/0x6f0 [ 24.199573] ret_from_fork+0x116/0x1d0 [ 24.199740] ret_from_fork_asm+0x1a/0x30 [ 24.200088] [ 24.200181] The buggy address belongs to the object at ffff8881058c1500 [ 24.200181] which belongs to the cache kmalloc-128 of size 128 [ 24.200635] The buggy address is located 119 bytes inside of [ 24.200635] allocated 120-byte region [ffff8881058c1500, ffff8881058c1578) [ 24.201253] [ 24.201342] The buggy address belongs to the physical page: [ 24.201556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.201905] flags: 0x200000000000000(node=0|zone=2) [ 24.202062] page_type: f5(slab) [ 24.202177] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.202399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.202912] page dumped because: kasan: bad access detected [ 24.203360] [ 24.203458] Memory state around the buggy address: [ 24.203679] ffff8881058c1400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.204073] ffff8881058c1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.204308] >ffff8881058c1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.204609] ^ [ 24.205042] ffff8881058c1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.205254] ffff8881058c1600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.205460] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 24.153801] ================================================================== [ 24.154275] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 24.154986] Write of size 128 at addr ffff8881058c1400 by task kunit_try_catch/220 [ 24.155719] [ 24.155966] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.156020] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.156033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.156055] Call Trace: [ 24.156068] <TASK> [ 24.156088] dump_stack_lvl+0x73/0xb0 [ 24.156120] print_report+0xd1/0x610 [ 24.156142] ? __virt_addr_valid+0x1db/0x2d0 [ 24.156166] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.156187] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.156212] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.156233] kasan_report+0x141/0x180 [ 24.156254] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.156279] kasan_check_range+0x10c/0x1c0 [ 24.156302] __asan_memset+0x27/0x50 [ 24.156324] kmalloc_oob_in_memset+0x15f/0x320 [ 24.156345] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.156366] ? __schedule+0x10cc/0x2b60 [ 24.156390] ? __pfx_read_tsc+0x10/0x10 [ 24.156411] ? ktime_get_ts64+0x86/0x230 [ 24.156436] kunit_try_run_case+0x1a5/0x480 [ 24.156458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.156477] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.156500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.156522] ? __kthread_parkme+0x82/0x180 [ 24.156543] ? preempt_count_sub+0x50/0x80 [ 24.156566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.156587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.156610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.156634] kthread+0x337/0x6f0 [ 24.156653] ? trace_preempt_on+0x20/0xc0 [ 24.156677] ? __pfx_kthread+0x10/0x10 [ 24.156709] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.156750] ? calculate_sigpending+0x7b/0xa0 [ 24.156774] ? __pfx_kthread+0x10/0x10 [ 24.156801] ret_from_fork+0x116/0x1d0 [ 24.156819] ? __pfx_kthread+0x10/0x10 [ 24.156839] ret_from_fork_asm+0x1a/0x30 [ 24.156870] </TASK> [ 24.156889] [ 24.170227] Allocated by task 220: [ 24.170364] kasan_save_stack+0x45/0x70 [ 24.170506] kasan_save_track+0x18/0x40 [ 24.170632] kasan_save_alloc_info+0x3b/0x50 [ 24.170827] __kasan_kmalloc+0xb7/0xc0 [ 24.170955] __kmalloc_cache_noprof+0x189/0x420 [ 24.171104] kmalloc_oob_in_memset+0xac/0x320 [ 24.171524] kunit_try_run_case+0x1a5/0x480 [ 24.171953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.172502] kthread+0x337/0x6f0 [ 24.172917] ret_from_fork+0x116/0x1d0 [ 24.173207] ret_from_fork_asm+0x1a/0x30 [ 24.173343] [ 24.173411] The buggy address belongs to the object at ffff8881058c1400 [ 24.173411] which belongs to the cache kmalloc-128 of size 128 [ 24.173784] The buggy address is located 0 bytes inside of [ 24.173784] allocated 120-byte region [ffff8881058c1400, ffff8881058c1478) [ 24.174291] [ 24.174385] The buggy address belongs to the physical page: [ 24.174571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.175045] flags: 0x200000000000000(node=0|zone=2) [ 24.175443] page_type: f5(slab) [ 24.175633] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.176610] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.177065] page dumped because: kasan: bad access detected [ 24.177312] [ 24.177376] Memory state around the buggy address: [ 24.177520] ffff8881058c1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177735] ffff8881058c1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177938] >ffff8881058c1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.178137] ^ [ 24.178336] ffff8881058c1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178535] ffff8881058c1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178848] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 24.118645] ================================================================== [ 24.119741] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 24.120131] Read of size 16 at addr ffff88810484f4e0 by task kunit_try_catch/218 [ 24.120843] [ 24.120936] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.120987] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.120999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.121020] Call Trace: [ 24.121033] <TASK> [ 24.121051] dump_stack_lvl+0x73/0xb0 [ 24.121080] print_report+0xd1/0x610 [ 24.121101] ? __virt_addr_valid+0x1db/0x2d0 [ 24.121125] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.121144] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.121168] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.121188] kasan_report+0x141/0x180 [ 24.121209] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.121233] __asan_report_load16_noabort+0x18/0x20 [ 24.121256] kmalloc_uaf_16+0x47b/0x4c0 [ 24.121276] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 24.121297] ? __schedule+0x10cc/0x2b60 [ 24.121320] ? __pfx_read_tsc+0x10/0x10 [ 24.121340] ? ktime_get_ts64+0x86/0x230 [ 24.121365] kunit_try_run_case+0x1a5/0x480 [ 24.121386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.121406] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.121429] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.121452] ? __kthread_parkme+0x82/0x180 [ 24.121472] ? preempt_count_sub+0x50/0x80 [ 24.121495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.121516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.121540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.121564] kthread+0x337/0x6f0 [ 24.121584] ? trace_preempt_on+0x20/0xc0 [ 24.121606] ? __pfx_kthread+0x10/0x10 [ 24.121626] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.121647] ? calculate_sigpending+0x7b/0xa0 [ 24.121671] ? __pfx_kthread+0x10/0x10 [ 24.121701] ret_from_fork+0x116/0x1d0 [ 24.121720] ? __pfx_kthread+0x10/0x10 [ 24.121739] ret_from_fork_asm+0x1a/0x30 [ 24.121770] </TASK> [ 24.121780] [ 24.135864] Allocated by task 218: [ 24.136239] kasan_save_stack+0x45/0x70 [ 24.136607] kasan_save_track+0x18/0x40 [ 24.136984] kasan_save_alloc_info+0x3b/0x50 [ 24.137418] __kasan_kmalloc+0xb7/0xc0 [ 24.137810] __kmalloc_cache_noprof+0x189/0x420 [ 24.138333] kmalloc_uaf_16+0x15b/0x4c0 [ 24.138720] kunit_try_run_case+0x1a5/0x480 [ 24.139096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.139315] kthread+0x337/0x6f0 [ 24.139611] ret_from_fork+0x116/0x1d0 [ 24.139975] ret_from_fork_asm+0x1a/0x30 [ 24.140532] [ 24.140703] Freed by task 218: [ 24.140823] kasan_save_stack+0x45/0x70 [ 24.140974] kasan_save_track+0x18/0x40 [ 24.141100] kasan_save_free_info+0x3f/0x60 [ 24.141237] __kasan_slab_free+0x56/0x70 [ 24.141365] kfree+0x222/0x3f0 [ 24.141923] kmalloc_uaf_16+0x1d6/0x4c0 [ 24.142447] kunit_try_run_case+0x1a5/0x480 [ 24.142933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.143216] kthread+0x337/0x6f0 [ 24.143335] ret_from_fork+0x116/0x1d0 [ 24.143461] ret_from_fork_asm+0x1a/0x30 [ 24.143591] [ 24.143656] The buggy address belongs to the object at ffff88810484f4e0 [ 24.143656] which belongs to the cache kmalloc-16 of size 16 [ 24.144116] The buggy address is located 0 bytes inside of [ 24.144116] freed 16-byte region [ffff88810484f4e0, ffff88810484f4f0) [ 24.144625] [ 24.144739] The buggy address belongs to the physical page: [ 24.145201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10484f [ 24.145608] flags: 0x200000000000000(node=0|zone=2) [ 24.145880] page_type: f5(slab) [ 24.146072] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.146387] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.146679] page dumped because: kasan: bad access detected [ 24.147060] [ 24.147157] Memory state around the buggy address: [ 24.147333] ffff88810484f380: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 24.147593] ffff88810484f400: fa fb fc fc fa fb fc fc fa fb fc fc 00 06 fc fc [ 24.148284] >ffff88810484f480: 00 06 fc fc 00 06 fc fc 00 00 fc fc fa fb fc fc [ 24.148929] ^ [ 24.149486] ffff88810484f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.150027] ffff88810484f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.150521] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 24.097203] ================================================================== [ 24.097644] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 24.098200] Write of size 16 at addr ffff88810484f2e0 by task kunit_try_catch/216 [ 24.098536] [ 24.098623] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.098772] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.098813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.098834] Call Trace: [ 24.098848] <TASK> [ 24.098869] dump_stack_lvl+0x73/0xb0 [ 24.098948] print_report+0xd1/0x610 [ 24.098973] ? __virt_addr_valid+0x1db/0x2d0 [ 24.099021] ? kmalloc_oob_16+0x452/0x4a0 [ 24.099042] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.099067] ? kmalloc_oob_16+0x452/0x4a0 [ 24.099088] kasan_report+0x141/0x180 [ 24.099109] ? kmalloc_oob_16+0x452/0x4a0 [ 24.099133] __asan_report_store16_noabort+0x1b/0x30 [ 24.099157] kmalloc_oob_16+0x452/0x4a0 [ 24.099177] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 24.099198] ? __schedule+0x10cc/0x2b60 [ 24.099221] ? __pfx_read_tsc+0x10/0x10 [ 24.099243] ? ktime_get_ts64+0x86/0x230 [ 24.099269] kunit_try_run_case+0x1a5/0x480 [ 24.099292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.099311] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.099335] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.099358] ? __kthread_parkme+0x82/0x180 [ 24.099399] ? preempt_count_sub+0x50/0x80 [ 24.099422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.099443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.099468] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.099492] kthread+0x337/0x6f0 [ 24.099512] ? trace_preempt_on+0x20/0xc0 [ 24.099535] ? __pfx_kthread+0x10/0x10 [ 24.099574] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.099596] ? calculate_sigpending+0x7b/0xa0 [ 24.099620] ? __pfx_kthread+0x10/0x10 [ 24.099641] ret_from_fork+0x116/0x1d0 [ 24.099659] ? __pfx_kthread+0x10/0x10 [ 24.099679] ret_from_fork_asm+0x1a/0x30 [ 24.099722] </TASK> [ 24.099734] [ 24.107129] Allocated by task 216: [ 24.107255] kasan_save_stack+0x45/0x70 [ 24.107400] kasan_save_track+0x18/0x40 [ 24.107623] kasan_save_alloc_info+0x3b/0x50 [ 24.107841] __kasan_kmalloc+0xb7/0xc0 [ 24.108022] __kmalloc_cache_noprof+0x189/0x420 [ 24.108389] kmalloc_oob_16+0xa8/0x4a0 [ 24.108530] kunit_try_run_case+0x1a5/0x480 [ 24.108760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.109202] kthread+0x337/0x6f0 [ 24.109392] ret_from_fork+0x116/0x1d0 [ 24.109528] ret_from_fork_asm+0x1a/0x30 [ 24.109752] [ 24.109957] The buggy address belongs to the object at ffff88810484f2e0 [ 24.109957] which belongs to the cache kmalloc-16 of size 16 [ 24.110457] The buggy address is located 0 bytes inside of [ 24.110457] allocated 13-byte region [ffff88810484f2e0, ffff88810484f2ed) [ 24.111023] [ 24.111142] The buggy address belongs to the physical page: [ 24.111341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10484f [ 24.111568] flags: 0x200000000000000(node=0|zone=2) [ 24.111751] page_type: f5(slab) [ 24.112132] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.112478] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.112923] page dumped because: kasan: bad access detected [ 24.113091] [ 24.113152] Memory state around the buggy address: [ 24.113349] ffff88810484f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.113682] ffff88810484f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.113920] >ffff88810484f280: fa fb fc fc fa fb fc fc 00 00 fc fc 00 05 fc fc [ 24.114116] ^ [ 24.114493] ffff88810484f300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.114815] ffff88810484f380: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 24.115238] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 24.043680] ================================================================== [ 24.044140] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 24.044364] Read of size 1 at addr ffff888104e2ca00 by task kunit_try_catch/214 [ 24.044578] [ 24.044662] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.044727] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.044741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.044763] Call Trace: [ 24.044776] <TASK> [ 24.044794] dump_stack_lvl+0x73/0xb0 [ 24.044825] print_report+0xd1/0x610 [ 24.044847] ? __virt_addr_valid+0x1db/0x2d0 [ 24.044872] ? krealloc_uaf+0x1b8/0x5e0 [ 24.044892] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.044917] ? krealloc_uaf+0x1b8/0x5e0 [ 24.044937] kasan_report+0x141/0x180 [ 24.044958] ? krealloc_uaf+0x1b8/0x5e0 [ 24.044982] ? krealloc_uaf+0x1b8/0x5e0 [ 24.045056] __kasan_check_byte+0x3d/0x50 [ 24.045079] krealloc_noprof+0x3f/0x340 [ 24.045108] krealloc_uaf+0x1b8/0x5e0 [ 24.045128] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.045148] ? finish_task_switch.isra.0+0x153/0x700 [ 24.045171] ? __switch_to+0x47/0xf80 [ 24.045197] ? __schedule+0x10cc/0x2b60 [ 24.045220] ? __pfx_read_tsc+0x10/0x10 [ 24.045241] ? ktime_get_ts64+0x86/0x230 [ 24.045267] kunit_try_run_case+0x1a5/0x480 [ 24.045291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.045310] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.045333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.045356] ? __kthread_parkme+0x82/0x180 [ 24.045376] ? preempt_count_sub+0x50/0x80 [ 24.045398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.045419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.045443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.045467] kthread+0x337/0x6f0 [ 24.045486] ? trace_preempt_on+0x20/0xc0 [ 24.045510] ? __pfx_kthread+0x10/0x10 [ 24.045530] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.045552] ? calculate_sigpending+0x7b/0xa0 [ 24.045578] ? __pfx_kthread+0x10/0x10 [ 24.045599] ret_from_fork+0x116/0x1d0 [ 24.045637] ? __pfx_kthread+0x10/0x10 [ 24.045657] ret_from_fork_asm+0x1a/0x30 [ 24.045688] </TASK> [ 24.045709] [ 24.054483] Allocated by task 214: [ 24.054615] kasan_save_stack+0x45/0x70 [ 24.054769] kasan_save_track+0x18/0x40 [ 24.054920] kasan_save_alloc_info+0x3b/0x50 [ 24.055213] __kasan_kmalloc+0xb7/0xc0 [ 24.055400] __kmalloc_cache_noprof+0x189/0x420 [ 24.055645] krealloc_uaf+0xbb/0x5e0 [ 24.055978] kunit_try_run_case+0x1a5/0x480 [ 24.056187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.056436] kthread+0x337/0x6f0 [ 24.056597] ret_from_fork+0x116/0x1d0 [ 24.056843] ret_from_fork_asm+0x1a/0x30 [ 24.057106] [ 24.057202] Freed by task 214: [ 24.057370] kasan_save_stack+0x45/0x70 [ 24.057524] kasan_save_track+0x18/0x40 [ 24.057651] kasan_save_free_info+0x3f/0x60 [ 24.058058] __kasan_slab_free+0x56/0x70 [ 24.058274] kfree+0x222/0x3f0 [ 24.058435] krealloc_uaf+0x13d/0x5e0 [ 24.058612] kunit_try_run_case+0x1a5/0x480 [ 24.059042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.059236] kthread+0x337/0x6f0 [ 24.059429] ret_from_fork+0x116/0x1d0 [ 24.059612] ret_from_fork_asm+0x1a/0x30 [ 24.059858] [ 24.060016] The buggy address belongs to the object at ffff888104e2ca00 [ 24.060016] which belongs to the cache kmalloc-256 of size 256 [ 24.060649] The buggy address is located 0 bytes inside of [ 24.060649] freed 256-byte region [ffff888104e2ca00, ffff888104e2cb00) [ 24.061228] [ 24.061302] The buggy address belongs to the physical page: [ 24.061466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c [ 24.061721] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.062239] flags: 0x200000000000040(head|node=0|zone=2) [ 24.062486] page_type: f5(slab) [ 24.062599] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.062826] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.063055] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.063634] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.064349] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff [ 24.064742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.065088] page dumped because: kasan: bad access detected [ 24.065373] [ 24.065462] Memory state around the buggy address: [ 24.065703] ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.066128] ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.066447] >ffff888104e2ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.066768] ^ [ 24.067038] ffff888104e2ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.067352] ffff888104e2cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.067663] ================================================================== [ 24.068389] ================================================================== [ 24.068718] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 24.069006] Read of size 1 at addr ffff888104e2ca00 by task kunit_try_catch/214 [ 24.069222] [ 24.069310] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.069355] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.069368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.069388] Call Trace: [ 24.069404] <TASK> [ 24.069421] dump_stack_lvl+0x73/0xb0 [ 24.069448] print_report+0xd1/0x610 [ 24.069469] ? __virt_addr_valid+0x1db/0x2d0 [ 24.069492] ? krealloc_uaf+0x53c/0x5e0 [ 24.069511] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.069536] ? krealloc_uaf+0x53c/0x5e0 [ 24.069556] kasan_report+0x141/0x180 [ 24.069576] ? krealloc_uaf+0x53c/0x5e0 [ 24.069600] __asan_report_load1_noabort+0x18/0x20 [ 24.069623] krealloc_uaf+0x53c/0x5e0 [ 24.069643] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.069663] ? finish_task_switch.isra.0+0x153/0x700 [ 24.069684] ? __switch_to+0x47/0xf80 [ 24.069721] ? __schedule+0x10cc/0x2b60 [ 24.069743] ? __pfx_read_tsc+0x10/0x10 [ 24.069787] ? ktime_get_ts64+0x86/0x230 [ 24.069833] kunit_try_run_case+0x1a5/0x480 [ 24.069855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.069875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.069897] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.069920] ? __kthread_parkme+0x82/0x180 [ 24.069940] ? preempt_count_sub+0x50/0x80 [ 