Date
July 10, 2025, 9:07 a.m.
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.005685] ================================================================== [ 63.006046] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 63.006046] [ 63.006340] Use-after-free read at 0x(____ptrval____) (in kfence-#173): [ 63.006578] test_krealloc+0x6fc/0xbe0 [ 63.006738] kunit_try_run_case+0x1a5/0x480 [ 63.007027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.007232] kthread+0x337/0x6f0 [ 63.007435] ret_from_fork+0x116/0x1d0 [ 63.007686] ret_from_fork_asm+0x1a/0x30 [ 63.007907] [ 63.008003] kfence-#173: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 63.008003] [ 63.008408] allocated by task 385 on cpu 0 at 63.005058s (0.003336s ago): [ 63.008745] test_alloc+0x364/0x10f0 [ 63.008953] test_krealloc+0xad/0xbe0 [ 63.009129] kunit_try_run_case+0x1a5/0x480 [ 63.009332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.009619] kthread+0x337/0x6f0 [ 63.009776] ret_from_fork+0x116/0x1d0 [ 63.009956] ret_from_fork_asm+0x1a/0x30 [ 63.010164] [ 63.010261] freed by task 385 on cpu 0 at 63.005286s (0.004972s ago): [ 63.010526] krealloc_noprof+0x108/0x340 [ 63.010666] test_krealloc+0x226/0xbe0 [ 63.010804] kunit_try_run_case+0x1a5/0x480 [ 63.010991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.011282] kthread+0x337/0x6f0 [ 63.011440] ret_from_fork+0x116/0x1d0 [ 63.011571] ret_from_fork_asm+0x1a/0x30 [ 63.011887] [ 63.012047] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 63.012904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.013296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.013919] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 62.917157] ================================================================== [ 62.917612] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 62.917612] [ 62.918004] Use-after-free read at 0x(____ptrval____) (in kfence-#172): [ 62.918315] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 62.918781] kunit_try_run_case+0x1a5/0x480 [ 62.919037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.919293] kthread+0x337/0x6f0 [ 62.919420] ret_from_fork+0x116/0x1d0 [ 62.919763] ret_from_fork_asm+0x1a/0x30 [ 62.919960] [ 62.920041] kfence-#172: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 62.920041] [ 62.920354] allocated by task 383 on cpu 1 at 62.900088s (0.020262s ago): [ 62.920864] test_alloc+0x2a6/0x10f0 [ 62.921068] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 62.921300] kunit_try_run_case+0x1a5/0x480 [ 62.921468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.921643] kthread+0x337/0x6f0 [ 62.921774] ret_from_fork+0x116/0x1d0 [ 62.921925] ret_from_fork_asm+0x1a/0x30 [ 62.922195] [ 62.922311] freed by task 383 on cpu 1 at 62.900201s (0.022109s ago): [ 62.922628] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 62.922910] kunit_try_run_case+0x1a5/0x480 [ 62.923206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 62.924126] kthread+0x337/0x6f0 [ 62.924307] ret_from_fork+0x116/0x1d0 [ 62.924517] ret_from_fork_asm+0x1a/0x30 [ 62.924898] [ 62.925025] CPU: 1 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 62.925769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 62.925969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 62.926429] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 37.955914] ================================================================== [ 37.956394] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 37.956394] [ 37.957402] Invalid read at 0x(____ptrval____): [ 37.958167] test_invalid_access+0xf0/0x210 [ 37.958525] kunit_try_run_case+0x1a5/0x480 [ 37.958749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.959108] kthread+0x337/0x6f0 [ 37.959264] ret_from_fork+0x116/0x1d0 [ 37.959455] ret_from_fork_asm+0x1a/0x30 [ 37.959748] [ 37.960072] CPU: 1 UID: 0 PID: 379 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 37.960689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.960955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.961569] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 37.732378] ================================================================== [ 37.732792] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.732792] [ 37.733247] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#167): [ 37.733829] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.734104] kunit_try_run_case+0x1a5/0x480 [ 37.734315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.734731] kthread+0x337/0x6f0 [ 37.734903] ret_from_fork+0x116/0x1d0 [ 37.735054] ret_from_fork_asm+0x1a/0x30 [ 37.735190] [ 37.735265] kfence-#167: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 37.735265] [ 37.735775] allocated by task 373 on cpu 0 at 37.732107s (0.003664s ago): [ 37.736113] test_alloc+0x364/0x10f0 [ 37.736301] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 37.736589] kunit_try_run_case+0x1a5/0x480 [ 37.736740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.736910] kthread+0x337/0x6f0 [ 37.737074] ret_from_fork+0x116/0x1d0 [ 37.737281] ret_from_fork_asm+0x1a/0x30 [ 37.737503] [ 37.737598] freed by task 373 on cpu 0 at 37.732250s (0.005346s ago): [ 37.737923] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.738141] kunit_try_run_case+0x1a5/0x480 [ 37.738308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.738592] kthread+0x337/0x6f0 [ 37.738771] ret_from_fork+0x116/0x1d0 [ 37.738912] ret_from_fork_asm+0x1a/0x30 [ 37.739044] [ 37.739153] CPU: 0 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 37.739788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.740181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.740474] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 37.524247] ================================================================== [ 37.524749] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 37.524749] [ 37.525106] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#165): [ 37.525456] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 37.526243] kunit_try_run_case+0x1a5/0x480 [ 37.526666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.526999] kthread+0x337/0x6f0 [ 37.527287] ret_from_fork+0x116/0x1d0 [ 37.527451] ret_from_fork_asm+0x1a/0x30 [ 37.527710] [ 37.527805] kfence-#165: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 37.527805] [ 37.528217] allocated by task 371 on cpu 1 at 37.524026s (0.004187s ago): [ 37.528529] test_alloc+0x364/0x10f0 [ 37.529031] test_kmalloc_aligned_oob_read+0x105/0x560 [ 37.529240] kunit_try_run_case+0x1a5/0x480 [ 37.529652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.529986] kthread+0x337/0x6f0 [ 37.530137] ret_from_fork+0x116/0x1d0 [ 37.530443] ret_from_fork_asm+0x1a/0x30 [ 37.530686] [ 37.530952] CPU: 1 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 37.531517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.531813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.532258] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 32.324294] ================================================================== [ 32.324739] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 32.324739] [ 32.325026] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#115): [ 32.325454] test_corruption+0x216/0x3e0 [ 32.325693] kunit_try_run_case+0x1a5/0x480 [ 32.325880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.326137] kthread+0x337/0x6f0 [ 32.326324] ret_from_fork+0x116/0x1d0 [ 32.326505] ret_from_fork_asm+0x1a/0x30 [ 32.326755] [ 32.326852] kfence-#115: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.326852] [ 32.327247] allocated by task 361 on cpu 0 at 32.324152s (0.003092s ago): [ 32.327474] test_alloc+0x2a6/0x10f0 [ 32.327655] test_corruption+0x1cb/0x3e0 [ 32.327938] kunit_try_run_case+0x1a5/0x480 [ 32.328165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.328449] kthread+0x337/0x6f0 [ 32.328596] ret_from_fork+0x116/0x1d0 [ 32.328733] ret_from_fork_asm+0x1a/0x30 [ 32.328990] [ 32.329081] freed by task 361 on cpu 0 at 32.324209s (0.004870s ago): [ 32.329417] test_corruption+0x216/0x3e0 [ 32.329649] kunit_try_run_case+0x1a5/0x480 [ 32.329800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.330055] kthread+0x337/0x6f0 [ 32.330252] ret_from_fork+0x116/0x1d0 [ 32.330467] ret_from_fork_asm+0x1a/0x30 [ 32.330658] [ 32.330762] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 32.331317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.331495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.331865] ================================================================== [ 31.388293] ================================================================== [ 31.388821] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 31.388821] [ 31.389185] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#106): [ 31.390147] test_corruption+0x2d2/0x3e0 [ 31.390341] kunit_try_run_case+0x1a5/0x480 [ 31.390561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.390785] kthread+0x337/0x6f0 [ 31.390950] ret_from_fork+0x116/0x1d0 [ 31.391125] ret_from_fork_asm+0x1a/0x30 [ 31.391295] [ 31.391365] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.391365] [ 31.391768] allocated by task 359 on cpu 1 at 31.388053s (0.003712s ago): [ 31.392446] test_alloc+0x364/0x10f0 [ 31.392667] test_corruption+0xe6/0x3e0 [ 31.392852] kunit_try_run_case+0x1a5/0x480 [ 31.393039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.393270] kthread+0x337/0x6f0 [ 31.393422] ret_from_fork+0x116/0x1d0 [ 31.394159] ret_from_fork_asm+0x1a/0x30 [ 31.394415] [ 31.394523] freed by task 359 on cpu 1 at 31.388134s (0.006387s ago): [ 31.395018] test_corruption+0x2d2/0x3e0 [ 31.395204] kunit_try_run_case+0x1a5/0x480 [ 31.395377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.395592] kthread+0x337/0x6f0 [ 31.395788] ret_from_fork+0x116/0x1d0 [ 31.395949] ret_from_fork_asm+0x1a/0x30 [ 31.396129] [ 31.396251] CPU: 1 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 31.396738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.396937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.397288] ================================================================== [ 31.804222] ================================================================== [ 31.804665] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 31.804665] [ 31.805176] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#110): [ 31.806277] test_corruption+0x131/0x3e0 [ 31.806511] kunit_try_run_case+0x1a5/0x480 [ 31.806741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.806981] kthread+0x337/0x6f0 [ 31.807152] ret_from_fork+0x116/0x1d0 [ 31.807729] ret_from_fork_asm+0x1a/0x30 [ 31.807910] [ 31.808032] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.808032] [ 31.808673] allocated by task 361 on cpu 0 at 31.804092s (0.004577s ago): [ 31.809014] test_alloc+0x2a6/0x10f0 [ 31.809434] test_corruption+0xe6/0x3e0 [ 31.809729] kunit_try_run_case+0x1a5/0x480 [ 31.809940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.810317] kthread+0x337/0x6f0 [ 31.810585] ret_from_fork+0x116/0x1d0 [ 31.810784] ret_from_fork_asm+0x1a/0x30 [ 31.811103] [ 31.811225] freed by task 361 on cpu 0 at 31.804145s (0.007078s ago): [ 31.811664] test_corruption+0x131/0x3e0 [ 31.811895] kunit_try_run_case+0x1a5/0x480 [ 31.812229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.812587] kthread+0x337/0x6f0 [ 31.812853] ret_from_fork+0x116/0x1d0 [ 31.813131] ret_from_fork_asm+0x1a/0x30 [ 31.813335] [ 31.813549] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 31.814142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.814345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.814947] ================================================================== [ 31.700321] ================================================================== [ 31.700745] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 31.700745] [ 31.701059] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#109): [ 31.701455] test_corruption+0x2df/0x3e0 [ 31.701662] kunit_try_run_case+0x1a5/0x480 [ 31.701874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.702074] kthread+0x337/0x6f0 [ 31.702231] ret_from_fork+0x116/0x1d0 [ 31.702422] ret_from_fork_asm+0x1a/0x30 [ 31.702669] [ 31.702758] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.702758] [ 31.703142] allocated by task 359 on cpu 1 at 31.700064s (0.003076s ago): [ 31.703417] test_alloc+0x364/0x10f0 [ 31.703548] test_corruption+0x1cb/0x3e0 [ 31.703736] kunit_try_run_case+0x1a5/0x480 [ 31.703948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.704315] kthread+0x337/0x6f0 [ 31.704473] ret_from_fork+0x116/0x1d0 [ 31.704632] ret_from_fork_asm+0x1a/0x30 [ 31.704780] [ 31.704854] freed by task 359 on cpu 1 at 31.700157s (0.004694s ago): [ 31.705154] test_corruption+0x2df/0x3e0 [ 31.705328] kunit_try_run_case+0x1a5/0x480 [ 31.705536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.705765] kthread+0x337/0x6f0 [ 31.705883] ret_from_fork+0x116/0x1d0 [ 31.706071] ret_from_fork_asm+0x1a/0x30 [ 31.706270] [ 31.706389] CPU: 1 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 31.706936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.707134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.707468] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 31.180184] ================================================================== [ 31.180555] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 31.180555] [ 31.181115] Invalid free of 0x(____ptrval____) (in kfence-#104): [ 31.181483] test_invalid_addr_free+0x1e1/0x260 [ 31.182136] kunit_try_run_case+0x1a5/0x480 [ 31.182363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.182818] kthread+0x337/0x6f0 [ 31.183014] ret_from_fork+0x116/0x1d0 [ 31.183375] ret_from_fork_asm+0x1a/0x30 [ 31.183677] [ 31.183778] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.183778] [ 31.184334] allocated by task 355 on cpu 0 at 31.180058s (0.004254s ago): [ 31.184854] test_alloc+0x364/0x10f0 [ 31.185047] test_invalid_addr_free+0xdb/0x260 [ 31.185384] kunit_try_run_case+0x1a5/0x480 [ 31.185771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.186007] kthread+0x337/0x6f0 [ 31.186139] ret_from_fork+0x116/0x1d0 [ 31.186329] ret_from_fork_asm+0x1a/0x30 [ 31.186522] [ 31.186648] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 31.187114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.187317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.187718] ================================================================== [ 31.284116] ================================================================== [ 31.284573] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 31.284573] [ 31.285035] Invalid free of 0x(____ptrval____) (in kfence-#105): [ 31.285300] test_invalid_addr_free+0xfb/0x260 [ 31.285513] kunit_try_run_case+0x1a5/0x480 [ 31.286144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.286638] kthread+0x337/0x6f0 [ 31.286817] ret_from_fork+0x116/0x1d0 [ 31.287039] ret_from_fork_asm+0x1a/0x30 [ 31.287459] [ 31.287705] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.287705] [ 31.288232] allocated by task 357 on cpu 0 at 31.284027s (0.004202s ago): [ 31.288766] test_alloc+0x2a6/0x10f0 [ 31.289048] test_invalid_addr_free+0xdb/0x260 [ 31.289344] kunit_try_run_case+0x1a5/0x480 [ 31.289628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.289907] kthread+0x337/0x6f0 [ 31.290059] ret_from_fork+0x116/0x1d0 [ 31.290232] ret_from_fork_asm+0x1a/0x30 [ 31.290417] [ 31.290520] CPU: 0 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 31.291328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.291663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.292160] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 30.972359] ================================================================== [ 30.972944] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 30.972944] [ 30.973302] Invalid free of 0x(____ptrval____) (in kfence-#102): [ 30.973646] test_double_free+0x1d3/0x260 [ 30.973829] kunit_try_run_case+0x1a5/0x480 [ 30.973977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.974232] kthread+0x337/0x6f0 [ 30.974405] ret_from_fork+0x116/0x1d0 [ 30.974628] ret_from_fork_asm+0x1a/0x30 [ 30.974829] [ 30.974908] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.974908] [ 30.975303] allocated by task 351 on cpu 1 at 30.972100s (0.003200s ago): [ 30.975555] test_alloc+0x364/0x10f0 [ 30.975769] test_double_free+0xdb/0x260 [ 30.975928] kunit_try_run_case+0x1a5/0x480 [ 30.976070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.976485] kthread+0x337/0x6f0 [ 30.976875] ret_from_fork+0x116/0x1d0 [ 30.977051] ret_from_fork_asm+0x1a/0x30 [ 30.977234] [ 30.977324] freed by task 351 on cpu 1 at 30.972162s (0.005159s ago): [ 30.977941] test_double_free+0x1e0/0x260 [ 30.978275] kunit_try_run_case+0x1a5/0x480 [ 30.978604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.978954] kthread+0x337/0x6f0 [ 30.979126] ret_from_fork+0x116/0x1d0 [ 30.979315] ret_from_fork_asm+0x1a/0x30 [ 30.979468] [ 30.979661] CPU: 1 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 30.980142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.980307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.980627] ================================================================== [ 31.076186] ================================================================== [ 31.076588] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 31.076588] [ 31.076985] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 31.077261] test_double_free+0x112/0x260 [ 31.077452] kunit_try_run_case+0x1a5/0x480 [ 31.077617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.077805] kthread+0x337/0x6f0 [ 31.077995] ret_from_fork+0x116/0x1d0 [ 31.078196] ret_from_fork_asm+0x1a/0x30 [ 31.078401] [ 31.078484] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.078484] [ 31.079296] allocated by task 353 on cpu 0 at 31.076037s (0.003255s ago): [ 31.079626] test_alloc+0x2a6/0x10f0 [ 31.079813] test_double_free+0xdb/0x260 [ 31.079997] kunit_try_run_case+0x1a5/0x480 [ 31.080185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.080730] kthread+0x337/0x6f0 [ 31.081104] ret_from_fork+0x116/0x1d0 [ 31.081263] ret_from_fork_asm+0x1a/0x30 [ 31.081542] [ 31.081806] freed by task 353 on cpu 0 at 31.076074s (0.005730s ago): [ 31.082143] test_double_free+0xfa/0x260 [ 31.082379] kunit_try_run_case+0x1a5/0x480 [ 31.082602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.082847] kthread+0x337/0x6f0 [ 31.083005] ret_from_fork+0x116/0x1d0 [ 31.083179] ret_from_fork_asm+0x1a/0x30 [ 31.083357] [ 31.083454] CPU: 0 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 31.084325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.084622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.085074] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 30.660220] ================================================================== [ 30.660691] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 30.660691] [ 30.661101] Use-after-free read at 0x(____ptrval____) (in kfence-#99): [ 30.661389] test_use_after_free_read+0x129/0x270 [ 30.661612] kunit_try_run_case+0x1a5/0x480 [ 30.661772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.662055] kthread+0x337/0x6f0 [ 30.662211] ret_from_fork+0x116/0x1d0 [ 30.662381] ret_from_fork_asm+0x1a/0x30 [ 30.662520] [ 30.662589] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.662589] [ 30.663016] allocated by task 345 on cpu 0 at 30.660087s (0.002926s ago): [ 30.663320] test_alloc+0x2a6/0x10f0 [ 30.663452] test_use_after_free_read+0xdc/0x270 [ 30.663841] kunit_try_run_case+0x1a5/0x480 [ 30.664022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.664195] kthread+0x337/0x6f0 [ 30.664312] ret_from_fork+0x116/0x1d0 [ 30.664516] ret_from_fork_asm+0x1a/0x30 [ 30.664724] [ 30.664817] freed by task 345 on cpu 0 at 30.660146s (0.004669s ago): [ 30.665143] test_use_after_free_read+0xfb/0x270 [ 30.665356] kunit_try_run_case+0x1a5/0x480 [ 30.665496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.665677] kthread+0x337/0x6f0 [ 30.665852] ret_from_fork+0x116/0x1d0 [ 30.666063] ret_from_fork_asm+0x1a/0x30 [ 30.666234] [ 30.666328] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 30.667043] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.667262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.667590] ================================================================== [ 30.556296] ================================================================== [ 30.556745] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 30.556745] [ 30.557182] Use-after-free read at 0x(____ptrval____) (in kfence-#98): [ 30.557432] test_use_after_free_read+0x129/0x270 [ 30.557787] kunit_try_run_case+0x1a5/0x480 [ 30.557959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.558197] kthread+0x337/0x6f0 [ 30.558369] ret_from_fork+0x116/0x1d0 [ 30.558505] ret_from_fork_asm+0x1a/0x30 [ 30.558718] [ 30.558804] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.558804] [ 30.559595] allocated by task 343 on cpu 1 at 30.556068s (0.003523s ago): [ 30.559874] test_alloc+0x364/0x10f0 [ 30.560052] test_use_after_free_read+0xdc/0x270 [ 30.560255] kunit_try_run_case+0x1a5/0x480 [ 30.560437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.561134] kthread+0x337/0x6f0 [ 30.561399] ret_from_fork+0x116/0x1d0 [ 30.561681] ret_from_fork_asm+0x1a/0x30 [ 30.562022] [ 30.562237] freed by task 343 on cpu 1 at 30.556136s (0.006019s ago): [ 30.562553] test_use_after_free_read+0x1e7/0x270 [ 30.562778] kunit_try_run_case+0x1a5/0x480 [ 30.562967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.563201] kthread+0x337/0x6f0 [ 30.563354] ret_from_fork+0x116/0x1d0 [ 30.563509] ret_from_fork_asm+0x1a/0x30 [ 30.563713] [ 30.563813] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 30.564359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.564792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.565169] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 30.452176] ================================================================== [ 30.452588] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.452588] [ 30.453162] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#97): [ 30.453452] test_out_of_bounds_write+0x10d/0x260 [ 30.453760] kunit_try_run_case+0x1a5/0x480 [ 30.453978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.454177] kthread+0x337/0x6f0 [ 30.454358] ret_from_fork+0x116/0x1d0 [ 30.454551] ret_from_fork_asm+0x1a/0x30 [ 30.454690] [ 30.454870] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.454870] [ 30.455176] allocated by task 341 on cpu 0 at 30.452118s (0.003054s ago): [ 30.455466] test_alloc+0x2a6/0x10f0 [ 30.455685] test_out_of_bounds_write+0xd4/0x260 [ 30.455957] kunit_try_run_case+0x1a5/0x480 [ 30.456185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.456394] kthread+0x337/0x6f0 [ 30.456522] ret_from_fork+0x116/0x1d0 [ 30.456750] ret_from_fork_asm+0x1a/0x30 [ 30.456968] [ 30.457107] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 30.457583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.457868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.458321] ================================================================== [ 30.244220] ================================================================== [ 30.244668] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.244668] [ 30.245129] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#95): [ 30.245470] test_out_of_bounds_write+0x10d/0x260 [ 30.245682] kunit_try_run_case+0x1a5/0x480 [ 30.245967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.246148] kthread+0x337/0x6f0 [ 30.246324] ret_from_fork+0x116/0x1d0 [ 30.246555] ret_from_fork_asm+0x1a/0x30 [ 30.246769] [ 30.246858] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.246858] [ 30.247251] allocated by task 339 on cpu 1 at 30.244102s (0.003146s ago): [ 30.247503] test_alloc+0x364/0x10f0 [ 30.247742] test_out_of_bounds_write+0xd4/0x260 [ 30.247973] kunit_try_run_case+0x1a5/0x480 [ 30.248180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.248366] kthread+0x337/0x6f0 [ 30.248486] ret_from_fork+0x116/0x1d0 [ 30.248617] ret_from_fork_asm+0x1a/0x30 [ 30.248767] [ 30.248860] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 30.249421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.249714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.250219] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 30.036126] ================================================================== [ 30.036500] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 30.036500] [ 30.037024] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#93): [ 30.037324] test_out_of_bounds_read+0x216/0x4e0 [ 30.037506] kunit_try_run_case+0x1a5/0x480 [ 30.037777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.038179] kthread+0x337/0x6f0 [ 30.038396] ret_from_fork+0x116/0x1d0 [ 30.038665] ret_from_fork_asm+0x1a/0x30 [ 30.039413] [ 30.039532] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.039532] [ 30.040170] allocated by task 337 on cpu 0 at 30.036074s (0.004094s ago): [ 30.040664] test_alloc+0x2a6/0x10f0 [ 30.040893] test_out_of_bounds_read+0x1e2/0x4e0 [ 30.041074] kunit_try_run_case+0x1a5/0x480 [ 30.041279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.041472] kthread+0x337/0x6f0 [ 30.041637] ret_from_fork+0x116/0x1d0 [ 30.041862] ret_from_fork_asm+0x1a/0x30 [ 30.042021] [ 30.042141] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 30.042630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.042820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.043143] ================================================================== [ 29.724275] ================================================================== [ 29.724662] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 29.724662] [ 29.725145] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#90): [ 29.725479] test_out_of_bounds_read+0x216/0x4e0 [ 29.725687] kunit_try_run_case+0x1a5/0x480 [ 29.725909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.726131] kthread+0x337/0x6f0 [ 29.726255] ret_from_fork+0x116/0x1d0 [ 29.726444] ret_from_fork_asm+0x1a/0x30 [ 29.726672] [ 29.726752] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.726752] [ 29.727344] allocated by task 335 on cpu 1 at 29.724092s (0.003250s ago): [ 29.727734] test_alloc+0x364/0x10f0 [ 29.727873] test_out_of_bounds_read+0x1e2/0x4e0 [ 29.728211] kunit_try_run_case+0x1a5/0x480 [ 29.728394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.728636] kthread+0x337/0x6f0 [ 29.728769] ret_from_fork+0x116/0x1d0 [ 29.728961] ret_from_fork_asm+0x1a/0x30 [ 29.729165] [ 29.729278] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.729807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.729950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.730327] ================================================================== [ 29.621109] ================================================================== [ 29.621667] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.621667] [ 29.622154] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#89): [ 29.622580] test_out_of_bounds_read+0x126/0x4e0 [ 29.622973] kunit_try_run_case+0x1a5/0x480 [ 29.623205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.623428] kthread+0x337/0x6f0 [ 29.623552] ret_from_fork+0x116/0x1d0 [ 29.623738] ret_from_fork_asm+0x1a/0x30 [ 29.623974] [ 29.624262] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.624262] [ 29.624795] allocated by task 335 on cpu 1 at 29.620107s (0.004625s ago): [ 29.625371] test_alloc+0x364/0x10f0 [ 29.625665] test_out_of_bounds_read+0xed/0x4e0 [ 29.625866] kunit_try_run_case+0x1a5/0x480 [ 29.626034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.626289] kthread+0x337/0x6f0 [ 29.626436] ret_from_fork+0x116/0x1d0 [ 29.626624] ret_from_fork_asm+0x1a/0x30 [ 29.626857] [ 29.627002] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.627443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.627644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.627998] ================================================================== [ 29.932186] ================================================================== [ 29.932653] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.932653] [ 29.933322] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#92): [ 29.933593] test_out_of_bounds_read+0x126/0x4e0 [ 29.934119] kunit_try_run_case+0x1a5/0x480 [ 29.934400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.934616] kthread+0x337/0x6f0 [ 29.934800] ret_from_fork+0x116/0x1d0 [ 29.934986] ret_from_fork_asm+0x1a/0x30 [ 29.935227] [ 29.935315] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.935315] [ 29.935819] allocated by task 337 on cpu 0 at 29.932126s (0.003689s ago): [ 29.936220] test_alloc+0x2a6/0x10f0 [ 29.936377] test_out_of_bounds_read+0xed/0x4e0 [ 29.936629] kunit_try_run_case+0x1a5/0x480 [ 29.936871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.937129] kthread+0x337/0x6f0 [ 29.937305] ret_from_fork+0x116/0x1d0 [ 29.937452] ret_from_fork_asm+0x1a/0x30 [ 29.937652] [ 29.937846] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.938357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.938624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.938931] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 29.291120] ================================================================== [ 29.291464] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 29.291767] Write of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.292132] [ 29.292216] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.292264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.292277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.292299] Call Trace: [ 29.292314] <TASK> [ 29.292330] dump_stack_lvl+0x73/0xb0 [ 29.292359] print_report+0xd1/0x610 [ 29.292382] ? __virt_addr_valid+0x1db/0x2d0 [ 29.292407] ? strncpy_from_user+0x2e/0x1d0 [ 29.292432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.292460] ? strncpy_from_user+0x2e/0x1d0 [ 29.292485] kasan_report+0x141/0x180 [ 29.292509] ? strncpy_from_user+0x2e/0x1d0 [ 29.292538] kasan_check_range+0x10c/0x1c0 [ 29.292563] __kasan_check_write+0x18/0x20 [ 29.292587] strncpy_from_user+0x2e/0x1d0 [ 29.292611] ? __kasan_check_read+0x15/0x20 [ 29.292637] copy_user_test_oob+0x760/0x10f0 [ 29.292663] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.292688] ? finish_task_switch.isra.0+0x153/0x700 [ 29.292724] ? __switch_to+0x47/0xf80 [ 29.292751] ? __schedule+0x10cc/0x2b60 [ 29.292776] ? __pfx_read_tsc+0x10/0x10 [ 29.292800] ? ktime_get_ts64+0x86/0x230 [ 29.292835] kunit_try_run_case+0x1a5/0x480 [ 29.292859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.292881] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.292906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.292931] ? __kthread_parkme+0x82/0x180 [ 29.292952] ? preempt_count_sub+0x50/0x80 [ 29.292977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.293001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.293028] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.293055] kthread+0x337/0x6f0 [ 29.293076] ? trace_preempt_on+0x20/0xc0 [ 29.293100] ? __pfx_kthread+0x10/0x10 [ 29.293123] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.293146] ? calculate_sigpending+0x7b/0xa0 [ 29.293172] ? __pfx_kthread+0x10/0x10 [ 29.293195] ret_from_fork+0x116/0x1d0 [ 29.293215] ? __pfx_kthread+0x10/0x10 [ 29.293238] ret_from_fork_asm+0x1a/0x30 [ 29.293270] </TASK> [ 29.293282] [ 29.301054] Allocated by task 333: [ 29.301203] kasan_save_stack+0x45/0x70 [ 29.301393] kasan_save_track+0x18/0x40 [ 29.301594] kasan_save_alloc_info+0x3b/0x50 [ 29.301776] __kasan_kmalloc+0xb7/0xc0 [ 29.301962] __kmalloc_noprof+0x1c9/0x500 [ 29.302155] kunit_kmalloc_array+0x25/0x60 [ 29.302326] copy_user_test_oob+0xab/0x10f0 [ 29.302543] kunit_try_run_case+0x1a5/0x480 [ 29.302704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.302880] kthread+0x337/0x6f0 [ 29.302999] ret_from_fork+0x116/0x1d0 [ 29.303130] ret_from_fork_asm+0x1a/0x30 [ 29.303267] [ 29.303333] The buggy address belongs to the object at ffff8881060c3d00 [ 29.303333] which belongs to the cache kmalloc-128 of size 128 [ 29.303768] The buggy address is located 0 bytes inside of [ 29.303768] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.304516] [ 29.304608] The buggy address belongs to the physical page: [ 29.304797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.305033] flags: 0x200000000000000(node=0|zone=2) [ 29.305192] page_type: f5(slab) [ 29.305307] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.305534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.305898] page dumped because: kasan: bad access detected [ 29.306148] [ 29.306238] Memory state around the buggy address: [ 29.306462] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.306814] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.307141] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.307468] ^ [ 29.307807] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.308132] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.308421] ================================================================== [ 29.308982] ================================================================== [ 29.309324] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 29.309776] Write of size 1 at addr ffff8881060c3d78 by task kunit_try_catch/333 [ 29.310000] [ 29.310081] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.310127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.310141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.310164] Call Trace: [ 29.310179] <TASK> [ 29.310195] dump_stack_lvl+0x73/0xb0 [ 29.310224] print_report+0xd1/0x610 [ 29.310247] ? __virt_addr_valid+0x1db/0x2d0 [ 29.310271] ? strncpy_from_user+0x1a5/0x1d0 [ 29.310296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.310322] ? strncpy_from_user+0x1a5/0x1d0 [ 29.310346] kasan_report+0x141/0x180 [ 29.310368] ? strncpy_from_user+0x1a5/0x1d0 [ 29.310397] __asan_report_store1_noabort+0x1b/0x30 [ 29.310439] strncpy_from_user+0x1a5/0x1d0 [ 29.310465] copy_user_test_oob+0x760/0x10f0 [ 29.310492] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.310516] ? finish_task_switch.isra.0+0x153/0x700 [ 29.310540] ? __switch_to+0x47/0xf80 [ 29.310567] ? __schedule+0x10cc/0x2b60 [ 29.310591] ? __pfx_read_tsc+0x10/0x10 [ 29.310615] ? ktime_get_ts64+0x86/0x230 [ 29.310641] kunit_try_run_case+0x1a5/0x480 [ 29.310665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.310687] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.310722] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.310747] ? __kthread_parkme+0x82/0x180 [ 29.310770] ? preempt_count_sub+0x50/0x80 [ 29.310794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.310827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.310854] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.310881] kthread+0x337/0x6f0 [ 29.310902] ? trace_preempt_on+0x20/0xc0 [ 29.310927] ? __pfx_kthread+0x10/0x10 [ 29.310950] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.310973] ? calculate_sigpending+0x7b/0xa0 [ 29.310998] ? __pfx_kthread+0x10/0x10 [ 29.311022] ret_from_fork+0x116/0x1d0 [ 29.311042] ? __pfx_kthread+0x10/0x10 [ 29.311065] ret_from_fork_asm+0x1a/0x30 [ 29.311096] </TASK> [ 29.311109] [ 29.318790] Allocated by task 333: [ 29.318960] kasan_save_stack+0x45/0x70 [ 29.319133] kasan_save_track+0x18/0x40 [ 29.319265] kasan_save_alloc_info+0x3b/0x50 [ 29.319412] __kasan_kmalloc+0xb7/0xc0 [ 29.319685] __kmalloc_noprof+0x1c9/0x500 [ 29.319904] kunit_kmalloc_array+0x25/0x60 [ 29.320108] copy_user_test_oob+0xab/0x10f0 [ 29.320292] kunit_try_run_case+0x1a5/0x480 [ 29.320434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.320920] kthread+0x337/0x6f0 [ 29.321070] ret_from_fork+0x116/0x1d0 [ 29.321234] ret_from_fork_asm+0x1a/0x30 [ 29.321387] [ 29.321481] The buggy address belongs to the object at ffff8881060c3d00 [ 29.321481] which belongs to the cache kmalloc-128 of size 128 [ 29.321933] The buggy address is located 0 bytes to the right of [ 29.321933] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.322301] [ 29.322369] The buggy address belongs to the physical page: [ 29.322568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.323012] flags: 0x200000000000000(node=0|zone=2) [ 29.323242] page_type: f5(slab) [ 29.323406] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.323913] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.324141] page dumped because: kasan: bad access detected [ 29.324309] [ 29.324376] Memory state around the buggy address: [ 29.324623] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.324933] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.325220] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.325520] ^ [ 29.325822] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.326103] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.326393] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 29.228745] ================================================================== [ 29.229173] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.229737] Read of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.230220] [ 29.230333] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.230519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.230537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.230562] Call Trace: [ 29.230578] <TASK> [ 29.230594] dump_stack_lvl+0x73/0xb0 [ 29.230626] print_report+0xd1/0x610 [ 29.230652] ? __virt_addr_valid+0x1db/0x2d0 [ 29.230679] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.230717] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.230745] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.230769] kasan_report+0x141/0x180 [ 29.230793] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.230822] kasan_check_range+0x10c/0x1c0 [ 29.230847] __kasan_check_read+0x15/0x20 [ 29.230871] copy_user_test_oob+0x4aa/0x10f0 [ 29.230897] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.230921] ? finish_task_switch.isra.0+0x153/0x700 [ 29.230945] ? __switch_to+0x47/0xf80 [ 29.230972] ? __schedule+0x10cc/0x2b60 [ 29.230997] ? __pfx_read_tsc+0x10/0x10 [ 29.231020] ? ktime_get_ts64+0x86/0x230 [ 29.231045] kunit_try_run_case+0x1a5/0x480 [ 29.231069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231091] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.231117] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.231141] ? __kthread_parkme+0x82/0x180 [ 29.231164] ? preempt_count_sub+0x50/0x80 [ 29.231189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.231239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.231266] kthread+0x337/0x6f0 [ 29.231288] ? trace_preempt_on+0x20/0xc0 [ 29.231312] ? __pfx_kthread+0x10/0x10 [ 29.231335] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.231358] ? calculate_sigpending+0x7b/0xa0 [ 29.231384] ? __pfx_kthread+0x10/0x10 [ 29.231407] ret_from_fork+0x116/0x1d0 [ 29.231428] ? __pfx_kthread+0x10/0x10 [ 29.231450] ret_from_fork_asm+0x1a/0x30 [ 29.231482] </TASK> [ 29.231509] [ 29.241412] Allocated by task 333: [ 29.241897] kasan_save_stack+0x45/0x70 [ 29.242094] kasan_save_track+0x18/0x40 [ 29.242310] kasan_save_alloc_info+0x3b/0x50 [ 29.242739] __kasan_kmalloc+0xb7/0xc0 [ 29.243012] __kmalloc_noprof+0x1c9/0x500 [ 29.243228] kunit_kmalloc_array+0x25/0x60 [ 29.243578] copy_user_test_oob+0xab/0x10f0 [ 29.243807] kunit_try_run_case+0x1a5/0x480 [ 29.244114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.244446] kthread+0x337/0x6f0 [ 29.244752] ret_from_fork+0x116/0x1d0 [ 29.244900] ret_from_fork_asm+0x1a/0x30 [ 29.245231] [ 29.245335] The buggy address belongs to the object at ffff8881060c3d00 [ 29.245335] which belongs to the cache kmalloc-128 of size 128 [ 29.245997] The buggy address is located 0 bytes inside of [ 29.245997] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.246725] [ 29.246835] The buggy address belongs to the physical page: [ 29.247203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.247554] flags: 0x200000000000000(node=0|zone=2) [ 29.247954] page_type: f5(slab) [ 29.248201] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.248647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.249084] page dumped because: kasan: bad access detected [ 29.249348] [ 29.249597] Memory state around the buggy address: [ 29.249834] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.250253] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.250668] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.251032] ^ [ 29.251410] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.251899] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.252221] ================================================================== [ 29.253015] ================================================================== [ 29.253656] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.254069] Write of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.254437] [ 29.254544] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.254595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.254730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.254889] Call Trace: [ 29.254905] <TASK> [ 29.254923] dump_stack_lvl+0x73/0xb0 [ 29.254954] print_report+0xd1/0x610 [ 29.254977] ? __virt_addr_valid+0x1db/0x2d0 [ 29.255002] ? copy_user_test_oob+0x557/0x10f0 [ 29.255027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.255055] ? copy_user_test_oob+0x557/0x10f0 [ 29.255079] kasan_report+0x141/0x180 [ 29.255102] ? copy_user_test_oob+0x557/0x10f0 [ 29.255131] kasan_check_range+0x10c/0x1c0 [ 29.255156] __kasan_check_write+0x18/0x20 [ 29.255180] copy_user_test_oob+0x557/0x10f0 [ 29.255206] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.255230] ? finish_task_switch.isra.0+0x153/0x700 [ 29.255253] ? __switch_to+0x47/0xf80 [ 29.255281] ? __schedule+0x10cc/0x2b60 [ 29.255304] ? __pfx_read_tsc+0x10/0x10 [ 29.255326] ? ktime_get_ts64+0x86/0x230 [ 29.255352] kunit_try_run_case+0x1a5/0x480 [ 29.255376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.255397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.255421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.255447] ? __kthread_parkme+0x82/0x180 [ 29.255469] ? preempt_count_sub+0x50/0x80 [ 29.255508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.255532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.255559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.255586] kthread+0x337/0x6f0 [ 29.255608] ? trace_preempt_on+0x20/0xc0 [ 29.255632] ? __pfx_kthread+0x10/0x10 [ 29.255654] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.255677] ? calculate_sigpending+0x7b/0xa0 [ 29.255712] ? __pfx_kthread+0x10/0x10 [ 29.255736] ret_from_fork+0x116/0x1d0 [ 29.255757] ? __pfx_kthread+0x10/0x10 [ 29.255780] ret_from_fork_asm+0x1a/0x30 [ 29.255812] </TASK> [ 29.255825] [ 29.265218] Allocated by task 333: [ 29.265387] kasan_save_stack+0x45/0x70 [ 29.265912] kasan_save_track+0x18/0x40 [ 29.266189] kasan_save_alloc_info+0x3b/0x50 [ 29.266394] __kasan_kmalloc+0xb7/0xc0 [ 29.266709] __kmalloc_noprof+0x1c9/0x500 [ 29.266973] kunit_kmalloc_array+0x25/0x60 [ 29.267141] copy_user_test_oob+0xab/0x10f0 [ 29.267335] kunit_try_run_case+0x1a5/0x480 [ 29.267541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.267784] kthread+0x337/0x6f0 [ 29.267972] ret_from_fork+0x116/0x1d0 [ 29.268115] ret_from_fork_asm+0x1a/0x30 [ 29.268315] [ 29.268391] The buggy address belongs to the object at ffff8881060c3d00 [ 29.268391] which belongs to the cache kmalloc-128 of size 128 [ 29.268877] The buggy address is located 0 bytes inside of [ 29.268877] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.269345] [ 29.269424] The buggy address belongs to the physical page: [ 29.269646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.270092] flags: 0x200000000000000(node=0|zone=2) [ 29.270351] page_type: f5(slab) [ 29.270533] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.270830] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.271119] page dumped because: kasan: bad access detected [ 29.271358] [ 29.271438] Memory state around the buggy address: [ 29.271620] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.272011] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.272317] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.272565] ^ [ 29.272864] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.273148] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.273366] ================================================================== [ 29.202395] ================================================================== [ 29.202889] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.203361] Write of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.204055] [ 29.204185] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.204237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.204251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.204275] Call Trace: [ 29.204290] <TASK> [ 29.204309] dump_stack_lvl+0x73/0xb0 [ 29.204339] print_report+0xd1/0x610 [ 29.204365] ? __virt_addr_valid+0x1db/0x2d0 [ 29.204391] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.204418] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.204445] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.204470] kasan_report+0x141/0x180 [ 29.204607] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.204640] kasan_check_range+0x10c/0x1c0 [ 29.204680] __kasan_check_write+0x18/0x20 [ 29.204714] copy_user_test_oob+0x3fd/0x10f0 [ 29.204740] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.204765] ? finish_task_switch.isra.0+0x153/0x700 [ 29.204789] ? __switch_to+0x47/0xf80 [ 29.204816] ? __schedule+0x10cc/0x2b60 [ 29.204840] ? __pfx_read_tsc+0x10/0x10 [ 29.204863] ? ktime_get_ts64+0x86/0x230 [ 29.204889] kunit_try_run_case+0x1a5/0x480 [ 29.204912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.204934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.204958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.204983] ? __kthread_parkme+0x82/0x180 [ 29.205004] ? preempt_count_sub+0x50/0x80 [ 29.205028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.205053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.205080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.205106] kthread+0x337/0x6f0 [ 29.205128] ? trace_preempt_on+0x20/0xc0 [ 29.205151] ? __pfx_kthread+0x10/0x10 [ 29.205174] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.205197] ? calculate_sigpending+0x7b/0xa0 [ 29.205222] ? __pfx_kthread+0x10/0x10 [ 29.205245] ret_from_fork+0x116/0x1d0 [ 29.205267] ? __pfx_kthread+0x10/0x10 [ 29.205289] ret_from_fork_asm+0x1a/0x30 [ 29.205322] </TASK> [ 29.205335] [ 29.216479] Allocated by task 333: [ 29.216754] kasan_save_stack+0x45/0x70 [ 29.217161] kasan_save_track+0x18/0x40 [ 29.217337] kasan_save_alloc_info+0x3b/0x50 [ 29.217725] __kasan_kmalloc+0xb7/0xc0 [ 29.218014] __kmalloc_noprof+0x1c9/0x500 [ 29.218308] kunit_kmalloc_array+0x25/0x60 [ 29.218655] copy_user_test_oob+0xab/0x10f0 [ 29.218977] kunit_try_run_case+0x1a5/0x480 [ 29.219307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.219668] kthread+0x337/0x6f0 [ 29.219964] ret_from_fork+0x116/0x1d0 [ 29.220245] ret_from_fork_asm+0x1a/0x30 [ 29.220555] [ 29.220660] The buggy address belongs to the object at ffff8881060c3d00 [ 29.220660] which belongs to the cache kmalloc-128 of size 128 [ 29.221459] The buggy address is located 0 bytes inside of [ 29.221459] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.222181] [ 29.222264] The buggy address belongs to the physical page: [ 29.222784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.223150] flags: 0x200000000000000(node=0|zone=2) [ 29.223506] page_type: f5(slab) [ 29.223798] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.224126] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.224457] page dumped because: kasan: bad access detected [ 29.224777] [ 29.224850] Memory state around the buggy address: [ 29.225357] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.225733] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.226200] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.226656] ^ [ 29.227100] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.227490] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.227925] ================================================================== [ 29.274021] ================================================================== [ 29.274293] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.274673] Read of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.274963] [ 29.275071] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.275121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.275134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.275158] Call Trace: [ 29.275172] <TASK> [ 29.275188] dump_stack_lvl+0x73/0xb0 [ 29.275216] print_report+0xd1/0x610 [ 29.275239] ? __virt_addr_valid+0x1db/0x2d0 [ 29.275265] ? copy_user_test_oob+0x604/0x10f0 [ 29.275289] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.275316] ? copy_user_test_oob+0x604/0x10f0 [ 29.275341] kasan_report+0x141/0x180 [ 29.275365] ? copy_user_test_oob+0x604/0x10f0 [ 29.275393] kasan_check_range+0x10c/0x1c0 [ 29.275418] __kasan_check_read+0x15/0x20 [ 29.275442] copy_user_test_oob+0x604/0x10f0 [ 29.275469] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.275493] ? finish_task_switch.isra.0+0x153/0x700 [ 29.275516] ? __switch_to+0x47/0xf80 [ 29.275543] ? __schedule+0x10cc/0x2b60 [ 29.275566] ? __pfx_read_tsc+0x10/0x10 [ 29.275588] ? ktime_get_ts64+0x86/0x230 [ 29.275614] kunit_try_run_case+0x1a5/0x480 [ 29.275637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.275659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.275684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.275721] ? __kthread_parkme+0x82/0x180 [ 29.275744] ? preempt_count_sub+0x50/0x80 [ 29.275768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.275802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.275829] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.275859] kthread+0x337/0x6f0 [ 29.275881] ? trace_preempt_on+0x20/0xc0 [ 29.275906] ? __pfx_kthread+0x10/0x10 [ 29.275928] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.275951] ? calculate_sigpending+0x7b/0xa0 [ 29.275977] ? __pfx_kthread+0x10/0x10 [ 29.276001] ret_from_fork+0x116/0x1d0 [ 29.276021] ? __pfx_kthread+0x10/0x10 [ 29.276043] ret_from_fork_asm+0x1a/0x30 [ 29.276075] </TASK> [ 29.276088] [ 29.283143] Allocated by task 333: [ 29.283306] kasan_save_stack+0x45/0x70 [ 29.283452] kasan_save_track+0x18/0x40 [ 29.283586] kasan_save_alloc_info+0x3b/0x50 [ 29.283848] __kasan_kmalloc+0xb7/0xc0 [ 29.284039] __kmalloc_noprof+0x1c9/0x500 [ 29.284244] kunit_kmalloc_array+0x25/0x60 [ 29.284451] copy_user_test_oob+0xab/0x10f0 [ 29.284672] kunit_try_run_case+0x1a5/0x480 [ 29.284864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.285165] kthread+0x337/0x6f0 [ 29.285322] ret_from_fork+0x116/0x1d0 [ 29.285484] ret_from_fork_asm+0x1a/0x30 [ 29.285665] [ 29.285745] The buggy address belongs to the object at ffff8881060c3d00 [ 29.285745] which belongs to the cache kmalloc-128 of size 128 [ 29.286105] The buggy address is located 0 bytes inside of [ 29.286105] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.286591] [ 29.286683] The buggy address belongs to the physical page: [ 29.286942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.287270] flags: 0x200000000000000(node=0|zone=2) [ 29.287431] page_type: f5(slab) [ 29.287709] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.288052] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.288278] page dumped because: kasan: bad access detected [ 29.288457] [ 29.288627] Memory state around the buggy address: [ 29.288862] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.289185] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.289508] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.289795] ^ [ 29.290047] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.290261] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.290514] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 29.173946] ================================================================== [ 29.174687] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 29.175111] Read of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.175345] [ 29.175429] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.175506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.175521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.175543] Call Trace: [ 29.175561] <TASK> [ 29.175578] dump_stack_lvl+0x73/0xb0 [ 29.175608] print_report+0xd1/0x610 [ 29.175632] ? __virt_addr_valid+0x1db/0x2d0 [ 29.175658] ? _copy_to_user+0x3c/0x70 [ 29.175689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.175734] ? _copy_to_user+0x3c/0x70 [ 29.175757] kasan_report+0x141/0x180 [ 29.175780] ? _copy_to_user+0x3c/0x70 [ 29.175810] kasan_check_range+0x10c/0x1c0 [ 29.175834] __kasan_check_read+0x15/0x20 [ 29.175863] _copy_to_user+0x3c/0x70 [ 29.175887] copy_user_test_oob+0x364/0x10f0 [ 29.175914] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.175938] ? finish_task_switch.isra.0+0x153/0x700 [ 29.175962] ? __switch_to+0x47/0xf80 [ 29.175998] ? __schedule+0x10cc/0x2b60 [ 29.176023] ? __pfx_read_tsc+0x10/0x10 [ 29.176045] ? ktime_get_ts64+0x86/0x230 [ 29.176082] kunit_try_run_case+0x1a5/0x480 [ 29.176105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.176127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.176151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.176184] ? __kthread_parkme+0x82/0x180 [ 29.176206] ? preempt_count_sub+0x50/0x80 [ 29.176231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.176264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.176291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.176319] kthread+0x337/0x6f0 [ 29.176340] ? trace_preempt_on+0x20/0xc0 [ 29.176365] ? __pfx_kthread+0x10/0x10 [ 29.176388] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.176410] ? calculate_sigpending+0x7b/0xa0 [ 29.176436] ? __pfx_kthread+0x10/0x10 [ 29.176460] ret_from_fork+0x116/0x1d0 [ 29.176499] ? __pfx_kthread+0x10/0x10 [ 29.176521] ret_from_fork_asm+0x1a/0x30 [ 29.176554] </TASK> [ 29.176567] [ 29.186757] Allocated by task 333: [ 29.186947] kasan_save_stack+0x45/0x70 [ 29.187244] kasan_save_track+0x18/0x40 [ 29.187457] kasan_save_alloc_info+0x3b/0x50 [ 29.187839] __kasan_kmalloc+0xb7/0xc0 [ 29.188167] __kmalloc_noprof+0x1c9/0x500 [ 29.188570] kunit_kmalloc_array+0x25/0x60 [ 29.188801] copy_user_test_oob+0xab/0x10f0 [ 29.189211] kunit_try_run_case+0x1a5/0x480 [ 29.189533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.189841] kthread+0x337/0x6f0 [ 29.190298] ret_from_fork+0x116/0x1d0 [ 29.190442] ret_from_fork_asm+0x1a/0x30 [ 29.190589] [ 29.190657] The buggy address belongs to the object at ffff8881060c3d00 [ 29.190657] which belongs to the cache kmalloc-128 of size 128 [ 29.191140] The buggy address is located 0 bytes inside of [ 29.191140] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.191750] [ 29.191866] The buggy address belongs to the physical page: [ 29.192047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.192400] flags: 0x200000000000000(node=0|zone=2) [ 29.192642] page_type: f5(slab) [ 29.192776] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.193071] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.193486] page dumped because: kasan: bad access detected [ 29.194058] [ 29.194372] Memory state around the buggy address: [ 29.194882] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.195229] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.195687] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.196092] ^ [ 29.196541] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.196914] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.197374] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 29.150332] ================================================================== [ 29.151038] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 29.151321] Write of size 121 at addr ffff8881060c3d00 by task kunit_try_catch/333 [ 29.151638] [ 29.151770] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.151828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.151849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.151874] Call Trace: [ 29.151889] <TASK> [ 29.151911] dump_stack_lvl+0x73/0xb0 [ 29.151944] print_report+0xd1/0x610 [ 29.151971] ? __virt_addr_valid+0x1db/0x2d0 [ 29.151998] ? _copy_from_user+0x32/0x90 [ 29.152021] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.152049] ? _copy_from_user+0x32/0x90 [ 29.152073] kasan_report+0x141/0x180 [ 29.152096] ? _copy_from_user+0x32/0x90 [ 29.152123] kasan_check_range+0x10c/0x1c0 [ 29.152147] __kasan_check_write+0x18/0x20 [ 29.152172] _copy_from_user+0x32/0x90 [ 29.152196] copy_user_test_oob+0x2be/0x10f0 [ 29.152223] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.152247] ? finish_task_switch.isra.0+0x153/0x700 [ 29.152271] ? __switch_to+0x47/0xf80 [ 29.152300] ? __schedule+0x10cc/0x2b60 [ 29.152325] ? __pfx_read_tsc+0x10/0x10 [ 29.152348] ? ktime_get_ts64+0x86/0x230 [ 29.152376] kunit_try_run_case+0x1a5/0x480 [ 29.152398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.152420] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.152445] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.152470] ? __kthread_parkme+0x82/0x180 [ 29.152509] ? preempt_count_sub+0x50/0x80 [ 