24.069962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.069983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.070007] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.070031] kthread+0x337/0x6f0 [ 24.070051] ? trace_preempt_on+0x20/0xc0 [ 24.070073] ? __pfx_kthread+0x10/0x10 [ 24.070093] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.070114] ? calculate_sigpending+0x7b/0xa0 [ 24.070138] ? __pfx_kthread+0x10/0x10 [ 24.070159] ret_from_fork+0x116/0x1d0 [ 24.070177] ? __pfx_kthread+0x10/0x10 [ 24.070197] ret_from_fork_asm+0x1a/0x30 [ 24.070228] </TASK> [ 24.070239] [ 24.078099] Allocated by task 214: [ 24.078232] kasan_save_stack+0x45/0x70 [ 24.078451] kasan_save_track+0x18/0x40 [ 24.078637] kasan_save_alloc_info+0x3b/0x50 [ 24.078846] __kasan_kmalloc+0xb7/0xc0 [ 24.079108] __kmalloc_cache_noprof+0x189/0x420 [ 24.079301] krealloc_uaf+0xbb/0x5e0 [ 24.079423] kunit_try_run_case+0x1a5/0x480 [ 24.079688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.080161] kthread+0x337/0x6f0 [ 24.080292] ret_from_fork+0x116/0x1d0 [ 24.080533] ret_from_fork_asm+0x1a/0x30 [ 24.080767] [ 24.080857] Freed by task 214: [ 24.081008] kasan_save_stack+0x45/0x70 [ 24.081164] kasan_save_track+0x18/0x40 [ 24.081391] kasan_save_free_info+0x3f/0x60 [ 24.081629] __kasan_slab_free+0x56/0x70 [ 24.081802] kfree+0x222/0x3f0 [ 24.082066] krealloc_uaf+0x13d/0x5e0 [ 24.082252] kunit_try_run_case+0x1a5/0x480 [ 24.082404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.082573] kthread+0x337/0x6f0 [ 24.082683] ret_from_fork+0x116/0x1d0 [ 24.082817] ret_from_fork_asm+0x1a/0x30 [ 24.082945] [ 24.083008] The buggy address belongs to the object at ffff888104e2ca00 [ 24.083008] which belongs to the cache kmalloc-256 of size 256 [ 24.083445] The buggy address is located 0 bytes inside of [ 24.083445] freed 256-byte region [ffff888104e2ca00, ffff888104e2cb00) [ 24.083992] [ 24.084085] The buggy address belongs to the physical page: [ 24.084341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c [ 24.084606] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.085112] flags: 0x200000000000040(head|node=0|zone=2) [ 24.085436] page_type: f5(slab) [ 24.085586] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.085875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.086406] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.086747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.087083] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff [ 24.087392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.087673] page dumped because: kasan: bad access detected [ 24.088079] [ 24.088174] Memory state around the buggy address: [ 24.088377] ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.088660] ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.089163] >ffff888104e2ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.089437] ^ [ 24.089546] ffff888104e2ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.089758] ffff888104e2cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.089958] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 24.022481] ================================================================== [ 24.023063] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.023400] Write of size 1 at addr ffff8881061420eb by task kunit_try_catch/212 [ 24.023613] [ 24.023689] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.023749] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.023762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.023781] Call Trace: [ 24.023796] <TASK> [ 24.023812] dump_stack_lvl+0x73/0xb0 [ 24.023848] print_report+0xd1/0x610 [ 24.023870] ? __virt_addr_valid+0x1db/0x2d0 [ 24.023892] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.023915] ? kasan_addr_to_slab+0x11/0xa0 [ 24.023934] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.023957] kasan_report+0x141/0x180 [ 24.024050] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.024079] __asan_report_store1_noabort+0x1b/0x30 [ 24.024102] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.024127] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.024150] ? finish_task_switch.isra.0+0x153/0x700 [ 24.024191] ? __switch_to+0x47/0xf80 [ 24.024217] ? __schedule+0x10cc/0x2b60 [ 24.024240] ? __pfx_read_tsc+0x10/0x10 [ 24.024264] krealloc_large_less_oob+0x1c/0x30 [ 24.024285] kunit_try_run_case+0x1a5/0x480 [ 24.024307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.024327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.024368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.024391] ? __kthread_parkme+0x82/0x180 [ 24.024411] ? preempt_count_sub+0x50/0x80 [ 24.024433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.024454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.024479] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.024508] kthread+0x337/0x6f0 [ 24.024542] ? trace_preempt_on+0x20/0xc0 [ 24.024564] ? __pfx_kthread+0x10/0x10 [ 24.024585] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.024606] ? calculate_sigpending+0x7b/0xa0 [ 24.024629] ? __pfx_kthread+0x10/0x10 [ 24.024650] ret_from_fork+0x116/0x1d0 [ 24.024668] ? __pfx_kthread+0x10/0x10 [ 24.024688] ret_from_fork_asm+0x1a/0x30 [ 24.024727] </TASK> [ 24.024739] [ 24.033430] The buggy address belongs to the physical page: [ 24.033623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140 [ 24.033903] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.034274] flags: 0x200000000000040(head|node=0|zone=2) [ 24.034721] page_type: f8(unknown) [ 24.034987] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.035416] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.035748] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.036166] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.036464] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff [ 24.036763] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.037108] page dumped because: kasan: bad access detected [ 24.037274] [ 24.037463] Memory state around the buggy address: [ 24.037729] ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.037970] ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.038200] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.038708] ^ [ 24.038940] ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.039146] ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.040005] ================================================================== [ 23.947997] ================================================================== [ 23.948638] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.949075] Write of size 1 at addr ffff8881061420c9 by task kunit_try_catch/212 [ 23.949524] [ 23.949789] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.949859] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.949988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.950012] Call Trace: [ 23.950027] <TASK> [ 23.950056] dump_stack_lvl+0x73/0xb0 [ 23.950090] print_report+0xd1/0x610 [ 23.950112] ? __virt_addr_valid+0x1db/0x2d0 [ 23.950137] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.950159] ? kasan_addr_to_slab+0x11/0xa0 [ 23.950179] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.950202] kasan_report+0x141/0x180 [ 23.950223] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.950249] __asan_report_store1_noabort+0x1b/0x30 [ 23.950273] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.950297] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.950320] ? finish_task_switch.isra.0+0x153/0x700 [ 23.950342] ? __switch_to+0x47/0xf80 [ 23.950369] ? __schedule+0x10cc/0x2b60 [ 23.950392] ? __pfx_read_tsc+0x10/0x10 [ 23.950416] krealloc_large_less_oob+0x1c/0x30 [ 23.950437] kunit_try_run_case+0x1a5/0x480 [ 23.950459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.950479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.950501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.950525] ? __kthread_parkme+0x82/0x180 [ 23.950545] ? preempt_count_sub+0x50/0x80 [ 23.950567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.950587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.950611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.950635] kthread+0x337/0x6f0 [ 23.950654] ? trace_preempt_on+0x20/0xc0 [ 23.950677] ? __pfx_kthread+0x10/0x10 [ 23.950707] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.950729] ? calculate_sigpending+0x7b/0xa0 [ 23.950753] ? __pfx_kthread+0x10/0x10 [ 23.950789] ret_from_fork+0x116/0x1d0 [ 23.950807] ? __pfx_kthread+0x10/0x10 [ 23.950827] ret_from_fork_asm+0x1a/0x30 [ 23.950858] </TASK> [ 23.950870] [ 23.961403] The buggy address belongs to the physical page: [ 23.961786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140 [ 23.962329] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.962730] flags: 0x200000000000040(head|node=0|zone=2) [ 23.963354] page_type: f8(unknown) [ 23.963518] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.964102] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.964393] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.964777] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.965296] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff [ 23.965623] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.966141] page dumped because: kasan: bad access detected [ 23.966485] [ 23.966586] Memory state around the buggy address: [ 23.967152] ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.967443] ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.967760] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.968443] ^ [ 23.968638] ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.969213] ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.969587] ================================================================== [ 23.806013] ================================================================== [ 23.806318] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.806609] Write of size 1 at addr ffff888104e2c8d0 by task kunit_try_catch/208 [ 23.807258] [ 23.807369] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.807420] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.807433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.807453] Call Trace: [ 23.807471] <TASK> [ 23.807490] dump_stack_lvl+0x73/0xb0 [ 23.807520] print_report+0xd1/0x610 [ 23.807542] ? __virt_addr_valid+0x1db/0x2d0 [ 23.807566] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.807588] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.807613] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.807636] kasan_report+0x141/0x180 [ 23.807656] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.807683] __asan_report_store1_noabort+0x1b/0x30 [ 23.807719] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.807744] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.807766] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.807796] ? __pfx_krealloc_less_oob+0x10/0x10 [ 23.807825] krealloc_less_oob+0x1c/0x30 [ 23.807845] kunit_try_run_case+0x1a5/0x480 [ 23.807866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.807885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.807908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.807931] ? __kthread_parkme+0x82/0x180 [ 23.807951] ? preempt_count_sub+0x50/0x80 [ 23.807974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.807995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.808019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.808043] kthread+0x337/0x6f0 [ 23.808062] ? trace_preempt_on+0x20/0xc0 [ 23.808085] ? __pfx_kthread+0x10/0x10 [ 23.808106] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.808275] ? calculate_sigpending+0x7b/0xa0 [ 23.808299] ? __pfx_kthread+0x10/0x10 [ 23.808321] ret_from_fork+0x116/0x1d0 [ 23.808340] ? __pfx_kthread+0x10/0x10 [ 23.808361] ret_from_fork_asm+0x1a/0x30 [ 23.808391] </TASK> [ 23.808402] [ 23.815952] Allocated by task 208: [ 23.816119] kasan_save_stack+0x45/0x70 [ 23.816292] kasan_save_track+0x18/0x40 [ 23.816420] kasan_save_alloc_info+0x3b/0x50 [ 23.816561] __kasan_krealloc+0x190/0x1f0 [ 23.816703] krealloc_noprof+0xf3/0x340 [ 23.816887] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.817221] krealloc_less_oob+0x1c/0x30 [ 23.817404] kunit_try_run_case+0x1a5/0x480 [ 23.817619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.817854] kthread+0x337/0x6f0 [ 23.817968] ret_from_fork+0x116/0x1d0 [ 23.818093] ret_from_fork_asm+0x1a/0x30 [ 23.818298] [ 23.818389] The buggy address belongs to the object at ffff888104e2c800 [ 23.818389] which belongs to the cache kmalloc-256 of size 256 [ 23.818929] The buggy address is located 7 bytes to the right of [ 23.818929] allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9) [ 23.819471] [ 23.819562] The buggy address belongs to the physical page: [ 23.819799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c [ 23.820110] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.820587] flags: 0x200000000000040(head|node=0|zone=2) [ 23.820841] page_type: f5(slab) [ 23.820993] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.821443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.821821] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.822164] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.822459] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff [ 23.822684] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.822916] page dumped because: kasan: bad access detected [ 23.823080] [ 23.823143] Memory state around the buggy address: [ 23.823290] ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.823564] ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.823885] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.824190] ^ [ 23.824496] ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.824877] ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.825326] ================================================================== [ 23.825794] ================================================================== [ 23.826473] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.826811] Write of size 1 at addr ffff888104e2c8da by task kunit_try_catch/208 [ 23.828675] [ 23.828834] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.828928] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.828945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.828965] Call Trace: [ 23.828982] <TASK> [ 23.829000] dump_stack_lvl+0x73/0xb0 [ 23.829032] print_report+0xd1/0x610 [ 23.829053] ? __virt_addr_valid+0x1db/0x2d0 [ 23.829076] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.829098] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.829123] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.829145] kasan_report+0x141/0x180 [ 23.829166] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.829193] __asan_report_store1_noabort+0x1b/0x30 [ 23.829216] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.829240] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.829262] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.829291] ? __pfx_krealloc_less_oob+0x10/0x10 [ 23.829316] krealloc_less_oob+0x1c/0x30 [ 23.829337] kunit_try_run_case+0x1a5/0x480 [ 23.829358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.829377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.829400] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.829424] ? __kthread_parkme+0x82/0x180 [ 23.829444] ? preempt_count_sub+0x50/0x80 [ 23.829467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.829488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.829513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.829537] kthread+0x337/0x6f0 [ 23.829556] ? trace_preempt_on+0x20/0xc0 [ 23.829579] ? __pfx_kthread+0x10/0x10 [ 23.829599] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.829620] ? calculate_sigpending+0x7b/0xa0 [ 23.829643] ? __pfx_kthread+0x10/0x10 [ 23.829664] ret_from_fork+0x116/0x1d0 [ 23.829682] ? __pfx_kthread+0x10/0x10 [ 23.829714] ret_from_fork_asm+0x1a/0x30 [ 23.829747] </TASK> [ 23.829758] [ 23.839941] Allocated by task 208: [ 23.840144] kasan_save_stack+0x45/0x70 [ 23.840512] kasan_save_track+0x18/0x40 [ 23.840681] kasan_save_alloc_info+0x3b/0x50 [ 23.841090] __kasan_krealloc+0x190/0x1f0 [ 23.841362] krealloc_noprof+0xf3/0x340 [ 23.841512] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.841831] krealloc_less_oob+0x1c/0x30 [ 23.842042] kunit_try_run_case+0x1a5/0x480 [ 23.842387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.842726] kthread+0x337/0x6f0 [ 23.842876] ret_from_fork+0x116/0x1d0 [ 23.843136] ret_from_fork_asm+0x1a/0x30 [ 23.843537] [ 23.843612] The buggy address belongs to the object at ffff888104e2c800 [ 23.843612] which belongs to the cache kmalloc-256 of size 256 [ 23.844392] The buggy address is located 17 bytes to the right of [ 23.844392] allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9) [ 23.845080] [ 23.845169] The buggy address belongs to the physical page: [ 23.845389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c [ 23.845718] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.846435] flags: 0x200000000000040(head|node=0|zone=2) [ 23.846643] page_type: f5(slab) [ 23.846835] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.847540] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.848054] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.848442] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.848737] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff [ 23.849215] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.849593] page dumped because: kasan: bad access detected [ 23.849852] [ 23.850098] Memory state around the buggy address: [ 23.850406] ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.850769] ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.851310] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.851619] ^ [ 23.852249] ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.852513] ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.853091] ================================================================== [ 23.873764] ================================================================== [ 23.874120] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.874431] Write of size 1 at addr ffff888104e2c8eb by task kunit_try_catch/208 [ 23.874717] [ 23.874814] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.874862] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.874874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.874935] Call Trace: [ 23.874950] <TASK> [ 23.874966] dump_stack_lvl+0x73/0xb0 [ 23.874996] print_report+0xd1/0x610 [ 23.875017] ? __virt_addr_valid+0x1db/0x2d0 [ 23.875041] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.875063] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.875089] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.875112] kasan_report+0x141/0x180 [ 23.875133] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.875162] __asan_report_store1_noabort+0x1b/0x30 [ 23.875186] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.875211] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.875233] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.875263] ? __pfx_krealloc_less_oob+0x10/0x10 [ 23.875288] krealloc_less_oob+0x1c/0x30 [ 23.875309] kunit_try_run_case+0x1a5/0x480 [ 23.875331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.875350] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.875373] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.875395] ? __kthread_parkme+0x82/0x180 [ 23.875415] ? preempt_count_sub+0x50/0x80 [ 23.875438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.875459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.875483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.875507] kthread+0x337/0x6f0 [ 23.875527] ? trace_preempt_on+0x20/0xc0 [ 23.875549] ? __pfx_kthread+0x10/0x10 [ 23.875570] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.875591] ? calculate_sigpending+0x7b/0xa0 [ 23.875613] ? __pfx_kthread+0x10/0x10 [ 23.875634] ret_from_fork+0x116/0x1d0 [ 23.875652] ? __pfx_kthread+0x10/0x10 [ 23.875673] ret_from_fork_asm+0x1a/0x30 [ 23.875715] </TASK> [ 23.875726] [ 23.882987] Allocated by task 208: [ 23.883139] kasan_save_stack+0x45/0x70 [ 23.883317] kasan_save_track+0x18/0x40 [ 23.883480] kasan_save_alloc_info+0x3b/0x50 [ 23.883645] __kasan_krealloc+0x190/0x1f0 [ 23.883919] krealloc_noprof+0xf3/0x340 [ 23.884082] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.884280] krealloc_less_oob+0x1c/0x30 [ 23.884459] kunit_try_run_case+0x1a5/0x480 [ 23.884629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.884808] kthread+0x337/0x6f0 [ 23.884925] ret_from_fork+0x116/0x1d0 [ 23.885051] ret_from_fork_asm+0x1a/0x30 [ 23.885397] [ 23.885494] The buggy address belongs to the object at ffff888104e2c800 [ 23.885494] which belongs to the cache kmalloc-256 of size 256 [ 23.886000] The buggy address is located 34 bytes to the right of [ 23.886000] allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9) [ 23.886620] [ 23.886727] The buggy address belongs to the physical page: [ 23.887132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c [ 23.887371] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.887589] flags: 0x200000000000040(head|node=0|zone=2) [ 23.887767] page_type: f5(slab) [ 23.887997] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.888331] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.888659] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.889807] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.890475] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff [ 23.890727] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.891545] page dumped because: kasan: bad access detected [ 23.892050] [ 23.892288] Memory state around the buggy address: [ 23.892634] ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.893213] ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.893507] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.894079] ^ [ 23.894501] ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.895138] ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.895428] ================================================================== [ 23.987800] ================================================================== [ 23.988330] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.988619] Write of size 1 at addr ffff8881061420da by task kunit_try_catch/212 [ 23.989258] [ 23.989347] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.989394] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.989407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.989426] Call Trace: [ 23.989441] <TASK> [ 23.989455] dump_stack_lvl+0x73/0xb0 [ 23.989484] print_report+0xd1/0x610 [ 23.989505] ? __virt_addr_valid+0x1db/0x2d0 [ 23.989527] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.989549] ? kasan_addr_to_slab+0x11/0xa0 [ 23.989569] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.989591] kasan_report+0x141/0x180 [ 23.989640] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.989668] __asan_report_store1_noabort+0x1b/0x30 [ 23.989702] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.989726] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.989749] ? finish_task_switch.isra.0+0x153/0x700 [ 23.989769] ? __switch_to+0x47/0xf80 [ 23.989801] ? __schedule+0x10cc/0x2b60 [ 23.989824] ? __pfx_read_tsc+0x10/0x10 [ 23.989848] krealloc_large_less_oob+0x1c/0x30 [ 23.989871] kunit_try_run_case+0x1a5/0x480 [ 23.989893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.989913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.989935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.989959] ? __kthread_parkme+0x82/0x180 [ 23.989978] ? preempt_count_sub+0x50/0x80 [ 23.990000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.990021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.990045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.990080] kthread+0x337/0x6f0 [ 23.990099] ? trace_preempt_on+0x20/0xc0 [ 23.990142] ? __pfx_kthread+0x10/0x10 [ 23.990162] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.990184] ? calculate_sigpending+0x7b/0xa0 [ 23.990207] ? __pfx_kthread+0x10/0x10 [ 23.990228] ret_from_fork+0x116/0x1d0 [ 23.990246] ? __pfx_kthread+0x10/0x10 [ 23.990266] ret_from_fork_asm+0x1a/0x30 [ 23.990297] </TASK> [ 23.990307] [ 23.998683] The buggy address belongs to the physical page: [ 23.998984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140 [ 23.999331] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.999758] flags: 0x200000000000040(head|node=0|zone=2) [ 23.999934] page_type: f8(unknown) [ 24.000126] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.000464] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.000754] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.000975] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.001838] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff [ 24.002189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.002488] page dumped because: kasan: bad access detected [ 24.002765] [ 24.002869] Memory state around the buggy address: [ 24.003122] ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.003407] ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.003613] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.003832] ^ [ 24.004057] ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.004368] ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.004680] ================================================================== [ 24.005356] ================================================================== [ 24.005668] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.006180] Write of size 1 at addr ffff8881061420ea by task kunit_try_catch/212 [ 24.006401] [ 24.006480] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.006527] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.006539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.006560] Call Trace: [ 24.006602] <TASK> [ 24.006620] dump_stack_lvl+0x73/0xb0 [ 24.006651] print_report+0xd1/0x610 [ 24.006685] ? __virt_addr_valid+0x1db/0x2d0 [ 24.006720] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.006742] ? kasan_addr_to_slab+0x11/0xa0 [ 24.006762] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.006784] kasan_report+0x141/0x180 [ 24.006805] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.006833] __asan_report_store1_noabort+0x1b/0x30 [ 24.006856] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.006953] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.006979] ? finish_task_switch.isra.0+0x153/0x700 [ 24.007000] ? __switch_to+0x47/0xf80 [ 24.007025] ? __schedule+0x10cc/0x2b60 [ 24.007047] ? __pfx_read_tsc+0x10/0x10 [ 24.007072] krealloc_large_less_oob+0x1c/0x30 [ 24.007093] kunit_try_run_case+0x1a5/0x480 [ 24.007116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.007135] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.007158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.007181] ? __kthread_parkme+0x82/0x180 [ 24.007223] ? preempt_count_sub+0x50/0x80 [ 24.007245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.007267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.007291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.007315] kthread+0x337/0x6f0 [ 24.007334] ? trace_preempt_on+0x20/0xc0 [ 24.007359] ? __pfx_kthread+0x10/0x10 [ 24.007379] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.007417] ? calculate_sigpending+0x7b/0xa0 [ 24.007441] ? __pfx_kthread+0x10/0x10 [ 24.007462] ret_from_fork+0x116/0x1d0 [ 24.007480] ? __pfx_kthread+0x10/0x10 [ 24.007500] ret_from_fork_asm+0x1a/0x30 [ 24.007530] </TASK> [ 24.007541] [ 24.015384] The buggy address belongs to the physical page: [ 24.015635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140 [ 24.016057] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.016276] flags: 0x200000000000040(head|node=0|zone=2) [ 24.016438] page_type: f8(unknown) [ 24.016618] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.016960] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.017299] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.017921] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.018411] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff [ 24.018651] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.019348] page dumped because: kasan: bad access detected [ 24.019691] [ 24.019776] Memory state around the buggy address: [ 24.020044] ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.020411] ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.020690] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.021067] ^ [ 24.021258] ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.021533] ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.022089] ================================================================== [ 23.970163] ================================================================== [ 23.970393] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.971177] Write of size 1 at addr ffff8881061420d0 by task kunit_try_catch/212 [ 23.972115] [ 23.972226] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.972275] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.972288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.972307] Call Trace: [ 23.972322] <TASK> [ 23.972339] dump_stack_lvl+0x73/0xb0 [ 23.972370] print_report+0xd1/0x610 [ 23.972392] ? __virt_addr_valid+0x1db/0x2d0 [ 23.972414] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.972437] ? kasan_addr_to_slab+0x11/0xa0 [ 23.972456] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.972478] kasan_report+0x141/0x180 [ 23.972499] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.972526] __asan_report_store1_noabort+0x1b/0x30 [ 23.972549] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.972574] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.972597] ? finish_task_switch.isra.0+0x153/0x700 [ 23.972617] ? __switch_to+0x47/0xf80 [ 23.972643] ? __schedule+0x10cc/0x2b60 [ 23.972666] ? __pfx_read_tsc+0x10/0x10 [ 23.972691] krealloc_large_less_oob+0x1c/0x30 [ 23.972727] kunit_try_run_case+0x1a5/0x480 [ 23.972749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.972769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.972791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.972837] ? __kthread_parkme+0x82/0x180 [ 23.972857] ? preempt_count_sub+0x50/0x80 [ 23.972879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.972900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.972924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.972948] kthread+0x337/0x6f0 [ 23.973034] ? trace_preempt_on+0x20/0xc0 [ 23.973058] ? __pfx_kthread+0x10/0x10 [ 23.973078] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.973100] ? calculate_sigpending+0x7b/0xa0 [ 23.973122] ? __pfx_kthread+0x10/0x10 [ 23.973143] ret_from_fork+0x116/0x1d0 [ 23.973162] ? __pfx_kthread+0x10/0x10 [ 23.973182] ret_from_fork_asm+0x1a/0x30 [ 23.973211] </TASK> [ 23.973222] [ 23.981237] The buggy address belongs to the physical page: [ 23.981489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140 [ 23.981764] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.982080] flags: 0x200000000000040(head|node=0|zone=2) [ 23.982354] page_type: f8(unknown) [ 23.982473] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.982753] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.983162] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.983427] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.983712] head: 0200000000000002 ffffea0004185001 00000000ffffffff 00000000ffffffff [ 23.984490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.985083] page dumped because: kasan: bad access detected [ 23.985281] [ 23.985355] Memory state around the buggy address: [ 23.985591] ffff888106141f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.986040] ffff888106142000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.986317] >ffff888106142080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.986589] ^ [ 23.986969] ffff888106142100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.987193] ffff888106142180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.987519] ================================================================== [ 23.853714] ================================================================== [ 23.854165] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.854665] Write of size 1 at addr ffff888104e2c8ea by task kunit_try_catch/208 [ 23.855117] [ 23.855214] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.855263] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.855276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.855296] Call Trace: [ 23.855313] <TASK> [ 23.855330] dump_stack_lvl+0x73/0xb0 [ 23.855360] print_report+0xd1/0x610 [ 23.855381] ? __virt_addr_valid+0x1db/0x2d0 [ 23.855404] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.855426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.855451] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.855473] kasan_report+0x141/0x180 [ 23.855494] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.855521] __asan_report_store1_noabort+0x1b/0x30 [ 23.855546] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.855570] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.855592] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.855621] ? __pfx_krealloc_less_oob+0x10/0x10 [ 23.855646] krealloc_less_oob+0x1c/0x30 [ 23.855667] kunit_try_run_case+0x1a5/0x480 [ 23.855688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.855721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.855744] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.855767] ? __kthread_parkme+0x82/0x180 [ 23.855797] ? preempt_count_sub+0x50/0x80 [ 23.855824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.855845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.855870] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.855943] kthread+0x337/0x6f0 [ 23.855964] ? trace_preempt_on+0x20/0xc0 [ 23.855987] ? __pfx_kthread+0x10/0x10 [ 23.856007] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.856028] ? calculate_sigpending+0x7b/0xa0 [ 23.856051] ? __pfx_kthread+0x10/0x10 [ 23.856072] ret_from_fork+0x116/0x1d0 [ 23.856090] ? __pfx_kthread+0x10/0x10 [ 23.856110] ret_from_fork_asm+0x1a/0x30 [ 23.856140] </TASK> [ 23.856151] [ 23.863108] Allocated by task 208: [ 23.863282] kasan_save_stack+0x45/0x70 [ 23.863473] kasan_save_track+0x18/0x40 [ 23.863871] kasan_save_alloc_info+0x3b/0x50 [ 23.864039] __kasan_krealloc+0x190/0x1f0 [ 23.864171] krealloc_noprof+0xf3/0x340 [ 23.864302] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.864743] krealloc_less_oob+0x1c/0x30 [ 23.864990] kunit_try_run_case+0x1a5/0x480 [ 23.865170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.865570] kthread+0x337/0x6f0 [ 23.865711] ret_from_fork+0x116/0x1d0 [ 23.866092] ret_from_fork_asm+0x1a/0x30 [ 23.866265] [ 23.866354] The buggy address belongs to the object at ffff888104e2c800 [ 23.866354] which belongs to the cache kmalloc-256 of size 256 [ 23.866814] The buggy address is located 33 bytes to the right of [ 23.866814] allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9) [ 23.867344] [ 23.867435] The buggy address belongs to the physical page: [ 23.867660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c [ 23.868077] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.868377] flags: 0x200000000000040(head|node=0|zone=2) [ 23.868574] page_type: f5(slab) [ 23.868717] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.869060] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.869316] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.869539] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.869775] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff [ 23.870054] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.870543] page dumped because: kasan: bad access detected [ 23.870834] [ 23.870998] Memory state around the buggy address: [ 23.871227] ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.871469] ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.871676] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.872256] ^ [ 23.872557] ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.873005] ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.873327] ================================================================== [ 23.786059] ================================================================== [ 23.786509] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.786831] Write of size 1 at addr ffff888104e2c8c9 by task kunit_try_catch/208 [ 23.787142] [ 23.787248] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.787594] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.787608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.787629] Call Trace: [ 23.787642] <TASK> [ 23.787661] dump_stack_lvl+0x73/0xb0 [ 23.787707] print_report+0xd1/0x610 [ 23.787729] ? __virt_addr_valid+0x1db/0x2d0 [ 23.787753] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.787775] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.787812] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.787841] kasan_report+0x141/0x180 [ 23.787862] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.788090] __asan_report_store1_noabort+0x1b/0x30 [ 23.788123] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.788149] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.788171] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.788201] ? __pfx_krealloc_less_oob+0x10/0x10 [ 23.788226] krealloc_less_oob+0x1c/0x30 [ 23.788247] kunit_try_run_case+0x1a5/0x480 [ 23.788270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.788289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.788312] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.788336] ? __kthread_parkme+0x82/0x180 [ 23.788357] ? preempt_count_sub+0x50/0x80 [ 23.788380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.788401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.788425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.788449] kthread+0x337/0x6f0 [ 23.788468] ? trace_preempt_on+0x20/0xc0 [ 23.788491] ? __pfx_kthread+0x10/0x10 [ 23.788511] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.788532] ? calculate_sigpending+0x7b/0xa0 [ 23.788555] ? __pfx_kthread+0x10/0x10 [ 23.788576] ret_from_fork+0x116/0x1d0 [ 23.788595] ? __pfx_kthread+0x10/0x10 [ 23.788614] ret_from_fork_asm+0x1a/0x30 [ 23.788644] </TASK> [ 23.788656] [ 23.796049] Allocated by task 208: [ 23.796190] kasan_save_stack+0x45/0x70 [ 