29.152533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.152557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.152583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.152610] kthread+0x337/0x6f0 [ 29.152631] ? trace_preempt_on+0x20/0xc0 [ 29.152657] ? __pfx_kthread+0x10/0x10 [ 29.152679] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.152712] ? calculate_sigpending+0x7b/0xa0 [ 29.152738] ? __pfx_kthread+0x10/0x10 [ 29.152763] ret_from_fork+0x116/0x1d0 [ 29.152783] ? __pfx_kthread+0x10/0x10 [ 29.152805] ret_from_fork_asm+0x1a/0x30 [ 29.152838] </TASK> [ 29.152852] [ 29.160014] Allocated by task 333: [ 29.160193] kasan_save_stack+0x45/0x70 [ 29.160371] kasan_save_track+0x18/0x40 [ 29.160604] kasan_save_alloc_info+0x3b/0x50 [ 29.160809] __kasan_kmalloc+0xb7/0xc0 [ 29.160992] __kmalloc_noprof+0x1c9/0x500 [ 29.161196] kunit_kmalloc_array+0x25/0x60 [ 29.161396] copy_user_test_oob+0xab/0x10f0 [ 29.161686] kunit_try_run_case+0x1a5/0x480 [ 29.161881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.162111] kthread+0x337/0x6f0 [ 29.162231] ret_from_fork+0x116/0x1d0 [ 29.162363] ret_from_fork_asm+0x1a/0x30 [ 29.162509] [ 29.162603] The buggy address belongs to the object at ffff8881060c3d00 [ 29.162603] which belongs to the cache kmalloc-128 of size 128 [ 29.163325] The buggy address is located 0 bytes inside of [ 29.163325] allocated 120-byte region [ffff8881060c3d00, ffff8881060c3d78) [ 29.164931] [ 29.165032] The buggy address belongs to the physical page: [ 29.165213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.165461] flags: 0x200000000000000(node=0|zone=2) [ 29.165636] page_type: f5(slab) [ 29.165821] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.166325] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.166789] page dumped because: kasan: bad access detected [ 29.167178] [ 29.167348] Memory state around the buggy address: [ 29.167756] ffff8881060c3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.167980] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.168199] >ffff8881060c3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.168416] ^ [ 29.169029] ffff8881060c3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.169666] ffff8881060c3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.170284] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 29.087414] ================================================================== [ 29.088054] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.088370] Read of size 8 at addr ffff8881060c3c78 by task kunit_try_catch/329 [ 29.088690] [ 29.089130] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.089499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.089516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.089541] Call Trace: [ 29.089557] <TASK> [ 29.089578] dump_stack_lvl+0x73/0xb0 [ 29.089612] print_report+0xd1/0x610 [ 29.089640] ? __virt_addr_valid+0x1db/0x2d0 [ 29.089668] ? copy_to_kernel_nofault+0x225/0x260 [ 29.089693] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.089730] ? copy_to_kernel_nofault+0x225/0x260 [ 29.089755] kasan_report+0x141/0x180 [ 29.089796] ? copy_to_kernel_nofault+0x225/0x260 [ 29.089825] __asan_report_load8_noabort+0x18/0x20 [ 29.089851] copy_to_kernel_nofault+0x225/0x260 [ 29.089877] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.089902] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.089926] ? finish_task_switch.isra.0+0x153/0x700 [ 29.089950] ? __schedule+0x10cc/0x2b60 [ 29.089975] ? trace_hardirqs_on+0x37/0xe0 [ 29.090008] ? __pfx_read_tsc+0x10/0x10 [ 29.090033] ? ktime_get_ts64+0x86/0x230 [ 29.090060] kunit_try_run_case+0x1a5/0x480 [ 29.090084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.090106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.090132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.090156] ? __kthread_parkme+0x82/0x180 [ 29.090179] ? preempt_count_sub+0x50/0x80 [ 29.090204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.090227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.090253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.090281] kthread+0x337/0x6f0 [ 29.090302] ? trace_preempt_on+0x20/0xc0 [ 29.090325] ? __pfx_kthread+0x10/0x10 [ 29.090348] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.090371] ? calculate_sigpending+0x7b/0xa0 [ 29.090396] ? __pfx_kthread+0x10/0x10 [ 29.090419] ret_from_fork+0x116/0x1d0 [ 29.090441] ? __pfx_kthread+0x10/0x10 [ 29.090463] ret_from_fork_asm+0x1a/0x30 [ 29.090512] </TASK> [ 29.090526] [ 29.102261] Allocated by task 329: [ 29.102716] kasan_save_stack+0x45/0x70 [ 29.103059] kasan_save_track+0x18/0x40 [ 29.103236] kasan_save_alloc_info+0x3b/0x50 [ 29.103638] __kasan_kmalloc+0xb7/0xc0 [ 29.104036] __kmalloc_cache_noprof+0x189/0x420 [ 29.104295] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.104501] kunit_try_run_case+0x1a5/0x480 [ 29.104716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.105073] kthread+0x337/0x6f0 [ 29.105403] ret_from_fork+0x116/0x1d0 [ 29.105678] ret_from_fork_asm+0x1a/0x30 [ 29.106172] [ 29.106270] The buggy address belongs to the object at ffff8881060c3c00 [ 29.106270] which belongs to the cache kmalloc-128 of size 128 [ 29.106981] The buggy address is located 0 bytes to the right of [ 29.106981] allocated 120-byte region [ffff8881060c3c00, ffff8881060c3c78) [ 29.107760] [ 29.107896] The buggy address belongs to the physical page: [ 29.108129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.108633] flags: 0x200000000000000(node=0|zone=2) [ 29.108939] page_type: f5(slab) [ 29.109149] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.109393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.109746] page dumped because: kasan: bad access detected [ 29.110001] [ 29.110092] Memory state around the buggy address: [ 29.110303] ffff8881060c3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.110605] ffff8881060c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.110951] >ffff8881060c3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.111169] ^ [ 29.111538] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.111914] ffff8881060c3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.112531] ================================================================== [ 29.113418] ================================================================== [ 29.113744] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.114091] Write of size 8 at addr ffff8881060c3c78 by task kunit_try_catch/329 [ 29.114404] [ 29.114568] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.114619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.114632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.114691] Call Trace: [ 29.114715] <TASK> [ 29.114733] dump_stack_lvl+0x73/0xb0 [ 29.114783] print_report+0xd1/0x610 [ 29.114837] ? __virt_addr_valid+0x1db/0x2d0 [ 29.114863] ? copy_to_kernel_nofault+0x99/0x260 [ 29.114887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.114915] ? copy_to_kernel_nofault+0x99/0x260 [ 29.114939] kasan_report+0x141/0x180 [ 29.114962] ? copy_to_kernel_nofault+0x99/0x260 [ 29.114992] kasan_check_range+0x10c/0x1c0 [ 29.115017] __kasan_check_write+0x18/0x20 [ 29.115041] copy_to_kernel_nofault+0x99/0x260 [ 29.115068] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.115092] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.115116] ? finish_task_switch.isra.0+0x153/0x700 [ 29.115140] ? __schedule+0x10cc/0x2b60 [ 29.115163] ? trace_hardirqs_on+0x37/0xe0 [ 29.115197] ? __pfx_read_tsc+0x10/0x10 [ 29.115222] ? ktime_get_ts64+0x86/0x230 [ 29.115248] kunit_try_run_case+0x1a5/0x480 [ 29.115271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.115293] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.115317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.115341] ? __kthread_parkme+0x82/0x180 [ 29.115363] ? preempt_count_sub+0x50/0x80 [ 29.115388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.115411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.115438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.115467] kthread+0x337/0x6f0 [ 29.115495] ? trace_preempt_on+0x20/0xc0 [ 29.115520] ? __pfx_kthread+0x10/0x10 [ 29.115542] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.115565] ? calculate_sigpending+0x7b/0xa0 [ 29.115593] ? __pfx_kthread+0x10/0x10 [ 29.115616] ret_from_fork+0x116/0x1d0 [ 29.115637] ? __pfx_kthread+0x10/0x10 [ 29.115660] ret_from_fork_asm+0x1a/0x30 [ 29.115728] </TASK> [ 29.115744] [ 29.124028] Allocated by task 329: [ 29.124160] kasan_save_stack+0x45/0x70 [ 29.124300] kasan_save_track+0x18/0x40 [ 29.124526] kasan_save_alloc_info+0x3b/0x50 [ 29.124781] __kasan_kmalloc+0xb7/0xc0 [ 29.124975] __kmalloc_cache_noprof+0x189/0x420 [ 29.125196] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.125531] kunit_try_run_case+0x1a5/0x480 [ 29.125771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.125987] kthread+0x337/0x6f0 [ 29.126157] ret_from_fork+0x116/0x1d0 [ 29.126423] ret_from_fork_asm+0x1a/0x30 [ 29.126625] [ 29.126738] The buggy address belongs to the object at ffff8881060c3c00 [ 29.126738] which belongs to the cache kmalloc-128 of size 128 [ 29.127228] The buggy address is located 0 bytes to the right of [ 29.127228] allocated 120-byte region [ffff8881060c3c00, ffff8881060c3c78) [ 29.127649] [ 29.127775] The buggy address belongs to the physical page: [ 29.128310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 29.128685] flags: 0x200000000000000(node=0|zone=2) [ 29.128950] page_type: f5(slab) [ 29.129117] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.129368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.129676] page dumped because: kasan: bad access detected [ 29.130721] [ 29.131818] Memory state around the buggy address: [ 29.131984] ffff8881060c3b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.132203] ffff8881060c3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.132419] >ffff8881060c3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.132789] ^ [ 29.133010] ffff8881060c3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.133223] ffff8881060c3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.133434] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 28.842720] ================================================================== [ 28.843498] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 28.843797] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.844030] [ 28.844110] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.844159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.844173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.844195] Call Trace: [ 28.844211] <TASK> [ 28.844228] dump_stack_lvl+0x73/0xb0 [ 28.844256] print_report+0xd1/0x610 [ 28.844282] ? __virt_addr_valid+0x1db/0x2d0 [ 28.844308] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.844330] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.844359] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.844383] kasan_report+0x141/0x180 [ 28.844407] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.844435] kasan_check_range+0x10c/0x1c0 [ 28.844460] __kasan_check_write+0x18/0x20 [ 28.844501] kasan_atomics_helper+0x1eaa/0x5450 [ 28.844526] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.844550] ? ret_from_fork_asm+0x1a/0x30 [ 28.844580] kasan_atomics+0x1dc/0x310 [ 28.844604] ? __pfx_kasan_atomics+0x10/0x10 [ 28.844630] ? __pfx_read_tsc+0x10/0x10 [ 28.844654] ? ktime_get_ts64+0x86/0x230 [ 28.844681] kunit_try_run_case+0x1a5/0x480 [ 28.844716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.844738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.844764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.844789] ? __kthread_parkme+0x82/0x180 [ 28.844812] ? preempt_count_sub+0x50/0x80 [ 28.844837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.844861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.844888] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.844915] kthread+0x337/0x6f0 [ 28.844937] ? trace_preempt_on+0x20/0xc0 [ 28.844962] ? __pfx_kthread+0x10/0x10 [ 28.844984] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.845007] ? calculate_sigpending+0x7b/0xa0 [ 28.845034] ? __pfx_kthread+0x10/0x10 [ 28.845057] ret_from_fork+0x116/0x1d0 [ 28.845080] ? __pfx_kthread+0x10/0x10 [ 28.845103] ret_from_fork_asm+0x1a/0x30 [ 28.845136] </TASK> [ 28.845150] [ 28.851964] Allocated by task 313: [ 28.852144] kasan_save_stack+0x45/0x70 [ 28.852343] kasan_save_track+0x18/0x40 [ 28.852600] kasan_save_alloc_info+0x3b/0x50 [ 28.852764] __kasan_kmalloc+0xb7/0xc0 [ 28.852938] __kmalloc_cache_noprof+0x189/0x420 [ 28.853155] kasan_atomics+0x95/0x310 [ 28.853321] kunit_try_run_case+0x1a5/0x480 [ 28.853464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.853742] kthread+0x337/0x6f0 [ 28.853912] ret_from_fork+0x116/0x1d0 [ 28.854084] ret_from_fork_asm+0x1a/0x30 [ 28.854246] [ 28.854338] The buggy address belongs to the object at ffff88810439e280 [ 28.854338] which belongs to the cache kmalloc-64 of size 64 [ 28.854835] The buggy address is located 0 bytes to the right of [ 28.854835] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.855248] [ 28.855317] The buggy address belongs to the physical page: [ 28.855487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.855874] flags: 0x200000000000000(node=0|zone=2) [ 28.856106] page_type: f5(slab) [ 28.856270] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.856570] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.856805] page dumped because: kasan: bad access detected [ 28.856973] [ 28.857039] Memory state around the buggy address: [ 28.857264] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.857695] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.858026] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.858346] ^ [ 28.858568] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.859139] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.859369] ================================================================== [ 28.604147] ================================================================== [ 28.604558] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 28.604864] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.605202] [ 28.605333] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.605390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.605404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.605426] Call Trace: [ 28.605452] <TASK> [ 28.605468] dump_stack_lvl+0x73/0xb0 [ 28.605507] print_report+0xd1/0x610 [ 28.605532] ? __virt_addr_valid+0x1db/0x2d0 [ 28.605557] ? kasan_atomics_helper+0x1818/0x5450 [ 28.605579] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.605606] ? kasan_atomics_helper+0x1818/0x5450 [ 28.605629] kasan_report+0x141/0x180 [ 28.605653] ? kasan_atomics_helper+0x1818/0x5450 [ 28.605680] kasan_check_range+0x10c/0x1c0 [ 28.605726] __kasan_check_write+0x18/0x20 [ 28.605750] kasan_atomics_helper+0x1818/0x5450 [ 28.605774] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.605798] ? ret_from_fork_asm+0x1a/0x30 [ 28.605827] kasan_atomics+0x1dc/0x310 [ 28.605860] ? __pfx_kasan_atomics+0x10/0x10 [ 28.605885] ? __pfx_read_tsc+0x10/0x10 [ 28.605920] ? ktime_get_ts64+0x86/0x230 [ 28.605945] kunit_try_run_case+0x1a5/0x480 [ 28.605969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.605991] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.606024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.606048] ? __kthread_parkme+0x82/0x180 [ 28.606070] ? preempt_count_sub+0x50/0x80 [ 28.606105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.606128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.606154] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.606189] kthread+0x337/0x6f0 [ 28.606211] ? trace_preempt_on+0x20/0xc0 [ 28.606234] ? __pfx_kthread+0x10/0x10 [ 28.606267] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.606290] ? calculate_sigpending+0x7b/0xa0 [ 28.606315] ? __pfx_kthread+0x10/0x10 [ 28.606347] ret_from_fork+0x116/0x1d0 [ 28.606368] ? __pfx_kthread+0x10/0x10 [ 28.606390] ret_from_fork_asm+0x1a/0x30 [ 28.606431] </TASK> [ 28.606443] [ 28.617297] Allocated by task 313: [ 28.618116] kasan_save_stack+0x45/0x70 [ 28.618875] kasan_save_track+0x18/0x40 [ 28.619276] kasan_save_alloc_info+0x3b/0x50 [ 28.619438] __kasan_kmalloc+0xb7/0xc0 [ 28.619575] __kmalloc_cache_noprof+0x189/0x420 [ 28.619736] kasan_atomics+0x95/0x310 [ 28.619868] kunit_try_run_case+0x1a5/0x480 [ 28.620007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.620175] kthread+0x337/0x6f0 [ 28.620292] ret_from_fork+0x116/0x1d0 [ 28.620420] ret_from_fork_asm+0x1a/0x30 [ 28.620553] [ 28.620618] The buggy address belongs to the object at ffff88810439e280 [ 28.620618] which belongs to the cache kmalloc-64 of size 64 [ 28.623365] The buggy address is located 0 bytes to the right of [ 28.623365] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.624213] [ 28.624538] The buggy address belongs to the physical page: [ 28.624883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.625325] flags: 0x200000000000000(node=0|zone=2) [ 28.625690] page_type: f5(slab) [ 28.625872] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.626343] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.626865] page dumped because: kasan: bad access detected [ 28.627206] [ 28.627307] Memory state around the buggy address: [ 28.627732] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.628139] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.628517] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.628932] ^ [ 28.629184] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.629490] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.630050] ================================================================== [ 28.788634] ================================================================== [ 28.789089] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 28.789343] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.789872] [ 28.789979] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.790027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.790041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.790064] Call Trace: [ 28.790080] <TASK> [ 28.790097] dump_stack_lvl+0x73/0xb0 [ 28.790125] print_report+0xd1/0x610 [ 28.790150] ? __virt_addr_valid+0x1db/0x2d0 [ 28.790175] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.790199] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.790226] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.790250] kasan_report+0x141/0x180 [ 28.790274] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.790302] kasan_check_range+0x10c/0x1c0 [ 28.790328] __kasan_check_write+0x18/0x20 [ 28.790353] kasan_atomics_helper+0x1ce1/0x5450 [ 28.790377] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.790402] ? ret_from_fork_asm+0x1a/0x30 [ 28.790431] kasan_atomics+0x1dc/0x310 [ 28.790455] ? __pfx_kasan_atomics+0x10/0x10 [ 28.790481] ? __pfx_read_tsc+0x10/0x10 [ 28.790505] ? ktime_get_ts64+0x86/0x230 [ 28.790530] kunit_try_run_case+0x1a5/0x480 [ 28.790554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.790575] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.790601] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.790644] ? __kthread_parkme+0x82/0x180 [ 28.790666] ? preempt_count_sub+0x50/0x80 [ 28.790691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.790728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.790754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.790782] kthread+0x337/0x6f0 [ 28.790803] ? trace_preempt_on+0x20/0xc0 [ 28.790828] ? __pfx_kthread+0x10/0x10 [ 28.790851] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.790874] ? calculate_sigpending+0x7b/0xa0 [ 28.790900] ? __pfx_kthread+0x10/0x10 [ 28.790923] ret_from_fork+0x116/0x1d0 [ 28.790945] ? __pfx_kthread+0x10/0x10 [ 28.790968] ret_from_fork_asm+0x1a/0x30 [ 28.790999] </TASK> [ 28.791012] [ 28.798438] Allocated by task 313: [ 28.798715] kasan_save_stack+0x45/0x70 [ 28.798858] kasan_save_track+0x18/0x40 [ 28.799038] kasan_save_alloc_info+0x3b/0x50 [ 28.799249] __kasan_kmalloc+0xb7/0xc0 [ 28.799437] __kmalloc_cache_noprof+0x189/0x420 [ 28.799776] kasan_atomics+0x95/0x310 [ 28.799915] kunit_try_run_case+0x1a5/0x480 [ 28.800057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.800263] kthread+0x337/0x6f0 [ 28.800425] ret_from_fork+0x116/0x1d0 [ 28.800608] ret_from_fork_asm+0x1a/0x30 [ 28.800811] [ 28.800903] The buggy address belongs to the object at ffff88810439e280 [ 28.800903] which belongs to the cache kmalloc-64 of size 64 [ 28.801272] The buggy address is located 0 bytes to the right of [ 28.801272] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.802145] [ 28.802230] The buggy address belongs to the physical page: [ 28.802480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.802813] flags: 0x200000000000000(node=0|zone=2) [ 28.803003] page_type: f5(slab) [ 28.803164] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.803434] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.803899] page dumped because: kasan: bad access detected [ 28.804083] [ 28.804153] Memory state around the buggy address: [ 28.804308] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.804523] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.804805] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.805121] ^ [ 28.805340] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.805655] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.806075] ================================================================== [ 29.050911] ================================================================== [ 29.051496] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 29.051786] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 29.052075] [ 29.052181] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.052230] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.052244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.052268] Call Trace: [ 29.052286] <TASK> [ 29.052303] dump_stack_lvl+0x73/0xb0 [ 29.052331] print_report+0xd1/0x610 [ 29.052357] ? __virt_addr_valid+0x1db/0x2d0 [ 29.052383] ? kasan_atomics_helper+0x5115/0x5450 [ 29.052407] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.052436] ? kasan_atomics_helper+0x5115/0x5450 [ 29.052461] kasan_report+0x141/0x180 [ 29.052484] ? kasan_atomics_helper+0x5115/0x5450 [ 29.052511] __asan_report_load8_noabort+0x18/0x20 [ 29.052536] kasan_atomics_helper+0x5115/0x5450 [ 29.052559] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.052583] ? ret_from_fork_asm+0x1a/0x30 [ 29.052611] kasan_atomics+0x1dc/0x310 [ 29.052636] ? __pfx_kasan_atomics+0x10/0x10 [ 29.052661] ? __pfx_read_tsc+0x10/0x10 [ 29.052685] ? ktime_get_ts64+0x86/0x230 [ 29.052721] kunit_try_run_case+0x1a5/0x480 [ 29.052745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.052778] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.052804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.052829] ? __kthread_parkme+0x82/0x180 [ 29.052851] ? preempt_count_sub+0x50/0x80 [ 29.052876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.052899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.052925] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.052952] kthread+0x337/0x6f0 [ 29.052973] ? trace_preempt_on+0x20/0xc0 [ 29.052996] ? __pfx_kthread+0x10/0x10 [ 29.053019] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.053041] ? calculate_sigpending+0x7b/0xa0 [ 29.053066] ? __pfx_kthread+0x10/0x10 [ 29.053089] ret_from_fork+0x116/0x1d0 [ 29.053110] ? __pfx_kthread+0x10/0x10 [ 29.053132] ret_from_fork_asm+0x1a/0x30 [ 29.053164] </TASK> [ 29.053177] [ 29.060196] Allocated by task 313: [ 29.060368] kasan_save_stack+0x45/0x70 [ 29.060523] kasan_save_track+0x18/0x40 [ 29.060726] kasan_save_alloc_info+0x3b/0x50 [ 29.060920] __kasan_kmalloc+0xb7/0xc0 [ 29.061048] __kmalloc_cache_noprof+0x189/0x420 [ 29.061200] kasan_atomics+0x95/0x310 [ 29.061454] kunit_try_run_case+0x1a5/0x480 [ 29.061668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.061929] kthread+0x337/0x6f0 [ 29.062088] ret_from_fork+0x116/0x1d0 [ 29.062219] ret_from_fork_asm+0x1a/0x30 [ 29.062357] [ 29.062439] The buggy address belongs to the object at ffff88810439e280 [ 29.062439] which belongs to the cache kmalloc-64 of size 64 [ 29.063294] The buggy address is located 0 bytes to the right of [ 29.063294] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 29.063706] [ 29.063776] The buggy address belongs to the physical page: [ 29.063954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 29.064491] flags: 0x200000000000000(node=0|zone=2) [ 29.064726] page_type: f5(slab) [ 29.064890] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.065228] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.065502] page dumped because: kasan: bad access detected [ 29.065760] [ 29.065828] Memory state around the buggy address: [ 29.065980] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.066195] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.066525] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.066860] ^ [ 29.067054] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.067306] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.067636] ================================================================== [ 28.088632] ================================================================== [ 28.089183] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 28.089493] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.090344] [ 28.090783] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.090840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.090855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.090941] Call Trace: [ 28.090961] <TASK> [ 28.091003] dump_stack_lvl+0x73/0xb0 [ 28.091036] print_report+0xd1/0x610 [ 28.091063] ? __virt_addr_valid+0x1db/0x2d0 [ 28.091089] ? kasan_atomics_helper+0xe78/0x5450 [ 28.091112] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.091141] ? kasan_atomics_helper+0xe78/0x5450 [ 28.091163] kasan_report+0x141/0x180 [ 28.091186] ? kasan_atomics_helper+0xe78/0x5450 [ 28.091214] kasan_check_range+0x10c/0x1c0 [ 28.091832] __kasan_check_write+0x18/0x20 [ 28.091867] kasan_atomics_helper+0xe78/0x5450 [ 28.091893] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.091918] ? ret_from_fork_asm+0x1a/0x30 [ 28.091948] kasan_atomics+0x1dc/0x310 [ 28.091973] ? __pfx_kasan_atomics+0x10/0x10 [ 28.091998] ? __pfx_read_tsc+0x10/0x10 [ 28.092023] ? ktime_get_ts64+0x86/0x230 [ 28.092050] kunit_try_run_case+0x1a5/0x480 [ 28.092075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.092097] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.092122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.092148] ? __kthread_parkme+0x82/0x180 [ 28.092170] ? preempt_count_sub+0x50/0x80 [ 28.092196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.092220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.092249] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.092277] kthread+0x337/0x6f0 [ 28.092299] ? trace_preempt_on+0x20/0xc0 [ 28.092324] ? __pfx_kthread+0x10/0x10 [ 28.092347] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.092370] ? calculate_sigpending+0x7b/0xa0 [ 28.092396] ? __pfx_kthread+0x10/0x10 [ 28.092419] ret_from_fork+0x116/0x1d0 [ 28.092440] ? __pfx_kthread+0x10/0x10 [ 28.092463] ret_from_fork_asm+0x1a/0x30 [ 28.092495] </TASK> [ 28.092508] [ 28.107173] Allocated by task 313: [ 28.107361] kasan_save_stack+0x45/0x70 [ 28.107791] kasan_save_track+0x18/0x40 [ 28.108282] kasan_save_alloc_info+0x3b/0x50 [ 28.108615] __kasan_kmalloc+0xb7/0xc0 [ 28.108949] __kmalloc_cache_noprof+0x189/0x420 [ 28.109356] kasan_atomics+0x95/0x310 [ 28.109788] kunit_try_run_case+0x1a5/0x480 [ 28.110163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.110414] kthread+0x337/0x6f0 [ 28.110739] ret_from_fork+0x116/0x1d0 [ 28.111174] ret_from_fork_asm+0x1a/0x30 [ 28.111443] [ 28.111678] The buggy address belongs to the object at ffff88810439e280 [ 28.111678] which belongs to the cache kmalloc-64 of size 64 [ 28.112719] The buggy address is located 0 bytes to the right of [ 28.112719] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.113734] [ 28.113955] The buggy address belongs to the physical page: [ 28.114303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.115220] flags: 0x200000000000000(node=0|zone=2) [ 28.115453] page_type: f5(slab) [ 28.115927] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.116378] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.117114] page dumped because: kasan: bad access detected [ 28.117361] [ 28.117450] Memory state around the buggy address: [ 28.118028] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.118347] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.119162] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.120059] ^ [ 28.120293] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.120954] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.121400] ================================================================== [ 28.012071] ================================================================== [ 28.012418] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 28.012770] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.012993] [ 28.013091] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.013154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.013168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.013191] Call Trace: [ 28.013205] <TASK> [ 28.013223] dump_stack_lvl+0x73/0xb0 [ 28.013250] print_report+0xd1/0x610 [ 28.013275] ? __virt_addr_valid+0x1db/0x2d0 [ 28.013299] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.013322] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.013351] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.013373] kasan_report+0x141/0x180 [ 28.013397] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.013424] __asan_report_load4_noabort+0x18/0x20 [ 28.013450] kasan_atomics_helper+0x4a84/0x5450 [ 28.013474] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.013516] ? ret_from_fork_asm+0x1a/0x30 [ 28.013545] kasan_atomics+0x1dc/0x310 [ 28.013569] ? __pfx_kasan_atomics+0x10/0x10 [ 28.013594] ? __pfx_read_tsc+0x10/0x10 [ 28.013618] ? ktime_get_ts64+0x86/0x230 [ 28.013644] kunit_try_run_case+0x1a5/0x480 [ 28.013668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.013689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.013726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.013751] ? __kthread_parkme+0x82/0x180 [ 28.013773] ? preempt_count_sub+0x50/0x80 [ 28.013798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.013821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.013848] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.013875] kthread+0x337/0x6f0 [ 28.013895] ? trace_preempt_on+0x20/0xc0 [ 28.013920] ? __pfx_kthread+0x10/0x10 [ 28.013943] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.013965] ? calculate_sigpending+0x7b/0xa0 [ 28.013990] ? __pfx_kthread+0x10/0x10 [ 28.014014] ret_from_fork+0x116/0x1d0 [ 28.014035] ? __pfx_kthread+0x10/0x10 [ 28.014057] ret_from_fork_asm+0x1a/0x30 [ 28.014088] </TASK> [ 28.014101] [ 28.025338] Allocated by task 313: [ 28.025967] kasan_save_stack+0x45/0x70 [ 28.026165] kasan_save_track+0x18/0x40 [ 28.026351] kasan_save_alloc_info+0x3b/0x50 [ 28.026883] __kasan_kmalloc+0xb7/0xc0 [ 28.027155] __kmalloc_cache_noprof+0x189/0x420 [ 28.027550] kasan_atomics+0x95/0x310 [ 28.027749] kunit_try_run_case+0x1a5/0x480 [ 28.028010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.028249] kthread+0x337/0x6f0 [ 28.028406] ret_from_fork+0x116/0x1d0 [ 28.029163] ret_from_fork_asm+0x1a/0x30 [ 28.029491] [ 28.029722] The buggy address belongs to the object at ffff88810439e280 [ 28.029722] which belongs to the cache kmalloc-64 of size 64 [ 28.030354] The buggy address is located 0 bytes to the right of [ 28.030354] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.031416] [ 28.031550] The buggy address belongs to the physical page: [ 28.031999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.032344] flags: 0x200000000000000(node=0|zone=2) [ 28.033103] page_type: f5(slab) [ 28.033305] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.033906] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.034217] page dumped because: kasan: bad access detected [ 28.034451] [ 28.034895] Memory state around the buggy address: [ 28.035305] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.035883] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.036383] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.037179] ^ [ 28.037623] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.038164] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.038469] ================================================================== [ 28.806535] ================================================================== [ 28.806955] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 28.807365] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.807683] [ 28.807779] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.807831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.807852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.807874] Call Trace: [ 28.807890] <TASK> [ 28.807906] dump_stack_lvl+0x73/0xb0 [ 28.807935] print_report+0xd1/0x610 [ 28.807962] ? __virt_addr_valid+0x1db/0x2d0 [ 28.807988] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.808011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.808040] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.808063] kasan_report+0x141/0x180 [ 28.808087] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.808114] kasan_check_range+0x10c/0x1c0 [ 28.808140] __kasan_check_write+0x18/0x20 [ 28.808165] kasan_atomics_helper+0x1d7a/0x5450 [ 28.808189] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.808213] ? ret_from_fork_asm+0x1a/0x30 [ 28.808243] kasan_atomics+0x1dc/0x310 [ 28.808266] ? __pfx_kasan_atomics+0x10/0x10 [ 28.808293] ? __pfx_read_tsc+0x10/0x10 [ 28.808317] ? ktime_get_ts64+0x86/0x230 [ 28.808343] kunit_try_run_case+0x1a5/0x480 [ 28.808367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.808390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.808415] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.808440] ? __kthread_parkme+0x82/0x180 [ 28.808463] ? preempt_count_sub+0x50/0x80 [ 28.808488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.808523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.808550] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.808577] kthread+0x337/0x6f0 [ 28.808598] ? trace_preempt_on+0x20/0xc0 [ 28.808623] ? __pfx_kthread+0x10/0x10 [ 28.808646] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.808669] ? calculate_sigpending+0x7b/0xa0 [ 28.808695] ? __pfx_kthread+0x10/0x10 [ 28.808727] ret_from_fork+0x116/0x1d0 [ 28.808749] ? __pfx_kthread+0x10/0x10 [ 28.808772] ret_from_fork_asm+0x1a/0x30 [ 28.808805] </TASK> [ 28.808818] [ 28.815991] Allocated by task 313: [ 28.816146] kasan_save_stack+0x45/0x70 [ 28.816323] kasan_save_track+0x18/0x40 [ 28.816502] kasan_save_alloc_info+0x3b/0x50 [ 28.816686] __kasan_kmalloc+0xb7/0xc0 [ 28.816856] __kmalloc_cache_noprof+0x189/0x420 [ 28.817051] kasan_atomics+0x95/0x310 [ 28.817220] kunit_try_run_case+0x1a5/0x480 [ 28.817419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.817636] kthread+0x337/0x6f0 [ 28.817789] ret_from_fork+0x116/0x1d0 [ 28.817979] ret_from_fork_asm+0x1a/0x30 [ 28.818173] [ 28.818263] The buggy address belongs to the object at ffff88810439e280 [ 28.818263] which belongs to the cache kmalloc-64 of size 64 [ 28.818763] The buggy address is located 0 bytes to the right of [ 28.818763] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.819267] [ 28.819341] The buggy address belongs to the physical page: [ 28.819589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.819924] flags: 0x200000000000000(node=0|zone=2) [ 28.820156] page_type: f5(slab) [ 28.820274] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.820512] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.820957] page dumped because: kasan: bad access detected [ 28.821163] [ 28.821229] Memory state around the buggy address: [ 28.821442] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.821978] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.822260] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.822522] ^ [ 28.822727] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.823033] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.823304] ================================================================== [ 27.916744] ================================================================== [ 27.917062] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 27.917294] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.917635] [ 27.917753] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.917801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.917814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.917837] Call Trace: [ 27.917851] <TASK> [ 27.917867] dump_stack_lvl+0x73/0xb0 [ 27.917895] print_report+0xd1/0x610 [ 27.917919] ? __virt_addr_valid+0x1db/0x2d0 [ 27.917945] ? kasan_atomics_helper+0x992/0x5450 [ 27.917968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.917996] ? kasan_atomics_helper+0x992/0x5450 [ 27.918018] kasan_report+0x141/0x180 [ 27.918042] ? kasan_atomics_helper+0x992/0x5450 [ 27.918069] kasan_check_range+0x10c/0x1c0 [ 27.918094] __kasan_check_write+0x18/0x20 [ 27.918119] kasan_atomics_helper+0x992/0x5450 [ 27.918143] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.918166] ? ret_from_fork_asm+0x1a/0x30 [ 27.918197] kasan_atomics+0x1dc/0x310 [ 27.918221] ? __pfx_kasan_atomics+0x10/0x10 [ 27.918247] ? __pfx_read_tsc+0x10/0x10 [ 27.918270] ? ktime_get_ts64+0x86/0x230 [ 27.918296] kunit_try_run_case+0x1a5/0x480 [ 27.918320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.918342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.918368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.918393] ? __kthread_parkme+0x82/0x180 [ 27.918415] ? preempt_count_sub+0x50/0x80 [ 27.918440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.918464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.918509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.918537] kthread+0x337/0x6f0 [ 27.918559] ? trace_preempt_on+0x20/0xc0 [ 27.918583] ? __pfx_kthread+0x10/0x10 [ 27.918606] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.918629] ? calculate_sigpending+0x7b/0xa0 [ 27.918655] ? __pfx_kthread+0x10/0x10 [ 27.918678] ret_from_fork+0x116/0x1d0 [ 27.918711] ? __pfx_kthread+0x10/0x10 [ 27.918734] ret_from_fork_asm+0x1a/0x30 [ 27.918766] </TASK> [ 27.918778] [ 27.926899] Allocated by task 313: [ 27.927063] kasan_save_stack+0x45/0x70 [ 27.927232] kasan_save_track+0x18/0x40 [ 27.927369] kasan_save_alloc_info+0x3b/0x50 [ 27.927643] __kasan_kmalloc+0xb7/0xc0 [ 27.927957] __kmalloc_cache_noprof+0x189/0x420 [ 27.928183] kasan_atomics+0x95/0x310 [ 27.928360] kunit_try_run_case+0x1a5/0x480 [ 27.928573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.928975] kthread+0x337/0x6f0 [ 27.929137] ret_from_fork+0x116/0x1d0 [ 27.929309] ret_from_fork_asm+0x1a/0x30 [ 27.929486] [ 27.929589] The buggy address belongs to the object at ffff88810439e280 [ 27.929589] which belongs to the cache kmalloc-64 of size 64 [ 27.930120] The buggy address is located 0 bytes to the right of [ 27.930120] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.930630] [ 27.930710] The buggy address belongs to the physical page: [ 27.930880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.931115] flags: 0x200000000000000(node=0|zone=2) [ 27.931273] page_type: f5(slab) [ 27.931390] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.931738] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.932177] page dumped because: kasan: bad access detected [ 27.932432] [ 27.932543] Memory state around the buggy address: [ 27.932745] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.933154] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.933378] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.933849] ^ [ 27.934088] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.934415] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.934861] ================================================================== [ 28.330414] ================================================================== [ 28.330728] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 28.331276] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.331675] [ 28.331791] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.332096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.332112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.332136] Call Trace: [ 28.332153] <TASK> [ 28.332170] dump_stack_lvl+0x73/0xb0 [ 28.332200] print_report+0xd1/0x610 [ 28.332226] ? __virt_addr_valid+0x1db/0x2d0 [ 28.332252] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.332275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.332303] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.332326] kasan_report+0x141/0x180 [ 28.332349] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.332377] __asan_report_load4_noabort+0x18/0x20 [ 28.332402] kasan_atomics_helper+0x49e8/0x5450 [ 28.332426] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.332449] ? ret_from_fork_asm+0x1a/0x30 [ 28.332478] kasan_atomics+0x1dc/0x310 [ 28.332512] ? __pfx_kasan_atomics+0x10/0x10 [ 28.332537] ? __pfx_read_tsc+0x10/0x10 [ 28.332561] ? ktime_get_ts64+0x86/0x230 [ 28.332586] kunit_try_run_case+0x1a5/0x480 [ 28.332611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.332633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.332657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.332682] ? __kthread_parkme+0x82/0x180 [ 28.332718] ? preempt_count_sub+0x50/0x80 [ 28.332742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.332766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.332792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.332819] kthread+0x337/0x6f0 [ 28.332840] ? trace_preempt_on+0x20/0xc0 [ 28.332863] ? __pfx_kthread+0x10/0x10 [ 28.332886] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.332909] ? calculate_sigpending+0x7b/0xa0 [ 28.332934] ? __pfx_kthread+0x10/0x10 [ 28.332958] ret_from_fork+0x116/0x1d0 [ 28.332978] ? __pfx_kthread+0x10/0x10 [ 28.333001] ret_from_fork_asm+0x1a/0x30 [ 28.333032] </TASK> [ 28.333047] [ 28.342389] Allocated by task 313: [ 28.342686] kasan_save_stack+0x45/0x70 [ 28.342975] kasan_save_track+0x18/0x40 [ 28.343125] kasan_save_alloc_info+0x3b/0x50 [ 28.343332] __kasan_kmalloc+0xb7/0xc0 [ 28.343510] __kmalloc_cache_noprof+0x189/0x420 [ 28.343952] kasan_atomics+0x95/0x310 [ 28.344232] kunit_try_run_case+0x1a5/0x480 [ 28.344435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.344896] kthread+0x337/0x6f0 [ 28.345151] ret_from_fork+0x116/0x1d0 [ 28.345342] ret_from_fork_asm+0x1a/0x30 [ 28.345674] [ 28.345776] The buggy address belongs to the object at ffff88810439e280 [ 28.345776] which belongs to the cache kmalloc-64 of size 64 [ 28.346457] The buggy address is located 0 bytes to the right of [ 28.346457] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.347041] [ 28.347165] The buggy address belongs to the physical page: [ 28.347403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.347967] flags: 0x200000000000000(node=0|zone=2) [ 28.348262] page_type: f5(slab) [ 28.348394] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.348876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.349175] page dumped because: kasan: bad access detected [ 28.349403] [ 28.349480] Memory state around the buggy address: [ 28.349937] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.350331] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.350709] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.351096] ^ [ 28.351369] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.351603] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.352524] ================================================================== [ 28.901852] ================================================================== [ 28.902246] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 28.902657] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.903054] [ 28.903167] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.903216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.903229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.903253] Call Trace: [ 28.903268] <TASK> [ 28.903284] dump_stack_lvl+0x73/0xb0 [ 28.903312] print_report+0xd1/0x610 [ 28.903336] ? __virt_addr_valid+0x1db/0x2d0 [ 28.903361] ? kasan_atomics_helper+0x2006/0x5450 [ 28.903384] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.903411] ? kasan_atomics_helper+0x2006/0x5450 [ 28.903456] kasan_report+0x141/0x180 [ 28.903501] ? kasan_atomics_helper+0x2006/0x5450 [ 28.903547] kasan_check_range+0x10c/0x1c0 [ 28.903573] __kasan_check_write+0x18/0x20 [ 28.903597] kasan_atomics_helper+0x2006/0x5450 [ 28.903638] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.903661] ? ret_from_fork_asm+0x1a/0x30 [ 28.903713] kasan_atomics+0x1dc/0x310 [ 28.903737] ? __pfx_kasan_atomics+0x10/0x10 [ 28.903762] ? __pfx_read_tsc+0x10/0x10 [ 28.903786] ? ktime_get_ts64+0x86/0x230 [ 28.903812] kunit_try_run_case+0x1a5/0x480 [ 28.903835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.903861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.903887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.903912] ? __kthread_parkme+0x82/0x180 [ 28.903933] ? preempt_count_sub+0x50/0x80 [ 28.903959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.903982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.904029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.904056] kthread+0x337/0x6f0 [ 28.904077] ? trace_preempt_on+0x20/0xc0 [ 28.904101] ? __pfx_kthread+0x10/0x10 [ 28.904124] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.904147] ? calculate_sigpending+0x7b/0xa0 [ 28.904172] ? __pfx_kthread+0x10/0x10 [ 28.904194] ret_from_fork+0x116/0x1d0 [ 28.904216] ? __pfx_kthread+0x10/0x10 [ 28.904239] ret_from_fork_asm+0x1a/0x30 [ 28.904271] </TASK> [ 28.904283] [ 28.912114] Allocated by task 313: [ 28.912241] kasan_save_stack+0x45/0x70 [ 28.912380] kasan_save_track+0x18/0x40 [ 28.912539] kasan_save_alloc_info+0x3b/0x50 [ 28.912691] __kasan_kmalloc+0xb7/0xc0 [ 28.912888] __kmalloc_cache_noprof+0x189/0x420 [ 28.913128] kasan_atomics+0x95/0x310 [ 28.913333] kunit_try_run_case+0x1a5/0x480 [ 28.913603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.913877] kthread+0x337/0x6f0 [ 28.914071] ret_from_fork+0x116/0x1d0 [ 28.914310] ret_from_fork_asm+0x1a/0x30 [ 28.914569] [ 28.914662] The buggy address belongs to the object at ffff88810439e280 [ 28.914662] which belongs to the cache kmalloc-64 of size 64 [ 28.915086] The buggy address is located 0 bytes to the right of [ 28.915086] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.915586] [ 28.915684] The buggy address belongs to the physical page: [ 28.915978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.916400] flags: 0x200000000000000(node=0|zone=2) [ 28.916705] page_type: f5(slab) [ 28.916862] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.917158] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.917403] page dumped because: kasan: bad access detected [ 28.917715] [ 28.917811] Memory state around the buggy address: [ 28.918074] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.918379] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.918717] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.919035] ^ [ 28.919269] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.919672] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.920017] ================================================================== [ 28.920568] ================================================================== [ 28.920993] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 28.921333] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.921707] [ 28.921791] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.921838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.921851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.921873] Call Trace: [ 28.921890] <TASK> [ 28.921906] dump_stack_lvl+0x73/0xb0 [ 28.921934] print_report+0xd1/0x610 [ 28.921959] ? __virt_addr_valid+0x1db/0x2d0 [ 28.921983] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.922005] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.922033] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.922057] kasan_report+0x141/0x180 [ 28.922080] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.922107] __asan_report_load8_noabort+0x18/0x20 [ 28.922156] kasan_atomics_helper+0x4f98/0x5450 [ 28.922179] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.922202] ? ret_from_fork_asm+0x1a/0x30 [ 28.922248] kasan_atomics+0x1dc/0x310 [ 28.922285] ? __pfx_kasan_atomics+0x10/0x10 [ 28.922324] ? __pfx_read_tsc+0x10/0x10 [ 28.922349] ? ktime_get_ts64+0x86/0x230 [ 28.922388] kunit_try_run_case+0x1a5/0x480 [ 28.922425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.922460] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.922506] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.922531] ? __kthread_parkme+0x82/0x180 [ 28.922554] ? preempt_count_sub+0x50/0x80 [ 28.922579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.922602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.922628] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.922655] kthread+0x337/0x6f0 [ 28.922676] ? trace_preempt_on+0x20/0xc0 [ 28.922707] ? __pfx_kthread+0x10/0x10 [ 28.922730] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.922753] ? calculate_sigpending+0x7b/0xa0 [ 28.922779] ? __pfx_kthread+0x10/0x10 [ 28.922802] ret_from_fork+0x116/0x1d0 [ 28.922823] ? __pfx_kthread+0x10/0x10 [ 28.922845] ret_from_fork_asm+0x1a/0x30 [ 28.922877] </TASK> [ 28.922889] [ 28.929910] Allocated by task 313: [ 28.930105] kasan_save_stack+0x45/0x70 [ 28.930340] kasan_save_track+0x18/0x40 [ 28.930579] kasan_save_alloc_info+0x3b/0x50 [ 28.930836] __kasan_kmalloc+0xb7/0xc0 [ 28.931041] __kmalloc_cache_noprof+0x189/0x420 [ 28.931266] kasan_atomics+0x95/0x310 [ 28.931447] kunit_try_run_case+0x1a5/0x480 [ 28.931817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.932085] kthread+0x337/0x6f0 [ 28.932252] ret_from_fork+0x116/0x1d0 [ 28.932436] ret_from_fork_asm+0x1a/0x30 [ 28.932663] [ 28.932767] The buggy address belongs to the object at ffff88810439e280 [ 28.932767] which belongs to the cache kmalloc-64 of size 64 [ 28.933304] The buggy address is located 0 bytes to the right of [ 28.933304] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.933722] [ 28.933855] The buggy address belongs to the physical page: [ 28.934110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.934519] flags: 0x200000000000000(node=0|zone=2) [ 28.934798] page_type: f5(slab) [ 28.934968] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.935222] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.935447] page dumped because: kasan: bad access detected [ 28.935764] [ 28.935863] Memory state around the buggy address: [ 28.936085] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.936400] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.936666] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.936948] ^ [ 28.937210] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.937596] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.937934] ================================================================== [ 28.305926] ================================================================== [ 28.306868] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 28.307779] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.308688] [ 28.308981] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.309038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.309137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.309162] Call Trace: [ 28.309178] <TASK> [ 28.309196] dump_stack_lvl+0x73/0xb0 [ 28.309228] print_report+0xd1/0x610 [ 28.309255] ? __virt_addr_valid+0x1db/0x2d0 [ 28.309283] ? kasan_atomics_helper+0x1217/0x5450 [ 28.309305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.309333] ? kasan_atomics_helper+0x1217/0x5450 [ 28.309357] kasan_report+0x141/0x180 [ 28.309381] ? kasan_atomics_helper+0x1217/0x5450 [ 28.309409] kasan_check_range+0x10c/0x1c0 [ 28.309435] __kasan_check_write+0x18/0x20 [ 28.309459] kasan_atomics_helper+0x1217/0x5450 [ 28.309494] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.309518] ? ret_from_fork_asm+0x1a/0x30 [ 28.309548] kasan_atomics+0x1dc/0x310 [ 28.309572] ? __pfx_kasan_atomics+0x10/0x10 [ 28.309597] ? __pfx_read_tsc+0x10/0x10 [ 28.309621] ? ktime_get_ts64+0x86/0x230 [ 28.309647] kunit_try_run_case+0x1a5/0x480 [ 28.309672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.309694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.309736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.309761] ? __kthread_parkme+0x82/0x180 [ 28.309783] ? preempt_count_sub+0x50/0x80 [ 28.309810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.309833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.309860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.309887] kthread+0x337/0x6f0 [ 28.309908] ? trace_preempt_on+0x20/0xc0 [ 28.309933] ? __pfx_kthread+0x10/0x10 [ 28.309955] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.309978] ? calculate_sigpending+0x7b/0xa0 [ 28.310003] ? __pfx_kthread+0x10/0x10 [ 28.310026] ret_from_fork+0x116/0x1d0 [ 28.310047] ? __pfx_kthread+0x10/0x10 [ 28.310069] ret_from_fork_asm+0x1a/0x30 [ 28.310101] </TASK> [ 28.310114] [ 28.319999] Allocated by task 313: [ 28.320327] kasan_save_stack+0x45/0x70 [ 28.320628] kasan_save_track+0x18/0x40 [ 28.320855] kasan_save_alloc_info+0x3b/0x50 [ 28.321160] __kasan_kmalloc+0xb7/0xc0 [ 28.321422] __kmalloc_cache_noprof+0x189/0x420 [ 28.321669] kasan_atomics+0x95/0x310 [ 28.321831] kunit_try_run_case+0x1a5/0x480 [ 28.322036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.322265] kthread+0x337/0x6f0 [ 28.322420] ret_from_fork+0x116/0x1d0 [ 28.322899] ret_from_fork_asm+0x1a/0x30 [ 28.323078] [ 28.323152] The buggy address belongs to the object at ffff88810439e280 [ 28.323152] which belongs to the cache kmalloc-64 of size 64 [ 28.324101] The buggy address is located 0 bytes to the right of [ 28.324101] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.324773] [ 28.324877] The buggy address belongs to the physical page: [ 28.325252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.325707] flags: 0x200000000000000(node=0|zone=2) [ 28.325877] page_type: f5(slab) [ 28.326045] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.326352] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.326654] page dumped because: kasan: bad access detected [ 28.327213] [ 28.327305] Memory state around the buggy address: [ 28.327468] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.328094] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.328477] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.328912] ^ [ 28.329237] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.329568] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.329937] ================================================================== [ 28.210939] ================================================================== [ 28.211244] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 28.212222] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.212877] [ 28.213077] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.213133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.213156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.213179] Call Trace: [ 28.213193] <TASK> [ 28.213212] dump_stack_lvl+0x73/0xb0 [ 28.213242] print_report+0xd1/0x610 [ 28.213269] ? __virt_addr_valid+0x1db/0x2d0 [ 28.213294] ? kasan_atomics_helper+0x1079/0x5450 [ 28.213316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.213344] ? kasan_atomics_helper+0x1079/0x5450 [ 28.213367] kasan_report+0x141/0x180 [ 28.213390] ? kasan_atomics_helper+0x1079/0x5450 [ 28.213418] kasan_check_range+0x10c/0x1c0 [ 28.213443] __kasan_check_write+0x18/0x20 [ 28.213467] kasan_atomics_helper+0x1079/0x5450 [ 28.213583] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.213612] ? ret_from_fork_asm+0x1a/0x30 [ 28.213644] kasan_atomics+0x1dc/0x310 [ 28.213669] ? __pfx_kasan_atomics+0x10/0x10 [ 28.213694] ? __pfx_read_tsc+0x10/0x10 [ 28.213764] ? ktime_get_ts64+0x86/0x230 [ 28.213791] kunit_try_run_case+0x1a5/0x480 [ 28.213816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.213837] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.213864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.213890] ? __kthread_parkme+0x82/0x180 [ 28.213912] ? preempt_count_sub+0x50/0x80 [ 28.213937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.213961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.213987] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.214014] kthread+0x337/0x6f0 [ 28.214036] ? trace_preempt_on+0x20/0xc0 [ 28.214060] ? __pfx_kthread+0x10/0x10 [ 28.214082] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.214105] ? calculate_sigpending+0x7b/0xa0 [ 28.214131] ? __pfx_kthread+0x10/0x10 [ 28.214154] ret_from_fork+0x116/0x1d0 [ 28.214175] ? __pfx_kthread+0x10/0x10 [ 28.214198] ret_from_fork_asm+0x1a/0x30 [ 28.214230] </TASK> [ 28.214243] [ 28.224768] Allocated by task 313: [ 28.224946] kasan_save_stack+0x45/0x70 [ 28.225139] kasan_save_track+0x18/0x40 [ 28.225316] kasan_save_alloc_info+0x3b/0x50 [ 28.225793] __kasan_kmalloc+0xb7/0xc0 [ 28.226017] __kmalloc_cache_noprof+0x189/0x420 [ 28.226359] kasan_atomics+0x95/0x310 [ 28.226671] kunit_try_run_case+0x1a5/0x480 [ 28.227016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.227253] kthread+0x337/0x6f0 [ 28.227406] ret_from_fork+0x116/0x1d0 [ 28.227848] ret_from_fork_asm+0x1a/0x30 [ 28.228166] [ 28.228381] The buggy address belongs to the object at ffff88810439e280 [ 28.228381] which belongs to the cache kmalloc-64 of size 64 [ 28.229255] The buggy address is located 0 bytes to the right of [ 28.229255] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.229996] [ 28.230100] The buggy address belongs to the physical page: [ 28.230331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.230912] flags: 0x200000000000000(node=0|zone=2) [ 28.231333] page_type: f5(slab) [ 28.231627] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.232104] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.232422] page dumped because: kasan: bad access detected [ 28.233060] [ 28.233158] Memory state around the buggy address: [ 28.233604] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.234098] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.234750] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.235186] ^ [ 28.235403] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.235995] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.236483] ================================================================== [ 28.280951] ================================================================== [ 28.281495] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 28.281828] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.282384] [ 28.282488] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.282548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.282845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.282876] Call Trace: [ 28.282893] <TASK> [ 28.282911] dump_stack_lvl+0x73/0xb0 [ 28.282942] print_report+0xd1/0x610 [ 28.282966] ? __virt_addr_valid+0x1db/0x2d0 [ 28.282992] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.283014] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.283041] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.283065] kasan_report+0x141/0x180 [ 28.283087] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.283115] __asan_report_load4_noabort+0x18/0x20 [ 28.283140] kasan_atomics_helper+0x4a02/0x5450 [ 28.283165] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.283187] ? ret_from_fork_asm+0x1a/0x30 [ 28.283217] kasan_atomics+0x1dc/0x310 [ 28.283241] ? __pfx_kasan_atomics+0x10/0x10 [ 28.283267] ? __pfx_read_tsc+0x10/0x10 [ 28.283291] ? ktime_get_ts64+0x86/0x230 [ 28.283316] kunit_try_run_case+0x1a5/0x480 [ 28.283339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.283362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.283386] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.283412] ? __kthread_parkme+0x82/0x180 [ 28.283434] ? preempt_count_sub+0x50/0x80 [ 28.283460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.283483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.283521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.283548] kthread+0x337/0x6f0 [ 28.283570] ? trace_preempt_on+0x20/0xc0 [ 28.283593] ? __pfx_kthread+0x10/0x10 [ 28.283618] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.283641] ? calculate_sigpending+0x7b/0xa0 [ 28.283666] ? __pfx_kthread+0x10/0x10 [ 28.283690] ret_from_fork+0x116/0x1d0 [ 28.283725] ? __pfx_kthread+0x10/0x10 [ 28.283748] ret_from_fork_asm+0x1a/0x30 [ 28.283780] </TASK> [ 28.283794] [ 28.293457] Allocated by task 313: [ 28.293623] kasan_save_stack+0x45/0x70 [ 28.294029] kasan_save_track+0x18/0x40 [ 28.294298] kasan_save_alloc_info+0x3b/0x50 [ 28.294602] __kasan_kmalloc+0xb7/0xc0 [ 28.294781] __kmalloc_cache_noprof+0x189/0x420 [ 28.295078] kasan_atomics+0x95/0x310 [ 28.295266] kunit_try_run_case+0x1a5/0x480 [ 28.295463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.295936] kthread+0x337/0x6f0 [ 28.296216] ret_from_fork+0x116/0x1d0 [ 28.296482] ret_from_fork_asm+0x1a/0x30 [ 28.296651] [ 28.296902] The buggy address belongs to the object at ffff88810439e280 [ 28.296902] which belongs to the cache kmalloc-64 of size 64 [ 28.297393] The buggy address is located 0 bytes to the right of [ 28.297393] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.298290] [ 28.298370] The buggy address belongs to the physical page: [ 28.298802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.299593] flags: 0x200000000000000(node=0|zone=2) [ 28.300042] page_type: f5(slab) [ 28.300174] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.300410] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.301150] page dumped because: kasan: bad access detected [ 28.301775] [ 28.302027] Memory state around the buggy address: [ 28.302539] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.303239] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.303467] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.304102] ^ [ 28.304714] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.305109] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.305333] ================================================================== [ 28.353004] ================================================================== [ 28.353242] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 28.353473] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.353712] [ 28.353795] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.353843] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.353856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.353878] Call Trace: [ 28.353892] <TASK> [ 28.353909] dump_stack_lvl+0x73/0xb0 [ 28.353936] print_report+0xd1/0x610 [ 28.353960] ? __virt_addr_valid+0x1db/0x2d0 [ 28.353983] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.354005] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.354032] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.354054] kasan_report+0x141/0x180 [ 28.354077] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.354103] kasan_check_range+0x10c/0x1c0 [ 28.354126] __kasan_check_write+0x18/0x20 [ 28.354150] kasan_atomics_helper+0x12e6/0x5450 [ 28.354173] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.354196] ? ret_from_fork_asm+0x1a/0x30 [ 28.354224] kasan_atomics+0x1dc/0x310 [ 28.354247] ? __pfx_kasan_atomics+0x10/0x10 [ 28.354272] ? __pfx_read_tsc+0x10/0x10 [ 28.354294] ? ktime_get_ts64+0x86/0x230 [ 28.354320] kunit_try_run_case+0x1a5/0x480 [ 28.354341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.354362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.354387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.354410] ? __kthread_parkme+0x82/0x180 [ 28.354431] ? preempt_count_sub+0x50/0x80 [ 28.354455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.354478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.354502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.354528] kthread+0x337/0x6f0 [ 28.354548] ? trace_preempt_on+0x20/0xc0 [ 28.354571] ? __pfx_kthread+0x10/0x10 [ 28.354593] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.354616] ? calculate_sigpending+0x7b/0xa0 [ 28.354642] ? __pfx_kthread+0x10/0x10 [ 28.354664] ret_from_fork+0x116/0x1d0 [ 28.354684] ? __pfx_kthread+0x10/0x10 [ 28.355236] ret_from_fork_asm+0x1a/0x30 [ 28.355277] </TASK> [ 28.355748] [ 28.373833] Allocated by task 313: [ 28.374075] kasan_save_stack+0x45/0x70 [ 28.374577] kasan_save_track+0x18/0x40 [ 28.375017] kasan_save_alloc_info+0x3b/0x50 [ 28.375598] __kasan_kmalloc+0xb7/0xc0 [ 28.375990] __kmalloc_cache_noprof+0x189/0x420 [ 28.376477] kasan_atomics+0x95/0x310 [ 28.376856] kunit_try_run_case+0x1a5/0x480 [ 28.377006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.377181] kthread+0x337/0x6f0 [ 28.377302] ret_from_fork+0x116/0x1d0 [ 28.377436] ret_from_fork_asm+0x1a/0x30 [ 28.377622] [ 28.377809] The buggy address belongs to the object at ffff88810439e280 [ 28.377809] which belongs to the cache kmalloc-64 of size 64 [ 28.378945] The buggy address is located 0 bytes to the right of [ 28.378945] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.380083] [ 28.380241] The buggy address belongs to the physical page: [ 28.380776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.381199] flags: 0x200000000000000(node=0|zone=2) [ 28.381362] page_type: f5(slab) [ 28.381483] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.382176] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.382835] page dumped because: kasan: bad access detected [ 28.383314] [ 28.383476] Memory state around the buggy address: [ 28.383807] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.384033] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.384247] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.384459] ^ [ 28.384933] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.385576] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.386327] ================================================================== [ 28.507930] ================================================================== [ 28.509114] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 28.509832] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.510496] [ 28.510705] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.510755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.510768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.510790] Call Trace: [ 28.510816] <TASK> [ 28.510836] dump_stack_lvl+0x73/0xb0 [ 28.510864] print_report+0xd1/0x610 [ 28.510899] ? __virt_addr_valid+0x1db/0x2d0 [ 28.510923] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.510947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.510973] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.510997] kasan_report+0x141/0x180 [ 28.511021] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.511048] kasan_check_range+0x10c/0x1c0 [ 28.511073] __kasan_check_write+0x18/0x20 [ 28.511098] kasan_atomics_helper+0x15b6/0x5450 [ 28.511122] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.511146] ? ret_from_fork_asm+0x1a/0x30 [ 28.511175] kasan_atomics+0x1dc/0x310 [ 28.511209] ? __pfx_kasan_atomics+0x10/0x10 [ 28.511234] ? __pfx_read_tsc+0x10/0x10 [ 28.511258] ? ktime_get_ts64+0x86/0x230 [ 28.511295] kunit_try_run_case+0x1a5/0x480 [ 28.511319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.511341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.511374] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.511400] ? __kthread_parkme+0x82/0x180 [ 28.511422] ? preempt_count_sub+0x50/0x80 [ 28.511456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.511479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.511515] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.511542] kthread+0x337/0x6f0 [ 28.511572] ? trace_preempt_on+0x20/0xc0 [ 28.511597] ? __pfx_kthread+0x10/0x10 [ 28.511619] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.511654] ? calculate_sigpending+0x7b/0xa0 [ 28.511682] ? __pfx_kthread+0x10/0x10 [ 28.511714] ret_from_fork+0x116/0x1d0 [ 28.511735] ? __pfx_kthread+0x10/0x10 [ 28.511757] ret_from_fork_asm+0x1a/0x30 [ 28.511789] </TASK> [ 28.511801] [ 28.524814] Allocated by task 313: [ 28.524946] kasan_save_stack+0x45/0x70 [ 28.525088] kasan_save_track+0x18/0x40 [ 28.525221] kasan_save_alloc_info+0x3b/0x50 [ 28.525367] __kasan_kmalloc+0xb7/0xc0 [ 28.525512] __kmalloc_cache_noprof+0x189/0x420 [ 28.525956] kasan_atomics+0x95/0x310 [ 28.526298] kunit_try_run_case+0x1a5/0x480 [ 28.526750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.527226] kthread+0x337/0x6f0 [ 28.527557] ret_from_fork+0x116/0x1d0 [ 28.527924] ret_from_fork_asm+0x1a/0x30 [ 28.528292] [ 28.528467] The buggy address belongs to the object at ffff88810439e280 [ 28.528467] which belongs to the cache kmalloc-64 of size 64 [ 28.529769] The buggy address is located 0 bytes to the right of [ 28.529769] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.530815] [ 28.530890] The buggy address belongs to the physical page: [ 28.531287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.531552] flags: 0x200000000000000(node=0|zone=2) [ 28.531998] page_type: f5(slab) [ 28.532244] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.532826] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.533231] page dumped because: kasan: bad access detected [ 28.533402] [ 28.533467] Memory state around the buggy address: [ 28.533932] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.534566] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.535174] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.535781] ^ [ 28.535940] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.536155] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.536366] ================================================================== [ 28.237099] ================================================================== [ 28.237349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 28.237677] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.237988] [ 28.238158] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.238208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.238222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.238245] Call Trace: [ 28.238261] <TASK> [ 28.238277] dump_stack_lvl+0x73/0xb0 [ 28.238308] print_report+0xd1/0x610 [ 28.238331] ? __virt_addr_valid+0x1db/0x2d0 [ 28.238357] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.238379] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.238407] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.238429] kasan_report+0x141/0x180 [ 28.238452] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.238480] __asan_report_load4_noabort+0x18/0x20 [ 28.238518] kasan_atomics_helper+0x4a1c/0x5450 [ 28.238543] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.238565] ? ret_from_fork_asm+0x1a/0x30 [ 28.238594] kasan_atomics+0x1dc/0x310 [ 28.238618] ? __pfx_kasan_atomics+0x10/0x10 [ 28.238643] ? __pfx_read_tsc+0x10/0x10 [ 28.238667] ? ktime_get_ts64+0x86/0x230 [ 28.238692] kunit_try_run_case+0x1a5/0x480 [ 28.238727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.238749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.238774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.238798] ? __kthread_parkme+0x82/0x180 [ 28.238821] ? preempt_count_sub+0x50/0x80 [ 28.238846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.238869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.238896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.238923] kthread+0x337/0x6f0 [ 28.238943] ? trace_preempt_on+0x20/0xc0 [ 28.238967] ? __pfx_kthread+0x10/0x10 [ 28.238990] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.239013] ? calculate_sigpending+0x7b/0xa0 [ 28.239038] ? __pfx_kthread+0x10/0x10 [ 28.239061] ret_from_fork+0x116/0x1d0 [ 28.239082] ? __pfx_kthread+0x10/0x10 [ 28.239104] ret_from_fork_asm+0x1a/0x30 [ 28.239136] </TASK> [ 28.239150] [ 28.245645] Allocated by task 313: [ 28.245948] kasan_save_stack+0x45/0x70 [ 28.246154] kasan_save_track+0x18/0x40 [ 28.246369] kasan_save_alloc_info+0x3b/0x50 [ 28.246725] __kasan_kmalloc+0xb7/0xc0 [ 28.247017] __kmalloc_cache_noprof+0x189/0x420 [ 28.247770] kasan_atomics+0x95/0x310 [ 28.248291] kunit_try_run_case+0x1a5/0x480 [ 28.248457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.249112] kthread+0x337/0x6f0 [ 28.249295] ret_from_fork+0x116/0x1d0 [ 28.249653] ret_from_fork_asm+0x1a/0x30 [ 28.250007] [ 28.250105] The buggy address belongs to the object at ffff88810439e280 [ 28.250105] which belongs to the cache kmalloc-64 of size 64 [ 28.250695] The buggy address is located 0 bytes to the right of [ 28.250695] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.251425] [ 28.251556] The buggy address belongs to the physical page: [ 28.251939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.252297] flags: 0x200000000000000(node=0|zone=2) [ 28.252651] page_type: f5(slab) [ 28.252946] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.253279] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.253686] page dumped because: kasan: bad access detected [ 28.254032] [ 28.254130] Memory state around the buggy address: [ 28.254347] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.254855] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.255222] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.255596] ^ [ 28.255934] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.256237] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.256487] ================================================================== [ 28.451503] ================================================================== [ 28.452110] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 28.452456] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.452832] [ 28.452936] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.452983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.453007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.453030] Call Trace: [ 28.453046] <TASK> [ 28.453063] dump_stack_lvl+0x73/0xb0 [ 28.453103] print_report+0xd1/0x610 [ 28.453128] ? __virt_addr_valid+0x1db/0x2d0 [ 28.453152] ? kasan_atomics_helper+0x1467/0x5450 [ 28.453175] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.453202] ? kasan_atomics_helper+0x1467/0x5450 [ 28.453225] kasan_report+0x141/0x180 [ 28.453249] ? kasan_atomics_helper+0x1467/0x5450 [ 28.453275] kasan_check_range+0x10c/0x1c0 [ 28.453300] __kasan_check_write+0x18/0x20 [ 28.453324] kasan_atomics_helper+0x1467/0x5450 [ 28.453348] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.453373] ? ret_from_fork_asm+0x1a/0x30 [ 28.453401] kasan_atomics+0x1dc/0x310 [ 28.453425] ? __pfx_kasan_atomics+0x10/0x10 [ 28.453450] ? __pfx_read_tsc+0x10/0x10 [ 28.453473] ? ktime_get_ts64+0x86/0x230 [ 28.453509] kunit_try_run_case+0x1a5/0x480 [ 28.453533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.453555] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.453582] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.453619] ? __kthread_parkme+0x82/0x180 [ 28.453641] ? preempt_count_sub+0x50/0x80 [ 28.453677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.453709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.453736] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.453762] kthread+0x337/0x6f0 [ 28.453792] ? trace_preempt_on+0x20/0xc0 [ 28.453816] ? __pfx_kthread+0x10/0x10 [ 28.453838] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.453872] ? calculate_sigpending+0x7b/0xa0 [ 28.453897] ? __pfx_kthread+0x10/0x10 [ 28.453920] ret_from_fork+0x116/0x1d0 [ 28.453950] ? __pfx_kthread+0x10/0x10 [ 28.453972] ret_from_fork_asm+0x1a/0x30 [ 28.454004] </TASK> [ 28.454028] [ 28.461780] Allocated by task 313: [ 28.461967] kasan_save_stack+0x45/0x70 [ 28.462126] kasan_save_track+0x18/0x40 [ 28.462324] kasan_save_alloc_info+0x3b/0x50 [ 28.462560] __kasan_kmalloc+0xb7/0xc0 [ 28.462743] __kmalloc_cache_noprof+0x189/0x420 [ 28.462980] kasan_atomics+0x95/0x310 [ 28.463118] kunit_try_run_case+0x1a5/0x480 [ 28.463261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.463435] kthread+0x337/0x6f0 [ 28.463553] ret_from_fork+0x116/0x1d0 [ 28.463685] ret_from_fork_asm+0x1a/0x30 [ 28.464056] [ 28.464160] The buggy address belongs to the object at ffff88810439e280 [ 28.464160] which belongs to the cache kmalloc-64 of size 64 [ 28.464709] The buggy address is located 0 bytes to the right of [ 28.464709] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.465071] [ 28.465138] The buggy address belongs to the physical page: [ 28.465412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.466164] flags: 0x200000000000000(node=0|zone=2) [ 28.466419] page_type: f5(slab) [ 28.466600] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.467003] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.467226] page dumped because: kasan: bad access detected [ 28.467393] [ 28.467457] Memory state around the buggy address: [ 28.467881] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.468222] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.468598] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.468925] ^ [ 28.469111] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.469324] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.469666] ================================================================== [ 27.879058] ================================================================== [ 27.879364] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 27.879756] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.880239] [ 27.880359] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.880409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.880424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.880448] Call Trace: [ 27.880463] <TASK> [ 27.880480] dump_stack_lvl+0x73/0xb0 [ 27.880511] print_report+0xd1/0x610 [ 27.880534] ? __virt_addr_valid+0x1db/0x2d0 [ 27.880560] ? kasan_atomics_helper+0x860/0x5450 [ 27.880582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.880610] ? kasan_atomics_helper+0x860/0x5450 [ 27.880632] kasan_report+0x141/0x180 [ 27.880757] ? kasan_atomics_helper+0x860/0x5450 [ 27.880793] kasan_check_range+0x10c/0x1c0 [ 27.880819] __kasan_check_write+0x18/0x20 [ 27.880845] kasan_atomics_helper+0x860/0x5450 [ 27.880929] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.880954] ? ret_from_fork_asm+0x1a/0x30 [ 27.880983] kasan_atomics+0x1dc/0x310 [ 27.881008] ? __pfx_kasan_atomics+0x10/0x10 [ 27.881033] ? __pfx_read_tsc+0x10/0x10 [ 27.881058] ? ktime_get_ts64+0x86/0x230 [ 27.881083] kunit_try_run_case+0x1a5/0x480 [ 27.881107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.881129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.881154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.881180] ? __kthread_parkme+0x82/0x180 [ 27.881203] ? preempt_count_sub+0x50/0x80 [ 27.881227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.881252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.881281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.881308] kthread+0x337/0x6f0 [ 27.881330] ? trace_preempt_on+0x20/0xc0 [ 27.881356] ? __pfx_kthread+0x10/0x10 [ 27.881380] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.881404] ? calculate_sigpending+0x7b/0xa0 [ 27.881430] ? __pfx_kthread+0x10/0x10 [ 27.881453] ret_from_fork+0x116/0x1d0 [ 27.881474] ? __pfx_kthread+0x10/0x10 [ 27.881506] ret_from_fork_asm+0x1a/0x30 [ 27.881537] </TASK> [ 27.881550] [ 27.888935] Allocated by task 313: [ 27.889063] kasan_save_stack+0x45/0x70 [ 27.889357] kasan_save_track+0x18/0x40 [ 27.889552] kasan_save_alloc_info+0x3b/0x50 [ 27.889928] __kasan_kmalloc+0xb7/0xc0 [ 27.890087] __kmalloc_cache_noprof+0x189/0x420 [ 27.890238] kasan_atomics+0x95/0x310 [ 27.890365] kunit_try_run_case+0x1a5/0x480 [ 27.890534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.890863] kthread+0x337/0x6f0 [ 27.891042] ret_from_fork+0x116/0x1d0 [ 27.891232] ret_from_fork_asm+0x1a/0x30 [ 27.891436] [ 27.891557] The buggy address belongs to the object at ffff88810439e280 [ 27.891557] which belongs to the cache kmalloc-64 of size 64 [ 27.892250] The buggy address is located 0 bytes to the right of [ 27.892250] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.892883] [ 27.892960] The buggy address belongs to the physical page: [ 27.893188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.893515] flags: 0x200000000000000(node=0|zone=2) [ 27.893682] page_type: f5(slab) [ 27.893978] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.894270] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.894582] page dumped because: kasan: bad access detected [ 27.894861] [ 27.894930] Memory state around the buggy address: [ 27.895153] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.895359] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.895562] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.895827] ^ [ 27.896219] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.896565] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.896971] ================================================================== [ 29.025071] ================================================================== [ 29.025455] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 29.026129] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 29.026656] [ 29.026881] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 29.026945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.026960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.026984] Call Trace: [ 29.027001] <TASK> [ 29.027018] dump_stack_lvl+0x73/0xb0 [ 29.027049] print_report+0xd1/0x610 [ 29.027074] ? __virt_addr_valid+0x1db/0x2d0 [ 29.027099] ? kasan_atomics_helper+0x224c/0x5450 [ 29.027123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.027151] ? kasan_atomics_helper+0x224c/0x5450 [ 29.027174] kasan_report+0x141/0x180 [ 29.027198] ? kasan_atomics_helper+0x224c/0x5450 [ 29.027226] kasan_check_range+0x10c/0x1c0 [ 29.027251] __kasan_check_write+0x18/0x20 [ 29.027275] kasan_atomics_helper+0x224c/0x5450 [ 29.027298] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.027322] ? ret_from_fork_asm+0x1a/0x30 [ 29.027350] kasan_atomics+0x1dc/0x310 [ 29.027374] ? __pfx_kasan_atomics+0x10/0x10 [ 29.027400] ? __pfx_read_tsc+0x10/0x10 [ 29.027423] ? ktime_get_ts64+0x86/0x230 [ 29.027448] kunit_try_run_case+0x1a5/0x480 [ 29.027472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.027593] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.027623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.027648] ? __kthread_parkme+0x82/0x180 [ 29.027670] ? preempt_count_sub+0x50/0x80 [ 29.027733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.027760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.027787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.027814] kthread+0x337/0x6f0 [ 29.027836] ? trace_preempt_on+0x20/0xc0 [ 29.027868] ? __pfx_kthread+0x10/0x10 [ 29.027891] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.027914] ? calculate_sigpending+0x7b/0xa0 [ 29.027939] ? __pfx_kthread+0x10/0x10 [ 29.027962] ret_from_fork+0x116/0x1d0 [ 29.027985] ? __pfx_kthread+0x10/0x10 [ 29.028009] ret_from_fork_asm+0x1a/0x30 [ 29.028041] </TASK> [ 29.028055] [ 29.038832] Allocated by task 313: [ 29.039123] kasan_save_stack+0x45/0x70 [ 29.039501] kasan_save_track+0x18/0x40 [ 29.039808] kasan_save_alloc_info+0x3b/0x50 [ 29.040029] __kasan_kmalloc+0xb7/0xc0 [ 29.040207] __kmalloc_cache_noprof+0x189/0x420 [ 29.040413] kasan_atomics+0x95/0x310 [ 29.040948] kunit_try_run_case+0x1a5/0x480 [ 29.041210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.041659] kthread+0x337/0x6f0 [ 29.041956] ret_from_fork+0x116/0x1d0 [ 29.042319] ret_from_fork_asm+0x1a/0x30 [ 29.042654] [ 29.042785] The buggy address belongs to the object at ffff88810439e280 [ 29.042785] which belongs to the cache kmalloc-64 of size 64 [ 29.043269] The buggy address is located 0 bytes to the right of [ 29.043269] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 29.044241] [ 29.044353] The buggy address belongs to the physical page: [ 29.044971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 29.045323] flags: 0x200000000000000(node=0|zone=2) [ 29.045764] page_type: f5(slab) [ 29.046007] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.046331] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.046999] page dumped because: kasan: bad access detected [ 29.047273] [ 29.047504] Memory state around the buggy address: [ 29.047870] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.048438] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.048966] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.049412] ^ [ 29.049870] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.050189] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.050477] ================================================================== [ 28.884132] ================================================================== [ 28.884383] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 28.884790] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.885130] [ 28.885245] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.885308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.885336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.885358] Call Trace: [ 28.885375] <TASK> [ 28.885391] dump_stack_lvl+0x73/0xb0 [ 28.885420] print_report+0xd1/0x610 [ 28.885444] ? __virt_addr_valid+0x1db/0x2d0 [ 28.885469] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.885514] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.885541] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.885565] kasan_report+0x141/0x180 [ 28.885587] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.885614] __asan_report_load8_noabort+0x18/0x20 [ 28.885639] kasan_atomics_helper+0x4f71/0x5450 [ 28.885663] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.885686] ? ret_from_fork_asm+0x1a/0x30 [ 28.885723] kasan_atomics+0x1dc/0x310 [ 28.885768] ? __pfx_kasan_atomics+0x10/0x10 [ 28.885794] ? __pfx_read_tsc+0x10/0x10 [ 28.885834] ? ktime_get_ts64+0x86/0x230 [ 28.885861] kunit_try_run_case+0x1a5/0x480 [ 28.885885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.885907] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.885933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.885958] ? __kthread_parkme+0x82/0x180 [ 28.885980] ? preempt_count_sub+0x50/0x80 [ 28.886004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.886027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.886054] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.886099] kthread+0x337/0x6f0 [ 28.886119] ? trace_preempt_on+0x20/0xc0 [ 28.886143] ? __pfx_kthread+0x10/0x10 [ 28.886166] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.886189] ? calculate_sigpending+0x7b/0xa0 [ 28.886213] ? __pfx_kthread+0x10/0x10 [ 28.886252] ret_from_fork+0x116/0x1d0 [ 28.886273] ? __pfx_kthread+0x10/0x10 [ 28.886295] ret_from_fork_asm+0x1a/0x30 [ 28.886327] </TASK> [ 28.886341] [ 28.893843] Allocated by task 313: [ 28.894045] kasan_save_stack+0x45/0x70 [ 28.894233] kasan_save_track+0x18/0x40 [ 28.894469] kasan_save_alloc_info+0x3b/0x50 [ 28.894708] __kasan_kmalloc+0xb7/0xc0 [ 28.894893] __kmalloc_cache_noprof+0x189/0x420 [ 28.895112] kasan_atomics+0x95/0x310 [ 28.895295] kunit_try_run_case+0x1a5/0x480 [ 28.895526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.895808] kthread+0x337/0x6f0 [ 28.895938] ret_from_fork+0x116/0x1d0 [ 28.896124] ret_from_fork_asm+0x1a/0x30 [ 28.896335] [ 28.896432] The buggy address belongs to the object at ffff88810439e280 [ 28.896432] which belongs to the cache kmalloc-64 of size 64 [ 28.896917] The buggy address is located 0 bytes to the right of [ 28.896917] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.897466] [ 28.897580] The buggy address belongs to the physical page: [ 28.897826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.898197] flags: 0x200000000000000(node=0|zone=2) [ 28.898365] page_type: f5(slab) [ 28.898560] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.898895] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.899120] page dumped because: kasan: bad access detected [ 28.899288] [ 28.899354] Memory state around the buggy address: [ 28.899619] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.899988] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.900338] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.900606] ^ [ 28.900774] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.900986] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.901194] ================================================================== [ 27.823292] ================================================================== [ 27.824178] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 27.824436] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.825102] [ 27.825293] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.825347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.825361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.825386] Call Trace: [ 27.825407] <TASK> [ 27.825427] dump_stack_lvl+0x73/0xb0 [ 27.825461] print_report+0xd1/0x610 [ 27.825486] ? __virt_addr_valid+0x1db/0x2d0 [ 27.825514] ? kasan_atomics_helper+0x72f/0x5450 [ 27.825537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.825564] ? kasan_atomics_helper+0x72f/0x5450 [ 27.825589] kasan_report+0x141/0x180 [ 27.825612] ? kasan_atomics_helper+0x72f/0x5450 [ 27.825640] kasan_check_range+0x10c/0x1c0 [ 27.825677] __kasan_check_write+0x18/0x20 [ 27.825715] kasan_atomics_helper+0x72f/0x5450 [ 27.825740] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.825764] ? ret_from_fork_asm+0x1a/0x30 [ 27.825847] kasan_atomics+0x1dc/0x310 [ 27.825873] ? __pfx_kasan_atomics+0x10/0x10 [ 27.825901] ? __pfx_read_tsc+0x10/0x10 [ 27.825928] ? ktime_get_ts64+0x86/0x230 [ 27.825955] kunit_try_run_case+0x1a5/0x480 [ 27.825979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.826001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.826028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.826054] ? __kthread_parkme+0x82/0x180 [ 27.826077] ? preempt_count_sub+0x50/0x80 [ 27.826102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.826126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.826155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.826181] kthread+0x337/0x6f0 [ 27.826203] ? trace_preempt_on+0x20/0xc0 [ 27.826228] ? __pfx_kthread+0x10/0x10 [ 27.826250] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.826273] ? calculate_sigpending+0x7b/0xa0 [ 27.826298] ? __pfx_kthread+0x10/0x10 [ 27.826322] ret_from_fork+0x116/0x1d0 [ 27.826344] ? __pfx_kthread+0x10/0x10 [ 27.826366] ret_from_fork_asm+0x1a/0x30 [ 27.826399] </TASK> [ 27.826413] [ 27.841468] Allocated by task 313: [ 27.841616] kasan_save_stack+0x45/0x70 [ 27.842198] kasan_save_track+0x18/0x40 [ 27.842610] kasan_save_alloc_info+0x3b/0x50 [ 27.843098] __kasan_kmalloc+0xb7/0xc0 [ 27.843507] __kmalloc_cache_noprof+0x189/0x420 [ 27.844041] kasan_atomics+0x95/0x310 [ 27.844377] kunit_try_run_case+0x1a5/0x480 [ 27.844839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.845038] kthread+0x337/0x6f0 [ 27.845231] ret_from_fork+0x116/0x1d0 [ 27.845405] ret_from_fork_asm+0x1a/0x30 [ 27.845626] [ 27.845724] The buggy address belongs to the object at ffff88810439e280 [ 27.845724] which belongs to the cache kmalloc-64 of size 64 [ 27.846286] The buggy address is located 0 bytes to the right of [ 27.846286] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.846944] [ 27.847048] The buggy address belongs to the physical page: [ 27.847290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.847668] flags: 0x200000000000000(node=0|zone=2) [ 27.848135] page_type: f5(slab) [ 27.848303] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.848629] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.849077] page dumped because: kasan: bad access detected [ 27.849325] [ 27.849418] Memory state around the buggy address: [ 27.849678] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.850091] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.850407] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.850826] ^ [ 27.851084] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.851365] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.851686] ================================================================== [ 28.536872] ================================================================== [ 28.537379] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 28.537771] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.538154] [ 28.538239] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.538287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.538300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.538357] Call Trace: [ 28.538374] <TASK> [ 28.538391] dump_stack_lvl+0x73/0xb0 [ 28.538432] print_report+0xd1/0x610 [ 28.538456] ? __virt_addr_valid+0x1db/0x2d0 [ 28.538518] ? kasan_atomics_helper+0x164f/0x5450 [ 28.538543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.538581] ? kasan_atomics_helper+0x164f/0x5450 [ 28.538604] kasan_report+0x141/0x180 [ 28.538629] ? kasan_atomics_helper+0x164f/0x5450 [ 28.538656] kasan_check_range+0x10c/0x1c0 [ 28.538716] __kasan_check_write+0x18/0x20 [ 28.538740] kasan_atomics_helper+0x164f/0x5450 [ 28.538774] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.538798] ? ret_from_fork_asm+0x1a/0x30 [ 28.538828] kasan_atomics+0x1dc/0x310 [ 28.538878] ? __pfx_kasan_atomics+0x10/0x10 [ 28.538905] ? __pfx_read_tsc+0x10/0x10 [ 28.538930] ? ktime_get_ts64+0x86/0x230 [ 28.538967] kunit_try_run_case+0x1a5/0x480 [ 28.538991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.539013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.539049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.539074] ? __kthread_parkme+0x82/0x180 [ 28.539097] ? preempt_count_sub+0x50/0x80 [ 28.539121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.539144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.539171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.539198] kthread+0x337/0x6f0 [ 28.539218] ? trace_preempt_on+0x20/0xc0 [ 28.539242] ? __pfx_kthread+0x10/0x10 [ 28.539265] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.539289] ? calculate_sigpending+0x7b/0xa0 [ 28.539314] ? __pfx_kthread+0x10/0x10 [ 28.539337] ret_from_fork+0x116/0x1d0 [ 28.539358] ? __pfx_kthread+0x10/0x10 [ 28.539381] ret_from_fork_asm+0x1a/0x30 [ 28.539412] </TASK> [ 28.539425] [ 28.552414] Allocated by task 313: [ 28.552779] kasan_save_stack+0x45/0x70 [ 28.553165] kasan_save_track+0x18/0x40 [ 28.553302] kasan_save_alloc_info+0x3b/0x50 [ 28.553449] __kasan_kmalloc+0xb7/0xc0 [ 28.553813] __kmalloc_cache_noprof+0x189/0x420 [ 28.554249] kasan_atomics+0x95/0x310 [ 28.554608] kunit_try_run_case+0x1a5/0x480 [ 28.555006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.555500] kthread+0x337/0x6f0 [ 28.555830] ret_from_fork+0x116/0x1d0 [ 28.555968] ret_from_fork_asm+0x1a/0x30 [ 28.556106] [ 28.556172] The buggy address belongs to the object at ffff88810439e280 [ 28.556172] which belongs to the cache kmalloc-64 of size 64 [ 28.556554] The buggy address is located 0 bytes to the right of [ 28.556554] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.557224] [ 28.557331] The buggy address belongs to the physical page: [ 28.557584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.557900] flags: 0x200000000000000(node=0|zone=2) [ 28.558088] page_type: f5(slab) [ 28.558257] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.558640] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.558953] page dumped because: kasan: bad access detected [ 28.559216] [ 28.559304] Memory state around the buggy address: [ 28.559519] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.559850] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.560174] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.560465] ^ [ 28.560683] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.560965] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.561219] ================================================================== [ 28.957302] ================================================================== [ 28.957756] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 28.958118] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.958445] [ 28.958591] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.958641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.958687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.958719] Call Trace: [ 28.958734] <TASK> [ 28.958751] dump_stack_lvl+0x73/0xb0 [ 28.958810] print_report+0xd1/0x610 [ 28.958835] ? __virt_addr_valid+0x1db/0x2d0 [ 28.958858] ? kasan_atomics_helper+0x4fb2/0x5450 [ 28.958880] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.958930] ? kasan_atomics_helper+0x4fb2/0x5450 [ 28.958953] kasan_report+0x141/0x180 [ 28.958977] ? kasan_atomics_helper+0x4fb2/0x5450 [ 28.959004] __asan_report_load8_noabort+0x18/0x20 [ 28.959029] kasan_atomics_helper+0x4fb2/0x5450 [ 28.959053] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.959076] ? ret_from_fork_asm+0x1a/0x30 [ 28.959105] kasan_atomics+0x1dc/0x310 [ 28.959129] ? __pfx_kasan_atomics+0x10/0x10 [ 28.959154] ? __pfx_read_tsc+0x10/0x10 [ 28.959177] ? ktime_get_ts64+0x86/0x230 [ 28.959202] kunit_try_run_case+0x1a5/0x480 [ 28.959226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.959248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.959273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.959297] ? __kthread_parkme+0x82/0x180 [ 28.959319] ? preempt_count_sub+0x50/0x80 [ 28.959343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.959366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.959392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.959419] kthread+0x337/0x6f0 [ 28.959440] ? trace_preempt_on+0x20/0xc0 [ 28.959464] ? __pfx_kthread+0x10/0x10 [ 28.959526] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.959550] ? calculate_sigpending+0x7b/0xa0 [ 28.959574] ? __pfx_kthread+0x10/0x10 [ 28.959597] ret_from_fork+0x116/0x1d0 [ 28.959618] ? __pfx_kthread+0x10/0x10 [ 28.959642] ret_from_fork_asm+0x1a/0x30 [ 28.959675] </TASK> [ 28.959688] [ 28.967062] Allocated by task 313: [ 28.967235] kasan_save_stack+0x45/0x70 [ 28.967411] kasan_save_track+0x18/0x40 [ 28.967570] kasan_save_alloc_info+0x3b/0x50 [ 28.967814] __kasan_kmalloc+0xb7/0xc0 [ 28.968012] __kmalloc_cache_noprof+0x189/0x420 [ 28.968201] kasan_atomics+0x95/0x310 [ 28.968396] kunit_try_run_case+0x1a5/0x480 [ 28.968619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.968882] kthread+0x337/0x6f0 [ 28.969088] ret_from_fork+0x116/0x1d0 [ 28.969286] ret_from_fork_asm+0x1a/0x30 [ 28.969497] [ 28.969581] The buggy address belongs to the object at ffff88810439e280 [ 28.969581] which belongs to the cache kmalloc-64 of size 64 [ 28.970055] The buggy address is located 0 bytes to the right of [ 28.970055] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.970577] [ 28.970671] The buggy address belongs to the physical page: [ 28.970894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.971257] flags: 0x200000000000000(node=0|zone=2) [ 28.971514] page_type: f5(slab) [ 28.971723] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.972072] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.972406] page dumped because: kasan: bad access detected [ 28.972657] [ 28.972733] Memory state around the buggy address: [ 28.972913] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.973254] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.973582] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.973889] ^ [ 28.974092] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.974427] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.974747] ================================================================== [ 28.433566] ================================================================== [ 28.434072] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 28.434466] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.434854] [ 28.434982] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.435029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.435043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.435065] Call Trace: [ 28.435081] <TASK> [ 28.435096] dump_stack_lvl+0x73/0xb0 [ 28.435124] print_report+0xd1/0x610 [ 28.435149] ? __virt_addr_valid+0x1db/0x2d0 [ 28.435173] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.435195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.435223] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.435246] kasan_report+0x141/0x180 [ 28.435269] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.435296] __asan_report_load8_noabort+0x18/0x20 [ 28.435321] kasan_atomics_helper+0x4eae/0x5450 [ 28.435356] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.435379] ? ret_from_fork_asm+0x1a/0x30 [ 28.435409] kasan_atomics+0x1dc/0x310 [ 28.435444] ? __pfx_kasan_atomics+0x10/0x10 [ 28.435470] ? __pfx_read_tsc+0x10/0x10 [ 28.435503] ? ktime_get_ts64+0x86/0x230 [ 28.435537] kunit_try_run_case+0x1a5/0x480 [ 28.435561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.435582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.435618] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.435642] ? __kthread_parkme+0x82/0x180 [ 28.435664] ? preempt_count_sub+0x50/0x80 [ 28.435688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.435723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.435749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.435776] kthread+0x337/0x6f0 [ 28.435798] ? trace_preempt_on+0x20/0xc0 [ 28.435823] ? __pfx_kthread+0x10/0x10 [ 28.435851] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.435882] ? calculate_sigpending+0x7b/0xa0 [ 28.435908] ? __pfx_kthread+0x10/0x10 [ 28.435931] ret_from_fork+0x116/0x1d0 [ 28.435964] ? __pfx_kthread+0x10/0x10 [ 28.435986] ret_from_fork_asm+0x1a/0x30 [ 28.436017] </TASK> [ 28.436031] [ 28.443617] Allocated by task 313: [ 28.443801] kasan_save_stack+0x45/0x70 [ 28.443996] kasan_save_track+0x18/0x40 [ 28.444217] kasan_save_alloc_info+0x3b/0x50 [ 28.444442] __kasan_kmalloc+0xb7/0xc0 [ 28.444641] __kmalloc_cache_noprof+0x189/0x420 [ 28.444867] kasan_atomics+0x95/0x310 [ 28.445049] kunit_try_run_case+0x1a5/0x480 [ 28.445237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.445475] kthread+0x337/0x6f0 [ 28.445669] ret_from_fork+0x116/0x1d0 [ 28.445853] ret_from_fork_asm+0x1a/0x30 [ 28.445990] [ 28.446089] The buggy address belongs to the object at ffff88810439e280 [ 28.446089] which belongs to the cache kmalloc-64 of size 64 [ 28.446614] The buggy address is located 0 bytes to the right of [ 28.446614] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.446994] [ 28.447062] The buggy address belongs to the physical page: [ 28.447231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.447470] flags: 0x200000000000000(node=0|zone=2) [ 28.447627] page_type: f5(slab) [ 28.447829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.448186] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.448556] page dumped because: kasan: bad access detected [ 28.448814] [ 28.448902] Memory state around the buggy address: [ 28.449121] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.449439] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.449950] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.450163] ^ [ 28.450317] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.450529] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.450749] ================================================================== [ 28.066743] ================================================================== [ 28.067160] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 28.067476] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.068349] [ 28.068455] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.068516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.068531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.068555] Call Trace: [ 28.068570] <TASK> [ 28.068588] dump_stack_lvl+0x73/0xb0 [ 28.068619] print_report+0xd1/0x610 [ 28.068645] ? __virt_addr_valid+0x1db/0x2d0 [ 28.068673] ? kasan_atomics_helper+0xde0/0x5450 [ 28.068695] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.068735] ? kasan_atomics_helper+0xde0/0x5450 [ 28.068759] kasan_report+0x141/0x180 [ 28.068782] ? kasan_atomics_helper+0xde0/0x5450 [ 28.068809] kasan_check_range+0x10c/0x1c0 [ 28.068834] __kasan_check_write+0x18/0x20 [ 28.068859] kasan_atomics_helper+0xde0/0x5450 [ 28.068883] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.068907] ? ret_from_fork_asm+0x1a/0x30 [ 28.068936] kasan_atomics+0x1dc/0x310 [ 28.068960] ? __pfx_kasan_atomics+0x10/0x10 [ 28.068986] ? __pfx_read_tsc+0x10/0x10 [ 28.069010] ? ktime_get_ts64+0x86/0x230 [ 28.069037] kunit_try_run_case+0x1a5/0x480 [ 28.069061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.069083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.069108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.069133] ? __kthread_parkme+0x82/0x180 [ 28.069155] ? preempt_count_sub+0x50/0x80 [ 28.069181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.069204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.069231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.069258] kthread+0x337/0x6f0 [ 28.069279] ? trace_preempt_on+0x20/0xc0 [ 28.069303] ? __pfx_kthread+0x10/0x10 [ 28.069326] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.069348] ? calculate_sigpending+0x7b/0xa0 [ 28.069374] ? __pfx_kthread+0x10/0x10 [ 28.069397] ret_from_fork+0x116/0x1d0 [ 28.069418] ? __pfx_kthread+0x10/0x10 [ 28.069440] ret_from_fork_asm+0x1a/0x30 [ 28.069471] </TASK> [ 28.069484] [ 28.077998] Allocated by task 313: [ 28.078154] kasan_save_stack+0x45/0x70 [ 28.078355] kasan_save_track+0x18/0x40 [ 28.078539] kasan_save_alloc_info+0x3b/0x50 [ 28.079267] __kasan_kmalloc+0xb7/0xc0 [ 28.079441] __kmalloc_cache_noprof+0x189/0x420 [ 28.079853] kasan_atomics+0x95/0x310 [ 28.080116] kunit_try_run_case+0x1a5/0x480 [ 28.080452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.080809] kthread+0x337/0x6f0 [ 28.081117] ret_from_fork+0x116/0x1d0 [ 28.081325] ret_from_fork_asm+0x1a/0x30 [ 28.081490] [ 28.081590] The buggy address belongs to the object at ffff88810439e280 [ 28.081590] which belongs to the cache kmalloc-64 of size 64 [ 28.082141] The buggy address is located 0 bytes to the right of [ 28.082141] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.082772] [ 28.082904] The buggy address belongs to the physical page: [ 28.083081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.083412] flags: 0x200000000000000(node=0|zone=2) [ 28.083624] page_type: f5(slab) [ 28.083801] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.084189] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.084468] page dumped because: kasan: bad access detected [ 28.084746] [ 28.084885] Memory state around the buggy address: [ 28.085113] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.085401] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.085758] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.086734] ^ [ 28.087123] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.087456] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.087984] ================================================================== [ 28.694371] ================================================================== [ 28.695075] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 28.695402] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.695971] [ 28.696190] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.696247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.696262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.696285] Call Trace: [ 28.696401] <TASK> [ 28.696420] dump_stack_lvl+0x73/0xb0 [ 28.696452] print_report+0xd1/0x610 [ 28.696479] ? __virt_addr_valid+0x1db/0x2d0 [ 28.696513] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.696546] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.696573] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.696597] kasan_report+0x141/0x180 [ 28.696620] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.696648] kasan_check_range+0x10c/0x1c0 [ 28.696673] __kasan_check_write+0x18/0x20 [ 28.696709] kasan_atomics_helper+0x1a7f/0x5450 [ 28.696733] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.696757] ? ret_from_fork_asm+0x1a/0x30 [ 28.696786] kasan_atomics+0x1dc/0x310 [ 28.696810] ? __pfx_kasan_atomics+0x10/0x10 [ 28.696836] ? __pfx_read_tsc+0x10/0x10 [ 28.696859] ? ktime_get_ts64+0x86/0x230 [ 28.696885] kunit_try_run_case+0x1a5/0x480 [ 28.696908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.696930] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.696956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.696981] ? __kthread_parkme+0x82/0x180 [ 28.697003] ? preempt_count_sub+0x50/0x80 [ 28.697027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.697050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.697075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.697103] kthread+0x337/0x6f0 [ 28.697125] ? trace_preempt_on+0x20/0xc0 [ 28.697150] ? __pfx_kthread+0x10/0x10 [ 28.697173] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.697196] ? calculate_sigpending+0x7b/0xa0 [ 28.697222] ? __pfx_kthread+0x10/0x10 [ 28.697244] ret_from_fork+0x116/0x1d0 [ 28.697267] ? __pfx_kthread+0x10/0x10 [ 28.697289] ret_from_fork_asm+0x1a/0x30 [ 28.697321] </TASK> [ 28.697334] [ 28.704570] Allocated by task 313: [ 28.704763] kasan_save_stack+0x45/0x70 [ 28.704965] kasan_save_track+0x18/0x40 [ 28.705157] kasan_save_alloc_info+0x3b/0x50 [ 28.705456] __kasan_kmalloc+0xb7/0xc0 [ 28.705720] __kmalloc_cache_noprof+0x189/0x420 [ 28.705875] kasan_atomics+0x95/0x310 [ 28.706060] kunit_try_run_case+0x1a5/0x480 [ 28.706264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.706445] kthread+0x337/0x6f0 [ 28.706707] ret_from_fork+0x116/0x1d0 [ 28.706909] ret_from_fork_asm+0x1a/0x30 [ 28.707090] [ 28.707176] The buggy address belongs to the object at ffff88810439e280 [ 28.707176] which belongs to the cache kmalloc-64 of size 64 [ 28.707676] The buggy address is located 0 bytes to the right of [ 28.707676] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.708207] [ 28.708331] The buggy address belongs to the physical page: [ 28.708499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.708745] flags: 0x200000000000000(node=0|zone=2) [ 28.708903] page_type: f5(slab) [ 28.709081] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.709416] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.709910] page dumped because: kasan: bad access detected [ 28.710079] [ 28.710144] Memory state around the buggy address: [ 28.710296] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.710509] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.711065] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.711379] ^ [ 28.711763] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.712085] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.712319] ================================================================== [ 27.852381] ================================================================== [ 27.852687] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 27.852983] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.853399] [ 27.853532] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.853586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.853602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.853628] Call Trace: [ 27.853656] <TASK> [ 27.853674] dump_stack_lvl+0x73/0xb0 [ 27.853725] print_report+0xd1/0x610 [ 27.853759] ? __virt_addr_valid+0x1db/0x2d0 [ 27.853785] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.853806] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.853845] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.853868] kasan_report+0x141/0x180 [ 27.853948] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.853981] kasan_check_range+0x10c/0x1c0 [ 27.854018] __kasan_check_write+0x18/0x20 [ 27.854042] kasan_atomics_helper+0x7c7/0x5450 [ 27.854066] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.854101] ? ret_from_fork_asm+0x1a/0x30 [ 27.854130] kasan_atomics+0x1dc/0x310 [ 27.854154] ? __pfx_kasan_atomics+0x10/0x10 [ 27.854190] ? __pfx_read_tsc+0x10/0x10 [ 27.854214] ? ktime_get_ts64+0x86/0x230 [ 27.854241] kunit_try_run_case+0x1a5/0x480 [ 27.854264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.854285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.854311] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.854344] ? __kthread_parkme+0x82/0x180 [ 27.854367] ? preempt_count_sub+0x50/0x80 [ 27.854391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.854425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.854451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.854477] kthread+0x337/0x6f0 [ 27.854510] ? trace_preempt_on+0x20/0xc0 [ 27.854544] ? __pfx_kthread+0x10/0x10 [ 27.854565] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.854588] ? calculate_sigpending+0x7b/0xa0 [ 27.854624] ? __pfx_kthread+0x10/0x10 [ 27.854648] ret_from_fork+0x116/0x1d0 [ 27.854668] ? __pfx_kthread+0x10/0x10 [ 27.854690] ret_from_fork_asm+0x1a/0x30 [ 27.854731] </TASK> [ 27.854744] [ 27.867588] Allocated by task 313: [ 27.867986] kasan_save_stack+0x45/0x70 [ 27.868458] kasan_save_track+0x18/0x40 [ 27.868772] kasan_save_alloc_info+0x3b/0x50 [ 27.869093] __kasan_kmalloc+0xb7/0xc0 [ 27.869375] __kmalloc_cache_noprof+0x189/0x420 [ 27.869707] kasan_atomics+0x95/0x310 [ 27.870004] kunit_try_run_case+0x1a5/0x480 [ 27.870305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.870752] kthread+0x337/0x6f0 [ 27.871116] ret_from_fork+0x116/0x1d0 [ 27.871435] ret_from_fork_asm+0x1a/0x30 [ 27.871665] [ 27.871775] The buggy address belongs to the object at ffff88810439e280 [ 27.871775] which belongs to the cache kmalloc-64 of size 64 [ 27.872485] The buggy address is located 0 bytes to the right of [ 27.872485] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.873349] [ 27.873458] The buggy address belongs to the physical page: [ 27.873780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.874161] flags: 0x200000000000000(node=0|zone=2) [ 27.874481] page_type: f5(slab) [ 27.874712] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.874999] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.875364] page