23.796335] kasan_save_track+0x18/0x40 [ 23.796509] kasan_save_alloc_info+0x3b/0x50 [ 23.796726] __kasan_krealloc+0x190/0x1f0 [ 23.797259] krealloc_noprof+0xf3/0x340 [ 23.797460] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.797615] krealloc_less_oob+0x1c/0x30 [ 23.797855] kunit_try_run_case+0x1a5/0x480 [ 23.798044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.798328] kthread+0x337/0x6f0 [ 23.798488] ret_from_fork+0x116/0x1d0 [ 23.798627] ret_from_fork_asm+0x1a/0x30 [ 23.798842] [ 23.798955] The buggy address belongs to the object at ffff888104e2c800 [ 23.798955] which belongs to the cache kmalloc-256 of size 256 [ 23.799374] The buggy address is located 0 bytes to the right of [ 23.799374] allocated 201-byte region [ffff888104e2c800, ffff888104e2c8c9) [ 23.799744] [ 23.799842] The buggy address belongs to the physical page: [ 23.800107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104e2c [ 23.800455] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.800730] flags: 0x200000000000040(head|node=0|zone=2) [ 23.801135] page_type: f5(slab) [ 23.801255] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.801479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.801870] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.802222] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.802561] head: 0200000000000001 ffffea0004138b01 00000000ffffffff 00000000ffffffff [ 23.802881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.803180] page dumped because: kasan: bad access detected [ 23.803388] [ 23.803474] Memory state around the buggy address: [ 23.803668] ffff888104e2c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.804008] ffff888104e2c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.804290] >ffff888104e2c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.804562] ^ [ 23.804808] ffff888104e2c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.805086] ffff888104e2c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.805355] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 23.733591] ================================================================== [ 23.734880] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.735540] Write of size 1 at addr ffff888103d33ceb by task kunit_try_catch/206 [ 23.735966] [ 23.736082] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.736137] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.736151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.736174] Call Trace: [ 23.736187] <TASK> [ 23.736207] dump_stack_lvl+0x73/0xb0 [ 23.736240] print_report+0xd1/0x610 [ 23.736265] ? __virt_addr_valid+0x1db/0x2d0 [ 23.736290] ? krealloc_more_oob_helper+0x821/0x930 [ 23.736312] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.736337] ? krealloc_more_oob_helper+0x821/0x930 [ 23.736421] kasan_report+0x141/0x180 [ 23.736452] ? krealloc_more_oob_helper+0x821/0x930 [ 23.736480] __asan_report_store1_noabort+0x1b/0x30 [ 23.736504] krealloc_more_oob_helper+0x821/0x930 [ 23.736526] ? __schedule+0x10cc/0x2b60 [ 23.736549] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.736574] ? finish_task_switch.isra.0+0x153/0x700 [ 23.736596] ? __switch_to+0x47/0xf80 [ 23.736623] ? __schedule+0x10cc/0x2b60 [ 23.736645] ? __pfx_read_tsc+0x10/0x10 [ 23.736670] krealloc_more_oob+0x1c/0x30 [ 23.736691] kunit_try_run_case+0x1a5/0x480 [ 23.736727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.736747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.736771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.736804] ? __kthread_parkme+0x82/0x180 [ 23.736824] ? preempt_count_sub+0x50/0x80 [ 23.736847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.736868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.736933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.736959] kthread+0x337/0x6f0 [ 23.736978] ? trace_preempt_on+0x20/0xc0 [ 23.737001] ? __pfx_kthread+0x10/0x10 [ 23.737021] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.737043] ? calculate_sigpending+0x7b/0xa0 [ 23.737067] ? __pfx_kthread+0x10/0x10 [ 23.737088] ret_from_fork+0x116/0x1d0 [ 23.737107] ? __pfx_kthread+0x10/0x10 [ 23.737127] ret_from_fork_asm+0x1a/0x30 [ 23.737159] </TASK> [ 23.737171] [ 23.747798] Allocated by task 206: [ 23.748281] kasan_save_stack+0x45/0x70 [ 23.748565] kasan_save_track+0x18/0x40 [ 23.748754] kasan_save_alloc_info+0x3b/0x50 [ 23.749179] __kasan_krealloc+0x190/0x1f0 [ 23.749346] krealloc_noprof+0xf3/0x340 [ 23.749685] krealloc_more_oob_helper+0x1a9/0x930 [ 23.750036] krealloc_more_oob+0x1c/0x30 [ 23.750216] kunit_try_run_case+0x1a5/0x480 [ 23.750404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.750632] kthread+0x337/0x6f0 [ 23.750788] ret_from_fork+0x116/0x1d0 [ 23.751364] ret_from_fork_asm+0x1a/0x30 [ 23.751517] [ 23.751765] The buggy address belongs to the object at ffff888103d33c00 [ 23.751765] which belongs to the cache kmalloc-256 of size 256 [ 23.752459] The buggy address is located 0 bytes to the right of [ 23.752459] allocated 235-byte region [ffff888103d33c00, ffff888103d33ceb) [ 23.753163] [ 23.753270] The buggy address belongs to the physical page: [ 23.753519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d32 [ 23.753866] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.754439] flags: 0x200000000000040(head|node=0|zone=2) [ 23.754668] page_type: f5(slab) [ 23.755036] raw: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004 [ 23.755457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.755850] head: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004 [ 23.756303] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.756612] head: 0200000000000001 ffffea00040f4c81 00000000ffffffff 00000000ffffffff [ 23.757176] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.757555] page dumped because: kasan: bad access detected [ 23.757808] [ 23.758018] Memory state around the buggy address: [ 23.758482] ffff888103d33b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.758868] ffff888103d33c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.759276] >ffff888103d33c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.759569] ^ [ 23.760103] ffff888103d33d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.760421] ffff888103d33d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.760763] ================================================================== [ 23.924142] ================================================================== [ 23.924477] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.924782] Write of size 1 at addr ffff88810621a0f0 by task kunit_try_catch/210 [ 23.925029] [ 23.925112] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.925161] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.925174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.925196] Call Trace: [ 23.925213] <TASK> [ 23.925231] dump_stack_lvl+0x73/0xb0 [ 23.925263] print_report+0xd1/0x610 [ 23.925284] ? __virt_addr_valid+0x1db/0x2d0 [ 23.925308] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.925331] ? kasan_addr_to_slab+0x11/0xa0 [ 23.925351] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.925374] kasan_report+0x141/0x180 [ 23.925395] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.925422] __asan_report_store1_noabort+0x1b/0x30 [ 23.925445] krealloc_more_oob_helper+0x7eb/0x930 [ 23.925466] ? __schedule+0x10cc/0x2b60 [ 23.925489] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.925513] ? __kasan_check_write+0x18/0x20 [ 23.925535] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.925558] ? irqentry_exit+0x2a/0x60 [ 23.925579] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.925602] ? trace_hardirqs_on+0x37/0xe0 [ 23.925625] ? __pfx_read_tsc+0x10/0x10 [ 23.925649] krealloc_large_more_oob+0x1c/0x30 [ 23.925671] kunit_try_run_case+0x1a5/0x480 [ 23.925703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.925725] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.926284] ? __kthread_parkme+0x82/0x180 [ 23.926364] ? preempt_count_sub+0x50/0x80 [ 23.926390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.926413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.926498] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.926526] kthread+0x337/0x6f0 [ 23.926546] ? trace_preempt_on+0x20/0xc0 [ 23.926568] ? __pfx_kthread+0x10/0x10 [ 23.926588] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.926609] ? calculate_sigpending+0x7b/0xa0 [ 23.926632] ? __pfx_kthread+0x10/0x10 [ 23.926810] ret_from_fork+0x116/0x1d0 [ 23.926831] ? __pfx_kthread+0x10/0x10 [ 23.926852] ret_from_fork_asm+0x1a/0x30 [ 23.926901] </TASK> [ 23.926915] [ 23.937411] The buggy address belongs to the physical page: [ 23.938012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106218 [ 23.938426] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.938755] flags: 0x200000000000040(head|node=0|zone=2) [ 23.939156] page_type: f8(unknown) [ 23.939329] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.939644] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.940183] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.940583] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.941171] head: 0200000000000002 ffffea0004188601 00000000ffffffff 00000000ffffffff [ 23.941467] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.942019] page dumped because: kasan: bad access detected [ 23.942210] [ 23.942453] Memory state around the buggy address: [ 23.942654] ffff888106219f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.943205] ffff88810621a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.943579] >ffff88810621a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.943983] ^ [ 23.944363] ffff88810621a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.944726] ffff88810621a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.945214] ================================================================== [ 23.762017] ================================================================== [ 23.762335] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.762741] Write of size 1 at addr ffff888103d33cf0 by task kunit_try_catch/206 [ 23.763177] [ 23.763288] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.763336] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.763349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.763370] Call Trace: [ 23.763383] <TASK> [ 23.763401] dump_stack_lvl+0x73/0xb0 [ 23.763431] print_report+0xd1/0x610 [ 23.763452] ? __virt_addr_valid+0x1db/0x2d0 [ 23.763476] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.763498] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.763523] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.763546] kasan_report+0x141/0x180 [ 23.763567] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.763594] __asan_report_store1_noabort+0x1b/0x30 [ 23.763617] krealloc_more_oob_helper+0x7eb/0x930 [ 23.763639] ? __schedule+0x10cc/0x2b60 [ 23.763662] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.763684] ? finish_task_switch.isra.0+0x153/0x700 [ 23.763719] ? __switch_to+0x47/0xf80 [ 23.763745] ? __schedule+0x10cc/0x2b60 [ 23.763766] ? __pfx_read_tsc+0x10/0x10 [ 23.763801] krealloc_more_oob+0x1c/0x30 [ 23.763827] kunit_try_run_case+0x1a5/0x480 [ 23.763849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.763868] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.763891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.763914] ? __kthread_parkme+0x82/0x180 [ 23.763934] ? preempt_count_sub+0x50/0x80 [ 23.764032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.764054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.764079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.764103] kthread+0x337/0x6f0 [ 23.764122] ? trace_preempt_on+0x20/0xc0 [ 23.764145] ? __pfx_kthread+0x10/0x10 [ 23.764165] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.764187] ? calculate_sigpending+0x7b/0xa0 [ 23.764210] ? __pfx_kthread+0x10/0x10 [ 23.764231] ret_from_fork+0x116/0x1d0 [ 23.764250] ? __pfx_kthread+0x10/0x10 [ 23.764270] ret_from_fork_asm+0x1a/0x30 [ 23.764300] </TASK> [ 23.764311] [ 23.772151] Allocated by task 206: [ 23.772311] kasan_save_stack+0x45/0x70 [ 23.772490] kasan_save_track+0x18/0x40 [ 23.772651] kasan_save_alloc_info+0x3b/0x50 [ 23.772936] __kasan_krealloc+0x190/0x1f0 [ 23.773110] krealloc_noprof+0xf3/0x340 [ 23.773294] krealloc_more_oob_helper+0x1a9/0x930 [ 23.773478] krealloc_more_oob+0x1c/0x30 [ 23.773656] kunit_try_run_case+0x1a5/0x480 [ 23.773866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.774127] kthread+0x337/0x6f0 [ 23.774242] ret_from_fork+0x116/0x1d0 [ 23.774365] ret_from_fork_asm+0x1a/0x30 [ 23.774495] [ 23.774560] The buggy address belongs to the object at ffff888103d33c00 [ 23.774560] which belongs to the cache kmalloc-256 of size 256 [ 23.775079] The buggy address is located 5 bytes to the right of [ 23.775079] allocated 235-byte region [ffff888103d33c00, ffff888103d33ceb) [ 23.775606] [ 23.775672] The buggy address belongs to the physical page: [ 23.776087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d32 [ 23.776503] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.776784] flags: 0x200000000000040(head|node=0|zone=2) [ 23.776955] page_type: f5(slab) [ 23.777069] raw: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004 [ 23.777467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.777827] head: 0200000000000040 ffff888100041b40 ffffea0004028a80 dead000000000004 [ 23.778172] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.778494] head: 0200000000000001 ffffea00040f4c81 00000000ffffffff 00000000ffffffff [ 23.779025] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.779310] page dumped because: kasan: bad access detected [ 23.779494] [ 23.779559] Memory state around the buggy address: [ 23.779790] ffff888103d33b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.780146] ffff888103d33c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.780353] >ffff888103d33c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.780819] ^ [ 23.781213] ffff888103d33d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.781491] ffff888103d33d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.781707] ================================================================== [ 23.901166] ================================================================== [ 23.901610] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.902003] Write of size 1 at addr ffff88810621a0eb by task kunit_try_catch/210 [ 23.902282] [ 23.902375] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.902428] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.902441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.902463] Call Trace: [ 23.902477] <TASK> [ 23.902497] dump_stack_lvl+0x73/0xb0 [ 23.902530] print_report+0xd1/0x610 [ 23.902553] ? __virt_addr_valid+0x1db/0x2d0 [ 23.902577] ? krealloc_more_oob_helper+0x821/0x930 [ 23.902600] ? kasan_addr_to_slab+0x11/0xa0 [ 23.902619] ? krealloc_more_oob_helper+0x821/0x930 [ 23.902642] kasan_report+0x141/0x180 [ 23.902664] ? krealloc_more_oob_helper+0x821/0x930 [ 23.902705] __asan_report_store1_noabort+0x1b/0x30 [ 23.902730] krealloc_more_oob_helper+0x821/0x930 [ 23.902752] ? __schedule+0x10cc/0x2b60 [ 23.902776] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.903187] ? __kasan_check_write+0x18/0x20 [ 23.903213] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.903237] ? irqentry_exit+0x2a/0x60 [ 23.903260] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.903284] ? trace_hardirqs_on+0x37/0xe0 [ 23.903308] ? __pfx_read_tsc+0x10/0x10 [ 23.903333] krealloc_large_more_oob+0x1c/0x30 [ 23.903356] kunit_try_run_case+0x1a5/0x480 [ 23.903379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.903400] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.903423] ? __kthread_parkme+0x82/0x180 [ 23.903444] ? preempt_count_sub+0x50/0x80 [ 23.903468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.903489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.903514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.903538] kthread+0x337/0x6f0 [ 23.903558] ? trace_preempt_on+0x20/0xc0 [ 23.903580] ? __pfx_kthread+0x10/0x10 [ 23.903600] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.903621] ? calculate_sigpending+0x7b/0xa0 [ 23.903645] ? __pfx_kthread+0x10/0x10 [ 23.903666] ret_from_fork+0x116/0x1d0 [ 23.903685] ? __pfx_kthread+0x10/0x10 [ 23.903719] ret_from_fork_asm+0x1a/0x30 [ 23.903750] </TASK> [ 23.903762] [ 23.911469] The buggy address belongs to the physical page: [ 23.911738] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106218 [ 23.912169] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.912502] flags: 0x200000000000040(head|node=0|zone=2) [ 23.912682] page_type: f8(unknown) [ 23.912944] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.913284] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.913583] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.914117] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.914356] head: 0200000000000002 ffffea0004188601 00000000ffffffff 00000000ffffffff [ 23.915811] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.916991] page dumped because: kasan: bad access detected [ 23.917375] [ 23.918678] Memory state around the buggy address: [ 23.918877] ffff888106219f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.920468] ffff88810621a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.921345] >ffff88810621a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.921853] ^ [ 23.922999] ffff88810621a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.923242] ffff88810621a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.923495] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 23.714264] ================================================================== [ 23.714874] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 23.715237] Read of size 1 at addr ffff888106250000 by task kunit_try_catch/204 [ 23.715560] [ 23.715674] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.715738] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.715751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.715773] Call Trace: [ 23.715786] <TASK> [ 23.715806] dump_stack_lvl+0x73/0xb0 [ 23.715873] print_report+0xd1/0x610 [ 23.715955] ? __virt_addr_valid+0x1db/0x2d0 [ 23.715982] ? page_alloc_uaf+0x356/0x3d0 [ 23.716003] ? kasan_addr_to_slab+0x11/0xa0 [ 23.716023] ? page_alloc_uaf+0x356/0x3d0 [ 23.716044] kasan_report+0x141/0x180 [ 23.716065] ? page_alloc_uaf+0x356/0x3d0 [ 23.716091] __asan_report_load1_noabort+0x18/0x20 [ 23.716114] page_alloc_uaf+0x356/0x3d0 [ 23.716146] ? __pfx_page_alloc_uaf+0x10/0x10 [ 23.716168] ? __schedule+0x10cc/0x2b60 [ 23.716192] ? __pfx_read_tsc+0x10/0x10 [ 23.716224] ? ktime_get_ts64+0x86/0x230 [ 23.716250] kunit_try_run_case+0x1a5/0x480 [ 23.716274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.716294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.716317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.716349] ? __kthread_parkme+0x82/0x180 [ 23.716371] ? preempt_count_sub+0x50/0x80 [ 23.716394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.716426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.716450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.716474] kthread+0x337/0x6f0 [ 23.716494] ? trace_preempt_on+0x20/0xc0 [ 23.716518] ? __pfx_kthread+0x10/0x10 [ 23.716538] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.716559] ? calculate_sigpending+0x7b/0xa0 [ 23.716583] ? __pfx_kthread+0x10/0x10 [ 23.716604] ret_from_fork+0x116/0x1d0 [ 23.716623] ? __pfx_kthread+0x10/0x10 [ 23.716643] ret_from_fork_asm+0x1a/0x30 [ 23.716674] </TASK> [ 23.716686] [ 23.724569] The buggy address belongs to the physical page: [ 23.724878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106250 [ 23.725438] flags: 0x200000000000000(node=0|zone=2) [ 23.725677] page_type: f0(buddy) [ 23.725885] raw: 0200000000000000 ffff88817fffc460 ffff88817fffc460 0000000000000000 [ 23.726288] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 23.726669] page dumped because: kasan: bad access detected [ 23.726996] [ 23.727160] Memory state around the buggy address: [ 23.727389] ffff88810624ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.727728] ffff88810624ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.728163] >ffff888106250000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.728480] ^ [ 23.728678] ffff888106250080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.729076] ffff888106250100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.729395] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 23.688213] ================================================================== [ 23.688680] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 23.689064] Free of addr ffff88810616c001 by task kunit_try_catch/200 [ 23.689322] [ 23.689433] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.689497] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.689509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.689543] Call Trace: [ 23.689556] <TASK> [ 23.689576] dump_stack_lvl+0x73/0xb0 [ 23.689609] print_report+0xd1/0x610 [ 23.689639] ? __virt_addr_valid+0x1db/0x2d0 [ 23.689665] ? kasan_addr_to_slab+0x11/0xa0 [ 23.689684] ? kfree+0x274/0x3f0 [ 23.689722] kasan_report_invalid_free+0x10a/0x130 [ 23.689745] ? kfree+0x274/0x3f0 [ 23.689767] ? kfree+0x274/0x3f0 [ 23.689787] __kasan_kfree_large+0x86/0xd0 [ 23.689817] free_large_kmalloc+0x52/0x110 [ 23.689849] kfree+0x274/0x3f0 [ 23.689870] ? kmalloc_large_invalid_free+0x8f/0x2b0 [ 23.689920] kmalloc_large_invalid_free+0x120/0x2b0 [ 23.689941] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 23.689963] ? __schedule+0x10cc/0x2b60 [ 23.689987] ? __pfx_read_tsc+0x10/0x10 [ 23.690009] ? ktime_get_ts64+0x86/0x230 [ 23.690035] kunit_try_run_case+0x1a5/0x480 [ 23.690058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.690078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.690100] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.690123] ? __kthread_parkme+0x82/0x180 [ 23.690198] ? preempt_count_sub+0x50/0x80 [ 23.690237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.690258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.690282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.690306] kthread+0x337/0x6f0 [ 23.690326] ? trace_preempt_on+0x20/0xc0 [ 23.690350] ? __pfx_kthread+0x10/0x10 [ 23.690370] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.690392] ? calculate_sigpending+0x7b/0xa0 [ 23.690416] ? __pfx_kthread+0x10/0x10 [ 23.690437] ret_from_fork+0x116/0x1d0 [ 23.690455] ? __pfx_kthread+0x10/0x10 [ 23.690476] ret_from_fork_asm+0x1a/0x30 [ 23.690508] </TASK> [ 23.690519] [ 23.699302] The buggy address belongs to the physical page: [ 23.699588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 23.700086] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.700420] flags: 0x200000000000040(head|node=0|zone=2) [ 23.700729] page_type: f8(unknown) [ 23.700911] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.701248] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.701502] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.701735] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.702764] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 23.704041] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.704377] page dumped because: kasan: bad access detected [ 23.704606] [ 23.704702] Memory state around the buggy address: [ 23.705124] ffff88810616bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.705585] ffff88810616bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.706061] >ffff88810616c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.706501] ^ [ 23.706660] ffff88810616c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.707159] ffff88810616c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.707762] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 23.666095] ================================================================== [ 23.667280] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 23.667832] Read of size 1 at addr ffff888106140000 by task kunit_try_catch/198 [ 23.668269] [ 23.668365] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.668421] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.668435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.668457] Call Trace: [ 23.668471] <TASK> [ 23.668491] dump_stack_lvl+0x73/0xb0 [ 23.668523] print_report+0xd1/0x610 [ 23.668546] ? __virt_addr_valid+0x1db/0x2d0 [ 23.668571] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.668591] ? kasan_addr_to_slab+0x11/0xa0 [ 23.668610] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.668631] kasan_report+0x141/0x180 [ 23.668652] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.668676] __asan_report_load1_noabort+0x18/0x20 [ 23.668711] kmalloc_large_uaf+0x2f1/0x340 [ 23.668731] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 23.668752] ? __schedule+0x10cc/0x2b60 [ 23.668797] ? __pfx_read_tsc+0x10/0x10 [ 23.668819] ? ktime_get_ts64+0x86/0x230 [ 23.668844] kunit_try_run_case+0x1a5/0x480 [ 23.668867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.668942] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.668966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.669001] ? __kthread_parkme+0x82/0x180 [ 23.669021] ? preempt_count_sub+0x50/0x80 [ 23.669045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.669066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.669090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.669114] kthread+0x337/0x6f0 [ 23.669133] ? trace_preempt_on+0x20/0xc0 [ 23.669156] ? __pfx_kthread+0x10/0x10 [ 23.669176] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.669198] ? calculate_sigpending+0x7b/0xa0 [ 23.669222] ? __pfx_kthread+0x10/0x10 [ 23.669244] ret_from_fork+0x116/0x1d0 [ 23.669263] ? __pfx_kthread+0x10/0x10 [ 23.669283] ret_from_fork_asm+0x1a/0x30 [ 23.669314] </TASK> [ 23.669326] [ 23.679756] The buggy address belongs to the physical page: [ 23.680247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106140 [ 23.680590] flags: 0x200000000000000(node=0|zone=2) [ 23.681047] raw: 0200000000000000 ffffea0004185108 ffff88815b139fc0 0000000000000000 [ 23.681369] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.681708] page dumped because: kasan: bad access detected [ 23.681924] [ 23.682108] Memory state around the buggy address: [ 23.682345] ffff88810613ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.682635] ffff88810613ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.682936] >ffff888106140000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.683565] ^ [ 23.683721] ffff888106140080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.684357] ffff888106140100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.684794] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 23.641289] ================================================================== [ 23.641774] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 23.642224] Write of size 1 at addr ffff88810616e00a by task kunit_try_catch/196 [ 23.642544] [ 23.642652] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.642718] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.642732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.642754] Call Trace: [ 23.642769] <TASK> [ 23.642808] dump_stack_lvl+0x73/0xb0 [ 23.642843] print_report+0xd1/0x610 [ 23.642866] ? __virt_addr_valid+0x1db/0x2d0 [ 23.642892] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.642914] ? kasan_addr_to_slab+0x11/0xa0 [ 23.642934] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.642955] kasan_report+0x141/0x180 [ 23.643030] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.643060] __asan_report_store1_noabort+0x1b/0x30 [ 23.643084] kmalloc_large_oob_right+0x2e9/0x330 [ 23.643105] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 23.643127] ? __schedule+0x10cc/0x2b60 [ 23.643151] ? __pfx_read_tsc+0x10/0x10 [ 23.643174] ? ktime_get_ts64+0x86/0x230 [ 23.643200] kunit_try_run_case+0x1a5/0x480 [ 23.643223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.643242] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.643265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.643289] ? __kthread_parkme+0x82/0x180 [ 23.643310] ? preempt_count_sub+0x50/0x80 [ 23.643334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.643354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.643379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.643403] kthread+0x337/0x6f0 [ 23.643422] ? trace_preempt_on+0x20/0xc0 [ 23.643446] ? __pfx_kthread+0x10/0x10 [ 23.643466] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.643487] ? calculate_sigpending+0x7b/0xa0 [ 23.643511] ? __pfx_kthread+0x10/0x10 [ 23.643532] ret_from_fork+0x116/0x1d0 [ 23.643550] ? __pfx_kthread+0x10/0x10 [ 23.643570] ret_from_fork_asm+0x1a/0x30 [ 23.643601] </TASK> [ 23.643613] [ 23.652807] The buggy address belongs to the physical page: [ 23.653408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 23.654092] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.654326] flags: 0x200000000000040(head|node=0|zone=2) [ 23.654520] page_type: f8(unknown) [ 23.654648] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.654928] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.655157] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.655379] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.656620] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 23.657759] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.658584] page dumped because: kasan: bad access detected [ 23.658998] [ 23.659128] Memory state around the buggy address: [ 23.659288] ffff88810616df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.659497] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.659718] >ffff88810616e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.659931] ^ [ 23.660050] ffff88810616e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.660257] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.660462] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 23.610160] ================================================================== [ 23.611489] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 23.612254] Write of size 1 at addr ffff888106191f00 by task kunit_try_catch/194 [ 23.612817] [ 23.613052] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.613109] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.613123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.613144] Call Trace: [ 23.613158] <TASK> [ 23.613180] dump_stack_lvl+0x73/0xb0 [ 23.613212] print_report+0xd1/0x610 [ 23.613235] ? __virt_addr_valid+0x1db/0x2d0 [ 23.613260] ? kmalloc_big_oob_right+0x316/0x370 [ 23.613304] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.613331] ? kmalloc_big_oob_right+0x316/0x370 [ 23.613353] kasan_report+0x141/0x180 [ 23.613374] ? kmalloc_big_oob_right+0x316/0x370 [ 23.613401] __asan_report_store1_noabort+0x1b/0x30 [ 23.613425] kmalloc_big_oob_right+0x316/0x370 [ 23.613446] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 23.613471] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 23.613496] kunit_try_run_case+0x1a5/0x480 [ 23.613519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.613538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.613562] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.613585] ? __kthread_parkme+0x82/0x180 [ 23.613606] ? preempt_count_sub+0x50/0x80 [ 23.613629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.613650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.613674] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.613709] kthread+0x337/0x6f0 [ 23.613728] ? trace_preempt_on+0x20/0xc0 [ 23.613751] ? __pfx_kthread+0x10/0x10 [ 23.613792] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.613815] ? calculate_sigpending+0x7b/0xa0 [ 23.613839] ? __pfx_kthread+0x10/0x10 [ 23.613860] ret_from_fork+0x116/0x1d0 [ 23.613896] ? __pfx_kthread+0x10/0x10 [ 23.613918] ret_from_fork_asm+0x1a/0x30 [ 23.613949] </TASK> [ 23.613962] [ 23.625052] Allocated by task 194: [ 23.625363] kasan_save_stack+0x45/0x70 [ 23.625715] kasan_save_track+0x18/0x40 [ 23.626084] kasan_save_alloc_info+0x3b/0x50 [ 23.626376] __kasan_kmalloc+0xb7/0xc0 [ 23.626502] __kmalloc_cache_noprof+0x189/0x420 [ 23.626654] kmalloc_big_oob_right+0xa9/0x370 [ 23.626821] kunit_try_run_case+0x1a5/0x480 [ 23.627051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.627228] kthread+0x337/0x6f0 [ 23.627342] ret_from_fork+0x116/0x1d0 [ 23.627468] ret_from_fork_asm+0x1a/0x30 [ 23.627599] [ 23.627663] The buggy address belongs to the object at ffff888106190000 [ 23.627663] which belongs to the cache kmalloc-8k of size 8192 [ 23.628829] The buggy address is located 0 bytes to the right of [ 23.628829] allocated 7936-byte region [ffff888106190000, ffff888106191f00) [ 23.630120] [ 23.630284] The buggy address belongs to the physical page: [ 23.630762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106190 [ 23.631619] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.631907] flags: 0x200000000000040(head|node=0|zone=2) [ 23.632237] page_type: f5(slab) [ 23.632407] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 23.632711] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.633036] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 23.633421] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.633666] head: 0200000000000003 ffffea0004186401 00000000ffffffff 00000000ffffffff [ 23.634211] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.634614] page dumped because: kasan: bad access detected [ 23.634872] [ 23.634969] Memory state around the buggy address: [ 23.635147] ffff888106191e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.635420] ffff888106191e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.635729] >ffff888106191f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.636056] ^ [ 23.636216] ffff888106191f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.636490] ffff888106192000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.636806] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 23.582610] ================================================================== [ 23.583380] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.583895] Write of size 1 at addr ffff8881058c1378 by task kunit_try_catch/192 [ 23.584318] [ 23.584549] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.584600] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.584613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.584634] Call Trace: [ 23.584648] <TASK> [ 23.584668] dump_stack_lvl+0x73/0xb0 [ 23.584708] print_report+0xd1/0x610 [ 23.584730] ? __virt_addr_valid+0x1db/0x2d0 [ 23.584753] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.584776] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.584812] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.584844] kasan_report+0x141/0x180 [ 23.584871] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.584899] __asan_report_store1_noabort+0x1b/0x30 [ 23.584922] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.584945] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.584970] ? __schedule+0x10cc/0x2b60 [ 23.584993] ? __pfx_read_tsc+0x10/0x10 [ 23.585015] ? ktime_get_ts64+0x86/0x230 [ 23.585040] kunit_try_run_case+0x1a5/0x480 [ 23.585062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.585081] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.585104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.585127] ? __kthread_parkme+0x82/0x180 [ 23.585148] ? preempt_count_sub+0x50/0x80 [ 23.585171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.585192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.585216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.585240] kthread+0x337/0x6f0 [ 23.585259] ? trace_preempt_on+0x20/0xc0 [ 23.585283] ? __pfx_kthread+0x10/0x10 [ 23.585303] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.585324] ? calculate_sigpending+0x7b/0xa0 [ 23.585348] ? __pfx_kthread+0x10/0x10 [ 23.585381] ret_from_fork+0x116/0x1d0 [ 23.585399] ? __pfx_kthread+0x10/0x10 [ 23.585419] ret_from_fork_asm+0x1a/0x30 [ 23.585450] </TASK> [ 23.585461] [ 23.596054] Allocated by task 192: [ 23.596183] kasan_save_stack+0x45/0x70 [ 23.596331] kasan_save_track+0x18/0x40 [ 23.596458] kasan_save_alloc_info+0x3b/0x50 [ 23.596610] __kasan_kmalloc+0xb7/0xc0 [ 23.596746] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.597261] kmalloc_track_caller_oob_right+0x19a/0x520 [ 23.597476] kunit_try_run_case+0x1a5/0x480 [ 23.597661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.597881] kthread+0x337/0x6f0 [ 23.598050] ret_from_fork+0x116/0x1d0 [ 23.598262] ret_from_fork_asm+0x1a/0x30 [ 23.598404] [ 23.598470] The buggy address belongs to the object at ffff8881058c1300 [ 23.598470] which belongs to the cache kmalloc-128 of size 128 [ 23.599000] The buggy address is located 0 bytes to the right of [ 23.599000] allocated 120-byte region [ffff8881058c1300, ffff8881058c1378) [ 23.599481] [ 23.599568] The buggy address belongs to the physical page: [ 23.599795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 23.600283] flags: 0x200000000000000(node=0|zone=2) [ 23.600494] page_type: f5(slab) [ 23.600609] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.601193] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.601486] page dumped because: kasan: bad access detected [ 23.601712] [ 23.601775] Memory state around the buggy address: [ 23.601922] ffff8881058c1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.602128] ffff8881058c1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.602431] >ffff8881058c1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.602801] ^ [ 23.603471] ffff8881058c1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.603685] ffff8881058c1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.603912] ================================================================== [ 23.554456] ================================================================== [ 23.554983] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.555239] Write of size 1 at addr ffff8881058c1278 by task kunit_try_catch/192 [ 23.555457] [ 23.555542] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.555592] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.555605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.555626] Call Trace: [ 23.555638] <TASK> [ 23.555657] dump_stack_lvl+0x73/0xb0 [ 23.555685] print_report+0xd1/0x610 [ 23.555717] ? __virt_addr_valid+0x1db/0x2d0 [ 23.555741] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.555764] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.555789] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.555812] kasan_report+0x141/0x180 [ 23.555836] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.555863] __asan_report_store1_noabort+0x1b/0x30 [ 23.555885] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.555908] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.555932] ? __schedule+0x10cc/0x2b60 [ 23.555954] ? __pfx_read_tsc+0x10/0x10 [ 23.555974] ? ktime_get_ts64+0x86/0x230 [ 23.555999] kunit_try_run_case+0x1a5/0x480 [ 23.556021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.556040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.556062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.556085] ? __kthread_parkme+0x82/0x180 [ 23.556105] ? preempt_count_sub+0x50/0x80 [ 23.556127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.556148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.556171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.556194] kthread+0x337/0x6f0 [ 23.556213] ? trace_preempt_on+0x20/0xc0 [ 23.556235] ? __pfx_kthread+0x10/0x10 [ 23.556254] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.556275] ? calculate_sigpending+0x7b/0xa0 [ 23.556298] ? __pfx_kthread+0x10/0x10 [ 23.556318] ret_from_fork+0x116/0x1d0 [ 23.556336] ? __pfx_kthread+0x10/0x10 [ 23.556355] ret_from_fork_asm+0x1a/0x30 [ 23.556385] </TASK> [ 23.556396] [ 23.571260] Allocated by task 192: [ 23.571395] kasan_save_stack+0x45/0x70 [ 23.571541] kasan_save_track+0x18/0x40 [ 23.571670] kasan_save_alloc_info+0x3b/0x50 [ 23.571920] __kasan_kmalloc+0xb7/0xc0 [ 23.572301] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.572843] kmalloc_track_caller_oob_right+0x99/0x520 [ 23.573300] kunit_try_run_case+0x1a5/0x480 [ 23.573728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.574235] kthread+0x337/0x6f0 [ 23.574559] ret_from_fork+0x116/0x1d0 [ 23.574988] ret_from_fork_asm+0x1a/0x30 [ 23.575334] [ 23.575507] The buggy address belongs to the object at ffff8881058c1200 [ 23.575507] which belongs to the cache kmalloc-128 of size 128 [ 23.576787] The buggy address is located 0 bytes to the right of [ 23.576787] allocated 120-byte region [ffff8881058c1200, ffff8881058c1278) [ 23.577837] [ 23.577991] The buggy address belongs to the physical page: [ 23.578479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 23.578740] flags: 0x200000000000000(node=0|zone=2) [ 23.578898] page_type: f5(slab) [ 23.579017] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.579241] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.579456] page dumped because: kasan: bad access detected [ 23.579616] [ 23.579677] Memory state around the buggy address: [ 23.579835] ffff8881058c1100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.580040] ffff8881058c1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.580287] >ffff8881058c1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.580493] ^ [ 23.580709] ffff8881058c1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.581178] ffff8881058c1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.581757] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 23.520571] ================================================================== [ 23.521301] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 23.522118] Read of size 1 at addr ffff888106087000 by task kunit_try_catch/190 [ 23.522836] [ 23.523108] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.523169] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.523183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.523206] Call Trace: [ 23.523219] <TASK> [ 23.523240] dump_stack_lvl+0x73/0xb0 [ 23.523275] print_report+0xd1/0x610 [ 23.523298] ? __virt_addr_valid+0x1db/0x2d0 [ 23.523343] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.523367] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.523392] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.523414] kasan_report+0x141/0x180 [ 23.523436] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.523462] __asan_report_load1_noabort+0x18/0x20 [ 23.523485] kmalloc_node_oob_right+0x369/0x3c0 [ 23.523508] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 23.523531] ? __schedule+0x10cc/0x2b60 [ 23.523555] ? __pfx_read_tsc+0x10/0x10 [ 23.523578] ? ktime_get_ts64+0x86/0x230 [ 23.523604] kunit_try_run_case+0x1a5/0x480 [ 23.523626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.523646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.523669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.523703] ? __kthread_parkme+0x82/0x180 [ 23.523725] ? preempt_count_sub+0x50/0x80 [ 23.523748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.523775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.523800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.523828] kthread+0x337/0x6f0 [ 23.523847] ? trace_preempt_on+0x20/0xc0 [ 23.523871] ? __pfx_kthread+0x10/0x10 [ 23.523891] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.523912] ? calculate_sigpending+0x7b/0xa0 [ 23.523936] ? __pfx_kthread+0x10/0x10 [ 23.523957] ret_from_fork+0x116/0x1d0 [ 23.523975] ? __pfx_kthread+0x10/0x10 [ 23.523995] ret_from_fork_asm+0x1a/0x30 [ 23.524026] </TASK> [ 23.524038] [ 23.534646] Allocated by task 190: [ 23.534912] kasan_save_stack+0x45/0x70 [ 23.535423] kasan_save_track+0x18/0x40 [ 23.535610] kasan_save_alloc_info+0x3b/0x50 [ 23.536189] __kasan_kmalloc+0xb7/0xc0 [ 23.536450] __kmalloc_cache_node_noprof+0x188/0x420 [ 23.536675] kmalloc_node_oob_right+0xab/0x3c0 [ 23.537062] kunit_try_run_case+0x1a5/0x480 [ 23.537242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.537619] kthread+0x337/0x6f0 [ 23.537860] ret_from_fork+0x116/0x1d0 [ 23.538091] ret_from_fork_asm+0x1a/0x30 [ 23.538347] [ 23.538436] The buggy address belongs to the object at ffff888106086000 [ 23.538436] which belongs to the cache kmalloc-4k of size 4096 [ 23.539204] The buggy address is located 0 bytes to the right of [ 23.539204] allocated 4096-byte region [ffff888106086000, ffff888106087000) [ 23.539909] [ 23.540010] The buggy address belongs to the physical page: [ 23.540448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106080 [ 23.541233] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.541547] flags: 0x200000000000040(head|node=0|zone=2) [ 23.541872] page_type: f5(slab) [ 23.542004] raw: 0200000000000040 ffff888100042140 ffffea0004112a00 dead000000000002 [ 23.542316] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.542920] head: 0200000000000040 ffff888100042140 ffffea0004112a00 dead000000000002 [ 23.543758] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.544615] head: 0200000000000003 ffffea0004182001 00000000ffffffff 00000000ffffffff [ 23.545267] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.546181] page dumped because: kasan: bad access detected [ 23.546498] [ 23.546837] Memory state around the buggy address: [ 23.547427] ffff888106086f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.547646] ffff888106086f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.548444] >ffff888106087000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.549240] ^ [ 23.549608] ffff888106087080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.550113] ffff888106087100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.550800] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 23.452285] ================================================================== [ 23.452754] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 23.453472] Read of size 1 at addr ffff88810484f2ff by task kunit_try_catch/188 [ 23.454019] [ 23.454141] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.454193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.454206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.454228] Call Trace: [ 23.454243] <TASK> [ 23.454264] dump_stack_lvl+0x73/0xb0 [ 23.454298] print_report+0xd1/0x610 [ 23.454320] ? __virt_addr_valid+0x1db/0x2d0 [ 23.454345] ? kmalloc_oob_left+0x361/0x3c0 [ 23.454365] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.454390] ? kmalloc_oob_left+0x361/0x3c0 [ 23.454410] kasan_report+0x141/0x180 [ 23.454431] ? kmalloc_oob_left+0x361/0x3c0 [ 23.454455] __asan_report_load1_noabort+0x18/0x20 [ 23.454478] kmalloc_oob_left+0x361/0x3c0 [ 23.454499] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.454520] ? __schedule+0x10cc/0x2b60 [ 23.454544] ? __pfx_read_tsc+0x10/0x10 [ 23.454565] ? ktime_get_ts64+0x86/0x230 [ 23.454591] kunit_try_run_case+0x1a5/0x480 [ 23.454614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.454634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.454657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.454680] ? __kthread_parkme+0x82/0x180 [ 23.454713] ? preempt_count_sub+0x50/0x80 [ 23.454737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.454758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.454806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.454831] kthread+0x337/0x6f0 [ 23.454850] ? trace_preempt_on+0x20/0xc0 [ 23.454873] ? __pfx_kthread+0x10/0x10 [ 23.454953] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.454977] ? calculate_sigpending+0x7b/0xa0 [ 23.455002] ? __pfx_kthread+0x10/0x10 [ 23.455023] ret_from_fork+0x116/0x1d0 [ 23.455042] ? __pfx_kthread+0x10/0x10 [ 23.455062] ret_from_fork_asm+0x1a/0x30 [ 23.455094] </TASK> [ 23.455106] [ 23.464418] Allocated by task 119: [ 23.464604] kasan_save_stack+0x45/0x70 [ 23.464821] kasan_save_track+0x18/0x40 [ 23.465078] kasan_save_alloc_info+0x3b/0x50 [ 23.465635] __kasan_kmalloc+0xb7/0xc0 [ 23.466003] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.466369] kvasprintf+0xc5/0x150 [ 23.466524] kasprintf+0xb6/0xf0 [ 23.466678] miscdev_test_can_open+0x9a/0x2e0 [ 23.466897] miscdev_test_collision_reverse+0x402/0x750 [ 23.467426] kunit_try_run_case+0x1a5/0x480 [ 23.467638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.468159] kthread+0x337/0x6f0 [ 23.468466] ret_from_fork+0x116/0x1d0 [ 23.468656] ret_from_fork_asm+0x1a/0x30 [ 23.468936] [ 23.469045] Freed by task 75821760: [ 23.469624] ------------[ cut here ]------------ [ 23.470053] pool index 100480 out of bounds (154) for stack id ffff8881 [ 23.471056] WARNING: lib/stackdepot.c:451 at depot_fetch_stack+0x62/0x80, CPU#1: kunit_try_catch/188 [ 23.471478] Modules linked in: [ 23.471752] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.472335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.472582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.473039] RIP: 0010:depot_fetch_stack+0x62/0x80 [ 23.473492] Code: d2 74 05 c3 cc cc cc cc 90 0f 0b 90 31 c0 e9 55 d6 68 02 55 48 89 e5 90 89 f9 44 89 c2 48 c7 c7 78 d3 78 92 e8 1f 68 bc fe 90 <0f> 0b 90 90 31 c0 5d c3 cc cc cc cc 90 0f 0b 90 31 c0 c3 cc cc cc [ 23.474299] RSP: 0000:ffff888106187b28 EFLAGS: 00010082 [ 23.474662] RAX: 0000000000000000 RBX: ffff888106187b50 RCX: 1ffffffff2564b68 [ 23.474994] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 23.475384] RBP: ffff888106187b28 R08: 0000000000000000 R09: fffffbfff2564b68 [ 23.475746] R10: 0000000000000003 R11: 0000000000000001 R12: ffff88810484f2ff [ 23.476163] R13: ffff8881061a2000 R14: ffffea00041213c0 R15: 0000000000000001 [ 23.476421] FS: 0000000000000000(0000) GS:ffff8881c732b000(0000) knlGS:0000000000000000 [ 23.476825] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.477131] CR2: 0000000000000000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 23.477584] DR0: ffffffff93e9b504 DR1: ffffffff93e9b509 DR2: ffffffff93e9b50a [ 23.477966] DR3: ffffffff93e9b50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 23.478511] Call Trace: [ 23.478771] <TASK> [ 23.478934] stack_depot_fetch+0x2c/0x60 [ 23.479106] stack_depot_print+0x23/0x50 [ 23.479306] print_report+0x5f8/0x610 [ 23.479482] ? __virt_addr_valid+0x1db/0x2d0 [ 23.479713] ? kmalloc_oob_left+0x361/0x3c0 [ 23.479954] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.480475] ? kmalloc_oob_left+0x361/0x3c0 [ 23.480684] kasan_report+0x141/0x180 [ 23.481146] ? kmalloc_oob_left+0x361/0x3c0 [ 23.481354] __asan_report_load1_noabort+0x18/0x20 [ 23.481552] kmalloc_oob_left+0x361/0x3c0 [ 23.481734] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.482448] ? __schedule+0x10cc/0x2b60 [ 23.482730] ? __pfx_read_tsc+0x10/0x10 [ 23.483137] ? ktime_get_ts64+0x86/0x230 [ 23.483331] kunit_try_run_case+0x1a5/0x480 [ 23.483524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.483727] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.484426] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.484718] ? __kthread_parkme+0x82/0x180 [ 23.485276] ? preempt_count_sub+0x50/0x80 [ 23.485554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.485922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.486332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.486579] kthread+0x337/0x6f0 [ 23.486740] ? trace_preempt_on+0x20/0xc0 [ 23.487192] ? __pfx_kthread+0x10/0x10 [ 23.487651] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.488134] ? calculate_sigpending+0x7b/0xa0 [ 23.488347] ? __pfx_kthread+0x10/0x10 [ 23.488523] ret_from_fork+0x116/0x1d0 [ 23.488690] ? __pfx_kthread+0x10/0x10 [ 23.488832] ret_from_fork_asm+0x1a/0x30 [ 23.488976] </TASK> [ 23.489243] ---[ end trace 0000000000000000 ]--- [ 23.489614] ------------[ cut here ]------------ [ 23.489782] corrupt handle or use after stack_depot_put() [ 23.489852] WARNING: lib/stackdepot.c:723 at stack_depot_fetch+0x53/0x60, CPU#1: kunit_try_catch/188 [ 23.490471] Modules linked in: [ 23.490611] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.491323] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.491511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.492326] RIP: 0010:stack_depot_fetch+0x53/0x60 [ 23.492614] Code: ff ff ff 48 85 c0 74 14 48 8d 50 20 48 89 13 8b 40 14 48 8b 5d f8 c9 e9 cb d5 68 02 90 48 c7 c7 b0 d3 78 92 e8 9e 67 bc fe 90 <0f> 0b 90 90 31 c0 eb e0 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 [ 23.493734] RSP: 0000:ffff888106187b38 EFLAGS: 00010082 [ 23.494245] RAX: 0000000000000000 RBX: ffff888106187b50 RCX: 1ffffffff2564b68 [ 23.494709] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 23.495394] RBP: ffff888106187b40 R08: 0000000000000000 R09: fffffbfff2564b68 [ 23.495899] R10: 0000000000000003 R11: 0000000000000001 R12: ffff88810484f2ff [ 23.496370] R13: ffff8881061a2000 R14: ffffea00041213c0 R15: 0000000000000001 [ 23.496660] FS: 0000000000000000(0000) GS:ffff8881c732b000(0000) knlGS:0000000000000000 [ 23.497071] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.497291] CR2: 0000000000000000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 23.497574] DR0: ffffffff93e9b504 DR1: ffffffff93e9b509 DR2: ffffffff93e9b50a [ 23.498005] DR3: ffffffff93e9b50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 23.498249] Call Trace: [ 23.498473] <TASK> [ 23.498615] stack_depot_print+0x23/0x50 [ 23.498864] print_report+0x5f8/0x610 [ 23.499033] ? __virt_addr_valid+0x1db/0x2d0 [ 23.499384] ? kmalloc_oob_left+0x361/0x3c0 [ 23.499587] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.499871] ? kmalloc_oob_left+0x361/0x3c0 [ 23.500038] kasan_report+0x141/0x180 [ 23.500323] ? kmalloc_oob_left+0x361/0x3c0 [ 23.500554] __asan_report_load1_noabort+0x18/0x20 [ 23.500826] kmalloc_oob_left+0x361/0x3c0 [ 23.500964] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.501183] ? __schedule+0x10cc/0x2b60 [ 23.501372] ? __pfx_read_tsc+0x10/0x10 [ 23.501511] ? ktime_get_ts64+0x86/0x230 [ 23.501864] kunit_try_run_case+0x1a5/0x480 [ 23.502175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.502325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.502688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.502989] ? __kthread_parkme+0x82/0x180 [ 23.503151] ? preempt_count_sub+0x50/0x80 [ 23.503333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.503512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.503678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.504171] kthread+0x337/0x6f0 [ 23.504341] ? trace_preempt_on+0x20/0xc0 [ 23.504569] ? __pfx_kthread+0x10/0x10 [ 23.504771] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.505031] ? calculate_sigpending+0x7b/0xa0 [ 23.505174] ? __pfx_kthread+0x10/0x10 [ 23.505299] ret_from_fork+0x116/0x1d0 [ 23.505422] ? __pfx_kthread+0x10/0x10 [ 23.505893] ret_from_fork_asm+0x1a/0x30 [ 23.506267] </TASK> [ 23.506421] ---[ end trace 0000000000000000 ]--- [ 23.506681] [ 23.506770] The buggy address belongs to the object at ffff88810484f2e0 [ 23.506770] which belongs to the cache kmalloc-16 of size 16 [ 23.508003] The buggy address is located 15 bytes to the right of [ 23.508003] allocated 16-byte region [ffff88810484f2e0, ffff88810484f2f0) [ 23.509136] [ 23.509496] The buggy address belongs to the physical page: [ 23.510135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10484f [ 23.510473] flags: 0x200000000000000(node=0|zone=2) [ 23.510703] page_type: f5(slab) [ 23.511147] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.511685] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.512600] page dumped because: kasan: bad access detected [ 23.513203] [ 23.513301] Memory state around the buggy address: [ 23.513504] ffff88810484f180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.514119] ffff88810484f200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.514706] >ffff88810484f280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.515298] ^ [ 23.515595] ffff88810484f300: 00 07 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.516342] ffff88810484f380: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 23.516988] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 23.364607] ================================================================== [ 23.365220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 23.366109] Write of size 1 at addr ffff88810456ac73 by task kunit_try_catch/186 [ 23.366624] [ 23.367981] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.368346] Tainted: [N]=TEST [ 23.368379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.368607] Call Trace: [ 23.368676] <TASK> [ 23.368851] dump_stack_lvl+0x73/0xb0 [ 23.368948] print_report+0xd1/0x610 [ 23.368977] ? __virt_addr_valid+0x1db/0x2d0 [ 23.369004] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.369025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.369051] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.369072] kasan_report+0x141/0x180 [ 23.369093] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.369119] __asan_report_store1_noabort+0x1b/0x30 [ 23.369143] kmalloc_oob_right+0x6f0/0x7f0 [ 23.369165] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.369188] ? __schedule+0x10cc/0x2b60 [ 23.369212] ? __pfx_read_tsc+0x10/0x10 [ 23.369235] ? ktime_get_ts64+0x86/0x230 [ 23.369261] kunit_try_run_case+0x1a5/0x480 [ 23.369285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.369305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.369328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.369351] ? __kthread_parkme+0x82/0x180 [ 23.369373] ? preempt_count_sub+0x50/0x80 [ 23.369397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.369418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.369443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.369467] kthread+0x337/0x6f0 [ 23.369487] ? trace_preempt_on+0x20/0xc0 [ 23.369512] ? __pfx_kthread+0x10/0x10 [ 23.369533] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.369554] ? calculate_sigpending+0x7b/0xa0 [ 23.369579] ? __pfx_kthread+0x10/0x10 [ 23.369600] ret_from_fork+0x116/0x1d0 [ 23.369619] ? __pfx_kthread+0x10/0x10 [ 23.369639] ret_from_fork_asm+0x1a/0x30 [ 23.369691] </TASK> [ 23.369793] [ 23.380352] Allocated by task 186: [ 23.380867] kasan_save_stack+0x45/0x70 [ 23.381067] kasan_save_track+0x18/0x40 [ 23.381261] kasan_save_alloc_info+0x3b/0x50 [ 23.381524] __kasan_kmalloc+0xb7/0xc0 [ 23.381754] __kmalloc_cache_noprof+0x189/0x420 [ 23.382144] kmalloc_oob_right+0xa9/0x7f0 [ 23.382349] kunit_try_run_case+0x1a5/0x480 [ 23.382548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.383027] kthread+0x337/0x6f0 [ 23.383246] ret_from_fork+0x116/0x1d0 [ 23.383595] ret_from_fork_asm+0x1a/0x30 [ 23.383892] [ 23.384036] The buggy address belongs to the object at ffff88810456ac00 [ 23.384036] which belongs to the cache kmalloc-128 of size 128 [ 23.384973] The buggy address is located 0 bytes to the right of [ 23.384973] allocated 115-byte region [ffff88810456ac00, ffff88810456ac73) [ 23.385610] [ 23.385968] The buggy address belongs to the physical page: [ 23.386644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10456a [ 23.387380] flags: 0x200000000000000(node=0|zone=2) [ 23.388142] page_type: f5(slab) [ 23.388682] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.389304] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.389794] page dumped because: kasan: bad access detected [ 23.390100] [ 23.390187] Memory state around the buggy address: [ 23.390716] ffff88810456ab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.391108] ffff88810456ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.391432] >ffff88810456ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.391791] ^ [ 23.392222] ffff88810456ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.392495] ffff88810456ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.392862] ================================================================== [ 23.394403] ================================================================== [ 23.395407] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 23.395658] Write of size 1 at addr ffff88810456ac78 by task kunit_try_catch/186 [ 23.395902] [ 23.395990] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.396040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.396052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.396076] Call Trace: [ 23.396092] <TASK> [ 23.396112] dump_stack_lvl+0x73/0xb0 [ 23.396144] print_report+0xd1/0x610 [ 23.396166] ? __virt_addr_valid+0x1db/0x2d0 [ 23.396191] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.396211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.396237] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.396258] kasan_report+0x141/0x180 [ 23.396279] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.396304] __asan_report_store1_noabort+0x1b/0x30 [ 23.396327] kmalloc_oob_right+0x6bd/0x7f0 [ 23.396348] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.396370] ? __schedule+0x10cc/0x2b60 [ 23.396393] ? __pfx_read_tsc+0x10/0x10 [ 23.396415] ? ktime_get_ts64+0x86/0x230 [ 23.396439] kunit_try_run_case+0x1a5/0x480 [ 23.396462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.396482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.396505] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.396528] ? __kthread_parkme+0x82/0x180 [ 23.396549] ? preempt_count_sub+0x50/0x80 [ 23.396573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.396594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.396618] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.396642] kthread+0x337/0x6f0 [ 23.396661] ? trace_preempt_on+0x20/0xc0 [ 23.396685] ? __pfx_kthread+0x10/0x10 [ 23.396717] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.396740] ? calculate_sigpending+0x7b/0xa0 [ 23.396763] ? __pfx_kthread+0x10/0x10 [ 23.396784] ret_from_fork+0x116/0x1d0 [ 23.396803] ? __pfx_kthread+0x10/0x10 [ 23.396823] ret_from_fork_asm+0x1a/0x30 [ 23.396854] </TASK> [ 23.396864] [ 23.411106] Allocated by task 186: [ 23.411574] kasan_save_stack+0x45/0x70 [ 23.412117] kasan_save_track+0x18/0x40 [ 23.412253] kasan_save_alloc_info+0x3b/0x50 [ 23.412394] __kasan_kmalloc+0xb7/0xc0 [ 23.412518] __kmalloc_cache_noprof+0x189/0x420 [ 23.412666] kmalloc_oob_right+0xa9/0x7f0 [ 23.412933] kunit_try_run_case+0x1a5/0x480 [ 23.413075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.413264] kthread+0x337/0x6f0 [ 23.413433] ret_from_fork+0x116/0x1d0 [ 23.413615] ret_from_fork_asm+0x1a/0x30 [ 23.413874] [ 23.414166] The buggy address belongs to the object at ffff88810456ac00 [ 23.414166] which belongs to the cache kmalloc-128 of size 128 [ 23.414507] The buggy address is located 5 bytes to the right of [ 23.414507] allocated 115-byte region [ffff88810456ac00, ffff88810456ac73) [ 23.415471] [ 23.415580] The buggy address belongs to the physical page: [ 23.416224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10456a [ 23.416766] flags: 0x200000000000000(node=0|zone=2) [ 23.417109] page_type: f5(slab) [ 23.417505] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.418228] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.418766] page dumped because: kasan: bad access detected [ 23.418979] [ 23.419179] Memory state around the buggy address: [ 23.419432] ffff88810456ab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.419876] ffff88810456ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.420130] >ffff88810456ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.420581] ^ [ 23.421219] ffff88810456ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.421548] ffff88810456ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.422068] ================================================================== [ 23.422676] ================================================================== [ 23.423089] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 23.423356] Read of size 1 at addr ffff88810456ac80 by task kunit_try_catch/186 [ 23.423712] [ 23.423899] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 23.423949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.423961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.423983] Call Trace: [ 23.424004] <TASK> [ 23.424027] dump_stack_lvl+0x73/0xb0 [ 23.424058] print_report+0xd1/0x610 [ 23.424080] ? __virt_addr_valid+0x1db/0x2d0 [ 23.424103] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.424124] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.424149] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.424169] kasan_report+0x141/0x180 [ 23.424191] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.424216] __asan_report_load1_noabort+0x18/0x20 [ 23.424239] kmalloc_oob_right+0x68a/0x7f0 [ 23.424260] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.424322] ? __schedule+0x10cc/0x2b60 [ 23.424407] ? __pfx_read_tsc+0x10/0x10 [ 23.424453] ? ktime_get_ts64+0x86/0x230 [ 23.424489] kunit_try_run_case+0x1a5/0x480 [ 23.424512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.424532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.424555] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.424578] ? __kthread_parkme+0x82/0x180 [ 23.424598] ? preempt_count_sub+0x50/0x80 [ 23.424621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.424642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.424666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.424690] kthread+0x337/0x6f0 [ 23.424720] ? trace_preempt_on+0x20/0xc0 [ 23.424744] ? __pfx_kthread+0x10/0x10 [ 23.424764] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.424827] ? calculate_sigpending+0x7b/0xa0 [ 23.424852] ? __pfx_kthread+0x10/0x10 [ 23.424873] ret_from_fork+0x116/0x1d0 [ 23.424903] ? __pfx_kthread+0x10/0x10 [ 23.424923] ret_from_fork_asm+0x1a/0x30 [ 23.424954] </TASK> [ 23.424966] [ 23.436254] Allocated by task 186: [ 23.436597] kasan_save_stack+0x45/0x70 [ 23.437025] kasan_save_track+0x18/0x40 [ 23.437239] kasan_save_alloc_info+0x3b/0x50 [ 23.437424] __kasan_kmalloc+0xb7/0xc0 [ 23.437592] __kmalloc_cache_noprof+0x189/0x420 [ 23.438078] kmalloc_oob_right+0xa9/0x7f0 [ 23.438392] kunit_try_run_case+0x1a5/0x480 [ 23.438603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.438980] kthread+0x337/0x6f0 [ 23.439323] ret_from_fork+0x116/0x1d0 [ 23.439488] ret_from_fork_asm+0x1a/0x30 [ 23.439659] [ 23.439753] The buggy address belongs to the object at ffff88810456ac00 [ 23.439753] which belongs to the cache kmalloc-128 of size 128 [ 23.440541] The buggy address is located 13 bytes to the right of [ 23.440541] allocated 115-byte region [ffff88810456ac00, ffff88810456ac73) [ 23.441495] [ 23.441734] The buggy address belongs to the physical page: [ 23.442307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10456a [ 23.442620] flags: 0x200000000000000(node=0|zone=2) [ 23.443047] page_type: f5(slab) [ 23.443316] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.443781] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.444409] page dumped because: kasan: bad access detected [ 23.444646] [ 23.444745] Memory state around the buggy address: [ 23.445454] ffff88810456ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.446096] ffff88810456ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.446403] >ffff88810456ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.446686] ^ [ 23.447139] ffff88810456ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.447621] ffff88810456ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.448364] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 177.427242] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2814 [ 177.427680] Modules linked in: [ 177.427940] CPU: 1 UID: 0 PID: 2814 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 177.428980] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.429255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.429627] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 177.429816] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 c0 e6 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 177.430706] RSP: 0000:ffff88810e0d7c78 EFLAGS: 00010286 [ 177.431068] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 177.431341] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff91e55dbc [ 177.431617] RBP: ffff88810e0d7ca0 R08: 0000000000000000 R09: ffffed1020bc19a0 [ 177.431915] R10: ffff888105e0cd07 R11: 0000000000000000 R12: ffffffff91e55da8 [ 177.432337] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810e0d7d38 [ 177.432663] FS: 0000000000000000(0000) GS:ffff8881c732b000(0000) knlGS:0000000000000000 [ 177.433158] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.433378] CR2: 00007ffff7ffe000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 177.433641] DR0: ffffffff93e9b504 DR1: ffffffff93e9b509 DR2: ffffffff93e9b50a [ 177.434002] DR3: ffffffff93e9b50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.434247] Call Trace: [ 177.434375] <TASK> [ 177.434508] drm_test_rect_calc_vscale+0x108/0x270 [ 177.434801] ? __kasan_check_write+0x18/0x20 [ 177.435085] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 177.435342] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 177.435531] ? __pfx_read_tsc+0x10/0x10 [ 177.435780] ? ktime_get_ts64+0x86/0x230 [ 177.436139] kunit_try_run_case+0x1a5/0x480 [ 177.436364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.436530] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 177.436774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.437108] ? __kthread_parkme+0x82/0x180 [ 177.437317] ? preempt_count_sub+0x50/0x80 [ 177.437518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.437732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.437958] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.438263] kthread+0x337/0x6f0 [ 177.438501] ? trace_preempt_on+0x20/0xc0 [ 177.438670] ? __pfx_kthread+0x10/0x10 [ 177.438894] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.439057] ? calculate_sigpending+0x7b/0xa0 [ 177.439206] ? __pfx_kthread+0x10/0x10 [ 177.439352] ret_from_fork+0x116/0x1d0 [ 177.439564] ? __pfx_kthread+0x10/0x10 [ 177.440071] ret_from_fork_asm+0x1a/0x30 [ 177.440366] </TASK> [ 177.440509] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 177.442996] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2816 [ 177.443695] Modules linked in: [ 177.443848] CPU: 0 UID: 0 PID: 2816 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 177.444375] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.444742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.445069] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 177.445364] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 c0 e6 22 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 177.446113] RSP: 0000:ffff88810dcbfc78 EFLAGS: 00010286 [ 177.446418] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 177.446730] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff91e55df4 [ 177.447081] RBP: ffff88810dcbfca0 R08: 0000000000000000 R09: ffffed1020bc19e0 [ 177.447348] R10: ffff888105e0cf07 R11: 0000000000000000 R12: ffffffff91e55de0 [ 177.447661] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810dcbfd38 [ 177.447881] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 177.448437] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.448665] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 177.449005] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 177.449382] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.449802] Call Trace: [ 177.449992] <TASK> [ 177.450129] drm_test_rect_calc_vscale+0x108/0x270 [ 177.450358] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 177.450622] ? __schedule+0x10cc/0x2b60 [ 177.450788] ? __pfx_read_tsc+0x10/0x10 [ 177.450967] ? ktime_get_ts64+0x86/0x230 [ 177.451158] kunit_try_run_case+0x1a5/0x480 [ 177.451407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.451607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.451879] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.452166] ? __kthread_parkme+0x82/0x180 [ 177.452334] ? preempt_count_sub+0x50/0x80 [ 177.452474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.452702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.453029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.453278] kthread+0x337/0x6f0 [ 177.453405] ? trace_preempt_on+0x20/0xc0 [ 177.453615] ? __pfx_kthread+0x10/0x10 [ 177.453822] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.454232] ? calculate_sigpending+0x7b/0xa0 [ 177.454463] ? __pfx_kthread+0x10/0x10 [ 177.454634] ret_from_fork+0x116/0x1d0 [ 177.454825] ? __pfx_kthread+0x10/0x10 [ 177.455059] ret_from_fork_asm+0x1a/0x30 [ 177.455279] </TASK> [ 177.455372] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 177.379528] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2802 [ 177.380662] Modules linked in: [ 177.380875] CPU: 0 UID: 0 PID: 2802 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 177.381497] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.381824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.382242] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 177.382636] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 177.383480] RSP: 0000:ffff88810dda7c78 EFLAGS: 00010286 [ 177.383749] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 177.384088] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff91e55dc0 [ 177.384470] RBP: ffff88810dda7ca0 R08: 0000000000000000 R09: ffffed10216aec80 [ 177.384926] R10: ffff88810b576407 R11: 0000000000000000 R12: ffffffff91e55da8 [ 177.385450] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810dda7d38 [ 177.385813] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 177.386199] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.386524] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 177.387173] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 177.387544] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.387989] Call Trace: [ 177.388105] <TASK> [ 177.388295] drm_test_rect_calc_hscale+0x108/0x270 [ 177.388521] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 177.388837] ? __schedule+0x10cc/0x2b60 [ 177.389031] ? __pfx_read_tsc+0x10/0x10 [ 177.389256] ? ktime_get_ts64+0x86/0x230 [ 177.389549] kunit_try_run_case+0x1a5/0x480 [ 177.389832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.390193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 177.390401] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.390651] ? __kthread_parkme+0x82/0x180 [ 177.391036] ? preempt_count_sub+0x50/0x80 [ 177.391232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.391441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.391689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.392034] kthread+0x337/0x6f0 [ 177.392190] ? trace_preempt_on+0x20/0xc0 [ 177.392360] ? __pfx_kthread+0x10/0x10 [ 177.392548] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.392769] ? calculate_sigpending+0x7b/0xa0 [ 177.392939] ? __pfx_kthread+0x10/0x10 [ 177.393124] ret_from_fork+0x116/0x1d0 [ 177.393370] ? __pfx_kthread+0x10/0x10 [ 177.393560] ret_from_fork_asm+0x1a/0x30 [ 177.393739] </TASK> [ 177.393826] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 177.398213] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2804 [ 177.398633] Modules linked in: [ 177.398828] CPU: 0 UID: 0 PID: 2804 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 177.399407] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 177.399669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.400072] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 177.400775] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 177.401630] RSP: 0000:ffff88810df07c78 EFLAGS: 00010286 [ 177.401965] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 177.402311] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff91e55df8 [ 177.402597] RBP: ffff88810df07ca0 R08: 0000000000000000 R09: ffffed10216aeca0 [ 177.402892] R10: ffff88810b576507 R11: 0000000000000000 R12: ffffffff91e55de0 [ 177.403198] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810df07d38 [ 177.403493] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 177.403850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.404119] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 177.404452] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 177.404798] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 177.405207] Call Trace: [ 177.405396] <TASK> [ 177.405492] drm_test_rect_calc_hscale+0x108/0x270 [ 177.405808] ? __kasan_check_write+0x18/0x20 [ 177.406043] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 177.406289] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 177.406544] ? __pfx_read_tsc+0x10/0x10 [ 177.406736] ? ktime_get_ts64+0x86/0x230 [ 177.407131] kunit_try_run_case+0x1a5/0x480 [ 177.407375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.407613] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 177.407836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 177.408134] ? __kthread_parkme+0x82/0x180 [ 