dumped because: kasan: bad access detected [ 27.875567] [ 27.875797] Memory state around the buggy address: [ 27.876223] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.876547] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.877005] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.877326] ^ [ 27.877562] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.877970] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.878350] ================================================================== [ 28.975640] ================================================================== [ 28.976230] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 28.976468] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.976766] [ 28.976872] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.976922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.976936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.976958] Call Trace: [ 28.976974] <TASK> [ 28.976990] dump_stack_lvl+0x73/0xb0 [ 28.977018] print_report+0xd1/0x610 [ 28.977043] ? __virt_addr_valid+0x1db/0x2d0 [ 28.977068] ? kasan_atomics_helper+0x218a/0x5450 [ 28.977091] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.977118] ? kasan_atomics_helper+0x218a/0x5450 [ 28.977141] kasan_report+0x141/0x180 [ 28.977165] ? kasan_atomics_helper+0x218a/0x5450 [ 28.977191] kasan_check_range+0x10c/0x1c0 [ 28.977215] __kasan_check_write+0x18/0x20 [ 28.977240] kasan_atomics_helper+0x218a/0x5450 [ 28.977263] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.977286] ? ret_from_fork_asm+0x1a/0x30 [ 28.977316] kasan_atomics+0x1dc/0x310 [ 28.977339] ? __pfx_kasan_atomics+0x10/0x10 [ 28.977364] ? __pfx_read_tsc+0x10/0x10 [ 28.977388] ? ktime_get_ts64+0x86/0x230 [ 28.977438] kunit_try_run_case+0x1a5/0x480 [ 28.977463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.977484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.977509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.977533] ? __kthread_parkme+0x82/0x180 [ 28.977555] ? preempt_count_sub+0x50/0x80 [ 28.977581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.977605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.977631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.977657] kthread+0x337/0x6f0 [ 28.977679] ? trace_preempt_on+0x20/0xc0 [ 28.977712] ? __pfx_kthread+0x10/0x10 [ 28.977734] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.977757] ? calculate_sigpending+0x7b/0xa0 [ 28.977800] ? __pfx_kthread+0x10/0x10 [ 28.977836] ret_from_fork+0x116/0x1d0 [ 28.977857] ? __pfx_kthread+0x10/0x10 [ 28.977892] ret_from_fork_asm+0x1a/0x30 [ 28.977939] </TASK> [ 28.977951] [ 28.989289] Allocated by task 313: [ 28.989426] kasan_save_stack+0x45/0x70 [ 28.989645] kasan_save_track+0x18/0x40 [ 28.989850] kasan_save_alloc_info+0x3b/0x50 [ 28.990064] __kasan_kmalloc+0xb7/0xc0 [ 28.990248] __kmalloc_cache_noprof+0x189/0x420 [ 28.990474] kasan_atomics+0x95/0x310 [ 28.990622] kunit_try_run_case+0x1a5/0x480 [ 28.990838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.991113] kthread+0x337/0x6f0 [ 28.991290] ret_from_fork+0x116/0x1d0 [ 28.991487] ret_from_fork_asm+0x1a/0x30 [ 28.991680] [ 28.991813] The buggy address belongs to the object at ffff88810439e280 [ 28.991813] which belongs to the cache kmalloc-64 of size 64 [ 28.992249] The buggy address is located 0 bytes to the right of [ 28.992249] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.992798] [ 28.992895] The buggy address belongs to the physical page: [ 28.993169] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.993494] flags: 0x200000000000000(node=0|zone=2) [ 28.993758] page_type: f5(slab) [ 28.993895] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.994217] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.994677] page dumped because: kasan: bad access detected [ 28.994907] [ 28.994974] Memory state around the buggy address: [ 28.995128] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.995408] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.995946] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.996202] ^ [ 28.996355] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.996608] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.997104] ================================================================== [ 28.561744] ================================================================== [ 28.562175] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 28.562484] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.562787] [ 28.562903] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.562952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.562976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.562998] Call Trace: [ 28.563013] <TASK> [ 28.563029] dump_stack_lvl+0x73/0xb0 [ 28.563059] print_report+0xd1/0x610 [ 28.563084] ? __virt_addr_valid+0x1db/0x2d0 [ 28.563109] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.563131] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.563158] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.563180] kasan_report+0x141/0x180 [ 28.563204] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.563231] kasan_check_range+0x10c/0x1c0 [ 28.563266] __kasan_check_write+0x18/0x20 [ 28.563290] kasan_atomics_helper+0x16e7/0x5450 [ 28.563314] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.563343] ? ret_from_fork_asm+0x1a/0x30 [ 28.563372] kasan_atomics+0x1dc/0x310 [ 28.563396] ? __pfx_kasan_atomics+0x10/0x10 [ 28.563421] ? __pfx_read_tsc+0x10/0x10 [ 28.563445] ? ktime_get_ts64+0x86/0x230 [ 28.563471] kunit_try_run_case+0x1a5/0x480 [ 28.563509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.563531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.563556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.563580] ? __kthread_parkme+0x82/0x180 [ 28.563602] ? preempt_count_sub+0x50/0x80 [ 28.563627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.563651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.563677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.563713] kthread+0x337/0x6f0 [ 28.563735] ? trace_preempt_on+0x20/0xc0 [ 28.563759] ? __pfx_kthread+0x10/0x10 [ 28.563781] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.563804] ? calculate_sigpending+0x7b/0xa0 [ 28.563829] ? __pfx_kthread+0x10/0x10 [ 28.563855] ret_from_fork+0x116/0x1d0 [ 28.563877] ? __pfx_kthread+0x10/0x10 [ 28.563899] ret_from_fork_asm+0x1a/0x30 [ 28.563931] </TASK> [ 28.563943] [ 28.573685] Allocated by task 313: [ 28.574025] kasan_save_stack+0x45/0x70 [ 28.574225] kasan_save_track+0x18/0x40 [ 28.574397] kasan_save_alloc_info+0x3b/0x50 [ 28.575011] __kasan_kmalloc+0xb7/0xc0 [ 28.575287] __kmalloc_cache_noprof+0x189/0x420 [ 28.575639] kasan_atomics+0x95/0x310 [ 28.575841] kunit_try_run_case+0x1a5/0x480 [ 28.576036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.576271] kthread+0x337/0x6f0 [ 28.576427] ret_from_fork+0x116/0x1d0 [ 28.577074] ret_from_fork_asm+0x1a/0x30 [ 28.577372] [ 28.577602] The buggy address belongs to the object at ffff88810439e280 [ 28.577602] which belongs to the cache kmalloc-64 of size 64 [ 28.578531] The buggy address is located 0 bytes to the right of [ 28.578531] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.579130] [ 28.579226] The buggy address belongs to the physical page: [ 28.579463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.580053] flags: 0x200000000000000(node=0|zone=2) [ 28.580502] page_type: f5(slab) [ 28.580676] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.581007] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.581317] page dumped because: kasan: bad access detected [ 28.581787] [ 28.582026] Memory state around the buggy address: [ 28.582390] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.583159] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.583610] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.584120] ^ [ 28.584746] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.585212] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.585915] ================================================================== [ 27.721918] ================================================================== [ 27.722212] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 27.722708] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.722978] [ 27.723063] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.723159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.723176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.723200] Call Trace: [ 27.723219] <TASK> [ 27.723237] dump_stack_lvl+0x73/0xb0 [ 27.723269] print_report+0xd1/0x610 [ 27.723292] ? __virt_addr_valid+0x1db/0x2d0 [ 27.723318] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.723340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.723368] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.723391] kasan_report+0x141/0x180 [ 27.723414] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.723441] __asan_report_store4_noabort+0x1b/0x30 [ 27.723467] kasan_atomics_helper+0x4b3a/0x5450 [ 27.723491] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.723514] ? ret_from_fork_asm+0x1a/0x30 [ 27.723543] kasan_atomics+0x1dc/0x310 [ 27.723568] ? __pfx_kasan_atomics+0x10/0x10 [ 27.723593] ? __pfx_read_tsc+0x10/0x10 [ 27.723617] ? ktime_get_ts64+0x86/0x230 [ 27.723642] kunit_try_run_case+0x1a5/0x480 [ 27.723666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.723688] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.723725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.723750] ? __kthread_parkme+0x82/0x180 [ 27.723772] ? preempt_count_sub+0x50/0x80 [ 27.723798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.723821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.723855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.723883] kthread+0x337/0x6f0 [ 27.723945] ? trace_preempt_on+0x20/0xc0 [ 27.723970] ? __pfx_kthread+0x10/0x10 [ 27.723992] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.724016] ? calculate_sigpending+0x7b/0xa0 [ 27.724041] ? __pfx_kthread+0x10/0x10 [ 27.724065] ret_from_fork+0x116/0x1d0 [ 27.724087] ? __pfx_kthread+0x10/0x10 [ 27.724110] ret_from_fork_asm+0x1a/0x30 [ 27.724142] </TASK> [ 27.724154] [ 27.732045] Allocated by task 313: [ 27.732234] kasan_save_stack+0x45/0x70 [ 27.732410] kasan_save_track+0x18/0x40 [ 27.732553] kasan_save_alloc_info+0x3b/0x50 [ 27.732788] __kasan_kmalloc+0xb7/0xc0 [ 27.733033] __kmalloc_cache_noprof+0x189/0x420 [ 27.733200] kasan_atomics+0x95/0x310 [ 27.733330] kunit_try_run_case+0x1a5/0x480 [ 27.733530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.733823] kthread+0x337/0x6f0 [ 27.734138] ret_from_fork+0x116/0x1d0 [ 27.734339] ret_from_fork_asm+0x1a/0x30 [ 27.734547] [ 27.734617] The buggy address belongs to the object at ffff88810439e280 [ 27.734617] which belongs to the cache kmalloc-64 of size 64 [ 27.734987] The buggy address is located 0 bytes to the right of [ 27.734987] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.735476] [ 27.735570] The buggy address belongs to the physical page: [ 27.735829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.736482] flags: 0x200000000000000(node=0|zone=2) [ 27.736651] page_type: f5(slab) [ 27.736784] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.737022] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.737671] page dumped because: kasan: bad access detected [ 27.738349] [ 27.738456] Memory state around the buggy address: [ 27.738881] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.739105] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.739426] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.739661] ^ [ 27.739829] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.740380] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.740733] ================================================================== [ 28.488231] ================================================================== [ 28.488597] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 28.488935] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.489162] [ 28.489247] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.489296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.489312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.489334] Call Trace: [ 28.489351] <TASK> [ 28.489367] dump_stack_lvl+0x73/0xb0 [ 28.489396] print_report+0xd1/0x610 [ 28.489421] ? __virt_addr_valid+0x1db/0x2d0 [ 28.489446] ? kasan_atomics_helper+0x151d/0x5450 [ 28.489469] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.489498] ? kasan_atomics_helper+0x151d/0x5450 [ 28.489521] kasan_report+0x141/0x180 [ 28.489545] ? kasan_atomics_helper+0x151d/0x5450 [ 28.489574] kasan_check_range+0x10c/0x1c0 [ 28.489600] __kasan_check_write+0x18/0x20 [ 28.489624] kasan_atomics_helper+0x151d/0x5450 [ 28.489649] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.489673] ? ret_from_fork_asm+0x1a/0x30 [ 28.489714] kasan_atomics+0x1dc/0x310 [ 28.489739] ? __pfx_kasan_atomics+0x10/0x10 [ 28.489764] ? __pfx_read_tsc+0x10/0x10 [ 28.489788] ? ktime_get_ts64+0x86/0x230 [ 28.489814] kunit_try_run_case+0x1a5/0x480 [ 28.489837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.489860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.489906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.489931] ? __kthread_parkme+0x82/0x180 [ 28.489953] ? preempt_count_sub+0x50/0x80 [ 28.489989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.490013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.490040] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.490067] kthread+0x337/0x6f0 [ 28.490088] ? trace_preempt_on+0x20/0xc0 [ 28.490113] ? __pfx_kthread+0x10/0x10 [ 28.490135] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.490159] ? calculate_sigpending+0x7b/0xa0 [ 28.490184] ? __pfx_kthread+0x10/0x10 [ 28.490208] ret_from_fork+0x116/0x1d0 [ 28.490229] ? __pfx_kthread+0x10/0x10 [ 28.490252] ret_from_fork_asm+0x1a/0x30 [ 28.490284] </TASK> [ 28.490297] [ 28.498335] Allocated by task 313: [ 28.498566] kasan_save_stack+0x45/0x70 [ 28.498745] kasan_save_track+0x18/0x40 [ 28.498944] kasan_save_alloc_info+0x3b/0x50 [ 28.499140] __kasan_kmalloc+0xb7/0xc0 [ 28.499271] __kmalloc_cache_noprof+0x189/0x420 [ 28.499422] kasan_atomics+0x95/0x310 [ 28.499729] kunit_try_run_case+0x1a5/0x480 [ 28.499941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.500195] kthread+0x337/0x6f0 [ 28.500316] ret_from_fork+0x116/0x1d0 [ 28.500447] ret_from_fork_asm+0x1a/0x30 [ 28.500858] [ 28.500950] The buggy address belongs to the object at ffff88810439e280 [ 28.500950] which belongs to the cache kmalloc-64 of size 64 [ 28.501523] The buggy address is located 0 bytes to the right of [ 28.501523] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.501941] [ 28.502035] The buggy address belongs to the physical page: [ 28.502308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.502665] flags: 0x200000000000000(node=0|zone=2) [ 28.502879] page_type: f5(slab) [ 28.503057] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.503377] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.503738] page dumped because: kasan: bad access detected [ 28.504000] [ 28.504096] Memory state around the buggy address: [ 28.504306] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.504610] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.504928] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.505240] ^ [ 28.505447] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.505957] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.506170] ================================================================== [ 27.683047] ================================================================== [ 27.683358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 27.683734] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.684045] [ 27.684136] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.684184] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.684199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.684224] Call Trace: [ 27.684243] <TASK> [ 27.684261] dump_stack_lvl+0x73/0xb0 [ 27.684292] print_report+0xd1/0x610 [ 27.684315] ? __virt_addr_valid+0x1db/0x2d0 [ 27.684342] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.684365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.684392] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.684415] kasan_report+0x141/0x180 [ 27.684438] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.684465] __asan_report_load4_noabort+0x18/0x20 [ 27.684492] kasan_atomics_helper+0x4b54/0x5450 [ 27.684515] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.684539] ? ret_from_fork_asm+0x1a/0x30 [ 27.684578] kasan_atomics+0x1dc/0x310 [ 27.684602] ? __pfx_kasan_atomics+0x10/0x10 [ 27.684628] ? __pfx_read_tsc+0x10/0x10 [ 27.684652] ? ktime_get_ts64+0x86/0x230 [ 27.684679] kunit_try_run_case+0x1a5/0x480 [ 27.684715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.684737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.684762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.684786] ? __kthread_parkme+0x82/0x180 [ 27.684808] ? preempt_count_sub+0x50/0x80 [ 27.684834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.684857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.684885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.685057] kthread+0x337/0x6f0 [ 27.685080] ? trace_preempt_on+0x20/0xc0 [ 27.685106] ? __pfx_kthread+0x10/0x10 [ 27.685129] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.685152] ? calculate_sigpending+0x7b/0xa0 [ 27.685179] ? __pfx_kthread+0x10/0x10 [ 27.685202] ret_from_fork+0x116/0x1d0 [ 27.685224] ? __pfx_kthread+0x10/0x10 [ 27.685246] ret_from_fork_asm+0x1a/0x30 [ 27.685279] </TASK> [ 27.685292] [ 27.692921] Allocated by task 313: [ 27.693056] kasan_save_stack+0x45/0x70 [ 27.693559] kasan_save_track+0x18/0x40 [ 27.693785] kasan_save_alloc_info+0x3b/0x50 [ 27.694070] __kasan_kmalloc+0xb7/0xc0 [ 27.694265] __kmalloc_cache_noprof+0x189/0x420 [ 27.694486] kasan_atomics+0x95/0x310 [ 27.694673] kunit_try_run_case+0x1a5/0x480 [ 27.694832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.695008] kthread+0x337/0x6f0 [ 27.695154] ret_from_fork+0x116/0x1d0 [ 27.695408] ret_from_fork_asm+0x1a/0x30 [ 27.695630] [ 27.695763] The buggy address belongs to the object at ffff88810439e280 [ 27.695763] which belongs to the cache kmalloc-64 of size 64 [ 27.696390] The buggy address is located 0 bytes to the right of [ 27.696390] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.696884] [ 27.696956] The buggy address belongs to the physical page: [ 27.697211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.697833] flags: 0x200000000000000(node=0|zone=2) [ 27.698040] page_type: f5(slab) [ 27.698209] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.698543] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.698790] page dumped because: kasan: bad access detected [ 27.699022] [ 27.699114] Memory state around the buggy address: [ 27.699296] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.699510] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.699732] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.700439] ^ [ 27.700780] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.701175] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.701683] ================================================================== [ 28.387325] ================================================================== [ 28.388128] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 28.389197] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.389664] [ 28.389919] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.389973] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.389988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.390021] Call Trace: [ 28.390039] <TASK> [ 28.390058] dump_stack_lvl+0x73/0xb0 [ 28.390101] print_report+0xd1/0x610 [ 28.390127] ? __virt_addr_valid+0x1db/0x2d0 [ 28.390154] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.390177] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.390204] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.390228] kasan_report+0x141/0x180 [ 28.390252] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.390279] __asan_report_load4_noabort+0x18/0x20 [ 28.390304] kasan_atomics_helper+0x49ce/0x5450 [ 28.390328] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.390352] ? ret_from_fork_asm+0x1a/0x30 [ 28.390381] kasan_atomics+0x1dc/0x310 [ 28.390405] ? __pfx_kasan_atomics+0x10/0x10 [ 28.390430] ? __pfx_read_tsc+0x10/0x10 [ 28.390454] ? ktime_get_ts64+0x86/0x230 [ 28.390480] kunit_try_run_case+0x1a5/0x480 [ 28.390517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.390538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.390564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.390589] ? __kthread_parkme+0x82/0x180 [ 28.390611] ? preempt_count_sub+0x50/0x80 [ 28.390636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.390659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.390686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.390722] kthread+0x337/0x6f0 [ 28.390743] ? trace_preempt_on+0x20/0xc0 [ 28.390768] ? __pfx_kthread+0x10/0x10 [ 28.390790] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.390813] ? calculate_sigpending+0x7b/0xa0 [ 28.390838] ? __pfx_kthread+0x10/0x10 [ 28.390860] ret_from_fork+0x116/0x1d0 [ 28.390882] ? __pfx_kthread+0x10/0x10 [ 28.390903] ret_from_fork_asm+0x1a/0x30 [ 28.390937] </TASK> [ 28.390949] [ 28.402320] Allocated by task 313: [ 28.402445] kasan_save_stack+0x45/0x70 [ 28.402828] kasan_save_track+0x18/0x40 [ 28.403185] kasan_save_alloc_info+0x3b/0x50 [ 28.403608] __kasan_kmalloc+0xb7/0xc0 [ 28.403973] __kmalloc_cache_noprof+0x189/0x420 [ 28.404385] kasan_atomics+0x95/0x310 [ 28.404739] kunit_try_run_case+0x1a5/0x480 [ 28.405135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.405509] kthread+0x337/0x6f0 [ 28.405751] ret_from_fork+0x116/0x1d0 [ 28.406002] ret_from_fork_asm+0x1a/0x30 [ 28.406249] [ 28.406318] The buggy address belongs to the object at ffff88810439e280 [ 28.406318] which belongs to the cache kmalloc-64 of size 64 [ 28.406935] The buggy address is located 0 bytes to the right of [ 28.406935] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.407514] [ 28.407584] The buggy address belongs to the physical page: [ 28.408052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.408297] flags: 0x200000000000000(node=0|zone=2) [ 28.408460] page_type: f5(slab) [ 28.408615] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.409135] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.409361] page dumped because: kasan: bad access detected [ 28.409639] [ 28.409817] Memory state around the buggy address: [ 28.410268] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.410936] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.411625] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.412089] ^ [ 28.412249] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.412473] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.413107] ================================================================== [ 28.823885] ================================================================== [ 28.824207] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 28.824467] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.824816] [ 28.824910] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.824972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.824986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.825009] Call Trace: [ 28.825024] <TASK> [ 28.825040] dump_stack_lvl+0x73/0xb0 [ 28.825068] print_report+0xd1/0x610 [ 28.825094] ? __virt_addr_valid+0x1db/0x2d0 [ 28.825119] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.825142] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.825170] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.825193] kasan_report+0x141/0x180 [ 28.825216] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.825244] kasan_check_range+0x10c/0x1c0 [ 28.825270] __kasan_check_write+0x18/0x20 [ 28.825294] kasan_atomics_helper+0x1e12/0x5450 [ 28.825319] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.825342] ? ret_from_fork_asm+0x1a/0x30 [ 28.825371] kasan_atomics+0x1dc/0x310 [ 28.825396] ? __pfx_kasan_atomics+0x10/0x10 [ 28.825421] ? __pfx_read_tsc+0x10/0x10 [ 28.825445] ? ktime_get_ts64+0x86/0x230 [ 28.825470] kunit_try_run_case+0x1a5/0x480 [ 28.825503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.825526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.825551] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.825576] ? __kthread_parkme+0x82/0x180 [ 28.825599] ? preempt_count_sub+0x50/0x80 [ 28.825624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.825647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.825674] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.825711] kthread+0x337/0x6f0 [ 28.825733] ? trace_preempt_on+0x20/0xc0 [ 28.825757] ? __pfx_kthread+0x10/0x10 [ 28.825780] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.825802] ? calculate_sigpending+0x7b/0xa0 [ 28.825827] ? __pfx_kthread+0x10/0x10 [ 28.825850] ret_from_fork+0x116/0x1d0 [ 28.825872] ? __pfx_kthread+0x10/0x10 [ 28.825894] ret_from_fork_asm+0x1a/0x30 [ 28.825926] </TASK> [ 28.825939] [ 28.832928] Allocated by task 313: [ 28.833104] kasan_save_stack+0x45/0x70 [ 28.833298] kasan_save_track+0x18/0x40 [ 28.833431] kasan_save_alloc_info+0x3b/0x50 [ 28.833675] __kasan_kmalloc+0xb7/0xc0 [ 28.833939] __kmalloc_cache_noprof+0x189/0x420 [ 28.834091] kasan_atomics+0x95/0x310 [ 28.834219] kunit_try_run_case+0x1a5/0x480 [ 28.834360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.834534] kthread+0x337/0x6f0 [ 28.834652] ret_from_fork+0x116/0x1d0 [ 28.834792] ret_from_fork_asm+0x1a/0x30 [ 28.834930] [ 28.834995] The buggy address belongs to the object at ffff88810439e280 [ 28.834995] which belongs to the cache kmalloc-64 of size 64 [ 28.835404] The buggy address is located 0 bytes to the right of [ 28.835404] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.835965] [ 28.836059] The buggy address belongs to the physical page: [ 28.836305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.836656] flags: 0x200000000000000(node=0|zone=2) [ 28.836967] page_type: f5(slab) [ 28.837132] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.837709] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.838026] page dumped because: kasan: bad access detected [ 28.838194] [ 28.838261] Memory state around the buggy address: [ 28.838411] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.838982] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.839299] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.839798] ^ [ 28.840025] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.840327] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.841020] ================================================================== [ 28.122326] ================================================================== [ 28.123298] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 28.123949] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.124272] [ 28.124377] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.124428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.124443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.124468] Call Trace: [ 28.124485] <TASK> [ 28.124878] dump_stack_lvl+0x73/0xb0 [ 28.124913] print_report+0xd1/0x610 [ 28.124940] ? __virt_addr_valid+0x1db/0x2d0 [ 28.125005] ? kasan_atomics_helper+0xf10/0x5450 [ 28.125028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.125056] ? kasan_atomics_helper+0xf10/0x5450 [ 28.125079] kasan_report+0x141/0x180 [ 28.125104] ? kasan_atomics_helper+0xf10/0x5450 [ 28.125132] kasan_check_range+0x10c/0x1c0 [ 28.125158] __kasan_check_write+0x18/0x20 [ 28.125182] kasan_atomics_helper+0xf10/0x5450 [ 28.125207] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.125230] ? ret_from_fork_asm+0x1a/0x30 [ 28.125259] kasan_atomics+0x1dc/0x310 [ 28.125284] ? __pfx_kasan_atomics+0x10/0x10 [ 28.125310] ? __pfx_read_tsc+0x10/0x10 [ 28.125334] ? ktime_get_ts64+0x86/0x230 [ 28.125359] kunit_try_run_case+0x1a5/0x480 [ 28.125383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.125405] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.125431] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.125456] ? __kthread_parkme+0x82/0x180 [ 28.125479] ? preempt_count_sub+0x50/0x80 [ 28.125517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.125541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.125567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.125593] kthread+0x337/0x6f0 [ 28.125615] ? trace_preempt_on+0x20/0xc0 [ 28.125639] ? __pfx_kthread+0x10/0x10 [ 28.125662] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.125685] ? calculate_sigpending+0x7b/0xa0 [ 28.125722] ? __pfx_kthread+0x10/0x10 [ 28.125745] ret_from_fork+0x116/0x1d0 [ 28.125767] ? __pfx_kthread+0x10/0x10 [ 28.125866] ret_from_fork_asm+0x1a/0x30 [ 28.125899] </TASK> [ 28.125913] [ 28.138651] Allocated by task 313: [ 28.138860] kasan_save_stack+0x45/0x70 [ 28.139222] kasan_save_track+0x18/0x40 [ 28.139401] kasan_save_alloc_info+0x3b/0x50 [ 28.139947] __kasan_kmalloc+0xb7/0xc0 [ 28.140208] __kmalloc_cache_noprof+0x189/0x420 [ 28.140673] kasan_atomics+0x95/0x310 [ 28.141041] kunit_try_run_case+0x1a5/0x480 [ 28.141242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.141469] kthread+0x337/0x6f0 [ 28.141931] ret_from_fork+0x116/0x1d0 [ 28.142264] ret_from_fork_asm+0x1a/0x30 [ 28.142663] [ 28.142917] The buggy address belongs to the object at ffff88810439e280 [ 28.142917] which belongs to the cache kmalloc-64 of size 64 [ 28.143596] The buggy address is located 0 bytes to the right of [ 28.143596] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.144571] [ 28.144815] The buggy address belongs to the physical page: [ 28.145284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.145743] flags: 0x200000000000000(node=0|zone=2) [ 28.145980] page_type: f5(slab) [ 28.146135] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.146441] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.147544] page dumped because: kasan: bad access detected [ 28.148015] [ 28.148118] Memory state around the buggy address: [ 28.148330] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.148741] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.149565] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.150302] ^ [ 28.150661] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.151153] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.151455] ================================================================== [ 27.791565] ================================================================== [ 27.792340] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 27.792966] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.793299] [ 27.793419] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.793471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.793486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.793788] Call Trace: [ 27.793811] <TASK> [ 27.793831] dump_stack_lvl+0x73/0xb0 [ 27.793865] print_report+0xd1/0x610 [ 27.793891] ? __virt_addr_valid+0x1db/0x2d0 [ 27.793917] ? kasan_atomics_helper+0x697/0x5450 [ 27.793939] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.793967] ? kasan_atomics_helper+0x697/0x5450 [ 27.793990] kasan_report+0x141/0x180 [ 27.794014] ? kasan_atomics_helper+0x697/0x5450 [ 27.794040] kasan_check_range+0x10c/0x1c0 [ 27.794066] __kasan_check_write+0x18/0x20 [ 27.794090] kasan_atomics_helper+0x697/0x5450 [ 27.794114] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.794137] ? ret_from_fork_asm+0x1a/0x30 [ 27.794166] kasan_atomics+0x1dc/0x310 [ 27.794191] ? __pfx_kasan_atomics+0x10/0x10 [ 27.794215] ? __pfx_read_tsc+0x10/0x10 [ 27.794240] ? ktime_get_ts64+0x86/0x230 [ 27.794266] kunit_try_run_case+0x1a5/0x480 [ 27.794290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.794312] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.794337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.794362] ? __kthread_parkme+0x82/0x180 [ 27.794385] ? preempt_count_sub+0x50/0x80 [ 27.794409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.794433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.794459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.794486] kthread+0x337/0x6f0 [ 27.794717] ? trace_preempt_on+0x20/0xc0 [ 27.794743] ? __pfx_kthread+0x10/0x10 [ 27.794766] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.794841] ? calculate_sigpending+0x7b/0xa0 [ 27.794868] ? __pfx_kthread+0x10/0x10 [ 27.794892] ret_from_fork+0x116/0x1d0 [ 27.794914] ? __pfx_kthread+0x10/0x10 [ 27.794937] ret_from_fork_asm+0x1a/0x30 [ 27.794970] </TASK> [ 27.794984] [ 27.808621] Allocated by task 313: [ 27.808831] kasan_save_stack+0x45/0x70 [ 27.809207] kasan_save_track+0x18/0x40 [ 27.809548] kasan_save_alloc_info+0x3b/0x50 [ 27.810021] __kasan_kmalloc+0xb7/0xc0 [ 27.810427] __kmalloc_cache_noprof+0x189/0x420 [ 27.810784] kasan_atomics+0x95/0x310 [ 27.810946] kunit_try_run_case+0x1a5/0x480 [ 27.811094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.811269] kthread+0x337/0x6f0 [ 27.811389] ret_from_fork+0x116/0x1d0 [ 27.811673] ret_from_fork_asm+0x1a/0x30 [ 27.812134] [ 27.812299] The buggy address belongs to the object at ffff88810439e280 [ 27.812299] which belongs to the cache kmalloc-64 of size 64 [ 27.813602] The buggy address is located 0 bytes to the right of [ 27.813602] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.815107] [ 27.815281] The buggy address belongs to the physical page: [ 27.815823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.816335] flags: 0x200000000000000(node=0|zone=2) [ 27.816548] page_type: f5(slab) [ 27.816919] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.817585] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.818373] page dumped because: kasan: bad access detected [ 27.818693] [ 27.819050] Memory state around the buggy address: [ 27.819310] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.819557] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.820224] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.821045] ^ [ 27.821509] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821859] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.822522] ================================================================== [ 27.993347] ================================================================== [ 27.993775] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 27.994094] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.994401] [ 27.994498] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.994546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.994560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.994582] Call Trace: [ 27.994598] <TASK> [ 27.994615] dump_stack_lvl+0x73/0xb0 [ 27.994641] print_report+0xd1/0x610 [ 27.994665] ? __virt_addr_valid+0x1db/0x2d0 [ 27.994690] ? kasan_atomics_helper+0xc70/0x5450 [ 27.994723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.994750] ? kasan_atomics_helper+0xc70/0x5450 [ 27.994772] kasan_report+0x141/0x180 [ 27.994796] ? kasan_atomics_helper+0xc70/0x5450 [ 27.994823] kasan_check_range+0x10c/0x1c0 [ 27.994848] __kasan_check_write+0x18/0x20 [ 27.994872] kasan_atomics_helper+0xc70/0x5450 [ 27.994896] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.994970] ? ret_from_fork_asm+0x1a/0x30 [ 27.995002] kasan_atomics+0x1dc/0x310 [ 27.995027] ? __pfx_kasan_atomics+0x10/0x10 [ 27.995052] ? __pfx_read_tsc+0x10/0x10 [ 27.995077] ? ktime_get_ts64+0x86/0x230 [ 27.995103] kunit_try_run_case+0x1a5/0x480 [ 27.995126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.995147] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.995172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.995197] ? __kthread_parkme+0x82/0x180 [ 27.995219] ? preempt_count_sub+0x50/0x80 [ 27.995243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.995266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.995293] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.995318] kthread+0x337/0x6f0 [ 27.995339] ? trace_preempt_on+0x20/0xc0 [ 27.995363] ? __pfx_kthread+0x10/0x10 [ 27.995385] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.995407] ? calculate_sigpending+0x7b/0xa0 [ 27.995432] ? __pfx_kthread+0x10/0x10 [ 27.995456] ret_from_fork+0x116/0x1d0 [ 27.995477] ? __pfx_kthread+0x10/0x10 [ 27.995500] ret_from_fork_asm+0x1a/0x30 [ 27.995532] </TASK> [ 27.995546] [ 28.003379] Allocated by task 313: [ 28.003509] kasan_save_stack+0x45/0x70 [ 28.003653] kasan_save_track+0x18/0x40 [ 28.003800] kasan_save_alloc_info+0x3b/0x50 [ 28.003954] __kasan_kmalloc+0xb7/0xc0 [ 28.004085] __kmalloc_cache_noprof+0x189/0x420 [ 28.004545] kasan_atomics+0x95/0x310 [ 28.004753] kunit_try_run_case+0x1a5/0x480 [ 28.004978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.005236] kthread+0x337/0x6f0 [ 28.005404] ret_from_fork+0x116/0x1d0 [ 28.005801] ret_from_fork_asm+0x1a/0x30 [ 28.006015] [ 28.006111] The buggy address belongs to the object at ffff88810439e280 [ 28.006111] which belongs to the cache kmalloc-64 of size 64 [ 28.006622] The buggy address is located 0 bytes to the right of [ 28.006622] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.007004] [ 28.007123] The buggy address belongs to the physical page: [ 28.007388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.007756] flags: 0x200000000000000(node=0|zone=2) [ 28.007999] page_type: f5(slab) [ 28.008360] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.008803] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.009099] page dumped because: kasan: bad access detected [ 28.009383] [ 28.009453] Memory state around the buggy address: [ 28.009607] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.009918] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.010236] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.010523] ^ [ 28.010677] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.010902] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.011114] ================================================================== [ 28.257409] ================================================================== [ 28.258046] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 28.258359] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.258890] [ 28.258989] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.259039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.259054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.259260] Call Trace: [ 28.259278] <TASK> [ 28.259296] dump_stack_lvl+0x73/0xb0 [ 28.259328] print_report+0xd1/0x610 [ 28.259353] ? __virt_addr_valid+0x1db/0x2d0 [ 28.259379] ? kasan_atomics_helper+0x1148/0x5450 [ 28.259402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.259430] ? kasan_atomics_helper+0x1148/0x5450 [ 28.259453] kasan_report+0x141/0x180 [ 28.259476] ? kasan_atomics_helper+0x1148/0x5450 [ 28.259514] kasan_check_range+0x10c/0x1c0 [ 28.259541] __kasan_check_write+0x18/0x20 [ 28.259565] kasan_atomics_helper+0x1148/0x5450 [ 28.259589] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.259613] ? ret_from_fork_asm+0x1a/0x30 [ 28.259642] kasan_atomics+0x1dc/0x310 [ 28.259667] ? __pfx_kasan_atomics+0x10/0x10 [ 28.259692] ? __pfx_read_tsc+0x10/0x10 [ 28.259730] ? ktime_get_ts64+0x86/0x230 [ 28.259757] kunit_try_run_case+0x1a5/0x480 [ 28.259780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.259802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.259827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.259858] ? __kthread_parkme+0x82/0x180 [ 28.259880] ? preempt_count_sub+0x50/0x80 [ 28.259905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.259928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.259955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.259984] kthread+0x337/0x6f0 [ 28.260011] ? trace_preempt_on+0x20/0xc0 [ 28.260035] ? __pfx_kthread+0x10/0x10 [ 28.260057] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.260080] ? calculate_sigpending+0x7b/0xa0 [ 28.260106] ? __pfx_kthread+0x10/0x10 [ 28.260128] ret_from_fork+0x116/0x1d0 [ 28.260149] ? __pfx_kthread+0x10/0x10 [ 28.260173] ret_from_fork_asm+0x1a/0x30 [ 28.260205] </TASK> [ 28.260218] [ 28.269932] Allocated by task 313: [ 28.270106] kasan_save_stack+0x45/0x70 [ 28.270299] kasan_save_track+0x18/0x40 [ 28.270461] kasan_save_alloc_info+0x3b/0x50 [ 28.271071] __kasan_kmalloc+0xb7/0xc0 [ 28.271256] __kmalloc_cache_noprof+0x189/0x420 [ 28.271435] kasan_atomics+0x95/0x310 [ 28.271816] kunit_try_run_case+0x1a5/0x480 [ 28.272119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.272429] kthread+0x337/0x6f0 [ 28.272586] ret_from_fork+0x116/0x1d0 [ 28.272924] ret_from_fork_asm+0x1a/0x30 [ 28.273119] [ 28.273350] The buggy address belongs to the object at ffff88810439e280 [ 28.273350] which belongs to the cache kmalloc-64 of size 64 [ 28.274069] The buggy address is located 0 bytes to the right of [ 28.274069] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.274795] [ 28.274896] The buggy address belongs to the physical page: [ 28.275094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.275439] flags: 0x200000000000000(node=0|zone=2) [ 28.275953] page_type: f5(slab) [ 28.276207] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.276653] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.277097] page dumped because: kasan: bad access detected [ 28.277406] [ 28.277483] Memory state around the buggy address: [ 28.277942] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.278317] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.278783] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.279185] ^ [ 28.279470] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.279855] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.280209] ================================================================== [ 28.470215] ================================================================== [ 28.470596] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 28.470838] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.471060] [ 28.471229] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.471277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.471293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.471317] Call Trace: [ 28.471333] <TASK> [ 28.471348] dump_stack_lvl+0x73/0xb0 [ 28.471377] print_report+0xd1/0x610 [ 28.471402] ? __virt_addr_valid+0x1db/0x2d0 [ 28.471428] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.471451] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.471479] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.471503] kasan_report+0x141/0x180 [ 28.471538] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.471567] __asan_report_store8_noabort+0x1b/0x30 [ 28.471605] kasan_atomics_helper+0x50d4/0x5450 [ 28.471630] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.471653] ? ret_from_fork_asm+0x1a/0x30 [ 28.471683] kasan_atomics+0x1dc/0x310 [ 28.471716] ? __pfx_kasan_atomics+0x10/0x10 [ 28.471741] ? __pfx_read_tsc+0x10/0x10 [ 28.471765] ? ktime_get_ts64+0x86/0x230 [ 28.471790] kunit_try_run_case+0x1a5/0x480 [ 28.471814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.471849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.471874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.471910] ? __kthread_parkme+0x82/0x180 [ 28.471932] ? preempt_count_sub+0x50/0x80 [ 28.471957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.471981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.472016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.472042] kthread+0x337/0x6f0 [ 28.472074] ? trace_preempt_on+0x20/0xc0 [ 28.472098] ? __pfx_kthread+0x10/0x10 [ 28.472120] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.472142] ? calculate_sigpending+0x7b/0xa0 [ 28.472176] ? __pfx_kthread+0x10/0x10 [ 28.472199] ret_from_fork+0x116/0x1d0 [ 28.472220] ? __pfx_kthread+0x10/0x10 [ 28.472252] ret_from_fork_asm+0x1a/0x30 [ 28.472284] </TASK> [ 28.472297] [ 28.479920] Allocated by task 313: [ 28.480110] kasan_save_stack+0x45/0x70 [ 28.480307] kasan_save_track+0x18/0x40 [ 28.480491] kasan_save_alloc_info+0x3b/0x50 [ 28.480707] __kasan_kmalloc+0xb7/0xc0 [ 28.481001] __kmalloc_cache_noprof+0x189/0x420 [ 28.481157] kasan_atomics+0x95/0x310 [ 28.481289] kunit_try_run_case+0x1a5/0x480 [ 28.481430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.481651] kthread+0x337/0x6f0 [ 28.481860] ret_from_fork+0x116/0x1d0 [ 28.482065] ret_from_fork_asm+0x1a/0x30 [ 28.482298] [ 28.482389] The buggy address belongs to the object at ffff88810439e280 [ 28.482389] which belongs to the cache kmalloc-64 of size 64 [ 28.482979] The buggy address is located 0 bytes to the right of [ 28.482979] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.483526] [ 28.483621] The buggy address belongs to the physical page: [ 28.483868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.484178] flags: 0x200000000000000(node=0|zone=2) [ 28.484409] page_type: f5(slab) [ 28.484615] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.484961] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.485281] page dumped because: kasan: bad access detected [ 28.485516] [ 28.485635] Memory state around the buggy address: [ 28.485868] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.486171] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.486486] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.486803] ^ [ 28.487004] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.487307] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.487645] ================================================================== [ 27.954449] ================================================================== [ 27.954874] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 27.955192] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.956062] [ 27.956184] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.956234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.956248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.956271] Call Trace: [ 27.956288] <TASK> [ 27.956305] dump_stack_lvl+0x73/0xb0 [ 27.956336] print_report+0xd1/0x610 [ 27.956360] ? __virt_addr_valid+0x1db/0x2d0 [ 27.956386] ? kasan_atomics_helper+0xac7/0x5450 [ 27.956408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.956436] ? kasan_atomics_helper+0xac7/0x5450 [ 27.956459] kasan_report+0x141/0x180 [ 27.956482] ? kasan_atomics_helper+0xac7/0x5450 [ 27.956509] kasan_check_range+0x10c/0x1c0 [ 27.956534] __kasan_check_write+0x18/0x20 [ 27.956559] kasan_atomics_helper+0xac7/0x5450 [ 27.956583] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.956609] ? ret_from_fork_asm+0x1a/0x30 [ 27.956638] kasan_atomics+0x1dc/0x310 [ 27.956661] ? __pfx_kasan_atomics+0x10/0x10 [ 27.956687] ? __pfx_read_tsc+0x10/0x10 [ 27.956722] ? ktime_get_ts64+0x86/0x230 [ 27.956747] kunit_try_run_case+0x1a5/0x480 [ 27.956770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.956792] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.956818] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.956843] ? __kthread_parkme+0x82/0x180 [ 27.956864] ? preempt_count_sub+0x50/0x80 [ 27.956889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.956912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.956939] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.956965] kthread+0x337/0x6f0 [ 27.956987] ? trace_preempt_on+0x20/0xc0 [ 27.957010] ? __pfx_kthread+0x10/0x10 [ 27.957033] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.957055] ? calculate_sigpending+0x7b/0xa0 [ 27.957080] ? __pfx_kthread+0x10/0x10 [ 27.957104] ret_from_fork+0x116/0x1d0 [ 27.957125] ? __pfx_kthread+0x10/0x10 [ 27.957147] ret_from_fork_asm+0x1a/0x30 [ 27.957179] </TASK> [ 27.957193] [ 27.965180] Allocated by task 313: [ 27.965369] kasan_save_stack+0x45/0x70 [ 27.965581] kasan_save_track+0x18/0x40 [ 27.965960] kasan_save_alloc_info+0x3b/0x50 [ 27.966169] __kasan_kmalloc+0xb7/0xc0 [ 27.966334] __kmalloc_cache_noprof+0x189/0x420 [ 27.966522] kasan_atomics+0x95/0x310 [ 27.966651] kunit_try_run_case+0x1a5/0x480 [ 27.966809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.967066] kthread+0x337/0x6f0 [ 27.967236] ret_from_fork+0x116/0x1d0 [ 27.967425] ret_from_fork_asm+0x1a/0x30 [ 27.967632] [ 27.967711] The buggy address belongs to the object at ffff88810439e280 [ 27.967711] which belongs to the cache kmalloc-64 of size 64 [ 27.968130] The buggy address is located 0 bytes to the right of [ 27.968130] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.968943] [ 27.969095] The buggy address belongs to the physical page: [ 27.969268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.969506] flags: 0x200000000000000(node=0|zone=2) [ 27.969675] page_type: f5(slab) [ 27.970161] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.970519] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.970888] page dumped because: kasan: bad access detected [ 27.971057] [ 27.971124] Memory state around the buggy address: [ 27.971464] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.971865] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.972206] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.972487] ^ [ 27.972677] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.973192] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.973434] ================================================================== [ 28.413979] ================================================================== [ 28.414772] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 28.415452] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.415908] [ 28.416097] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.416149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.416162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.416196] Call Trace: [ 28.416212] <TASK> [ 28.416229] dump_stack_lvl+0x73/0xb0 [ 28.416258] print_report+0xd1/0x610 [ 28.416292] ? __virt_addr_valid+0x1db/0x2d0 [ 28.416316] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.416350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.416377] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.416400] kasan_report+0x141/0x180 [ 28.416423] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.416451] kasan_check_range+0x10c/0x1c0 [ 28.416475] __kasan_check_read+0x15/0x20 [ 28.416508] kasan_atomics_helper+0x13b5/0x5450 [ 28.416532] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.416555] ? ret_from_fork_asm+0x1a/0x30 [ 28.416584] kasan_atomics+0x1dc/0x310 [ 28.416608] ? __pfx_kasan_atomics+0x10/0x10 [ 28.416633] ? __pfx_read_tsc+0x10/0x10 [ 28.416658] ? ktime_get_ts64+0x86/0x230 [ 28.416684] kunit_try_run_case+0x1a5/0x480 [ 28.416716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.416738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.416763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.416787] ? __kthread_parkme+0x82/0x180 [ 28.416809] ? preempt_count_sub+0x50/0x80 [ 28.416833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.416856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.416883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.416909] kthread+0x337/0x6f0 [ 28.416929] ? trace_preempt_on+0x20/0xc0 [ 28.416953] ? __pfx_kthread+0x10/0x10 [ 28.416975] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.416997] ? calculate_sigpending+0x7b/0xa0 [ 28.417021] ? __pfx_kthread+0x10/0x10 [ 28.417044] ret_from_fork+0x116/0x1d0 [ 28.417065] ? __pfx_kthread+0x10/0x10 [ 28.417088] ret_from_fork_asm+0x1a/0x30 [ 28.417119] </TASK> [ 28.417131] [ 28.425749] Allocated by task 313: [ 28.425926] kasan_save_stack+0x45/0x70 [ 28.426123] kasan_save_track+0x18/0x40 [ 28.426307] kasan_save_alloc_info+0x3b/0x50 [ 28.426535] __kasan_kmalloc+0xb7/0xc0 [ 28.426684] __kmalloc_cache_noprof+0x189/0x420 [ 28.426918] kasan_atomics+0x95/0x310 [ 28.427115] kunit_try_run_case+0x1a5/0x480 [ 28.427298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.427522] kthread+0x337/0x6f0 [ 28.427643] ret_from_fork+0x116/0x1d0 [ 28.427787] ret_from_fork_asm+0x1a/0x30 [ 28.428055] [ 28.428211] The buggy address belongs to the object at ffff88810439e280 [ 28.428211] which belongs to the cache kmalloc-64 of size 64 [ 28.428776] The buggy address is located 0 bytes to the right of [ 28.428776] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.429189] [ 28.429280] The buggy address belongs to the physical page: [ 28.429553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.429902] flags: 0x200000000000000(node=0|zone=2) [ 28.430129] page_type: f5(slab) [ 28.430265] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.430634] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.430981] page dumped because: kasan: bad access detected [ 28.431178] [ 28.431244] Memory state around the buggy address: [ 28.431396] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.431610] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.432049] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.432362] ^ [ 28.432644] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.432990] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.433201] ================================================================== [ 28.768984] ================================================================== [ 28.769282] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 28.769752] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.770235] [ 28.770355] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.770407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.770422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.770445] Call Trace: [ 28.770462] <TASK> [ 28.770481] dump_stack_lvl+0x73/0xb0 [ 28.770526] print_report+0xd1/0x610 [ 28.770551] ? __virt_addr_valid+0x1db/0x2d0 [ 28.770577] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.770621] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.770649] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.770672] kasan_report+0x141/0x180 [ 28.770708] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.770736] __asan_report_load8_noabort+0x18/0x20 [ 28.770762] kasan_atomics_helper+0x4f30/0x5450 [ 28.770786] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.770810] ? ret_from_fork_asm+0x1a/0x30 [ 28.770840] kasan_atomics+0x1dc/0x310 [ 28.770863] ? __pfx_kasan_atomics+0x10/0x10 [ 28.770889] ? __pfx_read_tsc+0x10/0x10 [ 28.770913] ? ktime_get_ts64+0x86/0x230 [ 28.770958] kunit_try_run_case+0x1a5/0x480 [ 28.770983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.771005] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.771031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.771057] ? __kthread_parkme+0x82/0x180 [ 28.771081] ? preempt_count_sub+0x50/0x80 [ 28.771106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.771130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.771158] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.771203] kthread+0x337/0x6f0 [ 28.771224] ? trace_preempt_on+0x20/0xc0 [ 28.771249] ? __pfx_kthread+0x10/0x10 [ 28.771272] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.771295] ? calculate_sigpending+0x7b/0xa0 [ 28.771321] ? __pfx_kthread+0x10/0x10 [ 28.771345] ret_from_fork+0x116/0x1d0 [ 28.771384] ? __pfx_kthread+0x10/0x10 [ 28.771407] ret_from_fork_asm+0x1a/0x30 [ 28.771439] </TASK> [ 28.771453] [ 28.779110] Allocated by task 313: [ 28.779267] kasan_save_stack+0x45/0x70 [ 28.779472] kasan_save_track+0x18/0x40 [ 28.779653] kasan_save_alloc_info+0x3b/0x50 [ 28.779885] __kasan_kmalloc+0xb7/0xc0 [ 28.780087] __kmalloc_cache_noprof+0x189/0x420 [ 28.780293] kasan_atomics+0x95/0x310 [ 28.780462] kunit_try_run_case+0x1a5/0x480 [ 28.780665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.781008] kthread+0x337/0x6f0 [ 28.781183] ret_from_fork+0x116/0x1d0 [ 28.781405] ret_from_fork_asm+0x1a/0x30 [ 28.781765] [ 28.781921] The buggy address belongs to the object at ffff88810439e280 [ 28.781921] which belongs to the cache kmalloc-64 of size 64 [ 28.782290] The buggy address is located 0 bytes to the right of [ 28.782290] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.783140] [ 28.783234] The buggy address belongs to the physical page: [ 28.783493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.783850] flags: 0x200000000000000(node=0|zone=2) [ 28.784043] page_type: f5(slab) [ 28.784228] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.784610] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.784928] page dumped because: kasan: bad access detected [ 28.785124] [ 28.785231] Memory state around the buggy address: [ 28.785457] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.785835] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.786160] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.786371] ^ [ 28.786611] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.786937] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.787264] ================================================================== [ 28.182088] ================================================================== [ 28.182407] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 28.183534] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.184100] [ 28.184327] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.184383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.184492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.184537] Call Trace: [ 28.184554] <TASK> [ 28.184572] dump_stack_lvl+0x73/0xb0 [ 28.184603] print_report+0xd1/0x610 [ 28.184664] ? __virt_addr_valid+0x1db/0x2d0 [ 28.184692] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.184728] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.184757] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.184858] kasan_report+0x141/0x180 [ 28.184887] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.184915] __asan_report_load4_noabort+0x18/0x20 [ 28.184941] kasan_atomics_helper+0x4a36/0x5450 [ 28.184965] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.184989] ? ret_from_fork_asm+0x1a/0x30 [ 28.185018] kasan_atomics+0x1dc/0x310 [ 28.185042] ? __pfx_kasan_atomics+0x10/0x10 [ 28.185068] ? __pfx_read_tsc+0x10/0x10 [ 28.185092] ? ktime_get_ts64+0x86/0x230 [ 28.185118] kunit_try_run_case+0x1a5/0x480 [ 28.185141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.185163] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.185188] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.185214] ? __kthread_parkme+0x82/0x180 [ 28.185236] ? preempt_count_sub+0x50/0x80 [ 28.185261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.185284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.185311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.185338] kthread+0x337/0x6f0 [ 28.185359] ? trace_preempt_on+0x20/0xc0 [ 28.185383] ? __pfx_kthread+0x10/0x10 [ 28.185406] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.185429] ? calculate_sigpending+0x7b/0xa0 [ 28.185455] ? __pfx_kthread+0x10/0x10 [ 28.185478] ret_from_fork+0x116/0x1d0 [ 28.185500] ? __pfx_kthread+0x10/0x10 [ 28.185523] ret_from_fork_asm+0x1a/0x30 [ 28.185554] </TASK> [ 28.185567] [ 28.198348] Allocated by task 313: [ 28.198829] kasan_save_stack+0x45/0x70 [ 28.199053] kasan_save_track+0x18/0x40 [ 28.199334] kasan_save_alloc_info+0x3b/0x50 [ 28.199689] __kasan_kmalloc+0xb7/0xc0 [ 28.199852] __kmalloc_cache_noprof+0x189/0x420 [ 28.200079] kasan_atomics+0x95/0x310 [ 28.200211] kunit_try_run_case+0x1a5/0x480 [ 28.200353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.200529] kthread+0x337/0x6f0 [ 28.200648] ret_from_fork+0x116/0x1d0 [ 28.200792] ret_from_fork_asm+0x1a/0x30 [ 28.200932] [ 28.201001] The buggy address belongs to the object at ffff88810439e280 [ 28.201001] which belongs to the cache kmalloc-64 of size 64 [ 28.201908] The buggy address is located 0 bytes to the right of [ 28.201908] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.202472] [ 28.202722] The buggy address belongs to the physical page: [ 28.203406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.204088] flags: 0x200000000000000(node=0|zone=2) [ 28.204509] page_type: f5(slab) [ 28.204825] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.205389] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.205964] page dumped because: kasan: bad access detected [ 28.206218] [ 28.206306] Memory state around the buggy address: [ 28.206726] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.207376] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.208056] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.208504] ^ [ 28.208850] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.209290] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.209818] ================================================================== [ 28.040025] ================================================================== [ 28.040305] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 28.040623] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.040956] [ 28.041038] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.041100] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.041114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.041138] Call Trace: [ 28.041156] <TASK> [ 28.041174] dump_stack_lvl+0x73/0xb0 [ 28.041202] print_report+0xd1/0x610 [ 28.041226] ? __virt_addr_valid+0x1db/0x2d0 [ 28.041252] ? kasan_atomics_helper+0xd47/0x5450 [ 28.041275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.041302] ? kasan_atomics_helper+0xd47/0x5450 [ 28.041325] kasan_report+0x141/0x180 [ 28.041349] ? kasan_atomics_helper+0xd47/0x5450 [ 28.041376] kasan_check_range+0x10c/0x1c0 [ 28.041401] __kasan_check_write+0x18/0x20 [ 28.041425] kasan_atomics_helper+0xd47/0x5450 [ 28.041449] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.041473] ? ret_from_fork_asm+0x1a/0x30 [ 28.041503] kasan_atomics+0x1dc/0x310 [ 28.041527] ? __pfx_kasan_atomics+0x10/0x10 [ 28.041567] ? __pfx_read_tsc+0x10/0x10 [ 28.041591] ? ktime_get_ts64+0x86/0x230 [ 28.041615] kunit_try_run_case+0x1a5/0x480 [ 28.041639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.041660] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.041685] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.041722] ? __kthread_parkme+0x82/0x180 [ 28.041745] ? preempt_count_sub+0x50/0x80 [ 28.041769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.041804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.041832] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.041858] kthread+0x337/0x6f0 [ 28.041880] ? trace_preempt_on+0x20/0xc0 [ 28.041905] ? __pfx_kthread+0x10/0x10 [ 28.041927] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.041950] ? calculate_sigpending+0x7b/0xa0 [ 28.041976] ? __pfx_kthread+0x10/0x10 [ 28.042000] ret_from_fork+0x116/0x1d0 [ 28.042021] ? __pfx_kthread+0x10/0x10 [ 28.042043] ret_from_fork_asm+0x1a/0x30 [ 28.042075] </TASK> [ 28.042088] [ 28.051823] Allocated by task 313: [ 28.052422] kasan_save_stack+0x45/0x70 [ 28.052770] kasan_save_track+0x18/0x40 [ 28.053213] kasan_save_alloc_info+0x3b/0x50 [ 28.053572] __kasan_kmalloc+0xb7/0xc0 [ 28.053990] __kmalloc_cache_noprof+0x189/0x420 [ 28.054274] kasan_atomics+0x95/0x310 [ 28.054461] kunit_try_run_case+0x1a5/0x480 [ 28.054960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.055228] kthread+0x337/0x6f0 [ 28.055389] ret_from_fork+0x116/0x1d0 [ 28.055974] ret_from_fork_asm+0x1a/0x30 [ 28.056241] [ 28.056457] The buggy address belongs to the object at ffff88810439e280 [ 28.056457] which belongs to the cache kmalloc-64 of size 64 [ 28.057313] The buggy address is located 0 bytes to the right of [ 28.057313] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.058317] [ 28.058572] The buggy address belongs to the physical page: [ 28.059006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.059343] flags: 0x200000000000000(node=0|zone=2) [ 28.059761] page_type: f5(slab) [ 28.060246] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.060713] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.061380] page dumped because: kasan: bad access detected [ 28.061979] [ 28.062219] Memory state around the buggy address: [ 28.062440] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.063182] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.063628] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.064240] ^ [ 28.064494] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.065123] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.065419] ================================================================== [ 27.897356] ================================================================== [ 27.897670] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 27.898204] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.898500] [ 27.898613] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.898663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.898677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.898712] Call Trace: [ 27.898727] <TASK> [ 27.898744] dump_stack_lvl+0x73/0xb0 [ 27.898773] print_report+0xd1/0x610 [ 27.898797] ? __virt_addr_valid+0x1db/0x2d0 [ 27.898822] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.898844] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.898872] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.898895] kasan_report+0x141/0x180 [ 27.898918] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.898946] kasan_check_range+0x10c/0x1c0 [ 27.898971] __kasan_check_write+0x18/0x20 [ 27.898995] kasan_atomics_helper+0x8f9/0x5450 [ 27.899020] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.899043] ? ret_from_fork_asm+0x1a/0x30 [ 27.899072] kasan_atomics+0x1dc/0x310 [ 27.899096] ? __pfx_kasan_atomics+0x10/0x10 [ 27.899120] ? __pfx_read_tsc+0x10/0x10 [ 27.899145] ? ktime_get_ts64+0x86/0x230 [ 27.899170] kunit_try_run_case+0x1a5/0x480 [ 27.899193] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.899217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.899242] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.899268] ? __kthread_parkme+0x82/0x180 [ 27.899289] ? preempt_count_sub+0x50/0x80 [ 27.899314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.899336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.899364] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.899391] kthread+0x337/0x6f0 [ 27.899412] ? trace_preempt_on+0x20/0xc0 [ 27.899435] ? __pfx_kthread+0x10/0x10 [ 27.899458] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.899480] ? calculate_sigpending+0x7b/0xa0 [ 27.899570] ? __pfx_kthread+0x10/0x10 [ 27.899594] ret_from_fork+0x116/0x1d0 [ 27.899615] ? __pfx_kthread+0x10/0x10 [ 27.899638] ret_from_fork_asm+0x1a/0x30 [ 27.899669] </TASK> [ 27.899682] [ 27.908182] Allocated by task 313: [ 27.908355] kasan_save_stack+0x45/0x70 [ 27.908560] kasan_save_track+0x18/0x40 [ 27.908695] kasan_save_alloc_info+0x3b/0x50 [ 27.909123] __kasan_kmalloc+0xb7/0xc0 [ 27.909276] __kmalloc_cache_noprof+0x189/0x420 [ 27.909508] kasan_atomics+0x95/0x310 [ 27.909665] kunit_try_run_case+0x1a5/0x480 [ 27.909917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.910134] kthread+0x337/0x6f0 [ 27.910254] ret_from_fork+0x116/0x1d0 [ 27.910441] ret_from_fork_asm+0x1a/0x30 [ 27.910767] [ 27.910872] The buggy address belongs to the object at ffff88810439e280 [ 27.910872] which belongs to the cache kmalloc-64 of size 64 [ 27.911310] The buggy address is located 0 bytes to the right of [ 27.911310] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.911798] [ 27.912091] The buggy address belongs to the physical page: [ 27.912366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.912680] flags: 0x200000000000000(node=0|zone=2) [ 27.912859] page_type: f5(slab) [ 27.912981] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.913211] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.913547] page dumped because: kasan: bad access detected [ 27.913805] [ 27.913926] Memory state around the buggy address: [ 27.914229] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.914484] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.914872] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.915169] ^ [ 27.915361] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.915640] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.916262] ================================================================== [ 28.741898] ================================================================== [ 28.743137] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 28.743389] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.744270] [ 28.744606] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.744664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.744680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.744713] Call Trace: [ 28.744731] <TASK> [ 28.744749] dump_stack_lvl+0x73/0xb0 [ 28.744781] print_report+0xd1/0x610 [ 28.744809] ? __virt_addr_valid+0x1db/0x2d0 [ 28.744837] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.744989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.745033] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.745058] kasan_report+0x141/0x180 [ 28.745083] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.745145] kasan_check_range+0x10c/0x1c0 [ 28.745173] __kasan_check_write+0x18/0x20 [ 28.745197] kasan_atomics_helper+0x1c18/0x5450 [ 28.745222] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.745246] ? ret_from_fork_asm+0x1a/0x30 [ 28.745276] kasan_atomics+0x1dc/0x310 [ 28.745301] ? __pfx_kasan_atomics+0x10/0x10 [ 28.745326] ? __pfx_read_tsc+0x10/0x10 [ 28.745351] ? ktime_get_ts64+0x86/0x230 [ 28.745378] kunit_try_run_case+0x1a5/0x480 [ 28.745401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.745424] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.745451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.745476] ? __kthread_parkme+0x82/0x180 [ 28.745513] ? preempt_count_sub+0x50/0x80 [ 28.745538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.745562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.745589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.745616] kthread+0x337/0x6f0 [ 28.745638] ? trace_preempt_on+0x20/0xc0 [ 28.745662] ? __pfx_kthread+0x10/0x10 [ 28.745686] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.745720] ? calculate_sigpending+0x7b/0xa0 [ 28.745745] ? __pfx_kthread+0x10/0x10 [ 28.745767] ret_from_fork+0x116/0x1d0 [ 28.745789] ? __pfx_kthread+0x10/0x10 [ 28.745811] ret_from_fork_asm+0x1a/0x30 [ 28.745843] </TASK> [ 28.745857] [ 28.758647] Allocated by task 313: [ 28.758796] kasan_save_stack+0x45/0x70 [ 28.759111] kasan_save_track+0x18/0x40 [ 28.759307] kasan_save_alloc_info+0x3b/0x50 [ 28.759475] __kasan_kmalloc+0xb7/0xc0 [ 28.759714] __kmalloc_cache_noprof+0x189/0x420 [ 28.759919] kasan_atomics+0x95/0x310 [ 28.760137] kunit_try_run_case+0x1a5/0x480 [ 28.760371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.760670] kthread+0x337/0x6f0 [ 28.760803] ret_from_fork+0x116/0x1d0 [ 28.760937] ret_from_fork_asm+0x1a/0x30 [ 28.761140] [ 28.761278] The buggy address belongs to the object at ffff88810439e280 [ 28.761278] which belongs to the cache kmalloc-64 of size 64 [ 28.762181] The buggy address is located 0 bytes to the right of [ 28.762181] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.763211] [ 28.763296] The buggy address belongs to the physical page: [ 28.763475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.764334] flags: 0x200000000000000(node=0|zone=2) [ 28.764952] page_type: f5(slab) [ 28.765264] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.765611] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.766269] page dumped because: kasan: bad access detected [ 28.766727] [ 28.766797] Memory state around the buggy address: [ 28.766955] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.767171] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.767387] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.767623] ^ [ 28.767867] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.768177] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.768412] ================================================================== [ 28.861040] ================================================================== [ 28.861321] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 28.861825] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.862108] [ 28.862195] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.862243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.862257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.862280] Call Trace: [ 28.862295] <TASK> [ 28.862311] dump_stack_lvl+0x73/0xb0 [ 28.862340] print_report+0xd1/0x610 [ 28.862364] ? __virt_addr_valid+0x1db/0x2d0 [ 28.862389] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.862411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.862439] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.862462] kasan_report+0x141/0x180 [ 28.862486] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.862856] kasan_check_range+0x10c/0x1c0 [ 28.862886] __kasan_check_write+0x18/0x20 [ 28.862913] kasan_atomics_helper+0x1f43/0x5450 [ 28.862939] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.862963] ? ret_from_fork_asm+0x1a/0x30 [ 28.862993] kasan_atomics+0x1dc/0x310 [ 28.863018] ? __pfx_kasan_atomics+0x10/0x10 [ 28.863043] ? __pfx_read_tsc+0x10/0x10 [ 28.863068] ? ktime_get_ts64+0x86/0x230 [ 28.863093] kunit_try_run_case+0x1a5/0x480 [ 28.863116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.863139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.863163] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.863188] ? __kthread_parkme+0x82/0x180 [ 28.863211] ? preempt_count_sub+0x50/0x80 [ 28.863236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.863259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.863286] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.863313] kthread+0x337/0x6f0 [ 28.863335] ? trace_preempt_on+0x20/0xc0 [ 28.863360] ? __pfx_kthread+0x10/0x10 [ 28.863383] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.863406] ? calculate_sigpending+0x7b/0xa0 [ 28.863431] ? __pfx_kthread+0x10/0x10 [ 28.863454] ret_from_fork+0x116/0x1d0 [ 28.863476] ? __pfx_kthread+0x10/0x10 [ 28.863512] ret_from_fork_asm+0x1a/0x30 [ 28.863544] </TASK> [ 28.863556] [ 28.871789] Allocated by task 313: [ 28.873280] kasan_save_stack+0x45/0x70 [ 28.873818] kasan_save_track+0x18/0x40 [ 28.874360] kasan_save_alloc_info+0x3b/0x50 [ 28.874844] __kasan_kmalloc+0xb7/0xc0 [ 28.874993] __kmalloc_cache_noprof+0x189/0x420 [ 28.875150] kasan_atomics+0x95/0x310 [ 28.875278] kunit_try_run_case+0x1a5/0x480 [ 28.875421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.875594] kthread+0x337/0x6f0 [ 28.876067] ret_from_fork+0x116/0x1d0 [ 28.876597] ret_from_fork_asm+0x1a/0x30 [ 28.877193] [ 28.877548] The buggy address belongs to the object at ffff88810439e280 [ 28.877548] which belongs to the cache kmalloc-64 of size 64 [ 28.878173] The buggy address is located 0 bytes to the right of [ 28.878173] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.879238] [ 28.879355] The buggy address belongs to the physical page: [ 28.879619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.880011] flags: 0x200000000000000(node=0|zone=2) [ 28.880237] page_type: f5(slab) [ 28.880367] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.880690] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.881009] page dumped because: kasan: bad access detected [ 28.881179] [ 28.881297] Memory state around the buggy address: [ 28.881551] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.881908] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.882213] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.882554] ^ [ 28.882791] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.883110] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.883397] ================================================================== [ 28.653313] ================================================================== [ 28.653725] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 28.654051] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.654355] [ 28.654453] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.654505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.654520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.654787] Call Trace: [ 28.654805] <TASK> [ 28.654823] dump_stack_lvl+0x73/0xb0 [ 28.654950] print_report+0xd1/0x610 [ 28.654976] ? __virt_addr_valid+0x1db/0x2d0 [ 28.655003] ? kasan_atomics_helper+0x194a/0x5450 [ 28.655025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.655054] ? kasan_atomics_helper+0x194a/0x5450 [ 28.655077] kasan_report+0x141/0x180 [ 28.655100] ? kasan_atomics_helper+0x194a/0x5450 [ 28.655128] kasan_check_range+0x10c/0x1c0 [ 28.655153] __kasan_check_write+0x18/0x20 [ 28.655178] kasan_atomics_helper+0x194a/0x5450 [ 28.655202] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.655226] ? ret_from_fork_asm+0x1a/0x30 [ 28.655255] kasan_atomics+0x1dc/0x310 [ 28.655279] ? __pfx_kasan_atomics+0x10/0x10 [ 28.655305] ? __pfx_read_tsc+0x10/0x10 [ 28.655328] ? ktime_get_ts64+0x86/0x230 [ 28.655354] kunit_try_run_case+0x1a5/0x480 [ 28.655378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.655400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.655424] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.655450] ? __kthread_parkme+0x82/0x180 [ 28.655473] ? preempt_count_sub+0x50/0x80 [ 28.655512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.655536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.655561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.655588] kthread+0x337/0x6f0 [ 28.655610] ? trace_preempt_on+0x20/0xc0 [ 28.655634] ? __pfx_kthread+0x10/0x10 [ 28.655656] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.655679] ? calculate_sigpending+0x7b/0xa0 [ 28.655714] ? __pfx_kthread+0x10/0x10 [ 28.655738] ret_from_fork+0x116/0x1d0 [ 28.655759] ? __pfx_kthread+0x10/0x10 [ 28.655781] ret_from_fork_asm+0x1a/0x30 [ 28.655813] </TASK> [ 28.655827] [ 28.665144] Allocated by task 313: [ 28.665319] kasan_save_stack+0x45/0x70 [ 28.665672] kasan_save_track+0x18/0x40 [ 28.665881] kasan_save_alloc_info+0x3b/0x50 [ 28.666140] __kasan_kmalloc+0xb7/0xc0 [ 28.666298] __kmalloc_cache_noprof+0x189/0x420 [ 28.666522] kasan_atomics+0x95/0x310 [ 28.666794] kunit_try_run_case+0x1a5/0x480 [ 28.666970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.667215] kthread+0x337/0x6f0 [ 28.667363] ret_from_fork+0x116/0x1d0 [ 28.667535] ret_from_fork_asm+0x1a/0x30 [ 28.668074] [ 28.668171] The buggy address belongs to the object at ffff88810439e280 [ 28.668171] which belongs to the cache kmalloc-64 of size 64 [ 28.668782] The buggy address is located 0 bytes to the right of [ 28.668782] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.669376] [ 28.669586] The buggy address belongs to the physical page: [ 28.669889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.670294] flags: 0x200000000000000(node=0|zone=2) [ 28.670510] page_type: f5(slab) [ 28.670773] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.671139] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.671548] page dumped because: kasan: bad access detected [ 28.671807] [ 28.671890] Memory state around the buggy address: [ 28.672100] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.672397] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.673018] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.673308] ^ [ 28.673528] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.673961] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.674315] ================================================================== [ 28.631350] ================================================================== [ 28.631957] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 28.632264] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.632571] [ 28.632864] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.632918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.632934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.632957] Call Trace: [ 28.632976] <TASK> [ 28.632994] dump_stack_lvl+0x73/0xb0 [ 28.633023] print_report+0xd1/0x610 [ 28.633049] ? __virt_addr_valid+0x1db/0x2d0 [ 28.633074] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.633096] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.633124] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.633147] kasan_report+0x141/0x180 [ 28.633172] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.633198] kasan_check_range+0x10c/0x1c0 [ 28.633223] __kasan_check_write+0x18/0x20 [ 28.633248] kasan_atomics_helper+0x18b1/0x5450 [ 28.633271] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.633295] ? ret_from_fork_asm+0x1a/0x30 [ 28.633324] kasan_atomics+0x1dc/0x310 [ 28.633348] ? __pfx_kasan_atomics+0x10/0x10 [ 28.633373] ? __pfx_read_tsc+0x10/0x10 [ 28.633398] ? ktime_get_ts64+0x86/0x230 [ 28.633424] kunit_try_run_case+0x1a5/0x480 [ 28.633448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.633469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.633650] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.633680] ? __kthread_parkme+0x82/0x180 [ 28.633715] ? preempt_count_sub+0x50/0x80 [ 28.633741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.633765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.633792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.633818] kthread+0x337/0x6f0 [ 28.633840] ? trace_preempt_on+0x20/0xc0 [ 28.633863] ? __pfx_kthread+0x10/0x10 [ 28.633886] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.633909] ? calculate_sigpending+0x7b/0xa0 [ 28.633934] ? __pfx_kthread+0x10/0x10 [ 28.633957] ret_from_fork+0x116/0x1d0 [ 28.633979] ? __pfx_kthread+0x10/0x10 [ 28.634001] ret_from_fork_asm+0x1a/0x30 [ 28.634033] </TASK> [ 28.634045] [ 28.643206] Allocated by task 313: [ 28.643365] kasan_save_stack+0x45/0x70 [ 28.643707] kasan_save_track+0x18/0x40 [ 28.644018] kasan_save_alloc_info+0x3b/0x50 [ 28.644215] __kasan_kmalloc+0xb7/0xc0 [ 28.644550] __kmalloc_cache_noprof+0x189/0x420 [ 28.644858] kasan_atomics+0x95/0x310 [ 28.645089] kunit_try_run_case+0x1a5/0x480 [ 28.645286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.645740] kthread+0x337/0x6f0 [ 28.645914] ret_from_fork+0x116/0x1d0 [ 28.646199] ret_from_fork_asm+0x1a/0x30 [ 28.646376] [ 28.646458] The buggy address belongs to the object at ffff88810439e280 [ 28.646458] which belongs to the cache kmalloc-64 of size 64 [ 28.647080] The buggy address is located 0 bytes to the right of [ 28.647080] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.647774] [ 28.647869] The buggy address belongs to the physical page: [ 28.648110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.648598] flags: 0x200000000000000(node=0|zone=2) [ 28.648893] page_type: f5(slab) [ 28.649022] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.649432] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.649808] page dumped because: kasan: bad access detected [ 28.650161] [ 28.650318] Memory state around the buggy address: [ 28.650739] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.650957] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.651166] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.651369] ^ [ 28.651534] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.651810] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.652127] ================================================================== [ 27.541997] ================================================================== [ 27.542633] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 27.543198] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.543489] [ 27.543605] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.543658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.543671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.543695] Call Trace: [ 27.543720] <TASK> [ 27.543740] dump_stack_lvl+0x73/0xb0 [ 27.543773] print_report+0xd1/0x610 [ 27.543797] ? __virt_addr_valid+0x1db/0x2d0 [ 27.543823] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.543853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.543880] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.543902] kasan_report+0x141/0x180 [ 27.543924] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.543951] __asan_report_load4_noabort+0x18/0x20 [ 27.543976] kasan_atomics_helper+0x4bbc/0x5450 [ 27.543999] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.544021] ? ret_from_fork_asm+0x1a/0x30 [ 27.544051] kasan_atomics+0x1dc/0x310 [ 27.544074] ? __pfx_kasan_atomics+0x10/0x10 [ 27.544099] ? __pfx_read_tsc+0x10/0x10 [ 27.544190] ? ktime_get_ts64+0x86/0x230 [ 27.544221] kunit_try_run_case+0x1a5/0x480 [ 27.544246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.544266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.544291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.544314] ? __kthread_parkme+0x82/0x180 [ 27.544336] ? preempt_count_sub+0x50/0x80 [ 27.544361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.544384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.544409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.544434] kthread+0x337/0x6f0 [ 27.544455] ? trace_preempt_on+0x20/0xc0 [ 27.544480] ? __pfx_kthread+0x10/0x10 [ 27.544514] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.544535] ? calculate_sigpending+0x7b/0xa0 [ 27.544562] ? __pfx_kthread+0x10/0x10 [ 27.544584] ret_from_fork+0x116/0x1d0 [ 27.544604] ? __pfx_kthread+0x10/0x10 [ 27.544624] ret_from_fork_asm+0x1a/0x30 [ 27.544655] </TASK> [ 27.544668] [ 27.554883] Allocated by task 313: [ 27.555284] kasan_save_stack+0x45/0x70 [ 27.555485] kasan_save_track+0x18/0x40 [ 27.555853] kasan_save_alloc_info+0x3b/0x50 [ 27.556020] __kasan_kmalloc+0xb7/0xc0 [ 27.556550] __kmalloc_cache_noprof+0x189/0x420 [ 27.556890] kasan_atomics+0x95/0x310 [ 27.557256] kunit_try_run_case+0x1a5/0x480 [ 27.557553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.557930] kthread+0x337/0x6f0 [ 27.558230] ret_from_fork+0x116/0x1d0 [ 27.558423] ret_from_fork_asm+0x1a/0x30 [ 27.558784] [ 27.559003] The buggy address belongs to the object at ffff88810439e280 [ 27.559003] which belongs to the cache kmalloc-64 of size 64 [ 27.559663] The buggy address is located 0 bytes to the right of [ 27.559663] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.560267] [ 27.560361] The buggy address belongs to the physical page: [ 27.560973] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.561360] flags: 0x200000000000000(node=0|zone=2) [ 27.561800] page_type: f5(slab) [ 27.562200] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.562660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.563173] page dumped because: kasan: bad access detected [ 27.563408] [ 27.563677] Memory state around the buggy address: [ 27.564079] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.564378] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.564923] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.565392] ^ [ 27.565761] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.566260] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.566743] ================================================================== [ 27.632038] ================================================================== [ 27.632641] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 27.633445] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.634127] [ 27.634335] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.634463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.634478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.634502] Call Trace: [ 27.634523] <TASK> [ 27.634542] dump_stack_lvl+0x73/0xb0 [ 27.634573] print_report+0xd1/0x610 [ 27.634598] ? __virt_addr_valid+0x1db/0x2d0 [ 27.634625] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.634647] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.634675] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.634710] kasan_report+0x141/0x180 [ 27.634734] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.634761] __asan_report_store4_noabort+0x1b/0x30 [ 27.634799] kasan_atomics_helper+0x4b6e/0x5450 [ 27.634823] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.634846] ? ret_from_fork_asm+0x1a/0x30 [ 27.634876] kasan_atomics+0x1dc/0x310 [ 27.634901] ? __pfx_kasan_atomics+0x10/0x10 [ 27.634927] ? __pfx_read_tsc+0x10/0x10 [ 27.634951] ? ktime_get_ts64+0x86/0x230 [ 27.634978] kunit_try_run_case+0x1a5/0x480 [ 27.635003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.635025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.635050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.635075] ? __kthread_parkme+0x82/0x180 [ 27.635098] ? preempt_count_sub+0x50/0x80 [ 27.635123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.635147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.635175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.635202] kthread+0x337/0x6f0 [ 27.635225] ? trace_preempt_on+0x20/0xc0 [ 27.635250] ? __pfx_kthread+0x10/0x10 [ 27.635273] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.635296] ? calculate_sigpending+0x7b/0xa0 [ 27.635322] ? __pfx_kthread+0x10/0x10 [ 27.635345] ret_from_fork+0x116/0x1d0 [ 27.635366] ? __pfx_kthread+0x10/0x10 [ 27.635388] ret_from_fork_asm+0x1a/0x30 [ 27.635421] </TASK> [ 27.635434] [ 27.647160] Allocated by task 313: [ 27.647470] kasan_save_stack+0x45/0x70 [ 27.647875] kasan_save_track+0x18/0x40 [ 27.648320] kasan_save_alloc_info+0x3b/0x50 [ 27.648864] __kasan_kmalloc+0xb7/0xc0 [ 27.649363] __kmalloc_cache_noprof+0x189/0x420 [ 27.649665] kasan_atomics+0x95/0x310 [ 27.650114] kunit_try_run_case+0x1a5/0x480 [ 27.650261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.650433] kthread+0x337/0x6f0 [ 27.650689] ret_from_fork+0x116/0x1d0 [ 27.651037] ret_from_fork_asm+0x1a/0x30 [ 27.651449] [ 27.651664] The buggy address belongs to the object at ffff88810439e280 [ 27.651664] which belongs to the cache kmalloc-64 of size 64 [ 27.652842] The buggy address is located 0 bytes to the right of [ 27.652842] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.653758] [ 27.653939] The buggy address belongs to the physical page: [ 27.654407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.655291] flags: 0x200000000000000(node=0|zone=2) [ 27.655677] page_type: f5(slab) [ 27.655829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.656507] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.656749] page dumped because: kasan: bad access detected [ 27.657108] [ 27.657279] Memory state around the buggy address: [ 27.657785] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.658463] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.659225] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.659892] ^ [ 27.660061] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.660270] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.660473] ================================================================== [ 28.586475] ================================================================== [ 28.586768] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 28.587090] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.587434] [ 28.587573] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.587622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.587636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.587662] Call Trace: [ 28.587678] <TASK> [ 28.587706] dump_stack_lvl+0x73/0xb0 [ 28.587733] print_report+0xd1/0x610 [ 28.587768] ? __virt_addr_valid+0x1db/0x2d0 [ 28.587794] ? kasan_atomics_helper+0x177f/0x5450 [ 28.587818] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.587869] ? kasan_atomics_helper+0x177f/0x5450 [ 28.587892] kasan_report+0x141/0x180 [ 28.587915] ? kasan_atomics_helper+0x177f/0x5450 [ 28.587953] kasan_check_range+0x10c/0x1c0 [ 28.587979] __kasan_check_write+0x18/0x20 [ 28.588003] kasan_atomics_helper+0x177f/0x5450 [ 28.588027] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.588050] ? ret_from_fork_asm+0x1a/0x30 [ 28.588081] kasan_atomics+0x1dc/0x310 [ 28.588104] ? __pfx_kasan_atomics+0x10/0x10 [ 28.588130] ? __pfx_read_tsc+0x10/0x10 [ 28.588163] ? ktime_get_ts64+0x86/0x230 [ 28.588189] kunit_try_run_case+0x1a5/0x480 [ 28.588213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.588245] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.588270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.588295] ? __kthread_parkme+0x82/0x180 [ 28.588316] ? preempt_count_sub+0x50/0x80 [ 28.588350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.588373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.588400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.588436] kthread+0x337/0x6f0 [ 28.588457] ? trace_preempt_on+0x20/0xc0 [ 28.588482] ? __pfx_kthread+0x10/0x10 [ 28.588504] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.588526] ? calculate_sigpending+0x7b/0xa0 [ 28.588552] ? __pfx_kthread+0x10/0x10 [ 28.588575] ret_from_fork+0x116/0x1d0 [ 28.588597] ? __pfx_kthread+0x10/0x10 [ 28.588619] ret_from_fork_asm+0x1a/0x30 [ 28.588652] </TASK> [ 28.588666] [ 28.596197] Allocated by task 313: [ 28.596407] kasan_save_stack+0x45/0x70 [ 28.596595] kasan_save_track+0x18/0x40 [ 28.596793] kasan_save_alloc_info+0x3b/0x50 [ 28.596940] __kasan_kmalloc+0xb7/0xc0 [ 28.597146] __kmalloc_cache_noprof+0x189/0x420 [ 28.597367] kasan_atomics+0x95/0x310 [ 28.597535] kunit_try_run_case+0x1a5/0x480 [ 28.597678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.597993] kthread+0x337/0x6f0 [ 28.598167] ret_from_fork+0x116/0x1d0 [ 28.598360] ret_from_fork_asm+0x1a/0x30 [ 28.598638] [ 28.598714] The buggy address belongs to the object at ffff88810439e280 [ 28.598714] which belongs to the cache kmalloc-64 of size 64 [ 28.599062] The buggy address is located 0 bytes to the right of [ 28.599062] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.599629] [ 28.599740] The buggy address belongs to the physical page: [ 28.599920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.600157] flags: 0x200000000000000(node=0|zone=2) [ 28.600400] page_type: f5(slab) [ 28.600650] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.601034] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.601397] page dumped because: kasan: bad access detected [ 28.601709] [ 28.601789] Memory state around the buggy address: [ 28.601999] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.602322] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.602653] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.602961] ^ [ 28.603114] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.603330] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.603671] ================================================================== [ 28.152273] ================================================================== [ 28.152669] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 28.153295] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.154155] [ 28.154411] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.154469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.154495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.154519] Call Trace: [ 28.154534] <TASK> [ 28.154586] dump_stack_lvl+0x73/0xb0 [ 28.154620] print_report+0xd1/0x610 [ 28.154646] ? __virt_addr_valid+0x1db/0x2d0 [ 28.154672] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.154695] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.154731] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.154754] kasan_report+0x141/0x180 [ 28.154777] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.154995] kasan_check_range+0x10c/0x1c0 [ 28.155026] __kasan_check_write+0x18/0x20 [ 28.155051] kasan_atomics_helper+0xfa9/0x5450 [ 28.155075] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.155099] ? ret_from_fork_asm+0x1a/0x30 [ 28.155129] kasan_atomics+0x1dc/0x310 [ 28.155153] ? __pfx_kasan_atomics+0x10/0x10 [ 28.155179] ? __pfx_read_tsc+0x10/0x10 [ 28.155203] ? ktime_get_ts64+0x86/0x230 [ 28.155229] kunit_try_run_case+0x1a5/0x480 [ 28.155253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.155276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.155301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.155326] ? __kthread_parkme+0x82/0x180 [ 28.155348] ? preempt_count_sub+0x50/0x80 [ 28.155373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.155397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.155422] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.155449] kthread+0x337/0x6f0 [ 28.155471] ? trace_preempt_on+0x20/0xc0 [ 28.155496] ? __pfx_kthread+0x10/0x10 [ 28.155518] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.155541] ? calculate_sigpending+0x7b/0xa0 [ 28.155566] ? __pfx_kthread+0x10/0x10 [ 28.155589] ret_from_fork+0x116/0x1d0 [ 28.155610] ? __pfx_kthread+0x10/0x10 [ 28.155633] ret_from_fork_asm+0x1a/0x30 [ 28.155665] </TASK> [ 28.155679] [ 28.168429] Allocated by task 313: [ 28.168915] kasan_save_stack+0x45/0x70 [ 28.169220] kasan_save_track+0x18/0x40 [ 28.169418] kasan_save_alloc_info+0x3b/0x50 [ 28.169791] __kasan_kmalloc+0xb7/0xc0 [ 28.170166] __kmalloc_cache_noprof+0x189/0x420 [ 28.170386] kasan_atomics+0x95/0x310 [ 28.170826] kunit_try_run_case+0x1a5/0x480 [ 28.171318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.171784] kthread+0x337/0x6f0 [ 28.171981] ret_from_fork+0x116/0x1d0 [ 28.172160] ret_from_fork_asm+0x1a/0x30 [ 28.172340] [ 28.172428] The buggy address belongs to the object at ffff88810439e280 [ 28.172428] which belongs to the cache kmalloc-64 of size 64 [ 28.173571] The buggy address is located 0 bytes to the right of [ 28.173571] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.174308] [ 28.174406] The buggy address belongs to the physical page: [ 28.175325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.175916] flags: 0x200000000000000(node=0|zone=2) [ 28.176215] page_type: f5(slab) [ 28.176372] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.177005] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.177551] page dumped because: kasan: bad access detected [ 28.177871] [ 28.177967] Memory state around the buggy address: [ 28.178176] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.178468] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.179465] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.180018] ^ [ 28.180237] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.180795] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.181318] ================================================================== [ 27.661373] ================================================================== [ 27.662120] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 27.662832] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.663588] [ 27.663798] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.663903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.663921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.663945] Call Trace: [ 27.663966] <TASK> [ 27.663986] dump_stack_lvl+0x73/0xb0 [ 27.664017] print_report+0xd1/0x610 [ 27.664043] ? __virt_addr_valid+0x1db/0x2d0 [ 27.664070] ? kasan_atomics_helper+0x3df/0x5450 [ 27.664092] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.664121] ? kasan_atomics_helper+0x3df/0x5450 [ 27.664144] kasan_report+0x141/0x180 [ 27.664167] ? kasan_atomics_helper+0x3df/0x5450 [ 27.664194] kasan_check_range+0x10c/0x1c0 [ 27.664220] __kasan_check_read+0x15/0x20 [ 27.664244] kasan_atomics_helper+0x3df/0x5450 [ 27.664268] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.664292] ? ret_from_fork_asm+0x1a/0x30 [ 27.664321] kasan_atomics+0x1dc/0x310 [ 27.664346] ? __pfx_kasan_atomics+0x10/0x10 [ 27.664371] ? __pfx_read_tsc+0x10/0x10 [ 27.664395] ? ktime_get_ts64+0x86/0x230 [ 27.664422] kunit_try_run_case+0x1a5/0x480 [ 27.664447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.664470] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.664504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.664529] ? __kthread_parkme+0x82/0x180 [ 27.664553] ? preempt_count_sub+0x50/0x80 [ 27.664578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.664602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.664629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.664656] kthread+0x337/0x6f0 [ 27.664678] ? trace_preempt_on+0x20/0xc0 [ 27.664715] ? __pfx_kthread+0x10/0x10 [ 27.664739] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.664761] ? calculate_sigpending+0x7b/0xa0 [ 27.664916] ? __pfx_kthread+0x10/0x10 [ 27.664943] ret_from_fork+0x116/0x1d0 [ 27.664967] ? __pfx_kthread+0x10/0x10 [ 27.664990] ret_from_fork_asm+0x1a/0x30 [ 27.665024] </TASK> [ 27.665039] [ 27.674238] Allocated by task 313: [ 27.674401] kasan_save_stack+0x45/0x70 [ 27.674628] kasan_save_track+0x18/0x40 [ 27.674774] kasan_save_alloc_info+0x3b/0x50 [ 27.674922] __kasan_kmalloc+0xb7/0xc0 [ 27.675161] __kmalloc_cache_noprof+0x189/0x420 [ 27.675395] kasan_atomics+0x95/0x310 [ 27.675579] kunit_try_run_case+0x1a5/0x480 [ 27.675764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.675943] kthread+0x337/0x6f0 [ 27.676168] ret_from_fork+0x116/0x1d0 [ 27.676356] ret_from_fork_asm+0x1a/0x30 [ 27.676619] [ 27.676723] The buggy address belongs to the object at ffff88810439e280 [ 27.676723] which belongs to the cache kmalloc-64 of size 64 [ 27.677282] The buggy address is located 0 bytes to the right of [ 27.677282] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.677817] [ 27.677914] The buggy address belongs to the physical page: [ 27.678218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.678458] flags: 0x200000000000000(node=0|zone=2) [ 27.678620] page_type: f5(slab) [ 27.678751] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.679594] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.679910] page dumped because: kasan: bad access detected [ 27.680082] [ 27.680149] Memory state around the buggy address: [ 27.680439] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.681025] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.681279] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.681492] ^ [ 27.681647] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.681966] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.682394] ================================================================== [ 28.675111] ================================================================== [ 28.675572] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 28.675982] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.676444] [ 28.676533] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.676596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.676611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.676634] Call Trace: [ 28.676650] <TASK> [ 28.676667] dump_stack_lvl+0x73/0xb0 [ 28.676711] print_report+0xd1/0x610 [ 28.676737] ? __virt_addr_valid+0x1db/0x2d0 [ 28.676762] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.676786] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.676815] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.676838] kasan_report+0x141/0x180 [ 28.676862] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.676890] kasan_check_range+0x10c/0x1c0 [ 28.676915] __kasan_check_write+0x18/0x20 [ 28.676940] kasan_atomics_helper+0x19e3/0x5450 [ 28.676964] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.676988] ? ret_from_fork_asm+0x1a/0x30 [ 28.677018] kasan_atomics+0x1dc/0x310 [ 28.677042] ? __pfx_kasan_atomics+0x10/0x10 [ 28.677068] ? __pfx_read_tsc+0x10/0x10 [ 28.677092] ? ktime_get_ts64+0x86/0x230 [ 28.677119] kunit_try_run_case+0x1a5/0x480 [ 28.677142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.677164] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.677189] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.677213] ? __kthread_parkme+0x82/0x180 [ 28.677236] ? preempt_count_sub+0x50/0x80 [ 28.677262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.677284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.677311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.677339] kthread+0x337/0x6f0 [ 28.677362] ? trace_preempt_on+0x20/0xc0 [ 28.677387] ? __pfx_kthread+0x10/0x10 [ 28.677409] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.677432] ? calculate_sigpending+0x7b/0xa0 [ 28.677457] ? __pfx_kthread+0x10/0x10 [ 28.677482] ret_from_fork+0x116/0x1d0 [ 28.677513] ? __pfx_kthread+0x10/0x10 [ 28.677535] ret_from_fork_asm+0x1a/0x30 [ 28.677568] </TASK> [ 28.677580] [ 28.684678] Allocated by task 313: [ 28.684865] kasan_save_stack+0x45/0x70 [ 28.685143] kasan_save_track+0x18/0x40 [ 28.685279] kasan_save_alloc_info+0x3b/0x50 [ 28.685426] __kasan_kmalloc+0xb7/0xc0 [ 28.685554] __kmalloc_cache_noprof+0x189/0x420 [ 28.685837] kasan_atomics+0x95/0x310 [ 28.686168] kunit_try_run_case+0x1a5/0x480 [ 28.686376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.686603] kthread+0x337/0x6f0 [ 28.686769] ret_from_fork+0x116/0x1d0 [ 28.686945] ret_from_fork_asm+0x1a/0x30 [ 28.687116] [ 28.687210] The buggy address belongs to the object at ffff88810439e280 [ 28.687210] which belongs to the cache kmalloc-64 of size 64 [ 28.687712] The buggy address is located 0 bytes to the right of [ 28.687712] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.688109] [ 28.688178] The buggy address belongs to the physical page: [ 28.688349] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.688651] flags: 0x200000000000000(node=0|zone=2) [ 28.688904] page_type: f5(slab) [ 28.689069] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.689400] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.690457] page dumped because: kasan: bad access detected [ 28.690679] [ 28.690759] Memory state around the buggy address: [ 28.690915] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.691130] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.691381] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.692076] ^ [ 28.692507] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.693018] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.693523] ================================================================== [ 27.935233] ================================================================== [ 27.935493] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 27.935914] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.936166] [ 27.936247] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.936292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.936306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.936328] Call Trace: [ 27.936342] <TASK> [ 27.936359] dump_stack_lvl+0x73/0xb0 [ 27.936387] print_report+0xd1/0x610 [ 27.936412] ? __virt_addr_valid+0x1db/0x2d0 [ 27.936437] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.936459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.936500] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.936523] kasan_report+0x141/0x180 [ 27.936546] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.936573] kasan_check_range+0x10c/0x1c0 [ 27.936598] __kasan_check_write+0x18/0x20 [ 27.936622] kasan_atomics_helper+0xa2b/0x5450 [ 27.936646] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.936669] ? ret_from_fork_asm+0x1a/0x30 [ 27.936710] kasan_atomics+0x1dc/0x310 [ 27.936734] ? __pfx_kasan_atomics+0x10/0x10 [ 27.936759] ? __pfx_read_tsc+0x10/0x10 [ 27.936945] ? ktime_get_ts64+0x86/0x230 [ 27.936982] kunit_try_run_case+0x1a5/0x480 [ 27.937007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.937029] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.937054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.937079] ? __kthread_parkme+0x82/0x180 [ 27.937101] ? preempt_count_sub+0x50/0x80 [ 27.937125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.937149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.937175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.937203] kthread+0x337/0x6f0 [ 27.937223] ? trace_preempt_on+0x20/0xc0 [ 27.937247] ? __pfx_kthread+0x10/0x10 [ 27.937269] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.937293] ? calculate_sigpending+0x7b/0xa0 [ 27.937317] ? __pfx_kthread+0x10/0x10 [ 27.937341] ret_from_fork+0x116/0x1d0 [ 27.937362] ? __pfx_kthread+0x10/0x10 [ 27.937384] ret_from_fork_asm+0x1a/0x30 [ 27.937416] </TASK> [ 27.937429] [ 27.945615] Allocated by task 313: [ 27.945815] kasan_save_stack+0x45/0x70 [ 27.946098] kasan_save_track+0x18/0x40 [ 27.946231] kasan_save_alloc_info+0x3b/0x50 [ 27.946376] __kasan_kmalloc+0xb7/0xc0 [ 27.946503] __kmalloc_cache_noprof+0x189/0x420 [ 27.946852] kasan_atomics+0x95/0x310 [ 27.947055] kunit_try_run_case+0x1a5/0x480 [ 27.947262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.947561] kthread+0x337/0x6f0 [ 27.947753] ret_from_fork+0x116/0x1d0 [ 27.948154] ret_from_fork_asm+0x1a/0x30 [ 27.948359] [ 27.948447] The buggy address belongs to the object at ffff88810439e280 [ 27.948447] which belongs to the cache kmalloc-64 of size 64 [ 27.949270] The buggy address is located 0 bytes to the right of [ 27.949270] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.949844] [ 27.949942] The buggy address belongs to the physical page: [ 27.950165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.950457] flags: 0x200000000000000(node=0|zone=2) [ 27.950622] page_type: f5(slab) [ 27.950853] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.951229] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.951650] page dumped because: kasan: bad access detected [ 27.952030] [ 27.952103] Memory state around the buggy address: [ 27.952310] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.952565] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.952895] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.953182] ^ [ 27.953336] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.953549] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.953963] ================================================================== [ 28.938615] ================================================================== [ 28.939012] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 28.939379] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.939754] [ 28.939863] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.939913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.939926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.939948] Call Trace: [ 28.939963] <TASK> [ 28.939978] dump_stack_lvl+0x73/0xb0 [ 28.940006] print_report+0xd1/0x610 [ 28.940031] ? __virt_addr_valid+0x1db/0x2d0 [ 28.940055] ? kasan_atomics_helper+0x20c8/0x5450 [ 28.940077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.940104] ? kasan_atomics_helper+0x20c8/0x5450 [ 28.940128] kasan_report+0x141/0x180 [ 28.940150] ? kasan_atomics_helper+0x20c8/0x5450 [ 28.940177] kasan_check_range+0x10c/0x1c0 [ 28.940201] __kasan_check_write+0x18/0x20 [ 28.940226] kasan_atomics_helper+0x20c8/0x5450 [ 28.940251] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.940274] ? ret_from_fork_asm+0x1a/0x30 [ 28.940303] kasan_atomics+0x1dc/0x310 [ 28.940327] ? __pfx_kasan_atomics+0x10/0x10 [ 28.940352] ? __pfx_read_tsc+0x10/0x10 [ 28.940375] ? ktime_get_ts64+0x86/0x230 [ 28.940400] kunit_try_run_case+0x1a5/0x480 [ 28.940425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.940447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.940526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.940555] ? __kthread_parkme+0x82/0x180 [ 28.940579] ? preempt_count_sub+0x50/0x80 [ 28.940603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.940628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.940655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.940682] kthread+0x337/0x6f0 [ 28.940712] ? trace_preempt_on+0x20/0xc0 [ 28.940737] ? __pfx_kthread+0x10/0x10 [ 28.940760] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.940782] ? calculate_sigpending+0x7b/0xa0 [ 28.940807] ? __pfx_kthread+0x10/0x10 [ 28.940831] ret_from_fork+0x116/0x1d0 [ 28.940852] ? __pfx_kthread+0x10/0x10 [ 28.940874] ret_from_fork_asm+0x1a/0x30 [ 28.940905] </TASK> [ 28.940918] [ 28.948705] Allocated by task 313: [ 28.948893] kasan_save_stack+0x45/0x70 [ 28.949095] kasan_save_track+0x18/0x40 [ 28.949286] kasan_save_alloc_info+0x3b/0x50 [ 28.949456] __kasan_kmalloc+0xb7/0xc0 [ 28.949706] __kmalloc_cache_noprof+0x189/0x420 [ 28.949928] kasan_atomics+0x95/0x310 [ 28.950058] kunit_try_run_case+0x1a5/0x480 [ 28.950229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.950544] kthread+0x337/0x6f0 [ 28.950754] ret_from_fork+0x116/0x1d0 [ 28.950979] ret_from_fork_asm+0x1a/0x30 [ 28.951183] [ 28.951275] The buggy address belongs to the object at ffff88810439e280 [ 28.951275] which belongs to the cache kmalloc-64 of size 64 [ 28.951858] The buggy address is located 0 bytes to the right of [ 28.951858] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.952414] [ 28.952538] The buggy address belongs to the physical page: [ 28.952826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.953187] flags: 0x200000000000000(node=0|zone=2) [ 28.953427] page_type: f5(slab) [ 28.953644] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.953989] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.954353] page dumped because: kasan: bad access detected [ 28.954645] [ 28.954747] Memory state around the buggy address: [ 28.954921] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.955134] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.955416] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.955795] ^ [ 28.956064] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.956385] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.956684] ================================================================== [ 27.567522] ================================================================== [ 27.567860] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 27.568215] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.568592] [ 27.568738] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.568789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.568802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.568825] Call Trace: [ 27.568839] <TASK> [ 27.568855] dump_stack_lvl+0x73/0xb0 [ 27.568885] print_report+0xd1/0x610 [ 27.568908] ? __virt_addr_valid+0x1db/0x2d0 [ 27.568933] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.568955] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.568993] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.569017] kasan_report+0x141/0x180 [ 27.569041] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.569069] __asan_report_store4_noabort+0x1b/0x30 [ 27.569094] kasan_atomics_helper+0x4ba2/0x5450 [ 27.569116] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.569139] ? ret_from_fork_asm+0x1a/0x30 [ 27.569167] kasan_atomics+0x1dc/0x310 [ 27.569190] ? __pfx_kasan_atomics+0x10/0x10 [ 27.569215] ? __pfx_read_tsc+0x10/0x10 [ 27.569239] ? ktime_get_ts64+0x86/0x230 [ 27.569265] kunit_try_run_case+0x1a5/0x480 [ 27.569287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.569308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.569333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.569356] ? __kthread_parkme+0x82/0x180 [ 27.569377] ? preempt_count_sub+0x50/0x80 [ 27.569402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.569424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.569449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.569475] kthread+0x337/0x6f0 [ 27.569505] ? trace_preempt_on+0x20/0xc0 [ 27.569527] ? __pfx_kthread+0x10/0x10 [ 27.569549] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.569570] ? calculate_sigpending+0x7b/0xa0 [ 27.569593] ? __pfx_kthread+0x10/0x10 [ 27.569616] ret_from_fork+0x116/0x1d0 [ 27.569636] ? __pfx_kthread+0x10/0x10 [ 27.569656] ret_from_fork_asm+0x1a/0x30 [ 27.569686] </TASK> [ 27.569709] [ 27.583743] Allocated by task 313: [ 27.584270] kasan_save_stack+0x45/0x70 [ 27.585176] kasan_save_track+0x18/0x40 [ 27.585821] kasan_save_alloc_info+0x3b/0x50 [ 27.586328] __kasan_kmalloc+0xb7/0xc0 [ 27.586470] __kmalloc_cache_noprof+0x189/0x420 [ 27.587209] kasan_atomics+0x95/0x310 [ 27.587708] kunit_try_run_case+0x1a5/0x480 [ 27.588360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.588773] kthread+0x337/0x6f0 [ 27.589186] ret_from_fork+0x116/0x1d0 [ 27.589334] ret_from_fork_asm+0x1a/0x30 [ 27.589472] [ 27.589637] The buggy address belongs to the object at ffff88810439e280 [ 27.589637] which belongs to the cache kmalloc-64 of size 64 [ 27.591320] The buggy address is located 0 bytes to the right of [ 27.591320] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.592449] [ 27.592694] The buggy address belongs to the physical page: [ 27.593286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.594019] flags: 0x200000000000000(node=0|zone=2) [ 27.594193] page_type: f5(slab) [ 27.594319] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.594642] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.595506] page dumped because: kasan: bad access detected [ 27.596091] [ 27.596293] Memory state around the buggy address: [ 27.596738] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.596954] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.597164] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.597377] ^ [ 27.597670] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.598485] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.599298] ================================================================== [ 27.600481] ================================================================== [ 27.601283] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 27.602179] Read of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.602933] [ 27.603073] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.603130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.603183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.603209] Call Trace: [ 27.603230] <TASK> [ 27.603285] dump_stack_lvl+0x73/0xb0 [ 27.603318] print_report+0xd1/0x610 [ 27.603354] ? __virt_addr_valid+0x1db/0x2d0 [ 27.603381] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.603404] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.603431] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.603454] kasan_report+0x141/0x180 [ 27.603478] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.603516] __asan_report_load4_noabort+0x18/0x20 [ 27.603542] kasan_atomics_helper+0x4b88/0x5450 [ 27.603566] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.603590] ? ret_from_fork_asm+0x1a/0x30 [ 27.603620] kasan_atomics+0x1dc/0x310 [ 27.603645] ? __pfx_kasan_atomics+0x10/0x10 [ 27.603671] ? __pfx_read_tsc+0x10/0x10 [ 27.603694] ? ktime_get_ts64+0x86/0x230 [ 27.603732] kunit_try_run_case+0x1a5/0x480 [ 27.603756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.603964] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.604001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.604027] ? __kthread_parkme+0x82/0x180 [ 27.604050] ? preempt_count_sub+0x50/0x80 [ 27.604076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.604099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.604127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.604154] kthread+0x337/0x6f0 [ 27.604176] ? trace_preempt_on+0x20/0xc0 [ 27.604200] ? __pfx_kthread+0x10/0x10 [ 27.604222] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.604245] ? calculate_sigpending+0x7b/0xa0 [ 27.604270] ? __pfx_kthread+0x10/0x10 [ 27.604293] ret_from_fork+0x116/0x1d0 [ 27.604314] ? __pfx_kthread+0x10/0x10 [ 27.604336] ret_from_fork_asm+0x1a/0x30 [ 27.604368] </TASK> [ 27.604381] [ 27.617882] Allocated by task 313: [ 27.618326] kasan_save_stack+0x45/0x70 [ 27.618747] kasan_save_track+0x18/0x40 [ 27.619093] kasan_save_alloc_info+0x3b/0x50 [ 27.619248] __kasan_kmalloc+0xb7/0xc0 [ 27.619378] __kmalloc_cache_noprof+0x189/0x420 [ 27.619563] kasan_atomics+0x95/0x310 [ 27.619935] kunit_try_run_case+0x1a5/0x480 [ 27.620556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.621191] kthread+0x337/0x6f0 [ 27.621518] ret_from_fork+0x116/0x1d0 [ 27.621948] ret_from_fork_asm+0x1a/0x30 [ 27.622327] [ 27.622503] The buggy address belongs to the object at ffff88810439e280 [ 27.622503] which belongs to the cache kmalloc-64 of size 64 [ 27.623291] The buggy address is located 0 bytes to the right of [ 27.623291] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.624188] [ 27.624371] The buggy address belongs to the physical page: [ 27.624964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.625688] flags: 0x200000000000000(node=0|zone=2) [ 27.626224] page_type: f5(slab) [ 27.626361] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.626616] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.627063] page dumped because: kasan: bad access detected [ 27.627593] [ 27.627757] Memory state around the buggy address: [ 27.628178] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.628739] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.629242] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.629459] ^ [ 27.629899] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.630602] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.631242] ================================================================== [ 28.712868] ================================================================== [ 28.713585] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 28.713866] Write of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.714168] [ 28.714248] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.714296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.714310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.714332] Call Trace: [ 28.714348] <TASK> [ 28.714365] dump_stack_lvl+0x73/0xb0 [ 28.714392] print_report+0xd1/0x610 [ 28.714417] ? __virt_addr_valid+0x1db/0x2d0 [ 28.714441] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.714464] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.714502] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.714526] kasan_report+0x141/0x180 [ 28.714549] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.714577] kasan_check_range+0x10c/0x1c0 [ 28.714602] __kasan_check_write+0x18/0x20 [ 28.714627] kasan_atomics_helper+0x1b22/0x5450 [ 28.714652] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.714675] ? ret_from_fork_asm+0x1a/0x30 [ 28.714716] kasan_atomics+0x1dc/0x310 [ 28.714741] ? __pfx_kasan_atomics+0x10/0x10 [ 28.714767] ? __pfx_read_tsc+0x10/0x10 [ 28.714791] ? ktime_get_ts64+0x86/0x230 [ 28.714817] kunit_try_run_case+0x1a5/0x480 [ 28.714840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.714863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.714888] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.714913] ? __kthread_parkme+0x82/0x180 [ 28.714936] ? preempt_count_sub+0x50/0x80 [ 28.714961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.714985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.715013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.715039] kthread+0x337/0x6f0 [ 28.715059] ? trace_preempt_on+0x20/0xc0 [ 28.715083] ? __pfx_kthread+0x10/0x10 [ 28.715105] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.715128] ? calculate_sigpending+0x7b/0xa0 [ 28.715153] ? __pfx_kthread+0x10/0x10 [ 28.715176] ret_from_fork+0x116/0x1d0 [ 28.715197] ? __pfx_kthread+0x10/0x10 [ 28.715219] ret_from_fork_asm+0x1a/0x30 [ 28.715251] </TASK> [ 28.715264] [ 28.723728] Allocated by task 313: [ 28.724336] kasan_save_stack+0x45/0x70 [ 28.724990] kasan_save_track+0x18/0x40 [ 28.725603] kasan_save_alloc_info+0x3b/0x50 [ 28.726270] __kasan_kmalloc+0xb7/0xc0 [ 28.726898] __kmalloc_cache_noprof+0x189/0x420 [ 28.727070] kasan_atomics+0x95/0x310 [ 28.727205] kunit_try_run_case+0x1a5/0x480 [ 28.727349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.727952] kthread+0x337/0x6f0 [ 28.728526] ret_from_fork+0x116/0x1d0 [ 28.729105] ret_from_fork_asm+0x1a/0x30 [ 28.729820] [ 28.730028] The buggy address belongs to the object at ffff88810439e280 [ 28.730028] which belongs to the cache kmalloc-64 of size 64 [ 28.731128] The buggy address is located 0 bytes to the right of [ 28.731128] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 28.731763] [ 28.732013] The buggy address belongs to the physical page: [ 28.732801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 28.733848] flags: 0x200000000000000(node=0|zone=2) [ 28.734367] page_type: f5(slab) [ 28.734648] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.735509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.736257] page dumped because: kasan: bad access detected [ 28.736729] [ 28.736807] Memory state around the buggy address: [ 28.736965] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.737182] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.737399] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.738291] ^ [ 28.739023] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.739864] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.740718] ================================================================== [ 27.973861] ================================================================== [ 27.974203] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 27.974500] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.975002] [ 27.975089] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.975137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.975151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.975174] Call Trace: [ 27.975189] <TASK> [ 27.975206] dump_stack_lvl+0x73/0xb0 [ 27.975234] print_report+0xd1/0x610 [ 27.975260] ? __virt_addr_valid+0x1db/0x2d0 [ 27.975285] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.975307] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.975335] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.975358] kasan_report+0x141/0x180 [ 27.975381] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.975408] kasan_check_range+0x10c/0x1c0 [ 27.975432] __kasan_check_write+0x18/0x20 [ 27.975457] kasan_atomics_helper+0xb6a/0x5450 [ 27.975481] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.975504] ? ret_from_fork_asm+0x1a/0x30 [ 27.975533] kasan_atomics+0x1dc/0x310 [ 27.975557] ? __pfx_kasan_atomics+0x10/0x10 [ 27.975758] ? __pfx_read_tsc+0x10/0x10 [ 27.975842] ? ktime_get_ts64+0x86/0x230 [ 27.975879] kunit_try_run_case+0x1a5/0x480 [ 27.975906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.975928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.975954] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.975979] ? __kthread_parkme+0x82/0x180 [ 27.976001] ? preempt_count_sub+0x50/0x80 [ 27.976027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.976051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.976077] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.976105] kthread+0x337/0x6f0 [ 27.976126] ? trace_preempt_on+0x20/0xc0 [ 27.976150] ? __pfx_kthread+0x10/0x10 [ 27.976172] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.976196] ? calculate_sigpending+0x7b/0xa0 [ 27.976221] ? __pfx_kthread+0x10/0x10 [ 27.976244] ret_from_fork+0x116/0x1d0 [ 27.976265] ? __pfx_kthread+0x10/0x10 [ 27.976287] ret_from_fork_asm+0x1a/0x30 [ 27.976319] </TASK> [ 27.976333] [ 27.984245] Allocated by task 313: [ 27.984375] kasan_save_stack+0x45/0x70 [ 27.984677] kasan_save_track+0x18/0x40 [ 27.985064] kasan_save_alloc_info+0x3b/0x50 [ 27.985282] __kasan_kmalloc+0xb7/0xc0 [ 27.985474] __kmalloc_cache_noprof+0x189/0x420 [ 27.985763] kasan_atomics+0x95/0x310 [ 27.985981] kunit_try_run_case+0x1a5/0x480 [ 27.986180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.986412] kthread+0x337/0x6f0 [ 27.986579] ret_from_fork+0x116/0x1d0 [ 27.986773] ret_from_fork_asm+0x1a/0x30 [ 27.986937] [ 27.987032] The buggy address belongs to the object at ffff88810439e280 [ 27.987032] which belongs to the cache kmalloc-64 of size 64 [ 27.987418] The buggy address is located 0 bytes to the right of [ 27.987418] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.987970] [ 27.988253] The buggy address belongs to the physical page: [ 27.988510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.988781] flags: 0x200000000000000(node=0|zone=2) [ 27.989127] page_type: f5(slab) [ 27.989304] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.989647] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.989971] page dumped because: kasan: bad access detected [ 27.990290] [ 27.990376] Memory state around the buggy address: [ 27.990629] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.991053] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.991354] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.991668] ^ [ 27.992093] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.992352] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.992827] ================================================================== [ 27.762292] ================================================================== [ 27.762727] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 27.763796] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.764432] [ 27.764695] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.764765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.764780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.764804] Call Trace: [ 27.764888] <TASK> [ 27.764909] dump_stack_lvl+0x73/0xb0 [ 27.764941] print_report+0xd1/0x610 [ 27.764969] ? __virt_addr_valid+0x1db/0x2d0 [ 27.764995] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.765018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.765046] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.765069] kasan_report+0x141/0x180 [ 27.765092] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.765119] kasan_check_range+0x10c/0x1c0 [ 27.765144] __kasan_check_write+0x18/0x20 [ 27.765169] kasan_atomics_helper+0x5fe/0x5450 [ 27.765192] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.765216] ? ret_from_fork_asm+0x1a/0x30 [ 27.765247] kasan_atomics+0x1dc/0x310 [ 27.765271] ? __pfx_kasan_atomics+0x10/0x10 [ 27.765297] ? __pfx_read_tsc+0x10/0x10 [ 27.765321] ? ktime_get_ts64+0x86/0x230 [ 27.765347] kunit_try_run_case+0x1a5/0x480 [ 27.765371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.765393] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.765419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.765443] ? __kthread_parkme+0x82/0x180 [ 27.765466] ? preempt_count_sub+0x50/0x80 [ 27.765491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.765515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.765541] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.765568] kthread+0x337/0x6f0 [ 27.765590] ? trace_preempt_on+0x20/0xc0 [ 27.765615] ? __pfx_kthread+0x10/0x10 [ 27.765639] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.765663] ? calculate_sigpending+0x7b/0xa0 [ 27.765690] ? __pfx_kthread+0x10/0x10 [ 27.765727] ret_from_fork+0x116/0x1d0 [ 27.765750] ? __pfx_kthread+0x10/0x10 [ 27.765789] ret_from_fork_asm+0x1a/0x30 [ 27.765833] </TASK> [ 27.765847] [ 27.778428] Allocated by task 313: [ 27.778919] kasan_save_stack+0x45/0x70 [ 27.779244] kasan_save_track+0x18/0x40 [ 27.779533] kasan_save_alloc_info+0x3b/0x50 [ 27.779937] __kasan_kmalloc+0xb7/0xc0 [ 27.780088] __kmalloc_cache_noprof+0x189/0x420 [ 27.780480] kasan_atomics+0x95/0x310 [ 27.780847] kunit_try_run_case+0x1a5/0x480 [ 27.781157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.781412] kthread+0x337/0x6f0 [ 27.781731] ret_from_fork+0x116/0x1d0 [ 27.782350] ret_from_fork_asm+0x1a/0x30 [ 27.782617] [ 27.782711] The buggy address belongs to the object at ffff88810439e280 [ 27.782711] which belongs to the cache kmalloc-64 of size 64 [ 27.783651] The buggy address is located 0 bytes to the right of [ 27.783651] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.784675] [ 27.784838] The buggy address belongs to the physical page: [ 27.785131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.785452] flags: 0x200000000000000(node=0|zone=2) [ 27.786004] page_type: f5(slab) [ 27.786276] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.786794] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.787228] page dumped because: kasan: bad access detected [ 27.787547] [ 27.787651] Memory state around the buggy address: [ 27.788060] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.788468] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.788999] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.789296] ^ [ 27.789956] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.790246] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.790752] ================================================================== [ 27.702202] ================================================================== [ 27.702497] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 27.703031] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.703347] [ 27.703437] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.703487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.703567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.703591] Call Trace: [ 27.703611] <TASK> [ 27.703630] dump_stack_lvl+0x73/0xb0 [ 27.703658] print_report+0xd1/0x610 [ 27.703684] ? __virt_addr_valid+0x1db/0x2d0 [ 27.703721] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.703743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.703772] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.703892] kasan_report+0x141/0x180 [ 27.703916] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.703944] kasan_check_range+0x10c/0x1c0 [ 27.703969] __kasan_check_write+0x18/0x20 [ 27.703994] kasan_atomics_helper+0x4a0/0x5450 [ 27.704018] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.704042] ? ret_from_fork_asm+0x1a/0x30 [ 27.704071] kasan_atomics+0x1dc/0x310 [ 27.704095] ? __pfx_kasan_atomics+0x10/0x10 [ 27.704121] ? __pfx_read_tsc+0x10/0x10 [ 27.704145] ? ktime_get_ts64+0x86/0x230 [ 27.704172] kunit_try_run_case+0x1a5/0x480 [ 27.704195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.704217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.704243] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.704268] ? __kthread_parkme+0x82/0x180 [ 27.704291] ? preempt_count_sub+0x50/0x80 [ 27.704317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.704340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.704367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.704394] kthread+0x337/0x6f0 [ 27.704415] ? trace_preempt_on+0x20/0xc0 [ 27.704440] ? __pfx_kthread+0x10/0x10 [ 27.704463] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.704485] ? calculate_sigpending+0x7b/0xa0 [ 27.704511] ? __pfx_kthread+0x10/0x10 [ 27.704534] ret_from_fork+0x116/0x1d0 [ 27.704556] ? __pfx_kthread+0x10/0x10 [ 27.704578] ret_from_fork_asm+0x1a/0x30 [ 27.704611] </TASK> [ 27.704624] [ 27.712717] Allocated by task 313: [ 27.713058] kasan_save_stack+0x45/0x70 [ 27.713271] kasan_save_track+0x18/0x40 [ 27.713423] kasan_save_alloc_info+0x3b/0x50 [ 27.713653] __kasan_kmalloc+0xb7/0xc0 [ 27.713835] __kmalloc_cache_noprof+0x189/0x420 [ 27.713993] kasan_atomics+0x95/0x310 [ 27.714124] kunit_try_run_case+0x1a5/0x480 [ 27.714615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.715077] kthread+0x337/0x6f0 [ 27.715301] ret_from_fork+0x116/0x1d0 [ 27.715437] ret_from_fork_asm+0x1a/0x30 [ 27.715786] [ 27.715939] The buggy address belongs to the object at ffff88810439e280 [ 27.715939] which belongs to the cache kmalloc-64 of size 64 [ 27.716409] The buggy address is located 0 bytes to the right of [ 27.716409] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.716932] [ 27.717006] The buggy address belongs to the physical page: [ 27.717179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.717538] flags: 0x200000000000000(node=0|zone=2) [ 27.717832] page_type: f5(slab) [ 27.718329] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.718669] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.719057] page dumped because: kasan: bad access detected [ 27.719254] [ 27.719325] Memory state around the buggy address: [ 27.719603] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.719944] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.720164] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.720379] ^ [ 27.720762] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.721141] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.721467] ================================================================== [ 28.997591] ================================================================== [ 28.998197] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 28.998836] Read of size 8 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 28.999312] [ 28.999423] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 28.999476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.000006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.000037] Call Trace: [ 29.000054] <TASK> [ 29.000071] dump_stack_lvl+0x73/0xb0 [ 29.000105] print_report+0xd1/0x610 [ 29.000132] ? __virt_addr_valid+0x1db/0x2d0 [ 29.000158] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.000181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.000209] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.000232] kasan_report+0x141/0x180 [ 29.000256] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.000283] __asan_report_load8_noabort+0x18/0x20 [ 29.000312] kasan_atomics_helper+0x4fa5/0x5450 [ 29.000336] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.000360] ? ret_from_fork_asm+0x1a/0x30 [ 29.000389] kasan_atomics+0x1dc/0x310 [ 29.000412] ? __pfx_kasan_atomics+0x10/0x10 [ 29.000438] ? __pfx_read_tsc+0x10/0x10 [ 29.000461] ? ktime_get_ts64+0x86/0x230 [ 29.000569] kunit_try_run_case+0x1a5/0x480 [ 29.000605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.000629] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.000655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.000680] ? __kthread_parkme+0x82/0x180 [ 29.000749] ? preempt_count_sub+0x50/0x80 [ 29.000776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.000800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.000827] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.000854] kthread+0x337/0x6f0 [ 29.000874] ? trace_preempt_on+0x20/0xc0 [ 29.000899] ? __pfx_kthread+0x10/0x10 [ 29.000920] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.000943] ? calculate_sigpending+0x7b/0xa0 [ 29.000968] ? __pfx_kthread+0x10/0x10 [ 29.000991] ret_from_fork+0x116/0x1d0 [ 29.001012] ? __pfx_kthread+0x10/0x10 [ 29.001034] ret_from_fork_asm+0x1a/0x30 [ 29.001066] </TASK> [ 29.001079] [ 29.012348] Allocated by task 313: [ 29.012799] kasan_save_stack+0x45/0x70 [ 29.013051] kasan_save_track+0x18/0x40 [ 29.013343] kasan_save_alloc_info+0x3b/0x50 [ 29.013676] __kasan_kmalloc+0xb7/0xc0 [ 29.013868] __kmalloc_cache_noprof+0x189/0x420 [ 29.014072] kasan_atomics+0x95/0x310 [ 29.014238] kunit_try_run_case+0x1a5/0x480 [ 29.014424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.015027] kthread+0x337/0x6f0 [ 29.015305] ret_from_fork+0x116/0x1d0 [ 29.015693] ret_from_fork_asm+0x1a/0x30 [ 29.016018] [ 29.016233] The buggy address belongs to the object at ffff88810439e280 [ 29.016233] which belongs to the cache kmalloc-64 of size 64 [ 29.017152] The buggy address is located 0 bytes to the right of [ 29.017152] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 29.017899] [ 29.018123] The buggy address belongs to the physical page: [ 29.018474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 29.018926] flags: 0x200000000000000(node=0|zone=2) [ 29.019145] page_type: f5(slab) [ 29.019300] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.020010] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.020423] page dumped because: kasan: bad access detected [ 29.020924] [ 29.021036] Memory state around the buggy address: [ 29.021418] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.021983] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.022479] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.022799] ^ [ 29.023007] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.023292] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.023817] ================================================================== [ 27.741276] ================================================================== [ 27.741739] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 27.742274] Write of size 4 at addr ffff88810439e2b0 by task kunit_try_catch/313 [ 27.742610] [ 27.742727] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.742778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.742867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.742896] Call Trace: [ 27.742915] <TASK> [ 27.742932] dump_stack_lvl+0x73/0xb0 [ 27.742962] print_report+0xd1/0x610 [ 27.742986] ? __virt_addr_valid+0x1db/0x2d0 [ 27.743011] ? kasan_atomics_helper+0x565/0x5450 [ 27.743034] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.743062] ? kasan_atomics_helper+0x565/0x5450 [ 27.743086] kasan_report+0x141/0x180 [ 27.743109] ? kasan_atomics_helper+0x565/0x5450 [ 27.743136] kasan_check_range+0x10c/0x1c0 [ 27.743161] __kasan_check_write+0x18/0x20 [ 27.743186] kasan_atomics_helper+0x565/0x5450 [ 27.743209] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.743233] ? ret_from_fork_asm+0x1a/0x30 [ 27.743263] kasan_atomics+0x1dc/0x310 [ 27.743287] ? __pfx_kasan_atomics+0x10/0x10 [ 27.743312] ? __pfx_read_tsc+0x10/0x10 [ 27.743336] ? ktime_get_ts64+0x86/0x230 [ 27.743361] kunit_try_run_case+0x1a5/0x480 [ 27.743384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.743406] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.743431] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.743456] ? __kthread_parkme+0x82/0x180 [ 27.743478] ? preempt_count_sub+0x50/0x80 [ 27.743513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.743537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.743563] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.743590] kthread+0x337/0x6f0 [ 27.743611] ? trace_preempt_on+0x20/0xc0 [ 27.743634] ? __pfx_kthread+0x10/0x10 [ 27.743657] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.743681] ? calculate_sigpending+0x7b/0xa0 [ 27.743720] ? __pfx_kthread+0x10/0x10 [ 27.743743] ret_from_fork+0x116/0x1d0 [ 27.743765] ? __pfx_kthread+0x10/0x10 [ 27.743840] ret_from_fork_asm+0x1a/0x30 [ 27.743880] </TASK> [ 27.743894] [ 27.751931] Allocated by task 313: [ 27.752106] kasan_save_stack+0x45/0x70 [ 27.752330] kasan_save_track+0x18/0x40 [ 27.752547] kasan_save_alloc_info+0x3b/0x50 [ 27.752860] __kasan_kmalloc+0xb7/0xc0 [ 27.753038] __kmalloc_cache_noprof+0x189/0x420 [ 27.753284] kasan_atomics+0x95/0x310 [ 27.753536] kunit_try_run_case+0x1a5/0x480 [ 27.753750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.754242] kthread+0x337/0x6f0 [ 27.754412] ret_from_fork+0x116/0x1d0 [ 27.754630] ret_from_fork_asm+0x1a/0x30 [ 27.754962] [ 27.755063] The buggy address belongs to the object at ffff88810439e280 [ 27.755063] which belongs to the cache kmalloc-64 of size 64 [ 27.755508] The buggy address is located 0 bytes to the right of [ 27.755508] allocated 48-byte region [ffff88810439e280, ffff88810439e2b0) [ 27.756200] [ 27.756276] The buggy address belongs to the physical page: [ 27.756445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10439e [ 27.756811] flags: 0x200000000000000(node=0|zone=2) [ 27.757054] page_type: f5(slab) [ 27.757224] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.757496] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.758034] page dumped because: kasan: bad access detected [ 27.758212] [ 27.758280] Memory state around the buggy address: [ 27.758432] ffff88810439e180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.758909] ffff88810439e200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.759263] >ffff88810439e280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.759647] ^ [ 27.759967] ffff88810439e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.760246] ffff88810439e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.760613] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 27.468631] ================================================================== [ 27.469044] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.469737] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.470232] [ 27.470340] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.470537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.470550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.470573] Call Trace: [ 27.470590] <TASK> [ 27.470606] dump_stack_lvl+0x73/0xb0 [ 27.470643] print_report+0xd1/0x610 [ 27.470667] ? __virt_addr_valid+0x1db/0x2d0 [ 27.470691] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.470728] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.470754] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.470781] kasan_report+0x141/0x180 [ 27.470803] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.470835] kasan_check_range+0x10c/0x1c0 [ 27.470858] __kasan_check_write+0x18/0x20 [ 27.470881] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.470909] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.470936] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.470960] ? trace_hardirqs_on+0x37/0xe0 [ 27.470983] ? kasan_bitops_generic+0x92/0x1c0 [ 27.471009] kasan_bitops_generic+0x121/0x1c0 [ 27.471032] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.471058] ? trace_hardirqs_on+0x37/0xe0 [ 27.471079] ? __pfx_read_tsc+0x10/0x10 [ 27.471101] ? ktime_get_ts64+0x86/0x230 [ 27.471122] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.471148] kunit_try_run_case+0x1a5/0x480 [ 27.471171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.471193] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.471217] ? __kthread_parkme+0x82/0x180 [ 27.471238] ? preempt_count_sub+0x50/0x80 [ 27.471262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.471284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.471310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.471335] kthread+0x337/0x6f0 [ 27.471356] ? trace_preempt_on+0x20/0xc0 [ 27.471378] ? __pfx_kthread+0x10/0x10 [ 27.471400] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.471422] ? calculate_sigpending+0x7b/0xa0 [ 27.471446] ? __pfx_kthread+0x10/0x10 [ 27.471468] ret_from_fork+0x116/0x1d0 [ 27.471516] ? __pfx_kthread+0x10/0x10 [ 27.471539] ret_from_fork_asm+0x1a/0x30 [ 27.471570] </TASK> [ 27.471581] [ 27.483451] Allocated by task 309: [ 27.483741] kasan_save_stack+0x45/0x70 [ 27.484043] kasan_save_track+0x18/0x40 [ 27.484412] kasan_save_alloc_info+0x3b/0x50 [ 27.484785] __kasan_kmalloc+0xb7/0xc0 [ 27.484979] __kmalloc_cache_noprof+0x189/0x420 [ 27.485180] kasan_bitops_generic+0x92/0x1c0 [ 27.485375] kunit_try_run_case+0x1a5/0x480 [ 27.485911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.486209] kthread+0x337/0x6f0 [ 27.486471] ret_from_fork+0x116/0x1d0 [ 27.486869] ret_from_fork_asm+0x1a/0x30 [ 27.487169] [ 27.487384] The buggy address belongs to the object at ffff888105807fa0 [ 27.487384] which belongs to the cache kmalloc-16 of size 16 [ 27.488011] The buggy address is located 8 bytes inside of [ 27.488011] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.488722] [ 27.488817] The buggy address belongs to the physical page: [ 27.489252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.489954] flags: 0x200000000000000(node=0|zone=2) [ 27.490296] page_type: f5(slab) [ 27.490464] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.491120] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.491436] page dumped because: kasan: bad access detected [ 27.491993] [ 27.492078] Memory state around the buggy address: [ 27.492503] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.492984] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.493292] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.493923] ^ [ 27.494196] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.494684] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.495180] ================================================================== [ 27.445060] ================================================================== [ 27.445366] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.445854] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.446107] [ 27.446188] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.446235] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.446247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.446268] Call Trace: [ 27.446285] <TASK> [ 27.446302] dump_stack_lvl+0x73/0xb0 [ 27.446329] print_report+0xd1/0x610 [ 27.446352] ? __virt_addr_valid+0x1db/0x2d0 [ 27.446375] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.446400] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.446426] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.446453] kasan_report+0x141/0x180 [ 27.446474] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.446537] kasan_check_range+0x10c/0x1c0 [ 27.446561] __kasan_check_write+0x18/0x20 [ 27.446585] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.446612] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.446640] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.446663] ? trace_hardirqs_on+0x37/0xe0 [ 27.446685] ? kasan_bitops_generic+0x92/0x1c0 [ 27.446725] kasan_bitops_generic+0x121/0x1c0 [ 27.446749] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.446772] ? trace_hardirqs_on+0x37/0xe0 [ 27.446793] ? __pfx_read_tsc+0x10/0x10 [ 27.446815] ? ktime_get_ts64+0x86/0x230 [ 27.446836] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.446863] kunit_try_run_case+0x1a5/0x480 [ 27.446885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.446907] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.446936] ? __kthread_parkme+0x82/0x180 [ 27.446960] ? preempt_count_sub+0x50/0x80 [ 27.446985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.447008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.447033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.447058] kthread+0x337/0x6f0 [ 27.447078] ? trace_preempt_on+0x20/0xc0 [ 27.447101] ? __pfx_kthread+0x10/0x10 [ 27.447122] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.447144] ? calculate_sigpending+0x7b/0xa0 [ 27.447168] ? __pfx_kthread+0x10/0x10 [ 27.447192] ret_from_fork+0x116/0x1d0 [ 27.447211] ? __pfx_kthread+0x10/0x10 [ 27.447232] ret_from_fork_asm+0x1a/0x30 [ 27.447263] </TASK> [ 27.447275] [ 27.456462] Allocated by task 309: [ 27.456660] kasan_save_stack+0x45/0x70 [ 27.456817] kasan_save_track+0x18/0x40 [ 27.456950] kasan_save_alloc_info+0x3b/0x50 [ 27.457095] __kasan_kmalloc+0xb7/0xc0 [ 27.457222] __kmalloc_cache_noprof+0x189/0x420 [ 27.457375] kasan_bitops_generic+0x92/0x1c0 [ 27.457583] kunit_try_run_case+0x1a5/0x480 [ 27.457780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.458000] kthread+0x337/0x6f0 [ 27.458153] ret_from_fork+0x116/0x1d0 [ 27.458322] ret_from_fork_asm+0x1a/0x30 [ 27.458893] [ 27.458973] The buggy address belongs to the object at ffff888105807fa0 [ 27.458973] which belongs to the cache kmalloc-16 of size 16 [ 27.460402] The buggy address is located 8 bytes inside of [ 27.460402] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.460845] [ 27.460916] The buggy address belongs to the physical page: [ 27.461086] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.461321] flags: 0x200000000000000(node=0|zone=2) [ 27.462098] page_type: f5(slab) [ 27.462421] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.463446] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.463943] page dumped because: kasan: bad access detected [ 27.464362] [ 27.464457] Memory state around the buggy address: [ 27.464948] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.465263] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.465722] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.466230] ^ [ 27.466712] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.467015] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.467314] ================================================================== [ 27.360396] ================================================================== [ 27.360638] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.361397] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.362016] [ 27.362246] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.362315] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.362328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.362351] Call Trace: [ 27.362371] <TASK> [ 27.362389] dump_stack_lvl+0x73/0xb0 [ 27.362418] print_report+0xd1/0x610 [ 27.362441] ? __virt_addr_valid+0x1db/0x2d0 [ 27.362465] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.362503] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.362531] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.362558] kasan_report+0x141/0x180 [ 27.362580] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.362612] kasan_check_range+0x10c/0x1c0 [ 27.362635] __kasan_check_write+0x18/0x20 [ 27.362658] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.362685] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.362730] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.362753] ? trace_hardirqs_on+0x37/0xe0 [ 27.362776] ? kasan_bitops_generic+0x92/0x1c0 [ 27.363286] kasan_bitops_generic+0x121/0x1c0 [ 27.363314] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.363338] ? trace_hardirqs_on+0x37/0xe0 [ 27.363361] ? __pfx_read_tsc+0x10/0x10 [ 27.363383] ? ktime_get_ts64+0x86/0x230 [ 27.363405] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.363432] kunit_try_run_case+0x1a5/0x480 [ 27.363454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.363479] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.363506] ? __kthread_parkme+0x82/0x180 [ 27.363526] ? preempt_count_sub+0x50/0x80 [ 27.363550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.363572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.363598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.363624] kthread+0x337/0x6f0 [ 27.363643] ? trace_preempt_on+0x20/0xc0 [ 27.363665] ? __pfx_kthread+0x10/0x10 [ 27.363686] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.363724] ? calculate_sigpending+0x7b/0xa0 [ 27.363749] ? __pfx_kthread+0x10/0x10 [ 27.363831] ret_from_fork+0x116/0x1d0 [ 27.363861] ? __pfx_kthread+0x10/0x10 [ 27.363883] ret_from_fork_asm+0x1a/0x30 [ 27.363915] </TASK> [ 27.363927] [ 27.374597] Allocated by task 309: [ 27.374862] kasan_save_stack+0x45/0x70 [ 27.375171] kasan_save_track+0x18/0x40 [ 27.375364] kasan_save_alloc_info+0x3b/0x50 [ 27.375551] __kasan_kmalloc+0xb7/0xc0 [ 27.375758] __kmalloc_cache_noprof+0x189/0x420 [ 27.376055] kasan_bitops_generic+0x92/0x1c0 [ 27.376224] kunit_try_run_case+0x1a5/0x480 [ 27.376422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.376961] kthread+0x337/0x6f0 [ 27.377159] ret_from_fork+0x116/0x1d0 [ 27.377365] ret_from_fork_asm+0x1a/0x30 [ 27.377636] [ 27.377740] The buggy address belongs to the object at ffff888105807fa0 [ 27.377740] which belongs to the cache kmalloc-16 of size 16 [ 27.378345] The buggy address is located 8 bytes inside of [ 27.378345] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.378940] [ 27.379061] The buggy address belongs to the physical page: [ 27.379312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.379642] flags: 0x200000000000000(node=0|zone=2) [ 27.379813] page_type: f5(slab) [ 27.379935] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.380450] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.381330] page dumped because: kasan: bad access detected [ 27.381562] [ 27.381652] Memory state around the buggy address: [ 27.381841] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.382148] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.382453] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.382958] ^ [ 27.383161] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.383451] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.383773] ================================================================== [ 27.425098] ================================================================== [ 27.425439] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.426194] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.426564] [ 27.426725] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.426799] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.426824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.426845] Call Trace: [ 27.426869] <TASK> [ 27.426886] dump_stack_lvl+0x73/0xb0 [ 27.426913] print_report+0xd1/0x610 [ 27.426935] ? __virt_addr_valid+0x1db/0x2d0 [ 27.426957] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.426984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.427009] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.427037] kasan_report+0x141/0x180 [ 27.427059] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.427090] kasan_check_range+0x10c/0x1c0 [ 27.427113] __kasan_check_write+0x18/0x20 [ 27.427136] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.427164] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.427191] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.427216] ? trace_hardirqs_on+0x37/0xe0 [ 27.427238] ? kasan_bitops_generic+0x92/0x1c0 [ 27.427264] kasan_bitops_generic+0x121/0x1c0 [ 27.427288] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.427311] ? trace_hardirqs_on+0x37/0xe0 [ 27.427333] ? __pfx_read_tsc+0x10/0x10 [ 27.427354] ? ktime_get_ts64+0x86/0x230 [ 27.427376] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.427402] kunit_try_run_case+0x1a5/0x480 [ 27.427424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.427447] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.427470] ? __kthread_parkme+0x82/0x180 [ 27.427491] ? preempt_count_sub+0x50/0x80 [ 27.427514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.427536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.427561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.427586] kthread+0x337/0x6f0 [ 27.427606] ? trace_preempt_on+0x20/0xc0 [ 27.427628] ? __pfx_kthread+0x10/0x10 [ 27.427651] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.427672] ? calculate_sigpending+0x7b/0xa0 [ 27.427708] ? __pfx_kthread+0x10/0x10 [ 27.427731] ret_from_fork+0x116/0x1d0 [ 27.427751] ? __pfx_kthread+0x10/0x10 [ 27.427772] ret_from_fork_asm+0x1a/0x30 [ 27.427803] </TASK> [ 27.427815] [ 27.436201] Allocated by task 309: [ 27.436418] kasan_save_stack+0x45/0x70 [ 27.436637] kasan_save_track+0x18/0x40 [ 27.436834] kasan_save_alloc_info+0x3b/0x50 [ 27.437047] __kasan_kmalloc+0xb7/0xc0 [ 27.437225] __kmalloc_cache_noprof+0x189/0x420 [ 27.437437] kasan_bitops_generic+0x92/0x1c0 [ 27.437588] kunit_try_run_case+0x1a5/0x480 [ 27.437735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.437908] kthread+0x337/0x6f0 [ 27.438223] ret_from_fork+0x116/0x1d0 [ 27.438430] ret_from_fork_asm+0x1a/0x30 [ 27.438638] [ 27.438742] The buggy address belongs to the object at ffff888105807fa0 [ 27.438742] which belongs to the cache kmalloc-16 of size 16 [ 27.439318] The buggy address is located 8 bytes inside of [ 27.439318] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.440214] [ 27.440315] The buggy address belongs to the physical page: [ 27.440665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.441024] flags: 0x200000000000000(node=0|zone=2) [ 27.441251] page_type: f5(slab) [ 27.441409] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.441764] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.441989] page dumped because: kasan: bad access detected [ 27.442158] [ 27.442221] Memory state around the buggy address: [ 27.442372] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.442925] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.443241] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.443629] ^ [ 27.443858] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.444140] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.444440] ================================================================== [ 27.406094] ================================================================== [ 27.406438] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.406767] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.406981] [ 27.407057] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.407103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.407114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.407135] Call Trace: [ 27.407151] <TASK> [ 27.407167] dump_stack_lvl+0x73/0xb0 [ 27.407193] print_report+0xd1/0x610 [ 27.407215] ? __virt_addr_valid+0x1db/0x2d0 [ 27.407237] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.407262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.407288] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.407314] kasan_report+0x141/0x180 [ 27.407334] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.407365] kasan_check_range+0x10c/0x1c0 [ 27.407387] __kasan_check_write+0x18/0x20 [ 27.407409] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.407436] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.407462] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.407510] ? trace_hardirqs_on+0x37/0xe0 [ 27.407531] ? kasan_bitops_generic+0x92/0x1c0 [ 27.407558] kasan_bitops_generic+0x121/0x1c0 [ 27.407581] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.407619] ? trace_hardirqs_on+0x37/0xe0 [ 27.407640] ? __pfx_read_tsc+0x10/0x10 [ 27.407673] ? ktime_get_ts64+0x86/0x230 [ 27.407716] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.407978] kunit_try_run_case+0x1a5/0x480 [ 27.408002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.408026] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.408049] ? __kthread_parkme+0x82/0x180 [ 27.408070] ? preempt_count_sub+0x50/0x80 [ 27.408119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.408142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.408168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.408194] kthread+0x337/0x6f0 [ 27.408214] ? trace_preempt_on+0x20/0xc0 [ 27.408238] ? __pfx_kthread+0x10/0x10 [ 27.408258] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.408298] ? calculate_sigpending+0x7b/0xa0 [ 27.408321] ? __pfx_kthread+0x10/0x10 [ 27.408344] ret_from_fork+0x116/0x1d0 [ 27.408362] ? __pfx_kthread+0x10/0x10 [ 27.408383] ret_from_fork_asm+0x1a/0x30 [ 27.408414] </TASK> [ 27.408425] [ 27.417353] Allocated by task 309: [ 27.417543] kasan_save_stack+0x45/0x70 [ 27.417741] kasan_save_track+0x18/0x40 [ 27.417921] kasan_save_alloc_info+0x3b/0x50 [ 27.418104] __kasan_kmalloc+0xb7/0xc0 [ 27.418296] __kmalloc_cache_noprof+0x189/0x420 [ 27.418487] kasan_bitops_generic+0x92/0x1c0 [ 27.418722] kunit_try_run_case+0x1a5/0x480 [ 27.418913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.419116] kthread+0x337/0x6f0 [ 27.419283] ret_from_fork+0x116/0x1d0 [ 27.419468] ret_from_fork_asm+0x1a/0x30 [ 27.419674] [ 27.419760] The buggy address belongs to the object at ffff888105807fa0 [ 27.419760] which belongs to the cache kmalloc-16 of size 16 [ 27.420248] The buggy address is located 8 bytes inside of [ 27.420248] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.420732] [ 27.420827] The buggy address belongs to the physical page: [ 27.421079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.421392] flags: 0x200000000000000(node=0|zone=2) [ 27.421667] page_type: f5(slab) [ 27.421837] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.422227] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.422596] page dumped because: kasan: bad access detected [ 27.422848] [ 27.422934] Memory state around the buggy address: [ 27.423166] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.423435] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.423639] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.423854] ^ [ 27.423999] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.424219] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.424574] ================================================================== [ 27.515516] ================================================================== [ 27.515964] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.516362] Read of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.516728] [ 27.516854] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.516911] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.516924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.516946] Call Trace: [ 27.516963] <TASK> [ 27.516979] dump_stack_lvl+0x73/0xb0 [ 27.517006] print_report+0xd1/0x610 [ 27.517028] ? __virt_addr_valid+0x1db/0x2d0 [ 27.517053] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.517080] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.517106] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.517133] kasan_report+0x141/0x180 [ 27.517155] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.517186] __asan_report_load8_noabort+0x18/0x20 [ 27.517210] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.517237] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.517265] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.517288] ? trace_hardirqs_on+0x37/0xe0 [ 27.517310] ? kasan_bitops_generic+0x92/0x1c0 [ 27.517337] kasan_bitops_generic+0x121/0x1c0 [ 27.517361] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.517383] ? trace_hardirqs_on+0x37/0xe0 [ 27.517405] ? __pfx_read_tsc+0x10/0x10 [ 27.517426] ? ktime_get_ts64+0x86/0x230 [ 27.517448] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.517474] kunit_try_run_case+0x1a5/0x480 [ 27.517506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.517529] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.517552] ? __kthread_parkme+0x82/0x180 [ 27.517572] ? preempt_count_sub+0x50/0x80 [ 27.517596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.517619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.517644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.517670] kthread+0x337/0x6f0 [ 27.517690] ? trace_preempt_on+0x20/0xc0 [ 27.517723] ? __pfx_kthread+0x10/0x10 [ 27.517744] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.517764] ? calculate_sigpending+0x7b/0xa0 [ 27.517789] ? __pfx_kthread+0x10/0x10 [ 27.517810] ret_from_fork+0x116/0x1d0 [ 27.517828] ? __pfx_kthread+0x10/0x10 [ 27.517850] ret_from_fork_asm+0x1a/0x30 [ 27.517880] </TASK> [ 27.517891] [ 27.525853] Allocated by task 309: [ 27.526034] kasan_save_stack+0x45/0x70 [ 27.526173] kasan_save_track+0x18/0x40 [ 27.526302] kasan_save_alloc_info+0x3b/0x50 [ 27.526446] __kasan_kmalloc+0xb7/0xc0 [ 27.526649] __kmalloc_cache_noprof+0x189/0x420 [ 27.526878] kasan_bitops_generic+0x92/0x1c0 [ 27.527084] kunit_try_run_case+0x1a5/0x480 [ 27.527415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.527645] kthread+0x337/0x6f0 [ 27.527818] ret_from_fork+0x116/0x1d0 [ 27.527992] ret_from_fork_asm+0x1a/0x30 [ 27.528135] [ 27.528201] The buggy address belongs to the object at ffff888105807fa0 [ 27.528201] which belongs to the cache kmalloc-16 of size 16 [ 27.528811] The buggy address is located 8 bytes inside of [ 27.528811] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.529220] [ 27.529287] The buggy address belongs to the physical page: [ 27.529455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.529690] flags: 0x200000000000000(node=0|zone=2) [ 27.529943] page_type: f5(slab) [ 27.530105] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.530446] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.530784] page dumped because: kasan: bad access detected [ 27.531234] [ 27.531300] Memory state around the buggy address: [ 27.531451] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.531663] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.532164] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.532473] ^ [ 27.532671] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.532890] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.533101] ================================================================== [ 27.331772] ================================================================== [ 27.332545] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.333835] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.334150] [ 27.334257] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.334308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.334320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.334341] Call Trace: [ 27.334358] <TASK> [ 27.334377] dump_stack_lvl+0x73/0xb0 [ 27.334405] print_report+0xd1/0x610 [ 27.334429] ? __virt_addr_valid+0x1db/0x2d0 [ 27.334452] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.334493] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.334519] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.334547] kasan_report+0x141/0x180 [ 27.334568] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.334600] kasan_check_range+0x10c/0x1c0 [ 27.334623] __kasan_check_write+0x18/0x20 [ 27.334646] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.334673] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.334712] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.334736] ? trace_hardirqs_on+0x37/0xe0 [ 27.334759] ? kasan_bitops_generic+0x92/0x1c0 [ 27.334786] kasan_bitops_generic+0x121/0x1c0 [ 27.334810] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.334832] ? trace_hardirqs_on+0x37/0xe0 [ 27.334854] ? __pfx_read_tsc+0x10/0x10 [ 27.334875] ? ktime_get_ts64+0x86/0x230 [ 27.334896] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.334923] kunit_try_run_case+0x1a5/0x480 [ 27.334944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.334967] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.334990] ? __kthread_parkme+0x82/0x180 [ 27.335011] ? preempt_count_sub+0x50/0x80 [ 27.335033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.335055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.335081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.335105] kthread+0x337/0x6f0 [ 27.335125] ? trace_preempt_on+0x20/0xc0 [ 27.335148] ? __pfx_kthread+0x10/0x10 [ 27.335169] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.335191] ? calculate_sigpending+0x7b/0xa0 [ 27.335216] ? __pfx_kthread+0x10/0x10 [ 27.335238] ret_from_fork+0x116/0x1d0 [ 27.335258] ? __pfx_kthread+0x10/0x10 [ 27.335278] ret_from_fork_asm+0x1a/0x30 [ 27.335309] </TASK> [ 27.335320] [ 27.347901] Allocated by task 309: [ 27.348060] kasan_save_stack+0x45/0x70 [ 27.348405] kasan_save_track+0x18/0x40 [ 27.348711] kasan_save_alloc_info+0x3b/0x50 [ 27.349116] __kasan_kmalloc+0xb7/0xc0 [ 27.349381] __kmalloc_cache_noprof+0x189/0x420 [ 27.349709] kasan_bitops_generic+0x92/0x1c0 [ 27.350106] kunit_try_run_case+0x1a5/0x480 [ 27.350392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.351070] kthread+0x337/0x6f0 [ 27.351251] ret_from_fork+0x116/0x1d0 [ 27.351406] ret_from_fork_asm+0x1a/0x30 [ 27.351625] [ 27.351735] The buggy address belongs to the object at ffff888105807fa0 [ 27.351735] which belongs to the cache kmalloc-16 of size 16 [ 27.352249] The buggy address is located 8 bytes inside of [ 27.352249] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.352751] [ 27.352831] The buggy address belongs to the physical page: [ 27.353069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.353413] flags: 0x200000000000000(node=0|zone=2) [ 27.353638] page_type: f5(slab) [ 27.354516] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.355206] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.355725] page dumped because: kasan: bad access detected [ 27.356275] [ 27.356368] Memory state around the buggy address: [ 27.356775] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.357262] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.357691] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.358166] ^ [ 27.358467] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.359350] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.359738] ================================================================== [ 27.496959] ================================================================== [ 27.497275] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.497608] Read of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.497921] [ 27.498017] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.498328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.498348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.498371] Call Trace: [ 27.498389] <TASK> [ 27.498405] dump_stack_lvl+0x73/0xb0 [ 27.498434] print_report+0xd1/0x610 [ 27.498457] ? __virt_addr_valid+0x1db/0x2d0 [ 27.498481] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.498524] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.498550] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.498577] kasan_report+0x141/0x180 [ 27.498599] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.498631] kasan_check_range+0x10c/0x1c0 [ 27.498655] __kasan_check_read+0x15/0x20 [ 27.498680] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.498721] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.498749] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.498773] ? trace_hardirqs_on+0x37/0xe0 [ 27.498795] ? kasan_bitops_generic+0x92/0x1c0 [ 27.498823] kasan_bitops_generic+0x121/0x1c0 [ 27.498846] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.498869] ? trace_hardirqs_on+0x37/0xe0 [ 27.498891] ? __pfx_read_tsc+0x10/0x10 [ 27.498911] ? ktime_get_ts64+0x86/0x230 [ 27.498934] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.498961] kunit_try_run_case+0x1a5/0x480 [ 27.498983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.499005] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.499029] ? __kthread_parkme+0x82/0x180 [ 27.499050] ? preempt_count_sub+0x50/0x80 [ 27.499074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.499096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.499122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.499147] kthread+0x337/0x6f0 [ 27.499167] ? trace_preempt_on+0x20/0xc0 [ 27.499189] ? __pfx_kthread+0x10/0x10 [ 27.499210] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.499232] ? calculate_sigpending+0x7b/0xa0 [ 27.499256] ? __pfx_kthread+0x10/0x10 [ 27.499278] ret_from_fork+0x116/0x1d0 [ 27.499297] ? __pfx_kthread+0x10/0x10 [ 27.499318] ret_from_fork_asm+0x1a/0x30 [ 27.499349] </TASK> [ 27.499360] [ 27.507383] Allocated by task 309: [ 27.507559] kasan_save_stack+0x45/0x70 [ 27.507747] kasan_save_track+0x18/0x40 [ 27.507883] kasan_save_alloc_info+0x3b/0x50 [ 27.508025] __kasan_kmalloc+0xb7/0xc0 [ 27.508338] __kmalloc_cache_noprof+0x189/0x420 [ 27.508649] kasan_bitops_generic+0x92/0x1c0 [ 27.508871] kunit_try_run_case+0x1a5/0x480 [ 27.509073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.509274] kthread+0x337/0x6f0 [ 27.509391] ret_from_fork+0x116/0x1d0 [ 27.509520] ret_from_fork_asm+0x1a/0x30 [ 27.509656] [ 27.509774] The buggy address belongs to the object at ffff888105807fa0 [ 27.509774] which belongs to the cache kmalloc-16 of size 16 [ 27.510293] The buggy address is located 8 bytes inside of [ 27.510293] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.510718] [ 27.510786] The buggy address belongs to the physical page: [ 27.510957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.511412] flags: 0x200000000000000(node=0|zone=2) [ 27.511861] page_type: f5(slab) [ 27.512032] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.512371] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.512690] page dumped because: kasan: bad access detected [ 27.512938] [ 27.513006] Memory state around the buggy address: [ 27.513201] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.513456] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.513871] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.514241] ^ [ 27.514415] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.514809] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.515023] ================================================================== [ 27.384311] ================================================================== [ 27.384671] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.385151] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.385434] [ 27.385588] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.385637] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.385650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.385692] Call Trace: [ 27.385718] <TASK> [ 27.385734] dump_stack_lvl+0x73/0xb0 [ 27.385762] print_report+0xd1/0x610 [ 27.385836] ? __virt_addr_valid+0x1db/0x2d0 [ 27.385883] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.385912] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.385938] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.385965] kasan_report+0x141/0x180 [ 27.385987] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.386018] kasan_check_range+0x10c/0x1c0 [ 27.386058] __kasan_check_write+0x18/0x20 [ 27.386094] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.386122] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.386150] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.386190] ? trace_hardirqs_on+0x37/0xe0 [ 27.386226] ? kasan_bitops_generic+0x92/0x1c0 [ 27.386253] kasan_bitops_generic+0x121/0x1c0 [ 27.386289] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.386326] ? trace_hardirqs_on+0x37/0xe0 [ 27.386360] ? __pfx_read_tsc+0x10/0x10 [ 27.386381] ? ktime_get_ts64+0x86/0x230 [ 27.386404] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.386430] kunit_try_run_case+0x1a5/0x480 [ 27.386452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.386475] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.386510] ? __kthread_parkme+0x82/0x180 [ 27.386531] ? preempt_count_sub+0x50/0x80 [ 27.386554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.386576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.386602] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.386627] kthread+0x337/0x6f0 [ 27.386647] ? trace_preempt_on+0x20/0xc0 [ 27.386670] ? __pfx_kthread+0x10/0x10 [ 27.386691] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.386725] ? calculate_sigpending+0x7b/0xa0 [ 27.386749] ? __pfx_kthread+0x10/0x10 [ 27.386771] ret_from_fork+0x116/0x1d0 [ 27.386923] ? __pfx_kthread+0x10/0x10 [ 27.386946] ret_from_fork_asm+0x1a/0x30 [ 27.386995] </TASK> [ 27.387007] [ 27.396085] Allocated by task 309: [ 27.396358] kasan_save_stack+0x45/0x70 [ 27.396555] kasan_save_track+0x18/0x40 [ 27.396749] kasan_save_alloc_info+0x3b/0x50 [ 27.396995] __kasan_kmalloc+0xb7/0xc0 [ 27.397117] __kmalloc_cache_noprof+0x189/0x420 [ 27.397598] kasan_bitops_generic+0x92/0x1c0 [ 27.397816] kunit_try_run_case+0x1a5/0x480 [ 27.398008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.398289] kthread+0x337/0x6f0 [ 27.398473] ret_from_fork+0x116/0x1d0 [ 27.398643] ret_from_fork_asm+0x1a/0x30 [ 27.399006] [ 27.399121] The buggy address belongs to the object at ffff888105807fa0 [ 27.399121] which belongs to the cache kmalloc-16 of size 16 [ 27.399609] The buggy address is located 8 bytes inside of [ 27.399609] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.400210] [ 27.400305] The buggy address belongs to the physical page: [ 27.400605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.400908] flags: 0x200000000000000(node=0|zone=2) [ 27.401260] page_type: f5(slab) [ 27.401397] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.401804] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.402018] page dumped because: kasan: bad access detected [ 27.402177] [ 27.402240] Memory state around the buggy address: [ 27.402448] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.403300] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.403664] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.404174] ^ [ 27.404404] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.404650] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.405299] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 27.221766] ================================================================== [ 27.222113] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.222484] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.223021] [ 27.223141] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.223192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.223205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.223229] Call Trace: [ 27.223250] <TASK> [ 27.223268] dump_stack_lvl+0x73/0xb0 [ 27.223298] print_report+0xd1/0x610 [ 27.223320] ? __virt_addr_valid+0x1db/0x2d0 [ 27.223345] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223370] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.223396] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223422] kasan_report+0x141/0x180 [ 27.223444] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223474] kasan_check_range+0x10c/0x1c0 [ 27.223507] __kasan_check_write+0x18/0x20 [ 27.223531] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.223556] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.223583] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.223608] ? trace_hardirqs_on+0x37/0xe0 [ 27.223632] ? kasan_bitops_generic+0x92/0x1c0 [ 27.223659] kasan_bitops_generic+0x116/0x1c0 [ 27.223684] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.223723] ? trace_hardirqs_on+0x37/0xe0 [ 27.223746] ? __pfx_read_tsc+0x10/0x10 [ 27.223767] ? ktime_get_ts64+0x86/0x230 [ 27.223853] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.223879] kunit_try_run_case+0x1a5/0x480 [ 27.223903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.223926] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.223950] ? __kthread_parkme+0x82/0x180 [ 27.223971] ? preempt_count_sub+0x50/0x80 [ 27.223995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.224017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.224042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.224067] kthread+0x337/0x6f0 [ 27.224087] ? trace_preempt_on+0x20/0xc0 [ 27.224109] ? __pfx_kthread+0x10/0x10 [ 27.224130] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.224151] ? calculate_sigpending+0x7b/0xa0 [ 27.224176] ? __pfx_kthread+0x10/0x10 [ 27.224197] ret_from_fork+0x116/0x1d0 [ 27.224217] ? __pfx_kthread+0x10/0x10 [ 27.224238] ret_from_fork_asm+0x1a/0x30 [ 27.224270] </TASK> [ 27.224281] [ 27.232768] Allocated by task 309: [ 27.232990] kasan_save_stack+0x45/0x70 [ 27.233160] kasan_save_track+0x18/0x40 [ 27.233289] kasan_save_alloc_info+0x3b/0x50 [ 27.233436] __kasan_kmalloc+0xb7/0xc0 [ 27.233821] __kmalloc_cache_noprof+0x189/0x420 [ 27.234056] kasan_bitops_generic+0x92/0x1c0 [ 27.234257] kunit_try_run_case+0x1a5/0x480 [ 27.234439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.234689] kthread+0x337/0x6f0 [ 27.234819] ret_from_fork+0x116/0x1d0 [ 27.234947] ret_from_fork_asm+0x1a/0x30 [ 27.235082] [ 27.235147] The buggy address belongs to the object at ffff888105807fa0 [ 27.235147] which belongs to the cache kmalloc-16 of size 16 [ 27.235651] The buggy address is located 8 bytes inside of [ 27.235651] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.236651] [ 27.236791] The buggy address belongs to the physical page: [ 27.237095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.237350] flags: 0x200000000000000(node=0|zone=2) [ 27.237716] page_type: f5(slab) [ 27.238061] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.238363] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.238645] page dumped because: kasan: bad access detected [ 27.239075] [ 27.239156] Memory state around the buggy address: [ 27.239359] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.239687] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.240121] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.240441] ^ [ 27.240713] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.241025] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.241255] ================================================================== [ 27.241848] ================================================================== [ 27.242404] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.242897] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.243144] [ 27.243228] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.243280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.243293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.243315] Call Trace: [ 27.243335] <TASK> [ 27.243355] dump_stack_lvl+0x73/0xb0 [ 27.243382] print_report+0xd1/0x610 [ 27.243405] ? __virt_addr_valid+0x1db/0x2d0 [ 27.243429] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.243454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.243480] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.243724] kasan_report+0x141/0x180 [ 27.243749] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.243930] kasan_check_range+0x10c/0x1c0 [ 27.243967] __kasan_check_write+0x18/0x20 [ 27.243993] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.244020] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.244046] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.244070] ? trace_hardirqs_on+0x37/0xe0 [ 27.244093] ? kasan_bitops_generic+0x92/0x1c0 [ 27.244119] kasan_bitops_generic+0x116/0x1c0 [ 27.244143] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.244166] ? trace_hardirqs_on+0x37/0xe0 [ 27.244187] ? __pfx_read_tsc+0x10/0x10 [ 27.244209] ? ktime_get_ts64+0x86/0x230 [ 27.244231] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.244258] kunit_try_run_case+0x1a5/0x480 [ 27.244279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244302] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.244326] ? __kthread_parkme+0x82/0x180 [ 27.244347] ? preempt_count_sub+0x50/0x80 [ 27.244372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.244394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.244419] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.244444] kthread+0x337/0x6f0 [ 27.244464] ? trace_preempt_on+0x20/0xc0 [ 27.244486] ? __pfx_kthread+0x10/0x10 [ 27.244507] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.244528] ? calculate_sigpending+0x7b/0xa0 [ 27.244553] ? __pfx_kthread+0x10/0x10 [ 27.244575] ret_from_fork+0x116/0x1d0 [ 27.244594] ? __pfx_kthread+0x10/0x10 [ 27.244615] ret_from_fork_asm+0x1a/0x30 [ 27.244645] </TASK> [ 27.244657] [ 27.253514] Allocated by task 309: [ 27.253658] kasan_save_stack+0x45/0x70 [ 27.253883] kasan_save_track+0x18/0x40 [ 27.254071] kasan_save_alloc_info+0x3b/0x50 [ 27.254418] __kasan_kmalloc+0xb7/0xc0 [ 27.254657] __kmalloc_cache_noprof+0x189/0x420 [ 27.254928] kasan_bitops_generic+0x92/0x1c0 [ 27.255105] kunit_try_run_case+0x1a5/0x480 [ 27.255271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.255535] kthread+0x337/0x6f0 [ 27.255692] ret_from_fork+0x116/0x1d0 [ 27.256054] ret_from_fork_asm+0x1a/0x30 [ 27.256252] [ 27.256345] The buggy address belongs to the object at ffff888105807fa0 [ 27.256345] which belongs to the cache kmalloc-16 of size 16 [ 27.256970] The buggy address is located 8 bytes inside of [ 27.256970] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.257387] [ 27.257459] The buggy address belongs to the physical page: [ 27.257630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.258004] flags: 0x200000000000000(node=0|zone=2) [ 27.258242] page_type: f5(slab) [ 27.258412] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.258845] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.259182] page dumped because: kasan: bad access detected [ 27.259430] [ 27.259538] Memory state around the buggy address: [ 27.259721] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.260167] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.260502] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.260862] ^ [ 27.261084] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.261404] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.261733] ================================================================== [ 27.181809] ================================================================== [ 27.182254] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.182835] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.183221] [ 27.183310] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.183360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.183372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.183395] Call Trace: [ 27.183415] <TASK> [ 27.183433] dump_stack_lvl+0x73/0xb0 [ 27.183463] print_report+0xd1/0x610 [ 27.183485] ? __virt_addr_valid+0x1db/0x2d0 [ 27.183509] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.183561] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183587] kasan_report+0x141/0x180 [ 27.183610] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183639] kasan_check_range+0x10c/0x1c0 [ 27.183663] __kasan_check_write+0x18/0x20 [ 27.183687] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.183727] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.183753] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.183778] ? trace_hardirqs_on+0x37/0xe0 [ 27.183800] ? kasan_bitops_generic+0x92/0x1c0 [ 27.183827] kasan_bitops_generic+0x116/0x1c0 [ 27.183854] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.183876] ? trace_hardirqs_on+0x37/0xe0 [ 27.183899] ? __pfx_read_tsc+0x10/0x10 [ 27.183974] ? ktime_get_ts64+0x86/0x230 [ 27.184000] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.184027] kunit_try_run_case+0x1a5/0x480 [ 27.184048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.184071] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.184095] ? __kthread_parkme+0x82/0x180 [ 27.184116] ? preempt_count_sub+0x50/0x80 [ 27.184139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.184161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.184186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.184214] kthread+0x337/0x6f0 [ 27.184233] ? trace_preempt_on+0x20/0xc0 [ 27.184255] ? __pfx_kthread+0x10/0x10 [ 27.184276] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.184297] ? calculate_sigpending+0x7b/0xa0 [ 27.184322] ? __pfx_kthread+0x10/0x10 [ 27.184343] ret_from_fork+0x116/0x1d0 [ 27.184362] ? __pfx_kthread+0x10/0x10 [ 27.184383] ret_from_fork_asm+0x1a/0x30 [ 27.184415] </TASK> [ 27.184427] [ 27.193271] Allocated by task 309: [ 27.193441] kasan_save_stack+0x45/0x70 [ 27.193588] kasan_save_track+0x18/0x40 [ 27.193731] kasan_save_alloc_info+0x3b/0x50 [ 27.193920] __kasan_kmalloc+0xb7/0xc0 [ 27.194110] __kmalloc_cache_noprof+0x189/0x420 [ 27.194312] kasan_bitops_generic+0x92/0x1c0 [ 27.194454] kunit_try_run_case+0x1a5/0x480 [ 27.194594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.195150] kthread+0x337/0x6f0 [ 27.195337] ret_from_fork+0x116/0x1d0 [ 27.195576] ret_from_fork_asm+0x1a/0x30 [ 27.195857] [ 27.195944] The buggy address belongs to the object at ffff888105807fa0 [ 27.195944] which belongs to the cache kmalloc-16 of size 16 [ 27.196418] The buggy address is located 8 bytes inside of [ 27.196418] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.196826] [ 27.196965] The buggy address belongs to the physical page: [ 27.197223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.197575] flags: 0x200000000000000(node=0|zone=2) [ 27.197945] page_type: f5(slab) [ 27.198202] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.198542] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.199040] page dumped because: kasan: bad access detected [ 27.199218] [ 27.199283] Memory state around the buggy address: [ 27.199436] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.199650] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.199975] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.200295] ^ [ 27.200785] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.201118] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.201334] ================================================================== [ 27.302963] ================================================================== [ 27.303219] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.303590] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.304103] [ 27.304193] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.304241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.304254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.304274] Call Trace: [ 27.304291] <TASK> [ 27.304305] dump_stack_lvl+0x73/0xb0 [ 27.304334] print_report+0xd1/0x610 [ 27.304355] ? __virt_addr_valid+0x1db/0x2d0 [ 27.304379] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.304429] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304454] kasan_report+0x141/0x180 [ 27.304476] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304505] kasan_check_range+0x10c/0x1c0 [ 27.304529] __kasan_check_write+0x18/0x20 [ 27.304552] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.304576] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.304602] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.304648] ? trace_hardirqs_on+0x37/0xe0 [ 27.304669] ? kasan_bitops_generic+0x92/0x1c0 [ 27.304706] kasan_bitops_generic+0x116/0x1c0 [ 27.304731] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.304753] ? trace_hardirqs_on+0x37/0xe0 [ 27.304844] ? __pfx_read_tsc+0x10/0x10 [ 27.304867] ? ktime_get_ts64+0x86/0x230 [ 27.304889] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.304915] kunit_try_run_case+0x1a5/0x480 [ 27.304939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.304962] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.304986] ? __kthread_parkme+0x82/0x180 [ 27.305006] ? preempt_count_sub+0x50/0x80 [ 27.305030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.305052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.305078] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.305104] kthread+0x337/0x6f0 [ 27.305123] ? trace_preempt_on+0x20/0xc0 [ 27.305146] ? __pfx_kthread+0x10/0x10 [ 27.305167] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.305189] ? calculate_sigpending+0x7b/0xa0 [ 27.305213] ? __pfx_kthread+0x10/0x10 [ 27.305235] ret_from_fork+0x116/0x1d0 [ 27.305254] ? __pfx_kthread+0x10/0x10 [ 27.305276] ret_from_fork_asm+0x1a/0x30 [ 27.305307] </TASK> [ 27.305317] [ 27.313457] Allocated by task 309: [ 27.313633] kasan_save_stack+0x45/0x70 [ 27.313836] kasan_save_track+0x18/0x40 [ 27.314021] kasan_save_alloc_info+0x3b/0x50 [ 27.314192] __kasan_kmalloc+0xb7/0xc0 [ 27.314318] __kmalloc_cache_noprof+0x189/0x420 [ 27.314471] kasan_bitops_generic+0x92/0x1c0 [ 27.314614] kunit_try_run_case+0x1a5/0x480 [ 27.317056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.318453] kthread+0x337/0x6f0 [ 27.319068] ret_from_fork+0x116/0x1d0 [ 27.319216] ret_from_fork_asm+0x1a/0x30 [ 27.320785] [ 27.320871] The buggy address belongs to the object at ffff888105807fa0 [ 27.320871] which belongs to the cache kmalloc-16 of size 16 [ 27.322090] The buggy address is located 8 bytes inside of [ 27.322090] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.323470] [ 27.323992] The buggy address belongs to the physical page: [ 27.324422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.324964] flags: 0x200000000000000(node=0|zone=2) [ 27.325141] page_type: f5(slab) [ 27.325259] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.325484] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.325732] page dumped because: kasan: bad access detected [ 27.326283] [ 27.326469] Memory state around the buggy address: [ 27.327158] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.327936] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.328620] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.329272] ^ [ 27.329430] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.330049] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.330955] ================================================================== [ 27.201952] ================================================================== [ 27.202303] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203147] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.203442] [ 27.203565] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.203616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.203629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.203653] Call Trace: [ 27.203673] <TASK> [ 27.203693] dump_stack_lvl+0x73/0xb0 [ 27.203738] print_report+0xd1/0x610 [ 27.203761] ? __virt_addr_valid+0x1db/0x2d0 [ 27.203785] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203810] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.203836] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203868] kasan_report+0x141/0x180 [ 27.203890] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203919] kasan_check_range+0x10c/0x1c0 [ 27.203943] __kasan_check_write+0x18/0x20 [ 27.203966] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.203992] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.204019] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.204219] ? trace_hardirqs_on+0x37/0xe0 [ 27.204243] ? kasan_bitops_generic+0x92/0x1c0 [ 27.204270] kasan_bitops_generic+0x116/0x1c0 [ 27.204293] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.204316] ? trace_hardirqs_on+0x37/0xe0 [ 27.204339] ? __pfx_read_tsc+0x10/0x10 [ 27.204360] ? ktime_get_ts64+0x86/0x230 [ 27.204383] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.204410] kunit_try_run_case+0x1a5/0x480 [ 27.204433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.204459] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.204482] ? __kthread_parkme+0x82/0x180 [ 27.204515] ? preempt_count_sub+0x50/0x80 [ 27.204539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.204561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.204587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.204612] kthread+0x337/0x6f0 [ 27.204632] ? trace_preempt_on+0x20/0xc0 [ 27.204654] ? __pfx_kthread+0x10/0x10 [ 27.204675] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.204709] ? calculate_sigpending+0x7b/0xa0 [ 27.204733] ? __pfx_kthread+0x10/0x10 [ 27.204756] ret_from_fork+0x116/0x1d0 [ 27.204822] ? __pfx_kthread+0x10/0x10 [ 27.204848] ret_from_fork_asm+0x1a/0x30 [ 27.204882] </TASK> [ 27.204894] [ 27.213605] Allocated by task 309: [ 27.213772] kasan_save_stack+0x45/0x70 [ 27.214043] kasan_save_track+0x18/0x40 [ 27.214177] kasan_save_alloc_info+0x3b/0x50 [ 27.214323] __kasan_kmalloc+0xb7/0xc0 [ 27.214451] __kmalloc_cache_noprof+0x189/0x420 [ 27.214685] kasan_bitops_generic+0x92/0x1c0 [ 27.215102] kunit_try_run_case+0x1a5/0x480 [ 27.215311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.215559] kthread+0x337/0x6f0 [ 27.215737] ret_from_fork+0x116/0x1d0 [ 27.215970] ret_from_fork_asm+0x1a/0x30 [ 27.216113] [ 27.216179] The buggy address belongs to the object at ffff888105807fa0 [ 27.216179] which belongs to the cache kmalloc-16 of size 16 [ 27.216566] The buggy address is located 8 bytes inside of [ 27.216566] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.217147] [ 27.217241] The buggy address belongs to the physical page: [ 27.217489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.217850] flags: 0x200000000000000(node=0|zone=2) [ 27.218250] page_type: f5(slab) [ 27.218429] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.218694] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.218934] page dumped because: kasan: bad access detected [ 27.219263] [ 27.219356] Memory state around the buggy address: [ 27.219580] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.219920] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.220134] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.220366] ^ [ 27.220624] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.220954] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.221342] ================================================================== [ 27.281575] ================================================================== [ 27.281890] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.282216] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.282511] [ 27.282609] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.282656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.282670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.282692] Call Trace: [ 27.282826] <TASK> [ 27.282847] dump_stack_lvl+0x73/0xb0 [ 27.282877] print_report+0xd1/0x610 [ 27.282899] ? __virt_addr_valid+0x1db/0x2d0 [ 27.282923] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.282949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.282975] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.282999] kasan_report+0x141/0x180 [ 27.283022] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.283051] kasan_check_range+0x10c/0x1c0 [ 27.283074] __kasan_check_write+0x18/0x20 [ 27.283097] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.283123] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.283149] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.283172] ? trace_hardirqs_on+0x37/0xe0 [ 27.283194] ? kasan_bitops_generic+0x92/0x1c0 [ 27.283221] kasan_bitops_generic+0x116/0x1c0 [ 27.283244] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.283267] ? trace_hardirqs_on+0x37/0xe0 [ 27.283288] ? __pfx_read_tsc+0x10/0x10 [ 27.283311] ? ktime_get_ts64+0x86/0x230 [ 27.283332] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.283359] kunit_try_run_case+0x1a5/0x480 [ 27.283381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.283402] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.283427] ? __kthread_parkme+0x82/0x180 [ 27.283447] ? preempt_count_sub+0x50/0x80 [ 27.283470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.283512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.283538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.283564] kthread+0x337/0x6f0 [ 27.283583] ? trace_preempt_on+0x20/0xc0 [ 27.283606] ? __pfx_kthread+0x10/0x10 [ 27.283627] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.283649] ? calculate_sigpending+0x7b/0xa0 [ 27.283675] ? __pfx_kthread+0x10/0x10 [ 27.283705] ret_from_fork+0x116/0x1d0 [ 27.283724] ? __pfx_kthread+0x10/0x10 [ 27.283746] ret_from_fork_asm+0x1a/0x30 [ 27.283940] </TASK> [ 27.283954] [ 27.294384] Allocated by task 309: [ 27.294581] kasan_save_stack+0x45/0x70 [ 27.294759] kasan_save_track+0x18/0x40 [ 27.295015] kasan_save_alloc_info+0x3b/0x50 [ 27.295171] __kasan_kmalloc+0xb7/0xc0 [ 27.295354] __kmalloc_cache_noprof+0x189/0x420 [ 27.295597] kasan_bitops_generic+0x92/0x1c0 [ 27.295979] kunit_try_run_case+0x1a5/0x480 [ 27.296200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.296403] kthread+0x337/0x6f0 [ 27.296575] ret_from_fork+0x116/0x1d0 [ 27.296837] ret_from_fork_asm+0x1a/0x30 [ 27.297043] [ 27.297140] The buggy address belongs to the object at ffff888105807fa0 [ 27.297140] which belongs to the cache kmalloc-16 of size 16 [ 27.297586] The buggy address is located 8 bytes inside of [ 27.297586] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.298168] [ 27.298263] The buggy address belongs to the physical page: [ 27.298509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.298911] flags: 0x200000000000000(node=0|zone=2) [ 27.299139] page_type: f5(slab) [ 27.299284] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.299569] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.300065] page dumped because: kasan: bad access detected [ 27.300319] [ 27.300388] Memory state around the buggy address: [ 27.300597] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.300980] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.301270] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.301598] ^ [ 27.301856] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.302153] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.302404] ================================================================== [ 27.161344] ================================================================== [ 27.161954] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.162505] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.162827] [ 27.163233] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.163293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.163307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.163330] Call Trace: [ 27.163343] <TASK> [ 27.163363] dump_stack_lvl+0x73/0xb0 [ 27.163396] print_report+0xd1/0x610 [ 27.163420] ? __virt_addr_valid+0x1db/0x2d0 [ 27.163445] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163470] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.163496] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163538] kasan_report+0x141/0x180 [ 27.163560] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163590] kasan_check_range+0x10c/0x1c0 [ 27.163614] __kasan_check_write+0x18/0x20 [ 27.163637] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.163663] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.163689] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.163729] ? trace_hardirqs_on+0x37/0xe0 [ 27.163751] ? kasan_bitops_generic+0x92/0x1c0 [ 27.163851] kasan_bitops_generic+0x116/0x1c0 [ 27.163880] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.163903] ? trace_hardirqs_on+0x37/0xe0 [ 27.163926] ? __pfx_read_tsc+0x10/0x10 [ 27.163948] ? ktime_get_ts64+0x86/0x230 [ 27.163971] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.163997] kunit_try_run_case+0x1a5/0x480 [ 27.164020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.164043] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.164067] ? __kthread_parkme+0x82/0x180 [ 27.164088] ? preempt_count_sub+0x50/0x80 [ 27.164112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.164134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.164160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.164185] kthread+0x337/0x6f0 [ 27.164206] ? trace_preempt_on+0x20/0xc0 [ 27.164227] ? __pfx_kthread+0x10/0x10 [ 27.164248] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.164269] ? calculate_sigpending+0x7b/0xa0 [ 27.164294] ? __pfx_kthread+0x10/0x10 [ 27.164315] ret_from_fork+0x116/0x1d0 [ 27.164334] ? __pfx_kthread+0x10/0x10 [ 27.164357] ret_from_fork_asm+0x1a/0x30 [ 27.164389] </TASK> [ 27.164401] [ 27.173118] Allocated by task 309: [ 27.173302] kasan_save_stack+0x45/0x70 [ 27.173544] kasan_save_track+0x18/0x40 [ 27.173721] kasan_save_alloc_info+0x3b/0x50 [ 27.173965] __kasan_kmalloc+0xb7/0xc0 [ 27.174138] __kmalloc_cache_noprof+0x189/0x420 [ 27.174355] kasan_bitops_generic+0x92/0x1c0 [ 27.174652] kunit_try_run_case+0x1a5/0x480 [ 27.174812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.174988] kthread+0x337/0x6f0 [ 27.175104] ret_from_fork+0x116/0x1d0 [ 27.175275] ret_from_fork_asm+0x1a/0x30 [ 27.175467] [ 27.175640] The buggy address belongs to the object at ffff888105807fa0 [ 27.175640] which belongs to the cache kmalloc-16 of size 16 [ 27.176188] The buggy address is located 8 bytes inside of [ 27.176188] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.176820] [ 27.176889] The buggy address belongs to the physical page: [ 27.177060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.177604] flags: 0x200000000000000(node=0|zone=2) [ 27.178093] page_type: f5(slab) [ 27.178279] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.178543] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.178825] page dumped because: kasan: bad access detected [ 27.179155] [ 27.179248] Memory state around the buggy address: [ 27.179468] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.179718] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.179935] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.180211] ^ [ 27.180424] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.180869] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.181398] ================================================================== [ 27.262217] ================================================================== [ 27.262484] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.262938] Write of size 8 at addr ffff888105807fa8 by task kunit_try_catch/309 [ 27.263212] [ 27.263324] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.263372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.263386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.263408] Call Trace: [ 27.263426] <TASK> [ 27.263444] dump_stack_lvl+0x73/0xb0 [ 27.263472] print_report+0xd1/0x610 [ 27.263515] ? __virt_addr_valid+0x1db/0x2d0 [ 27.263539] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.263593] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263618] kasan_report+0x141/0x180 [ 27.263641] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263669] kasan_check_range+0x10c/0x1c0 [ 27.263693] __kasan_check_write+0x18/0x20 [ 27.263725] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.263750] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.263971] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.263998] ? trace_hardirqs_on+0x37/0xe0 [ 27.264022] ? kasan_bitops_generic+0x92/0x1c0 [ 27.264050] kasan_bitops_generic+0x116/0x1c0 [ 27.264074] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.264098] ? trace_hardirqs_on+0x37/0xe0 [ 27.264121] ? __pfx_read_tsc+0x10/0x10 [ 27.264142] ? ktime_get_ts64+0x86/0x230 [ 27.264165] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.264190] kunit_try_run_case+0x1a5/0x480 [ 27.264214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.264237] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.264261] ? __kthread_parkme+0x82/0x180 [ 27.264281] ? preempt_count_sub+0x50/0x80 [ 27.264305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.264328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.264352] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.264377] kthread+0x337/0x6f0 [ 27.264398] ? trace_preempt_on+0x20/0xc0 [ 27.264419] ? __pfx_kthread+0x10/0x10 [ 27.264441] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.264462] ? calculate_sigpending+0x7b/0xa0 [ 27.264511] ? __pfx_kthread+0x10/0x10 [ 27.264532] ret_from_fork+0x116/0x1d0 [ 27.264552] ? __pfx_kthread+0x10/0x10 [ 27.264573] ret_from_fork_asm+0x1a/0x30 [ 27.264604] </TASK> [ 27.264616] [ 27.273029] Allocated by task 309: [ 27.273215] kasan_save_stack+0x45/0x70 [ 27.273414] kasan_save_track+0x18/0x40 [ 27.273627] kasan_save_alloc_info+0x3b/0x50 [ 27.273893] __kasan_kmalloc+0xb7/0xc0 [ 27.274032] __kmalloc_cache_noprof+0x189/0x420 [ 27.274188] kasan_bitops_generic+0x92/0x1c0 [ 27.274396] kunit_try_run_case+0x1a5/0x480 [ 27.274619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.274950] kthread+0x337/0x6f0 [ 27.275124] ret_from_fork+0x116/0x1d0 [ 27.275277] ret_from_fork_asm+0x1a/0x30 [ 27.275450] [ 27.275562] The buggy address belongs to the object at ffff888105807fa0 [ 27.275562] which belongs to the cache kmalloc-16 of size 16 [ 27.276242] The buggy address is located 8 bytes inside of [ 27.276242] allocated 9-byte region [ffff888105807fa0, ffff888105807fa9) [ 27.276873] [ 27.276971] The buggy address belongs to the physical page: [ 27.277157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 27.277399] flags: 0x200000000000000(node=0|zone=2) [ 27.277588] page_type: f5(slab) [ 27.277741] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.278154] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.278488] page dumped because: kasan: bad access detected [ 27.278843] [ 27.278936] Memory state around the buggy address: [ 27.279158] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.279438] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.279753] >ffff888105807f80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.280252] ^ [ 27.280478] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.280847] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.281165] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 27.132879] ================================================================== [ 27.133188] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 27.133460] Read of size 1 at addr ffff8881060c6b10 by task kunit_try_catch/307 [ 27.133784] [ 27.133888] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.133938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.133951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.133973] Call Trace: [ 27.133988] <TASK> [ 27.134003] dump_stack_lvl+0x73/0xb0 [ 27.134030] print_report+0xd1/0x610 [ 27.134054] ? __virt_addr_valid+0x1db/0x2d0 [ 27.134079] ? strnlen+0x73/0x80 [ 27.134101] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.134127] ? strnlen+0x73/0x80 [ 27.134149] kasan_report+0x141/0x180 [ 27.134172] ? strnlen+0x73/0x80 [ 27.134198] __asan_report_load1_noabort+0x18/0x20 [ 27.134223] strnlen+0x73/0x80 [ 27.134246] kasan_strings+0x615/0xe80 [ 27.134266] ? trace_hardirqs_on+0x37/0xe0 [ 27.134288] ? __pfx_kasan_strings+0x10/0x10 [ 27.134308] ? finish_task_switch.isra.0+0x153/0x700 [ 27.134331] ? __switch_to+0x47/0xf80 [ 27.134357] ? __schedule+0x10cc/0x2b60 [ 27.134380] ? __pfx_read_tsc+0x10/0x10 [ 27.134401] ? ktime_get_ts64+0x86/0x230 [ 27.134424] kunit_try_run_case+0x1a5/0x480 [ 27.134447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.134467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.134516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.134541] ? __kthread_parkme+0x82/0x180 [ 27.134561] ? preempt_count_sub+0x50/0x80 [ 27.134607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.134630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.134654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.134679] kthread+0x337/0x6f0 [ 27.134710] ? trace_preempt_on+0x20/0xc0 [ 27.134731] ? __pfx_kthread+0x10/0x10 [ 27.134752] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.134790] ? calculate_sigpending+0x7b/0xa0 [ 27.134814] ? __pfx_kthread+0x10/0x10 [ 27.134835] ret_from_fork+0x116/0x1d0 [ 27.134854] ? __pfx_kthread+0x10/0x10 [ 27.134874] ret_from_fork_asm+0x1a/0x30 [ 27.134905] </TASK> [ 27.134916] [ 27.142534] Allocated by task 307: [ 27.142730] kasan_save_stack+0x45/0x70 [ 27.142985] kasan_save_track+0x18/0x40 [ 27.143178] kasan_save_alloc_info+0x3b/0x50 [ 27.143354] __kasan_kmalloc+0xb7/0xc0 [ 27.143502] __kmalloc_cache_noprof+0x189/0x420 [ 27.143733] kasan_strings+0xc0/0xe80 [ 27.143983] kunit_try_run_case+0x1a5/0x480 [ 27.144160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.144401] kthread+0x337/0x6f0 [ 27.144579] ret_from_fork+0x116/0x1d0 [ 27.144849] ret_from_fork_asm+0x1a/0x30 [ 27.145060] [ 27.145141] Freed by task 307: [ 27.145265] kasan_save_stack+0x45/0x70 [ 27.145427] kasan_save_track+0x18/0x40 [ 27.145636] kasan_save_free_info+0x3f/0x60 [ 27.145972] __kasan_slab_free+0x56/0x70 [ 27.146135] kfree+0x222/0x3f0 [ 27.146251] kasan_strings+0x2aa/0xe80 [ 27.146380] kunit_try_run_case+0x1a5/0x480 [ 27.146520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.146728] kthread+0x337/0x6f0 [ 27.146970] ret_from_fork+0x116/0x1d0 [ 27.147164] ret_from_fork_asm+0x1a/0x30 [ 27.147356] [ 27.147444] The buggy address belongs to the object at ffff8881060c6b00 [ 27.147444] which belongs to the cache kmalloc-32 of size 32 [ 27.148059] The buggy address is located 16 bytes inside of [ 27.148059] freed 32-byte region [ffff8881060c6b00, ffff8881060c6b20) [ 27.148440] [ 27.148506] The buggy address belongs to the physical page: [ 27.148693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c6 [ 27.149155] flags: 0x200000000000000(node=0|zone=2) [ 27.149395] page_type: f5(slab) [ 27.149592] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.150137] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.150450] page dumped because: kasan: bad access detected [ 27.150733] [ 27.150892] Memory state around the buggy address: [ 27.151091] ffff8881060c6a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.151374] ffff8881060c6a80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.151687] >ffff8881060c6b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.152056] ^ [ 27.152223] ffff8881060c6b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.152469] ffff8881060c6c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.152877] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 27.110100] ================================================================== [ 27.110389] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 27.110678] Read of size 1 at addr ffff8881060c6b10 by task kunit_try_catch/307 [ 27.111020] [ 27.111126] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.111173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.111185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.111208] Call Trace: [ 27.111221] <TASK> [ 27.111239] dump_stack_lvl+0x73/0xb0 [ 27.111266] print_report+0xd1/0x610 [ 27.111292] ? __virt_addr_valid+0x1db/0x2d0 [ 27.111316] ? strlen+0x8f/0xb0 [ 27.111338] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.111365] ? strlen+0x8f/0xb0 [ 27.111387] kasan_report+0x141/0x180 [ 27.111411] ? strlen+0x8f/0xb0 [ 27.111439] __asan_report_load1_noabort+0x18/0x20 [ 27.111464] strlen+0x8f/0xb0 [ 27.111486] kasan_strings+0x57b/0xe80 [ 27.111506] ? trace_hardirqs_on+0x37/0xe0 [ 27.111548] ? __pfx_kasan_strings+0x10/0x10 [ 27.111570] ? finish_task_switch.isra.0+0x153/0x700 [ 27.111591] ? __switch_to+0x47/0xf80 [ 27.111617] ? __schedule+0x10cc/0x2b60 [ 27.111640] ? __pfx_read_tsc+0x10/0x10 [ 27.111661] ? ktime_get_ts64+0x86/0x230 [ 27.111685] kunit_try_run_case+0x1a5/0x480 [ 27.111715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.111735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.111759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.111864] ? __kthread_parkme+0x82/0x180 [ 27.111884] ? preempt_count_sub+0x50/0x80 [ 27.111907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.111929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.111954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.111980] kthread+0x337/0x6f0 [ 27.112000] ? trace_preempt_on+0x20/0xc0 [ 27.112022] ? __pfx_kthread+0x10/0x10 [ 27.112043] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.112064] ? calculate_sigpending+0x7b/0xa0 [ 27.112087] ? __pfx_kthread+0x10/0x10 [ 27.112109] ret_from_fork+0x116/0x1d0 [ 27.112127] ? __pfx_kthread+0x10/0x10 [ 27.112148] ret_from_fork_asm+0x1a/0x30 [ 27.112179] </TASK> [ 27.112190] [ 27.119627] Allocated by task 307: [ 27.119877] kasan_save_stack+0x45/0x70 [ 27.120082] kasan_save_track+0x18/0x40 [ 27.120277] kasan_save_alloc_info+0x3b/0x50 [ 27.120515] __kasan_kmalloc+0xb7/0xc0 [ 27.120673] __kmalloc_cache_noprof+0x189/0x420 [ 27.121027] kasan_strings+0xc0/0xe80 [ 27.121190] kunit_try_run_case+0x1a5/0x480 [ 27.121380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.121651] kthread+0x337/0x6f0 [ 27.121854] ret_from_fork+0x116/0x1d0 [ 27.121989] ret_from_fork_asm+0x1a/0x30 [ 27.122185] [ 27.122276] Freed by task 307: [ 27.122427] kasan_save_stack+0x45/0x70 [ 27.122644] kasan_save_track+0x18/0x40 [ 27.122892] kasan_save_free_info+0x3f/0x60 [ 27.123052] __kasan_slab_free+0x56/0x70 [ 27.123183] kfree+0x222/0x3f0 [ 27.123318] kasan_strings+0x2aa/0xe80 [ 27.123501] kunit_try_run_case+0x1a5/0x480 [ 27.123733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.124059] kthread+0x337/0x6f0 [ 27.124221] ret_from_fork+0x116/0x1d0 [ 27.124365] ret_from_fork_asm+0x1a/0x30 [ 27.124499] [ 27.124585] The buggy address belongs to the object at ffff8881060c6b00 [ 27.124585] which belongs to the cache kmalloc-32 of size 32 [ 27.125209] The buggy address is located 16 bytes inside of [ 27.125209] freed 32-byte region [ffff8881060c6b00, ffff8881060c6b20) [ 27.125843] [ 27.125943] The buggy address belongs to the physical page: [ 27.126189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c6 [ 27.126565] flags: 0x200000000000000(node=0|zone=2) [ 27.126755] page_type: f5(slab) [ 27.126985] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.127239] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.127465] page dumped because: kasan: bad access detected [ 27.127718] [ 27.127879] Memory state around the buggy address: [ 27.128108] ffff8881060c6a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.128429] ffff8881060c6a80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.128755] >ffff8881060c6b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.129259] ^ [ 27.129453] ffff8881060c6b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.129761] ffff8881060c6c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.130142] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 27.089525] ================================================================== [ 27.089948] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 27.090166] Read of size 1 at addr ffff8881060c6b10 by task kunit_try_catch/307 [ 27.090480] [ 27.090611] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.090661] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.090673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.090706] Call Trace: [ 27.090724] <TASK> [ 27.090741] dump_stack_lvl+0x73/0xb0 [ 27.090836] print_report+0xd1/0x610 [ 27.090861] ? __virt_addr_valid+0x1db/0x2d0 [ 27.090886] ? kasan_strings+0xcbc/0xe80 [ 27.090908] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.090934] ? kasan_strings+0xcbc/0xe80 [ 27.090956] kasan_report+0x141/0x180 [ 27.090978] ? kasan_strings+0xcbc/0xe80 [ 27.091003] __asan_report_load1_noabort+0x18/0x20 [ 27.091028] kasan_strings+0xcbc/0xe80 [ 27.091047] ? trace_hardirqs_on+0x37/0xe0 [ 27.091071] ? __pfx_kasan_strings+0x10/0x10 [ 27.091092] ? finish_task_switch.isra.0+0x153/0x700 [ 27.091113] ? __switch_to+0x47/0xf80 [ 27.091139] ? __schedule+0x10cc/0x2b60 [ 27.091162] ? __pfx_read_tsc+0x10/0x10 [ 27.091183] ? ktime_get_ts64+0x86/0x230 [ 27.091207] kunit_try_run_case+0x1a5/0x480 [ 27.091230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.091251] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.091273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.091297] ? __kthread_parkme+0x82/0x180 [ 27.091317] ? preempt_count_sub+0x50/0x80 [ 27.091340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.091362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.091387] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.091412] kthread+0x337/0x6f0 [ 27.091432] ? trace_preempt_on+0x20/0xc0 [ 27.091454] ? __pfx_kthread+0x10/0x10 [ 27.091475] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.091497] ? calculate_sigpending+0x7b/0xa0 [ 27.091538] ? __pfx_kthread+0x10/0x10 [ 27.091560] ret_from_fork+0x116/0x1d0 [ 27.091579] ? __pfx_kthread+0x10/0x10 [ 27.091599] ret_from_fork_asm+0x1a/0x30 [ 27.091630] </TASK> [ 27.091642] [ 27.099328] Allocated by task 307: [ 27.099458] kasan_save_stack+0x45/0x70 [ 27.099688] kasan_save_track+0x18/0x40 [ 27.099946] kasan_save_alloc_info+0x3b/0x50 [ 27.100130] __kasan_kmalloc+0xb7/0xc0 [ 27.100315] __kmalloc_cache_noprof+0x189/0x420 [ 27.100503] kasan_strings+0xc0/0xe80 [ 27.100668] kunit_try_run_case+0x1a5/0x480 [ 27.101035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.101301] kthread+0x337/0x6f0 [ 27.101469] ret_from_fork+0x116/0x1d0 [ 27.101679] ret_from_fork_asm+0x1a/0x30 [ 27.101942] [ 27.102014] Freed by task 307: [ 27.102147] kasan_save_stack+0x45/0x70 [ 27.102341] kasan_save_track+0x18/0x40 [ 27.102556] kasan_save_free_info+0x3f/0x60 [ 27.102748] __kasan_slab_free+0x56/0x70 [ 27.102989] kfree+0x222/0x3f0 [ 27.103103] kasan_strings+0x2aa/0xe80 [ 27.103231] kunit_try_run_case+0x1a5/0x480 [ 27.103371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.103572] kthread+0x337/0x6f0 [ 27.103743] ret_from_fork+0x116/0x1d0 [ 27.104003] ret_from_fork_asm+0x1a/0x30 [ 27.104199] [ 27.104289] The buggy address belongs to the object at ffff8881060c6b00 [ 27.104289] which belongs to the cache kmalloc-32 of size 32 [ 27.105015] The buggy address is located 16 bytes inside of [ 27.105015] freed 32-byte region [ffff8881060c6b00, ffff8881060c6b20) [ 27.105404] [ 27.105474] The buggy address belongs to the physical page: [ 27.105751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c6 [ 27.106109] flags: 0x200000000000000(node=0|zone=2) [ 27.106341] page_type: f5(slab) [ 27.106502] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.106916] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.107224] page dumped because: kasan: bad access detected [ 27.107440] [ 27.107551] Memory state around the buggy address: [ 27.107745] ffff8881060c6a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.108080] ffff8881060c6a80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.108369] >ffff8881060c6b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.108678] ^ [ 27.109013] ffff8881060c6b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.109308] ffff8881060c6c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.109585] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 27.057689] ================================================================== [ 27.061294] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 27.062112] Read of size 1 at addr ffff8881060c6b10 by task kunit_try_catch/307 [ 27.062343] [ 27.062436] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.062500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.062514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.062541] Call Trace: [ 27.062557] <TASK> [ 27.062579] dump_stack_lvl+0x73/0xb0 [ 27.062610] print_report+0xd1/0x610 [ 27.062640] ? __virt_addr_valid+0x1db/0x2d0 [ 27.062667] ? strcmp+0xb0/0xc0 [ 27.062688] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.063555] ? strcmp+0xb0/0xc0 [ 27.063582] kasan_report+0x141/0x180 [ 27.063606] ? strcmp+0xb0/0xc0 [ 27.063633] __asan_report_load1_noabort+0x18/0x20 [ 27.063660] strcmp+0xb0/0xc0 [ 27.063682] kasan_strings+0x431/0xe80 [ 27.063720] ? trace_hardirqs_on+0x37/0xe0 [ 27.063745] ? __pfx_kasan_strings+0x10/0x10 [ 27.063765] ? finish_task_switch.isra.0+0x153/0x700 [ 27.063801] ? __switch_to+0x47/0xf80 [ 27.063828] ? __schedule+0x10cc/0x2b60 [ 27.063856] ? __pfx_read_tsc+0x10/0x10 [ 27.063880] ? ktime_get_ts64+0x86/0x230 [ 27.063905] kunit_try_run_case+0x1a5/0x480 [ 27.063929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.063949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.063973] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.063996] ? __kthread_parkme+0x82/0x180 [ 27.064018] ? preempt_count_sub+0x50/0x80 [ 27.064040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.064062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.064087] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.064112] kthread+0x337/0x6f0 [ 27.064132] ? trace_preempt_on+0x20/0xc0 [ 27.064154] ? __pfx_kthread+0x10/0x10 [ 27.064174] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.064196] ? calculate_sigpending+0x7b/0xa0 [ 27.064221] ? __pfx_kthread+0x10/0x10 [ 27.064242] ret_from_fork+0x116/0x1d0 [ 27.064260] ? __pfx_kthread+0x10/0x10 [ 27.064282] ret_from_fork_asm+0x1a/0x30 [ 27.064314] </TASK> [ 27.064327] [ 27.078694] Allocated by task 307: [ 27.078851] kasan_save_stack+0x45/0x70 [ 27.078997] kasan_save_track+0x18/0x40 [ 27.079125] kasan_save_alloc_info+0x3b/0x50 [ 27.079263] __kasan_kmalloc+0xb7/0xc0 [ 27.079386] __kmalloc_cache_noprof+0x189/0x420 [ 27.079532] kasan_strings+0xc0/0xe80 [ 27.079654] kunit_try_run_case+0x1a5/0x480 [ 27.079858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.080111] kthread+0x337/0x6f0 [ 27.080271] ret_from_fork+0x116/0x1d0 [ 27.080458] ret_from_fork_asm+0x1a/0x30 [ 27.080646] [ 27.080982] Freed by task 307: [ 27.081149] kasan_save_stack+0x45/0x70 [ 27.081346] kasan_save_track+0x18/0x40 [ 27.081558] kasan_save_free_info+0x3f/0x60 [ 27.081845] __kasan_slab_free+0x56/0x70 [ 27.082048] kfree+0x222/0x3f0 [ 27.082210] kasan_strings+0x2aa/0xe80 [ 27.082389] kunit_try_run_case+0x1a5/0x480 [ 27.082620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.082945] kthread+0x337/0x6f0 [ 27.083075] ret_from_fork+0x116/0x1d0 [ 27.083222] ret_from_fork_asm+0x1a/0x30 [ 27.083417] [ 27.083534] The buggy address belongs to the object at ffff8881060c6b00 [ 27.083534] which belongs to the cache kmalloc-32 of size 32 [ 27.084106] The buggy address is located 16 bytes inside of [ 27.084106] freed 32-byte region [ffff8881060c6b00, ffff8881060c6b20) [ 27.084492] [ 27.084584] The buggy address belongs to the physical page: [ 27.084946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c6 [ 27.085315] flags: 0x200000000000000(node=0|zone=2) [ 27.085549] page_type: f5(slab) [ 27.085758] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.086184] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.086481] page dumped because: kasan: bad access detected [ 27.086728] [ 27.086865] Memory state around the buggy address: [ 27.087058] ffff8881060c6a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.087375] ffff8881060c6a80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.087730] >ffff8881060c6b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.088092] ^ [ 27.088257] ffff8881060c6b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.088554] ffff8881060c6c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.089022] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 27.028574] ================================================================== [ 27.029311] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 27.029567] Read of size 1 at addr ffff88810585a498 by task kunit_try_catch/305 [ 27.030197] [ 27.030295] CPU: 0 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.030348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.030361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.030384] Call Trace: [ 27.030397] <TASK> [ 27.030415] dump_stack_lvl+0x73/0xb0 [ 27.030445] print_report+0xd1/0x610 [ 27.030470] ? __virt_addr_valid+0x1db/0x2d0 [ 27.030508] ? memcmp+0x1b4/0x1d0 [ 27.030527] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.030554] ? memcmp+0x1b4/0x1d0 [ 27.030573] kasan_report+0x141/0x180 [ 27.030594] ? memcmp+0x1b4/0x1d0 [ 27.030618] __asan_report_load1_noabort+0x18/0x20 [ 27.030643] memcmp+0x1b4/0x1d0 [ 27.030663] kasan_memcmp+0x18f/0x390 [ 27.030684] ? trace_hardirqs_on+0x37/0xe0 [ 27.030722] ? __pfx_kasan_memcmp+0x10/0x10 [ 27.030743] ? finish_task_switch.isra.0+0x153/0x700 [ 27.030766] ? __switch_to+0x47/0xf80 [ 27.030870] ? __pfx_read_tsc+0x10/0x10 [ 27.030893] ? ktime_get_ts64+0x86/0x230 [ 27.030919] kunit_try_run_case+0x1a5/0x480 [ 27.030943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.030964] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.030988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.031012] ? __kthread_parkme+0x82/0x180 [ 27.031033] ? preempt_count_sub+0x50/0x80 [ 27.031057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.031079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.031105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.031130] kthread+0x337/0x6f0 [ 27.031150] ? trace_preempt_on+0x20/0xc0 [ 27.031173] ? __pfx_kthread+0x10/0x10 [ 27.031195] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.031216] ? calculate_sigpending+0x7b/0xa0 [ 27.031241] ? __pfx_kthread+0x10/0x10 [ 27.031262] ret_from_fork+0x116/0x1d0 [ 27.031281] ? __pfx_kthread+0x10/0x10 [ 27.031302] ret_from_fork_asm+0x1a/0x30 [ 27.031334] </TASK> [ 27.031346] [ 27.039364] Allocated by task 305: [ 27.039626] kasan_save_stack+0x45/0x70 [ 27.039804] kasan_save_track+0x18/0x40 [ 27.040089] kasan_save_alloc_info+0x3b/0x50 [ 27.040313] __kasan_kmalloc+0xb7/0xc0 [ 27.040489] __kmalloc_cache_noprof+0x189/0x420 [ 27.040668] kasan_memcmp+0xb7/0x390 [ 27.040961] kunit_try_run_case+0x1a5/0x480 [ 27.041166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.041476] kthread+0x337/0x6f0 [ 27.041657] ret_from_fork+0x116/0x1d0 [ 27.041800] ret_from_fork_asm+0x1a/0x30 [ 27.042019] [ 27.042109] The buggy address belongs to the object at ffff88810585a480 [ 27.042109] which belongs to the cache kmalloc-32 of size 32 [ 27.042686] The buggy address is located 0 bytes to the right of [ 27.042686] allocated 24-byte region [ffff88810585a480, ffff88810585a498) [ 27.043454] [ 27.043530] The buggy address belongs to the physical page: [ 27.044720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10585a [ 27.045789] flags: 0x200000000000000(node=0|zone=2) [ 27.045981] page_type: f5(slab) [ 27.046106] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.046337] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.046563] page dumped because: kasan: bad access detected [ 27.046742] [ 27.046806] Memory state around the buggy address: [ 27.046957] ffff88810585a380: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.047169] ffff88810585a400: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.047379] >ffff88810585a480: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.047589] ^ [ 27.047780] ffff88810585a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.048375] ffff88810585a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.048967] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 27.002091] ================================================================== [ 27.002539] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 27.002856] Read of size 1 at addr ffff88810614fc4a by task kunit_try_catch/301 [ 27.003197] [ 27.003288] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 27.003339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.003352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.003374] Call Trace: [ 27.003387] <TASK> [ 27.003406] dump_stack_lvl+0x73/0xb0 [ 27.003435] print_report+0xd1/0x610 [ 27.003457] ? __virt_addr_valid+0x1db/0x2d0 [ 27.003481] ? kasan_alloca_oob_right+0x329/0x390 [ 27.003504] ? kasan_addr_to_slab+0x11/0xa0 [ 27.003527] ? kasan_alloca_oob_right+0x329/0x390 [ 27.003550] kasan_report+0x141/0x180 [ 27.003572] ? kasan_alloca_oob_right+0x329/0x390 [ 27.003599] __asan_report_load1_noabort+0x18/0x20 [ 27.003624] kasan_alloca_oob_right+0x329/0x390 [ 27.003645] ? __kasan_check_write+0x18/0x20 [ 27.003669] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.003691] ? irqentry_exit+0x2a/0x60 [ 27.003724] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.003762] ? trace_hardirqs_on+0x37/0xe0 [ 27.003788] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 27.003814] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 27.003841] kunit_try_run_case+0x1a5/0x480 [ 27.003872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.003893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.003916] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.003940] ? __kthread_parkme+0x82/0x180 [ 27.003961] ? preempt_count_sub+0x50/0x80 [ 27.003986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.004008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.004033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.004058] kthread+0x337/0x6f0 [ 27.004079] ? trace_preempt_on+0x20/0xc0 [ 27.004100] ? __pfx_kthread+0x10/0x10 [ 27.004122] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.004143] ? calculate_sigpending+0x7b/0xa0 [ 27.004168] ? __pfx_kthread+0x10/0x10 [ 27.004189] ret_from_fork+0x116/0x1d0 [ 27.004209] ? __pfx_kthread+0x10/0x10 [ 27.004230] ret_from_fork_asm+0x1a/0x30 [ 27.004261] </TASK> [ 27.004273] [ 27.014953] The buggy address belongs to stack of task kunit_try_catch/301 [ 27.015434] [ 27.015651] The buggy address belongs to the physical page: [ 27.016088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10614f [ 27.016428] flags: 0x200000000000000(node=0|zone=2) [ 27.016902] raw: 0200000000000000 ffffea00041853c8 ffffea00041853c8 0000000000000000 [ 27.017295] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.017721] page dumped because: kasan: bad access detected [ 27.018129] [ 27.018379] Memory state around the buggy address: [ 27.018625] ffff88810614fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.018928] ffff88810614fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.019211] >ffff88810614fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.019734] ^ [ 27.020045] ffff88810614fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.020534] ffff88810614fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.021075] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 26.981913] ================================================================== [ 26.982383] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 26.982748] Read of size 1 at addr ffff88810623fc3f by task kunit_try_catch/299 [ 26.983161] [ 26.983275] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.983327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.983339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.983362] Call Trace: [ 26.983377] <TASK> [ 26.983395] dump_stack_lvl+0x73/0xb0 [ 26.983426] print_report+0xd1/0x610 [ 26.983449] ? __virt_addr_valid+0x1db/0x2d0 [ 26.983473] ? kasan_alloca_oob_left+0x320/0x380 [ 26.983495] ? kasan_addr_to_slab+0x11/0xa0 [ 26.983516] ? kasan_alloca_oob_left+0x320/0x380 [ 26.983660] kasan_report+0x141/0x180 [ 26.983684] ? kasan_alloca_oob_left+0x320/0x380 [ 26.983726] __asan_report_load1_noabort+0x18/0x20 [ 26.983751] kasan_alloca_oob_left+0x320/0x380 [ 26.983773] ? __kasan_check_write+0x18/0x20 [ 26.983797] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.983820] ? finish_task_switch.isra.0+0x153/0x700 [ 26.983853] ? percpu_down_write+0x2ce/0x480 [ 26.983878] ? trace_hardirqs_on+0x37/0xe0 [ 26.983903] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 26.983928] ? __schedule+0x10cc/0x2b60 [ 26.983951] ? __pfx_read_tsc+0x10/0x10 [ 26.983973] ? ktime_get_ts64+0x86/0x230 [ 26.983999] kunit_try_run_case+0x1a5/0x480 [ 26.984023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.984045] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.984068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.984093] ? __kthread_parkme+0x82/0x180 [ 26.984114] ? preempt_count_sub+0x50/0x80 [ 26.984138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.984160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.984399] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.984430] kthread+0x337/0x6f0 [ 26.984451] ? trace_preempt_on+0x20/0xc0 [ 26.984474] ? __pfx_kthread+0x10/0x10 [ 26.984513] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.984535] ? calculate_sigpending+0x7b/0xa0 [ 26.984559] ? __pfx_kthread+0x10/0x10 [ 26.984581] ret_from_fork+0x116/0x1d0 [ 26.984601] ? __pfx_kthread+0x10/0x10 [ 26.984623] ret_from_fork_asm+0x1a/0x30 [ 26.984654] </TASK> [ 26.984667] [ 26.993596] The buggy address belongs to stack of task kunit_try_catch/299 [ 26.993925] [ 26.994009] The buggy address belongs to the physical page: [ 26.994244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623f [ 26.994822] flags: 0x200000000000000(node=0|zone=2) [ 26.995039] raw: 0200000000000000 ffffea0004188fc8 ffffea0004188fc8 0000000000000000 [ 26.995454] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.995894] page dumped because: kasan: bad access detected [ 26.996136] [ 26.996356] Memory state around the buggy address: [ 26.996629] ffff88810623fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.997012] ffff88810623fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.997400] >ffff88810623fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.997766] ^ [ 26.998112] ffff88810623fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 26.998429] ffff88810623fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.998866] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 26.950617] ================================================================== [ 26.951485] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 26.951951] Read of size 1 at addr ffff888106087d02 by task kunit_try_catch/297 [ 26.952458] [ 26.952611] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.952661] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.952673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.952695] Call Trace: [ 26.952720] <TASK> [ 26.952738] dump_stack_lvl+0x73/0xb0 [ 26.952768] print_report+0xd1/0x610 [ 26.952801] ? __virt_addr_valid+0x1db/0x2d0 [ 26.952825] ? kasan_stack_oob+0x2b5/0x300 [ 26.952846] ? kasan_addr_to_slab+0x11/0xa0 [ 26.952877] ? kasan_stack_oob+0x2b5/0x300 [ 26.952898] kasan_report+0x141/0x180 [ 26.952920] ? kasan_stack_oob+0x2b5/0x300 [ 26.952944] __asan_report_load1_noabort+0x18/0x20 [ 26.952968] kasan_stack_oob+0x2b5/0x300 [ 26.952989] ? __pfx_kasan_stack_oob+0x10/0x10 [ 26.953066] ? __kasan_check_write+0x18/0x20 [ 26.953095] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.953122] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 26.953146] ? trace_hardirqs_on+0x37/0xe0 [ 26.953168] ? __pfx_read_tsc+0x10/0x10 [ 26.953190] ? ktime_get_ts64+0x86/0x230 [ 26.953215] kunit_try_run_case+0x1a5/0x480 [ 26.953238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.953259] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.953281] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.953305] ? __kthread_parkme+0x82/0x180 [ 26.953326] ? preempt_count_sub+0x50/0x80 [ 26.953350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.953372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.953398] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.953424] kthread+0x337/0x6f0 [ 26.953444] ? trace_preempt_on+0x20/0xc0 [ 26.953466] ? __pfx_kthread+0x10/0x10 [ 26.953487] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.953521] ? calculate_sigpending+0x7b/0xa0 [ 26.953545] ? __pfx_kthread+0x10/0x10 [ 26.953568] ret_from_fork+0x116/0x1d0 [ 26.953588] ? __pfx_kthread+0x10/0x10 [ 26.953608] ret_from_fork_asm+0x1a/0x30 [ 26.953640] </TASK> [ 26.953651] [ 26.965395] The buggy address belongs to stack of task kunit_try_catch/297 [ 26.966167] and is located at offset 138 in frame: [ 26.966905] kasan_stack_oob+0x0/0x300 [ 26.967182] [ 26.967278] This frame has 4 objects: [ 26.967475] [48, 49) '__assertion' [ 26.967511] [64, 72) 'array' [ 26.967835] [96, 112) '__assertion' [ 26.968130] [128, 138) 'stack_array' [ 26.968542] [ 26.969095] The buggy address belongs to the physical page: [ 26.969586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106087 [ 26.970338] flags: 0x200000000000000(node=0|zone=2) [ 26.971005] raw: 0200000000000000 ffffea00041821c8 ffffea00041821c8 0000000000000000 [ 26.971339] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.971716] page dumped because: kasan: bad access detected [ 26.972342] [ 26.972514] Memory state around the buggy address: [ 26.973012] ffff888106087c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.973708] ffff888106087c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 26.974114] >ffff888106087d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.974805] ^ [ 26.974993] ffff888106087d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 26.975211] ffff888106087e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.975422] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 26.928179] ================================================================== [ 26.928631] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 26.929480] Read of size 1 at addr ffffffff92ebaf4d by task kunit_try_catch/293 [ 26.930509] [ 26.930861] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.930922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.930936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.930961] Call Trace: [ 26.930975] <TASK> [ 26.930995] dump_stack_lvl+0x73/0xb0 [ 26.931030] print_report+0xd1/0x610 [ 26.931054] ? __virt_addr_valid+0x1db/0x2d0 [ 26.931083] ? kasan_global_oob_right+0x286/0x2d0 [ 26.931105] ? kasan_addr_to_slab+0x11/0xa0 [ 26.931150] ? kasan_global_oob_right+0x286/0x2d0 [ 26.931172] kasan_report+0x141/0x180 [ 26.931251] ? kasan_global_oob_right+0x286/0x2d0 [ 26.931279] __asan_report_load1_noabort+0x18/0x20 [ 26.931315] kasan_global_oob_right+0x286/0x2d0 [ 26.931338] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 26.931363] ? __schedule+0x10cc/0x2b60 [ 26.931387] ? __pfx_read_tsc+0x10/0x10 [ 26.931410] ? ktime_get_ts64+0x86/0x230 [ 26.931435] kunit_try_run_case+0x1a5/0x480 [ 26.931459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.931479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.931517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.931540] ? __kthread_parkme+0x82/0x180 [ 26.931562] ? preempt_count_sub+0x50/0x80 [ 26.931587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.931609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.931634] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.931658] kthread+0x337/0x6f0 [ 26.931679] ? trace_preempt_on+0x20/0xc0 [ 26.931713] ? __pfx_kthread+0x10/0x10 [ 26.931734] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.931756] ? calculate_sigpending+0x7b/0xa0 [ 26.931791] ? __pfx_kthread+0x10/0x10 [ 26.931813] ret_from_fork+0x116/0x1d0 [ 26.931832] ? __pfx_kthread+0x10/0x10 [ 26.931858] ret_from_fork_asm+0x1a/0x30 [ 26.931890] </TASK> [ 26.931903] [ 26.940324] The buggy address belongs to the variable: [ 26.940593] global_array+0xd/0x40 [ 26.940831] [ 26.941021] The buggy address belongs to the physical page: [ 26.941360] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124eba [ 26.941663] flags: 0x200000000002000(reserved|node=0|zone=2) [ 26.942075] raw: 0200000000002000 ffffea000493ae88 ffffea000493ae88 0000000000000000 [ 26.942534] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.942956] page dumped because: kasan: bad access detected [ 26.943219] [ 26.943296] Memory state around the buggy address: [ 26.943543] ffffffff92ebae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.943880] ffffffff92ebae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.944276] >ffffffff92ebaf00: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 26.944686] ^ [ 26.944933] ffffffff92ebaf80: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 26.945407] ffffffff92ebb000: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 26.945729] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 26.867530] ================================================================== [ 26.868505] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.869349] Free of addr ffff8881060c3801 by task kunit_try_catch/289 [ 26.869740] [ 26.869983] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.870057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.870071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.870095] Call Trace: [ 26.870109] <TASK> [ 26.870129] dump_stack_lvl+0x73/0xb0 [ 26.870164] print_report+0xd1/0x610 [ 26.870188] ? __virt_addr_valid+0x1db/0x2d0 [ 26.870215] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.870242] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.870268] kasan_report_invalid_free+0x10a/0x130 [ 26.870292] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.870319] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.870344] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.870368] check_slab_allocation+0x11f/0x130 [ 26.870389] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.870413] mempool_free+0x2ec/0x380 [ 26.870441] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.870467] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.870511] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.870535] ? finish_task_switch.isra.0+0x153/0x700 [ 26.870562] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.870586] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.870613] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.870636] ? __pfx_mempool_kfree+0x10/0x10 [ 26.870660] ? __pfx_read_tsc+0x10/0x10 [ 26.870683] ? ktime_get_ts64+0x86/0x230 [ 26.870721] kunit_try_run_case+0x1a5/0x480 [ 26.870745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.870765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.870854] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.870878] ? __kthread_parkme+0x82/0x180 [ 26.870900] ? preempt_count_sub+0x50/0x80 [ 26.870923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.870945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.870971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.870996] kthread+0x337/0x6f0 [ 26.871015] ? trace_preempt_on+0x20/0xc0 [ 26.871040] ? __pfx_kthread+0x10/0x10 [ 26.871060] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.871081] ? calculate_sigpending+0x7b/0xa0 [ 26.871106] ? __pfx_kthread+0x10/0x10 [ 26.871127] ret_from_fork+0x116/0x1d0 [ 26.871147] ? __pfx_kthread+0x10/0x10 [ 26.871167] ret_from_fork_asm+0x1a/0x30 [ 26.871199] </TASK> [ 26.871211] [ 26.884125] Allocated by task 289: [ 26.884665] kasan_save_stack+0x45/0x70 [ 26.885013] kasan_save_track+0x18/0x40 [ 26.885233] kasan_save_alloc_info+0x3b/0x50 [ 26.885593] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.885979] remove_element+0x11e/0x190 [ 26.886268] mempool_alloc_preallocated+0x4d/0x90 [ 26.886574] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 26.886867] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.887193] kunit_try_run_case+0x1a5/0x480 [ 26.887391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.888042] kthread+0x337/0x6f0 [ 26.888256] ret_from_fork+0x116/0x1d0 [ 26.888592] ret_from_fork_asm+0x1a/0x30 [ 26.888886] [ 26.888999] The buggy address belongs to the object at ffff8881060c3800 [ 26.888999] which belongs to the cache kmalloc-128 of size 128 [ 26.889829] The buggy address is located 1 bytes inside of [ 26.889829] 128-byte region [ffff8881060c3800, ffff8881060c3880) [ 26.890477] [ 26.890579] The buggy address belongs to the physical page: [ 26.891058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 26.891421] flags: 0x200000000000000(node=0|zone=2) [ 26.892074] page_type: f5(slab) [ 26.892253] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.892696] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.893202] page dumped because: kasan: bad access detected [ 26.893666] [ 26.893776] Memory state around the buggy address: [ 26.894245] ffff8881060c3700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.894726] ffff8881060c3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.895198] >ffff8881060c3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.895579] ^ [ 26.895863] ffff8881060c3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.896357] ffff8881060c3900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.896694] ================================================================== [ 26.899906] ================================================================== [ 26.900337] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.901103] Free of addr ffff8881060f4001 by task kunit_try_catch/291 [ 26.901415] [ 26.901720] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.901830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.901846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.901870] Call Trace: [ 26.901884] <TASK> [ 26.901904] dump_stack_lvl+0x73/0xb0 [ 26.901946] print_report+0xd1/0x610 [ 26.901970] ? __virt_addr_valid+0x1db/0x2d0 [ 26.901997] ? kasan_addr_to_slab+0x11/0xa0 [ 26.902018] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.902044] kasan_report_invalid_free+0x10a/0x130 [ 26.902068] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.902096] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.902120] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.902145] mempool_free+0x2ec/0x380 [ 26.902172] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.902198] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.902228] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.902254] ? finish_task_switch.isra.0+0x153/0x700 [ 26.902281] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 26.902306] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.902334] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.902357] ? __pfx_mempool_kfree+0x10/0x10 [ 26.902382] ? __pfx_read_tsc+0x10/0x10 [ 26.902406] ? ktime_get_ts64+0x86/0x230 [ 26.902432] kunit_try_run_case+0x1a5/0x480 [ 26.902461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.902481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.902514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.902537] ? __kthread_parkme+0x82/0x180 [ 26.902559] ? preempt_count_sub+0x50/0x80 [ 26.902581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.902603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.902629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.902655] kthread+0x337/0x6f0 [ 26.902675] ? trace_preempt_on+0x20/0xc0 [ 26.902710] ? __pfx_kthread+0x10/0x10 [ 26.902733] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.902754] ? calculate_sigpending+0x7b/0xa0 [ 26.902790] ? __pfx_kthread+0x10/0x10 [ 26.902813] ret_from_fork+0x116/0x1d0 [ 26.902832] ? __pfx_kthread+0x10/0x10 [ 26.902853] ret_from_fork_asm+0x1a/0x30 [ 26.902884] </TASK> [ 26.902897] [ 26.915268] The buggy address belongs to the physical page: [ 26.915646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4 [ 26.916616] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.917339] flags: 0x200000000000040(head|node=0|zone=2) [ 26.917907] page_type: f8(unknown) [ 26.918151] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.918623] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.919017] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.919332] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.920128] head: 0200000000000002 ffffea0004183d01 00000000ffffffff 00000000ffffffff [ 26.920545] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.921215] page dumped because: kasan: bad access detected [ 26.921462] [ 26.921561] Memory state around the buggy address: [ 26.922069] ffff8881060f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.922368] ffff8881060f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.923158] >ffff8881060f4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.923478] ^ [ 26.923951] ffff8881060f4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.924265] ffff8881060f4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.924807] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 26.810771] ================================================================== [ 26.812233] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.813369] Free of addr ffff8881060f4000 by task kunit_try_catch/285 [ 26.814049] [ 26.814347] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.814406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.814420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.814444] Call Trace: [ 26.814459] <TASK> [ 26.814479] dump_stack_lvl+0x73/0xb0 [ 26.814510] print_report+0xd1/0x610 [ 26.814534] ? __virt_addr_valid+0x1db/0x2d0 [ 26.814559] ? kasan_addr_to_slab+0x11/0xa0 [ 26.814581] ? mempool_double_free_helper+0x184/0x370 [ 26.814606] kasan_report_invalid_free+0x10a/0x130 [ 26.814630] ? mempool_double_free_helper+0x184/0x370 [ 26.814657] ? mempool_double_free_helper+0x184/0x370 [ 26.814680] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 26.814716] mempool_free+0x2ec/0x380 [ 26.814745] mempool_double_free_helper+0x184/0x370 [ 26.814770] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.814796] ? __kasan_check_write+0x18/0x20 [ 26.814821] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.814843] ? finish_task_switch.isra.0+0x153/0x700 [ 26.814869] mempool_kmalloc_large_double_free+0xed/0x140 [ 26.814893] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 26.814920] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.814942] ? __pfx_mempool_kfree+0x10/0x10 [ 26.814980] ? __pfx_read_tsc+0x10/0x10 [ 26.815002] ? ktime_get_ts64+0x86/0x230 [ 26.815028] kunit_try_run_case+0x1a5/0x480 [ 26.815059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.815080] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.815104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.815128] ? __kthread_parkme+0x82/0x180 [ 26.815148] ? preempt_count_sub+0x50/0x80 [ 26.815172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.815194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.815219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.815245] kthread+0x337/0x6f0 [ 26.815265] ? trace_preempt_on+0x20/0xc0 [ 26.815288] ? __pfx_kthread+0x10/0x10 [ 26.815309] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.815331] ? calculate_sigpending+0x7b/0xa0 [ 26.815355] ? __pfx_kthread+0x10/0x10 [ 26.815377] ret_from_fork+0x116/0x1d0 [ 26.815396] ? __pfx_kthread+0x10/0x10 [ 26.815418] ret_from_fork_asm+0x1a/0x30 [ 26.815449] </TASK> [ 26.815460] [ 26.829068] The buggy address belongs to the physical page: [ 26.829260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4 [ 26.829645] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.830265] flags: 0x200000000000040(head|node=0|zone=2) [ 26.830597] page_type: f8(unknown) [ 26.830762] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.831235] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.831522] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.832085] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.832475] head: 0200000000000002 ffffea0004183d01 00000000ffffffff 00000000ffffffff [ 26.832973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.833304] page dumped because: kasan: bad access detected [ 26.833535] [ 26.833619] Memory state around the buggy address: [ 26.833850] ffff8881060f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.834355] ffff8881060f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.834668] >ffff8881060f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.835127] ^ [ 26.835289] ffff8881060f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.835828] ffff8881060f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.836286] ================================================================== [ 26.839379] ================================================================== [ 26.840168] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.840411] Free of addr ffff8881060f4000 by task kunit_try_catch/287 [ 26.841444] [ 26.841724] CPU: 0 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.841781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.841794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.841818] Call Trace: [ 26.841832] <TASK> [ 26.841852] dump_stack_lvl+0x73/0xb0 [ 26.841884] print_report+0xd1/0x610 [ 26.841908] ? __virt_addr_valid+0x1db/0x2d0 [ 26.841933] ? kasan_addr_to_slab+0x11/0xa0 [ 26.841953] ? mempool_double_free_helper+0x184/0x370 [ 26.841978] kasan_report_invalid_free+0x10a/0x130 [ 26.842002] ? mempool_double_free_helper+0x184/0x370 [ 26.842028] ? mempool_double_free_helper+0x184/0x370 [ 26.842051] __kasan_mempool_poison_pages+0x115/0x130 [ 26.842075] mempool_free+0x290/0x380 [ 26.842102] mempool_double_free_helper+0x184/0x370 [ 26.842126] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.842153] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.842174] ? finish_task_switch.isra.0+0x153/0x700 [ 26.842199] mempool_page_alloc_double_free+0xe8/0x140 [ 26.842224] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 26.842252] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.842277] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.842302] ? __pfx_read_tsc+0x10/0x10 [ 26.842323] ? ktime_get_ts64+0x86/0x230 [ 26.842347] kunit_try_run_case+0x1a5/0x480 [ 26.842371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.842393] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.842491] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.842518] ? __kthread_parkme+0x82/0x180 [ 26.842560] ? preempt_count_sub+0x50/0x80 [ 26.842602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.842624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.842649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.842674] kthread+0x337/0x6f0 [ 26.842694] ? trace_preempt_on+0x20/0xc0 [ 26.842727] ? __pfx_kthread+0x10/0x10 [ 26.842748] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.842775] ? calculate_sigpending+0x7b/0xa0 [ 26.842799] ? __pfx_kthread+0x10/0x10 [ 26.842820] ret_from_fork+0x116/0x1d0 [ 26.842841] ? __pfx_kthread+0x10/0x10 [ 26.842861] ret_from_fork_asm+0x1a/0x30 [ 26.842893] </TASK> [ 26.842905] [ 26.857499] The buggy address belongs to the physical page: [ 26.858040] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4 [ 26.858439] flags: 0x200000000000000(node=0|zone=2) [ 26.858992] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.859608] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.860236] page dumped because: kasan: bad access detected [ 26.860414] [ 26.860497] Memory state around the buggy address: [ 26.860983] ffff8881060f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.861720] ffff8881060f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.862327] >ffff8881060f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.862549] ^ [ 26.862666] ffff8881060f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.862959] ffff8881060f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.863434] ================================================================== [ 26.767856] ================================================================== [ 26.768367] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.769003] Free of addr ffff88810583aa00 by task kunit_try_catch/283 [ 26.769690] [ 26.769877] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.770013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.770027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.770050] Call Trace: [ 26.770064] <TASK> [ 26.770083] dump_stack_lvl+0x73/0xb0 [ 26.770113] print_report+0xd1/0x610 [ 26.770137] ? __virt_addr_valid+0x1db/0x2d0 [ 26.770163] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.770189] ? mempool_double_free_helper+0x184/0x370 [ 26.770214] kasan_report_invalid_free+0x10a/0x130 [ 26.770238] ? mempool_double_free_helper+0x184/0x370 [ 26.770264] ? mempool_double_free_helper+0x184/0x370 [ 26.770286] ? mempool_double_free_helper+0x184/0x370 [ 26.770309] check_slab_allocation+0x101/0x130 [ 26.770331] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.770355] mempool_free+0x2ec/0x380 [ 26.770382] mempool_double_free_helper+0x184/0x370 [ 26.770407] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.770431] ? __call_rcu_common.constprop.0+0x455/0x9e0 [ 26.770456] ? __pfx_task_dead_fair+0x10/0x10 [ 26.770508] mempool_kmalloc_double_free+0xed/0x140 [ 26.770532] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 26.770558] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.770580] ? __pfx_mempool_kfree+0x10/0x10 [ 26.770605] ? __pfx_read_tsc+0x10/0x10 [ 26.770627] ? ktime_get_ts64+0x86/0x230 [ 26.770652] kunit_try_run_case+0x1a5/0x480 [ 26.770674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.770695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.770726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.770750] ? __kthread_parkme+0x82/0x180 [ 26.770772] ? preempt_count_sub+0x50/0x80 [ 26.770795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.770817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.770842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.770868] kthread+0x337/0x6f0 [ 26.770887] ? trace_preempt_on+0x20/0xc0 [ 26.770909] ? __pfx_kthread+0x10/0x10 [ 26.770930] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.770951] ? calculate_sigpending+0x7b/0xa0 [ 26.770976] ? __pfx_kthread+0x10/0x10 [ 26.770998] ret_from_fork+0x116/0x1d0 [ 26.771017] ? __pfx_kthread+0x10/0x10 [ 26.771038] ret_from_fork_asm+0x1a/0x30 [ 26.771069] </TASK> [ 26.771081] [ 26.785716] Allocated by task 283: [ 26.785853] kasan_save_stack+0x45/0x70 [ 26.786000] kasan_save_track+0x18/0x40 [ 26.786130] kasan_save_alloc_info+0x3b/0x50 [ 26.786275] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.786443] remove_element+0x11e/0x190 [ 26.786976] mempool_alloc_preallocated+0x4d/0x90 [ 26.787414] mempool_double_free_helper+0x8a/0x370 [ 26.787948] mempool_kmalloc_double_free+0xed/0x140 [ 26.788501] kunit_try_run_case+0x1a5/0x480 [ 26.788909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.789398] kthread+0x337/0x6f0 [ 26.789761] ret_from_fork+0x116/0x1d0 [ 26.790122] ret_from_fork_asm+0x1a/0x30 [ 26.790523] [ 26.790723] Freed by task 283: [ 26.791034] kasan_save_stack+0x45/0x70 [ 26.791330] kasan_save_track+0x18/0x40 [ 26.791462] kasan_save_free_info+0x3f/0x60 [ 26.791918] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.792391] mempool_free+0x2ec/0x380 [ 26.792757] mempool_double_free_helper+0x109/0x370 [ 26.792922] mempool_kmalloc_double_free+0xed/0x140 [ 26.793081] kunit_try_run_case+0x1a5/0x480 [ 26.793221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.793394] kthread+0x337/0x6f0 [ 26.793510] ret_from_fork+0x116/0x1d0 [ 26.793641] ret_from_fork_asm+0x1a/0x30 [ 26.793792] [ 26.793860] The buggy address belongs to the object at ffff88810583aa00 [ 26.793860] which belongs to the cache kmalloc-128 of size 128 [ 26.794222] The buggy address is located 0 bytes inside of [ 26.794222] 128-byte region [ffff88810583aa00, ffff88810583aa80) [ 26.794903] [ 26.795565] The buggy address belongs to the physical page: [ 26.796064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a [ 26.796897] flags: 0x200000000000000(node=0|zone=2) [ 26.797600] page_type: f5(slab) [ 26.798067] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.799195] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.800231] page dumped because: kasan: bad access detected [ 26.801080] [ 26.801396] Memory state around the buggy address: [ 26.802052] ffff88810583a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.802937] ffff88810583a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.803925] >ffff88810583aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.804480] ^ [ 26.805078] ffff88810583aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.805434] ffff88810583ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.806292] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 26.736909] ================================================================== [ 26.737305] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.737683] Read of size 1 at addr ffff8881060f4000 by task kunit_try_catch/281 [ 26.739134] [ 26.739454] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.739725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.739741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.739787] Call Trace: [ 26.739802] <TASK> [ 26.739825] dump_stack_lvl+0x73/0xb0 [ 26.739867] print_report+0xd1/0x610 [ 26.739890] ? __virt_addr_valid+0x1db/0x2d0 [ 26.739917] ? mempool_uaf_helper+0x392/0x400 [ 26.739940] ? kasan_addr_to_slab+0x11/0xa0 [ 26.739961] ? mempool_uaf_helper+0x392/0x400 [ 26.739983] kasan_report+0x141/0x180 [ 26.740005] ? mempool_uaf_helper+0x392/0x400 [ 26.740031] __asan_report_load1_noabort+0x18/0x20 [ 26.740055] mempool_uaf_helper+0x392/0x400 [ 26.740079] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.740102] ? __kasan_check_write+0x18/0x20 [ 26.740126] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.740149] ? finish_task_switch.isra.0+0x153/0x700 [ 26.740175] mempool_page_alloc_uaf+0xed/0x140 [ 26.740199] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.740224] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.740249] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.740275] ? __pfx_read_tsc+0x10/0x10 [ 26.740297] ? ktime_get_ts64+0x86/0x230 [ 26.740322] kunit_try_run_case+0x1a5/0x480 [ 26.740346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.740367] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.740390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.740414] ? __kthread_parkme+0x82/0x180 [ 26.740435] ? preempt_count_sub+0x50/0x80 [ 26.740458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.740497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.740523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.740548] kthread+0x337/0x6f0 [ 26.740567] ? trace_preempt_on+0x20/0xc0 [ 26.740592] ? __pfx_kthread+0x10/0x10 [ 26.740612] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.740633] ? calculate_sigpending+0x7b/0xa0 [ 26.740657] ? __pfx_kthread+0x10/0x10 [ 26.740680] ret_from_fork+0x116/0x1d0 [ 26.740707] ? __pfx_kthread+0x10/0x10 [ 26.740728] ret_from_fork_asm+0x1a/0x30 [ 26.740759] </TASK> [ 26.740792] [ 26.756949] The buggy address belongs to the physical page: [ 26.757595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4 [ 26.758493] flags: 0x200000000000000(node=0|zone=2) [ 26.759149] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.759992] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.760799] page dumped because: kasan: bad access detected [ 26.761369] [ 26.761627] Memory state around the buggy address: [ 26.762178] ffff8881060f3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.762407] ffff8881060f3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.762668] >ffff8881060f4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.763524] ^ [ 26.763895] ffff8881060f4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.764300] ffff8881060f4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.764977] ================================================================== [ 26.668995] ================================================================== [ 26.669444] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.669820] Read of size 1 at addr ffff8881061ac000 by task kunit_try_catch/277 [ 26.670170] [ 26.670369] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.670424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.670437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.670461] Call Trace: [ 26.670475] <TASK> [ 26.670508] dump_stack_lvl+0x73/0xb0 [ 26.670552] print_report+0xd1/0x610 [ 26.670576] ? __virt_addr_valid+0x1db/0x2d0 [ 26.670601] ? mempool_uaf_helper+0x392/0x400 [ 26.670635] ? kasan_addr_to_slab+0x11/0xa0 [ 26.670656] ? mempool_uaf_helper+0x392/0x400 [ 26.670679] kasan_report+0x141/0x180 [ 26.670711] ? mempool_uaf_helper+0x392/0x400 [ 26.670738] __asan_report_load1_noabort+0x18/0x20 [ 26.670771] mempool_uaf_helper+0x392/0x400 [ 26.670848] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.670873] ? update_load_avg+0x1be/0x21b0 [ 26.670897] ? update_load_avg+0x1be/0x21b0 [ 26.670919] ? update_curr+0x80/0x810 [ 26.670942] ? finish_task_switch.isra.0+0x153/0x700 [ 26.670982] mempool_kmalloc_large_uaf+0xef/0x140 [ 26.671005] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 26.671042] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.671066] ? __pfx_mempool_kfree+0x10/0x10 [ 26.671101] ? __pfx_read_tsc+0x10/0x10 [ 26.671123] ? ktime_get_ts64+0x86/0x230 [ 26.671159] kunit_try_run_case+0x1a5/0x480 [ 26.671182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.671203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.671227] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.671251] ? __kthread_parkme+0x82/0x180 [ 26.671273] ? preempt_count_sub+0x50/0x80 [ 26.671296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.671319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.671344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.671370] kthread+0x337/0x6f0 [ 26.671389] ? trace_preempt_on+0x20/0xc0 [ 26.671413] ? __pfx_kthread+0x10/0x10 [ 26.671435] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.671456] ? calculate_sigpending+0x7b/0xa0 [ 26.671482] ? __pfx_kthread+0x10/0x10 [ 26.671512] ret_from_fork+0x116/0x1d0 [ 26.671532] ? __pfx_kthread+0x10/0x10 [ 26.671552] ret_from_fork_asm+0x1a/0x30 [ 26.671583] </TASK> [ 26.671596] [ 26.681779] The buggy address belongs to the physical page: [ 26.682105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061ac [ 26.682382] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.682721] flags: 0x200000000000040(head|node=0|zone=2) [ 26.682994] page_type: f8(unknown) [ 26.683128] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.683447] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.684228] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.684579] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.685158] head: 0200000000000002 ffffea0004186b01 00000000ffffffff 00000000ffffffff [ 26.685523] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.685925] page dumped because: kasan: bad access detected [ 26.686174] [ 26.686265] Memory state around the buggy address: [ 26.686472] ffff8881061abf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.686813] ffff8881061abf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.687026] >ffff8881061ac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.687406] ^ [ 26.687609] ffff8881061ac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.688042] ffff8881061ac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.688379] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 26.692734] ================================================================== [ 26.693380] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.694904] Read of size 1 at addr ffff888104398240 by task kunit_try_catch/279 [ 26.695891] [ 26.695996] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.696050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.696063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.696088] Call Trace: [ 26.696102] <TASK> [ 26.696123] dump_stack_lvl+0x73/0xb0 [ 26.696155] print_report+0xd1/0x610 [ 26.696178] ? __virt_addr_valid+0x1db/0x2d0 [ 26.696204] ? mempool_uaf_helper+0x392/0x400 [ 26.696226] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.696253] ? mempool_uaf_helper+0x392/0x400 [ 26.696275] kasan_report+0x141/0x180 [ 26.696297] ? mempool_uaf_helper+0x392/0x400 [ 26.696323] __asan_report_load1_noabort+0x18/0x20 [ 26.696346] mempool_uaf_helper+0x392/0x400 [ 26.696370] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.696392] ? update_load_avg+0x1be/0x21b0 [ 26.696420] ? finish_task_switch.isra.0+0x153/0x700 [ 26.696447] mempool_slab_uaf+0xea/0x140 [ 26.696470] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 26.696514] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.696540] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.696566] ? __pfx_read_tsc+0x10/0x10 [ 26.696590] ? ktime_get_ts64+0x86/0x230 [ 26.696615] kunit_try_run_case+0x1a5/0x480 [ 26.696638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.696659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.696683] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.696720] ? __kthread_parkme+0x82/0x180 [ 26.696741] ? preempt_count_sub+0x50/0x80 [ 26.696764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.696787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.696812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.696838] kthread+0x337/0x6f0 [ 26.696858] ? trace_preempt_on+0x20/0xc0 [ 26.696881] ? __pfx_kthread+0x10/0x10 [ 26.696902] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.696923] ? calculate_sigpending+0x7b/0xa0 [ 26.696947] ? __pfx_kthread+0x10/0x10 [ 26.696969] ret_from_fork+0x116/0x1d0 [ 26.696989] ? __pfx_kthread+0x10/0x10 [ 26.697010] ret_from_fork_asm+0x1a/0x30 [ 26.697041] </TASK> [ 26.697054] [ 26.705091] Allocated by task 279: [ 26.705256] kasan_save_stack+0x45/0x70 [ 26.705446] kasan_save_track+0x18/0x40 [ 26.705935] kasan_save_alloc_info+0x3b/0x50 [ 26.706138] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.706366] remove_element+0x11e/0x190 [ 26.707247] mempool_alloc_preallocated+0x4d/0x90 [ 26.708173] mempool_uaf_helper+0x96/0x400 [ 26.708335] mempool_slab_uaf+0xea/0x140 [ 26.708478] kunit_try_run_case+0x1a5/0x480 [ 26.708693] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.709451] kthread+0x337/0x6f0 [ 26.709915] ret_from_fork+0x116/0x1d0 [ 26.710198] ret_from_fork_asm+0x1a/0x30 [ 26.710397] [ 26.710486] Freed by task 279: [ 26.711146] kasan_save_stack+0x45/0x70 [ 26.711359] kasan_save_track+0x18/0x40 [ 26.711682] kasan_save_free_info+0x3f/0x60 [ 26.711944] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.712181] mempool_free+0x2ec/0x380 [ 26.712343] mempool_uaf_helper+0x11a/0x400 [ 26.712806] mempool_slab_uaf+0xea/0x140 [ 26.713319] kunit_try_run_case+0x1a5/0x480 [ 26.713690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.714353] kthread+0x337/0x6f0 [ 26.714663] ret_from_fork+0x116/0x1d0 [ 26.714978] ret_from_fork_asm+0x1a/0x30 [ 26.715171] [ 26.715256] The buggy address belongs to the object at ffff888104398240 [ 26.715256] which belongs to the cache test_cache of size 123 [ 26.716231] The buggy address is located 0 bytes inside of [ 26.716231] freed 123-byte region [ffff888104398240, ffff8881043982bb) [ 26.717323] [ 26.717431] The buggy address belongs to the physical page: [ 26.717871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104398 [ 26.718368] flags: 0x200000000000000(node=0|zone=2) [ 26.718785] page_type: f5(slab) [ 26.719141] raw: 0200000000000000 ffff888101d98dc0 dead000000000122 0000000000000000 [ 26.719607] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.720310] page dumped because: kasan: bad access detected [ 26.720832] [ 26.721088] Memory state around the buggy address: [ 26.721438] ffff888104398100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.722113] ffff888104398180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.722657] >ffff888104398200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 26.723232] ^ [ 26.723779] ffff888104398280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.724180] ffff888104398300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.724465] ================================================================== [ 26.631714] ================================================================== [ 26.632427] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.633187] Read of size 1 at addr ffff8881060c3400 by task kunit_try_catch/275 [ 26.633909] [ 26.634005] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.634060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.634073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.634097] Call Trace: [ 26.634110] <TASK> [ 26.634130] dump_stack_lvl+0x73/0xb0 [ 26.634162] print_report+0xd1/0x610 [ 26.634186] ? __virt_addr_valid+0x1db/0x2d0 [ 26.634214] ? mempool_uaf_helper+0x392/0x400 [ 26.634235] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.634261] ? mempool_uaf_helper+0x392/0x400 [ 26.634284] kasan_report+0x141/0x180 [ 26.634307] ? mempool_uaf_helper+0x392/0x400 [ 26.634334] __asan_report_load1_noabort+0x18/0x20 [ 26.634359] mempool_uaf_helper+0x392/0x400 [ 26.634382] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.634406] ? __kasan_check_write+0x18/0x20 [ 26.634429] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.634453] ? finish_task_switch.isra.0+0x153/0x700 [ 26.634489] mempool_kmalloc_uaf+0xef/0x140 [ 26.634512] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 26.634537] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.634562] ? __pfx_mempool_kfree+0x10/0x10 [ 26.634586] ? __pfx_read_tsc+0x10/0x10 [ 26.634609] ? ktime_get_ts64+0x86/0x230 [ 26.634634] kunit_try_run_case+0x1a5/0x480 [ 26.634658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.634679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.634714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.634739] ? __kthread_parkme+0x82/0x180 [ 26.634761] ? preempt_count_sub+0x50/0x80 [ 26.634783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.634805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.634831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.634857] kthread+0x337/0x6f0 [ 26.634878] ? trace_preempt_on+0x20/0xc0 [ 26.634933] ? __pfx_kthread+0x10/0x10 [ 26.634956] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.634978] ? calculate_sigpending+0x7b/0xa0 [ 26.635016] ? __pfx_kthread+0x10/0x10 [ 26.635037] ret_from_fork+0x116/0x1d0 [ 26.635058] ? __pfx_kthread+0x10/0x10 [ 26.635079] ret_from_fork_asm+0x1a/0x30 [ 26.635111] </TASK> [ 26.635123] [ 26.648213] Allocated by task 275: [ 26.648470] kasan_save_stack+0x45/0x70 [ 26.648634] kasan_save_track+0x18/0x40 [ 26.648926] kasan_save_alloc_info+0x3b/0x50 [ 26.649132] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.649391] remove_element+0x11e/0x190 [ 26.649621] mempool_alloc_preallocated+0x4d/0x90 [ 26.649797] mempool_uaf_helper+0x96/0x400 [ 26.649946] mempool_kmalloc_uaf+0xef/0x140 [ 26.650143] kunit_try_run_case+0x1a5/0x480 [ 26.650440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.650831] kthread+0x337/0x6f0 [ 26.650958] ret_from_fork+0x116/0x1d0 [ 26.651265] ret_from_fork_asm+0x1a/0x30 [ 26.651466] [ 26.652155] Freed by task 275: [ 26.652313] kasan_save_stack+0x45/0x70 [ 26.652506] kasan_save_track+0x18/0x40 [ 26.652686] kasan_save_free_info+0x3f/0x60 [ 26.652940] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.653167] mempool_free+0x2ec/0x380 [ 26.653333] mempool_uaf_helper+0x11a/0x400 [ 26.653910] mempool_kmalloc_uaf+0xef/0x140 [ 26.654353] kunit_try_run_case+0x1a5/0x480 [ 26.654679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.655007] kthread+0x337/0x6f0 [ 26.655173] ret_from_fork+0x116/0x1d0 [ 26.655342] ret_from_fork_asm+0x1a/0x30 [ 26.655969] [ 26.656082] The buggy address belongs to the object at ffff8881060c3400 [ 26.656082] which belongs to the cache kmalloc-128 of size 128 [ 26.656925] The buggy address is located 0 bytes inside of [ 26.656925] freed 128-byte region [ffff8881060c3400, ffff8881060c3480) [ 26.657751] [ 26.657919] The buggy address belongs to the physical page: [ 26.658153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 26.658474] flags: 0x200000000000000(node=0|zone=2) [ 26.659217] page_type: f5(slab) [ 26.659395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.660013] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.660336] page dumped because: kasan: bad access detected [ 26.660770] [ 26.661155] Memory state around the buggy address: [ 26.661373] ffff8881060c3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.662014] ffff8881060c3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.662323] >ffff8881060c3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.663020] ^ [ 26.663194] ffff8881060c3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.663486] ffff8881060c3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.664114] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 26.564278] ================================================================== [ 26.564929] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.565258] Read of size 1 at addr ffff8881060f6001 by task kunit_try_catch/271 [ 26.565616] [ 26.565988] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.566077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.566093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.566140] Call Trace: [ 26.566154] <TASK> [ 26.566181] dump_stack_lvl+0x73/0xb0 [ 26.566219] print_report+0xd1/0x610 [ 26.566243] ? __virt_addr_valid+0x1db/0x2d0 [ 26.566269] ? mempool_oob_right_helper+0x318/0x380 [ 26.566295] ? kasan_addr_to_slab+0x11/0xa0 [ 26.566315] ? mempool_oob_right_helper+0x318/0x380 [ 26.566339] kasan_report+0x141/0x180 [ 26.566361] ? mempool_oob_right_helper+0x318/0x380 [ 26.566388] __asan_report_load1_noabort+0x18/0x20 [ 26.566412] mempool_oob_right_helper+0x318/0x380 [ 26.566436] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.566461] ? __kasan_check_write+0x18/0x20 [ 26.566592] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.566621] ? finish_task_switch.isra.0+0x153/0x700 [ 26.566650] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 26.566677] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 26.566722] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.566747] ? __pfx_mempool_kfree+0x10/0x10 [ 26.566771] ? __pfx_read_tsc+0x10/0x10 [ 26.566797] ? ktime_get_ts64+0x86/0x230 [ 26.566823] kunit_try_run_case+0x1a5/0x480 [ 26.566847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.566868] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.566892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.566917] ? __kthread_parkme+0x82/0x180 [ 26.566939] ? preempt_count_sub+0x50/0x80 [ 26.566962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.566984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.567010] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.567035] kthread+0x337/0x6f0 [ 26.567055] ? trace_preempt_on+0x20/0xc0 [ 26.567079] ? __pfx_kthread+0x10/0x10 [ 26.567100] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.567120] ? calculate_sigpending+0x7b/0xa0 [ 26.567145] ? __pfx_kthread+0x10/0x10 [ 26.567170] ret_from_fork+0x116/0x1d0 [ 26.567190] ? __pfx_kthread+0x10/0x10 [ 26.567211] ret_from_fork_asm+0x1a/0x30 [ 26.567245] </TASK> [ 26.567257] [ 26.579208] The buggy address belongs to the physical page: [ 26.579474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f4 [ 26.580043] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.580469] flags: 0x200000000000040(head|node=0|zone=2) [ 26.580865] page_type: f8(unknown) [ 26.581033] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.581347] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.581927] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.582250] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.582713] head: 0200000000000002 ffffea0004183d01 00000000ffffffff 00000000ffffffff [ 26.583248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.583670] page dumped because: kasan: bad access detected [ 26.584054] [ 26.584152] Memory state around the buggy address: [ 26.584518] ffff8881060f5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.585016] ffff8881060f5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.585392] >ffff8881060f6000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.585867] ^ [ 26.586003] ffff8881060f6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.586319] ffff8881060f6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.587003] ================================================================== [ 26.532407] ================================================================== [ 26.532840] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.533116] Read of size 1 at addr ffff8881060c3073 by task kunit_try_catch/269 [ 26.533386] [ 26.533489] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.533546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.533559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.533583] Call Trace: [ 26.533597] <TASK> [ 26.533618] dump_stack_lvl+0x73/0xb0 [ 26.533651] print_report+0xd1/0x610 [ 26.533676] ? __virt_addr_valid+0x1db/0x2d0 [ 26.534153] ? mempool_oob_right_helper+0x318/0x380 [ 26.534179] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.534207] ? mempool_oob_right_helper+0x318/0x380 [ 26.534231] kasan_report+0x141/0x180 [ 26.534254] ? mempool_oob_right_helper+0x318/0x380 [ 26.534281] __asan_report_load1_noabort+0x18/0x20 [ 26.534306] mempool_oob_right_helper+0x318/0x380 [ 26.534329] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.534354] ? __kasan_check_write+0x18/0x20 [ 26.534379] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.534403] ? finish_task_switch.isra.0+0x153/0x700 [ 26.534431] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.534454] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 26.534480] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.535004] ? __pfx_mempool_kfree+0x10/0x10 [ 26.535047] ? __pfx_read_tsc+0x10/0x10 [ 26.535074] ? ktime_get_ts64+0x86/0x230 [ 26.535101] kunit_try_run_case+0x1a5/0x480 [ 26.535128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.535150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.535175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.535199] ? __kthread_parkme+0x82/0x180 [ 26.535221] ? preempt_count_sub+0x50/0x80 [ 26.535243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.535265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.535291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.535316] kthread+0x337/0x6f0 [ 26.535336] ? trace_preempt_on+0x20/0xc0 [ 26.535361] ? __pfx_kthread+0x10/0x10 [ 26.535382] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.535403] ? calculate_sigpending+0x7b/0xa0 [ 26.535429] ? __pfx_kthread+0x10/0x10 [ 26.535450] ret_from_fork+0x116/0x1d0 [ 26.535471] ? __pfx_kthread+0x10/0x10 [ 26.535491] ret_from_fork_asm+0x1a/0x30 [ 26.535879] </TASK> [ 26.535894] [ 26.547378] Allocated by task 269: [ 