177.408356] ? preempt_count_sub+0x50/0x80 [ 177.408524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 177.408727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 177.408941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 177.409281] kthread+0x337/0x6f0 [ 177.409456] ? trace_preempt_on+0x20/0xc0 [ 177.409630] ? __pfx_kthread+0x10/0x10 [ 177.409819] ? _raw_spin_unlock_irq+0x47/0x80 [ 177.410064] ? calculate_sigpending+0x7b/0xa0 [ 177.410276] ? __pfx_kthread+0x10/0x10 [ 177.410461] ret_from_fork+0x116/0x1d0 [ 177.410657] ? __pfx_kthread+0x10/0x10 [ 177.410789] ret_from_fork_asm+0x1a/0x30 [ 177.410984] </TASK> [ 177.411294] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 176.647703] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 176.647836] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2607 [ 176.649287] Modules linked in: [ 176.649650] CPU: 1 UID: 0 PID: 2607 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 176.650562] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 176.651598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 176.652502] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 176.653060] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 ad ce 81 00 48 c7 c1 e0 9c e0 91 4c 89 f2 48 c7 c7 00 99 e0 91 48 89 c6 e8 64 74 73 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 176.654376] RSP: 0000:ffff88810d4f7d18 EFLAGS: 00010286 [ 176.654563] RAX: 0000000000000000 RBX: ffff88810c201400 RCX: 1ffffffff2564b68 [ 176.655403] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 176.656623] RBP: ffff88810d4f7d48 R08: 0000000000000000 R09: fffffbfff2564b68 [ 176.657501] R10: 0000000000000003 R11: 000000000003c3c8 R12: ffff88810d35c800 [ 176.658252] R13: ffff88810c2014f8 R14: ffff8881039bc100 R15: ffff8881003c7b48 [ 176.658468] FS: 0000000000000000(0000) GS:ffff8881c732b000(0000) knlGS:0000000000000000 [ 176.659110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 176.659771] CR2: 00007ffff7ffe000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 176.660724] DR0: ffffffff93e9b504 DR1: ffffffff93e9b509 DR2: ffffffff93e9b50a [ 176.661537] DR3: ffffffff93e9b50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 176.662231] Call Trace: [ 176.662338] <TASK> [ 176.662424] ? trace_preempt_on+0x20/0xc0 [ 176.662594] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 176.663413] drm_gem_shmem_free_wrapper+0x12/0x20 [ 176.664132] __kunit_action_free+0x57/0x70 [ 176.664664] kunit_remove_resource+0x133/0x200 [ 176.665154] ? preempt_count_sub+0x50/0x80 [ 176.665602] kunit_cleanup+0x7a/0x120 [ 176.665857] kunit_try_run_case_cleanup+0xbd/0xf0 [ 176.666383] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 176.666644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.666874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 176.667166] kthread+0x337/0x6f0 [ 176.667323] ? trace_preempt_on+0x20/0xc0 [ 176.667504] ? __pfx_kthread+0x10/0x10 [ 176.668174] ? _raw_spin_unlock_irq+0x47/0x80 [ 176.668466] ? calculate_sigpending+0x7b/0xa0 [ 176.668950] ? __pfx_kthread+0x10/0x10 [ 176.669339] ret_from_fork+0x116/0x1d0 [ 176.669644] ? __pfx_kthread+0x10/0x10 [ 176.669934] ret_from_fork_asm+0x1a/0x30 [ 176.670368] </TASK> [ 176.670616] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 176.505354] WARNING: drivers/gpu/drm/drm_framebuffer.c:867 at drm_framebuffer_init+0x44/0x300, CPU#0: kunit_try_catch/2588 [ 176.505835] Modules linked in: [ 176.506144] CPU: 0 UID: 0 PID: 2588 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 176.507306] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 176.508176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 176.509042] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 176.509239] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 176.510503] RSP: 0000:ffff88810d55fb30 EFLAGS: 00010246 [ 176.511180] RAX: dffffc0000000000 RBX: ffff88810d55fc28 RCX: 0000000000000000 [ 176.511999] RDX: 1ffff11021aabf8e RSI: ffff88810d55fc28 RDI: ffff88810d55fc70 [ 176.512594] RBP: ffff88810d55fb70 R08: ffff88810d19c000 R09: ffffffff91df9b00 [ 176.512929] R10: 0000000000000003 R11: 00000000dabca6ee R12: ffff88810d19c000 [ 176.513847] R13: ffff8881003c7ae8 R14: ffff88810d55fba8 R15: 0000000000000000 [ 176.514560] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 176.514939] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 176.515392] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 176.515608] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 176.516176] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 176.516807] Call Trace: [ 176.517089] <TASK> [ 176.517297] ? add_dr+0xc1/0x1d0 [ 176.517601] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 176.517822] ? add_dr+0x148/0x1d0 [ 176.518029] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 176.518647] ? __drmm_add_action+0x1a4/0x280 [ 176.519139] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 176.519690] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 176.520220] ? __drmm_add_action_or_reset+0x22/0x50 [ 176.520535] ? __schedule+0x10cc/0x2b60 [ 176.520699] ? __pfx_read_tsc+0x10/0x10 [ 176.520838] ? ktime_get_ts64+0x86/0x230 [ 176.521206] kunit_try_run_case+0x1a5/0x480 [ 176.521633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.522178] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 176.522734] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 176.523272] ? __kthread_parkme+0x82/0x180 [ 176.523693] ? preempt_count_sub+0x50/0x80 [ 176.523879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.524379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.524588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 176.525070] kthread+0x337/0x6f0 [ 176.525383] ? trace_preempt_on+0x20/0xc0 [ 176.525773] ? __pfx_kthread+0x10/0x10 [ 176.526161] ? _raw_spin_unlock_irq+0x47/0x80 [ 176.526626] ? calculate_sigpending+0x7b/0xa0 [ 176.526848] ? __pfx_kthread+0x10/0x10 [ 176.527071] ret_from_fork+0x116/0x1d0 [ 176.527365] ? __pfx_kthread+0x10/0x10 [ 176.527815] ret_from_fork_asm+0x1a/0x30 [ 176.528230] </TASK> [ 176.528493] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 176.466514] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 176.466619] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2584 [ 176.468375] Modules linked in: [ 176.468819] CPU: 0 UID: 0 PID: 2584 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 176.469831] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 176.470218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 176.470783] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 176.471323] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 bb fc 88 00 48 c7 c1 e0 49 df 91 4c 89 fa 48 c7 c7 40 4a df 91 48 89 c6 e8 72 a2 7a fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 176.472355] RSP: 0000:ffff88810d5dfb68 EFLAGS: 00010282 [ 176.472611] RAX: 0000000000000000 RBX: ffff88810d5dfc40 RCX: 1ffffffff2564b68 [ 176.473185] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 176.473622] RBP: ffff88810d5dfb90 R08: 0000000000000000 R09: fffffbfff2564b68 [ 176.474272] R10: 0000000000000003 R11: 000000000003ac40 R12: ffff88810d5dfc18 [ 176.474754] R13: ffff88810d5c5800 R14: ffff88810d19a000 R15: ffff8881064b5500 [ 176.475321] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 176.475834] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 176.476393] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 176.476858] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 176.477364] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 176.477821] Call Trace: [ 176.478160] <TASK> [ 176.478431] drm_test_framebuffer_free+0x1ab/0x610 [ 176.478859] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 176.479299] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 176.479704] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 176.480134] ? __drmm_add_action_or_reset+0x22/0x50 [ 176.480510] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 176.480817] kunit_try_run_case+0x1a5/0x480 [ 176.481322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.481637] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 176.482175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 176.482563] ? __kthread_parkme+0x82/0x180 [ 176.483012] ? preempt_count_sub+0x50/0x80 [ 176.483354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 176.483761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 176.484168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 176.484600] kthread+0x337/0x6f0 [ 176.485007] ? trace_preempt_on+0x20/0xc0 [ 176.485205] ? __pfx_kthread+0x10/0x10 [ 176.485637] ? _raw_spin_unlock_irq+0x47/0x80 [ 176.486100] ? calculate_sigpending+0x7b/0xa0 [ 176.486447] ? __pfx_kthread+0x10/0x10 [ 176.486833] ret_from_fork+0x116/0x1d0 [ 176.487421] ? __pfx_kthread+0x10/0x10 [ 176.487800] ret_from_fork_asm+0x1a/0x30 [ 176.488042] </TASK> [ 176.488282] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 175.150635] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2024 [ 175.151875] Modules linked in: [ 175.152436] CPU: 1 UID: 0 PID: 2024 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 175.153640] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 175.153830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 175.154513] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 175.154825] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 175.156851] RSP: 0000:ffff888107377c90 EFLAGS: 00010246 [ 175.157282] RAX: dffffc0000000000 RBX: ffff8881072f8000 RCX: 0000000000000000 [ 175.157591] RDX: 1ffff11020e5f034 RSI: ffffffff8f001aa8 RDI: ffff8881072f81a0 [ 175.157899] RBP: ffff888107377ca0 R08: 1ffff11020078f6a R09: ffffed1020e6ef65 [ 175.158164] R10: 0000000000000003 R11: ffffffff8e580d08 R12: 0000000000000000 [ 175.158535] R13: ffff888107377d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 175.158881] FS: 0000000000000000(0000) GS:ffff8881c732b000(0000) knlGS:0000000000000000 [ 175.159312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 175.159593] CR2: 00007ffff7ffe000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 175.159862] DR0: ffffffff93e9b504 DR1: ffffffff93e9b509 DR2: ffffffff93e9b50a [ 175.160265] DR3: ffffffff93e9b50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 175.160566] Call Trace: [ 175.160687] <TASK> [ 175.161063] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 175.161373] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 175.161799] ? __schedule+0x10cc/0x2b60 [ 175.162015] ? __pfx_read_tsc+0x10/0x10 [ 175.162235] ? ktime_get_ts64+0x86/0x230 [ 175.162509] kunit_try_run_case+0x1a5/0x480 [ 175.162774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 175.163036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 175.163257] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 175.163611] ? __kthread_parkme+0x82/0x180 [ 175.163780] ? preempt_count_sub+0x50/0x80 [ 175.164164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 175.164387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 175.164627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 175.164920] kthread+0x337/0x6f0 [ 175.165109] ? trace_preempt_on+0x20/0xc0 [ 175.165250] ? __pfx_kthread+0x10/0x10 [ 175.165645] ? _raw_spin_unlock_irq+0x47/0x80 [ 175.165847] ? calculate_sigpending+0x7b/0xa0 [ 175.166157] ? __pfx_kthread+0x10/0x10 [ 175.166286] ret_from_fork+0x116/0x1d0 [ 175.166567] ? __pfx_kthread+0x10/0x10 [ 175.167366] ret_from_fork_asm+0x1a/0x30 [ 175.167646] </TASK> [ 175.167774] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 175.227164] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2032 [ 175.227758] Modules linked in: [ 175.227945] CPU: 0 UID: 0 PID: 2032 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 175.228668] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 175.228890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 175.229993] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 175.230676] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 175.231988] RSP: 0000:ffff888107377c90 EFLAGS: 00010246 [ 175.232486] RAX: dffffc0000000000 RBX: ffff88810707c000 RCX: 0000000000000000 [ 175.232834] RDX: 1ffff11020e0f834 RSI: ffffffff8f001aa8 RDI: ffff88810707c1a0 [ 175.233784] RBP: ffff888107377ca0 R08: 1ffff11020078f6a R09: ffffed1020e6ef65 [ 175.234287] R10: 0000000000000003 R11: ffffffff8e580d08 R12: 0000000000000000 [ 175.234790] R13: ffff888107377d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 175.235326] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 175.235966] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 175.236152] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 175.236350] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 175.236547] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 175.236809] Call Trace: [ 175.237075] <TASK> [ 175.237203] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 175.237447] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 175.237821] ? __schedule+0x10cc/0x2b60 [ 175.237999] ? __pfx_read_tsc+0x10/0x10 [ 175.238686] ? ktime_get_ts64+0x86/0x230 [ 175.238950] kunit_try_run_case+0x1a5/0x480 [ 175.239396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 175.239731] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 175.240170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 175.240399] ? __kthread_parkme+0x82/0x180 [ 175.240567] ? preempt_count_sub+0x50/0x80 [ 175.241103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 175.241320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 175.241550] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 175.242022] kthread+0x337/0x6f0 [ 175.242273] ? trace_preempt_on+0x20/0xc0 [ 175.242519] ? __pfx_kthread+0x10/0x10 [ 175.242698] ? _raw_spin_unlock_irq+0x47/0x80 [ 175.243160] ? calculate_sigpending+0x7b/0xa0 [ 175.243517] ? __pfx_kthread+0x10/0x10 [ 175.243673] ret_from_fork+0x116/0x1d0 [ 175.243876] ? __pfx_kthread+0x10/0x10 [ 175.244115] ret_from_fork_asm+0x1a/0x30 [ 175.244298] </TASK> [ 175.244638] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 120.725854] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/708 [ 120.726744] Modules linked in: [ 120.727143] CPU: 0 UID: 0 PID: 708 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 120.727779] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 120.728114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.728378] RIP: 0010:intlog10+0x2a/0x40 [ 120.728530] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 d7 a3 8e 02 90 <0f> 0b 90 31 c0 e9 cc a3 8e 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 120.729395] RSP: 0000:ffff88810eaf7cb0 EFLAGS: 00010246 [ 120.729676] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021d5efb4 [ 120.730178] RDX: 1ffffffff23931c8 RSI: 1ffff11021d5efb3 RDI: 0000000000000000 [ 120.730480] RBP: ffff88810eaf7d60 R08: 0000000000000000 R09: ffffed10209caca0 [ 120.731059] R10: ffff888104e56507 R11: 0000000000000000 R12: 1ffff11021d5ef97 [ 120.731525] R13: ffffffff91c98e40 R14: 0000000000000000 R15: ffff88810eaf7d38 [ 120.731850] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 120.732341] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.732582] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 120.733120] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 120.733496] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.733859] Call Trace: [ 120.734007] <TASK> [ 120.734136] ? intlog10_test+0xf2/0x220 [ 120.734553] ? __pfx_intlog10_test+0x10/0x10 [ 120.734903] ? __schedule+0x10cc/0x2b60 [ 120.735208] ? __pfx_read_tsc+0x10/0x10 [ 120.735408] ? ktime_get_ts64+0x86/0x230 [ 120.735551] kunit_try_run_case+0x1a5/0x480 [ 120.735758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.736327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 120.736673] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 120.736882] ? __kthread_parkme+0x82/0x180 [ 120.737266] ? preempt_count_sub+0x50/0x80 [ 120.737523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.737712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.738159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.738508] kthread+0x337/0x6f0 [ 120.738647] ? trace_preempt_on+0x20/0xc0 [ 120.738870] ? __pfx_kthread+0x10/0x10 [ 120.739451] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.739684] ? calculate_sigpending+0x7b/0xa0 [ 120.740195] ? __pfx_kthread+0x10/0x10 [ 120.740389] ret_from_fork+0x116/0x1d0 [ 120.740569] ? __pfx_kthread+0x10/0x10 [ 120.740749] ret_from_fork_asm+0x1a/0x30 [ 120.741209] </TASK> [ 120.741310] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 120.680329] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/690 [ 120.680812] Modules linked in: [ 120.680965] CPU: 0 UID: 0 PID: 690 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 120.682297] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 120.683115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.683705] RIP: 0010:intlog2+0xdf/0x110 [ 120.683917] Code: c9 91 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 42 a4 8e 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 0f cc 55 ff 8b 45 e4 eb [ 120.685789] RSP: 0000:ffff88810ec8fcb0 EFLAGS: 00010246 [ 120.686435] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021d91fb4 [ 120.686677] RDX: 1ffffffff239321c RSI: 1ffff11021d91fb3 RDI: 0000000000000000 [ 120.686989] RBP: ffff88810ec8fd60 R08: 0000000000000000 R09: ffffed10204106a0 [ 120.688006] R10: ffff888102083507 R11: 0000000000000000 R12: 1ffff11021d91f97 [ 120.688857] R13: ffffffff91c990e0 R14: 0000000000000000 R15: ffff88810ec8fd38 [ 120.689718] FS: 0000000000000000(0000) GS:ffff8881c722b000(0000) knlGS:0000000000000000 [ 120.690874] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.691408] CR2: ffff88815a94a000 CR3: 000000012a2bc000 CR4: 00000000000006f0 [ 120.691622] DR0: ffffffff93e9b500 DR1: ffffffff93e9b501 DR2: ffffffff93e9b503 [ 120.692392] DR3: ffffffff93e9b505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.693301] Call Trace: [ 120.693628] <TASK> [ 120.694013] ? intlog2_test+0xf2/0x220 [ 120.694464] ? __pfx_intlog2_test+0x10/0x10 [ 120.694797] ? __schedule+0x10cc/0x2b60 [ 120.694942] ? __pfx_read_tsc+0x10/0x10 [ 120.695074] ? ktime_get_ts64+0x86/0x230 [ 120.695208] kunit_try_run_case+0x1a5/0x480 [ 120.695346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.695490] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 120.695959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 120.696860] ? __kthread_parkme+0x82/0x180 [ 120.697579] ? preempt_count_sub+0x50/0x80 [ 120.698102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.698697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.699455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.700157] kthread+0x337/0x6f0 [ 120.700490] ? trace_preempt_on+0x20/0xc0 [ 120.700981] ? __pfx_kthread+0x10/0x10 [ 120.701367] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.701794] ? calculate_sigpending+0x7b/0xa0 [ 120.702279] ? __pfx_kthread+0x10/0x10 [ 120.702422] ret_from_fork+0x116/0x1d0 [ 120.702554] ? __pfx_kthread+0x10/0x10 [ 120.702700] ret_from_fork_asm+0x1a/0x30 [ 120.702868] </TASK> [ 120.703054] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 120.056187] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI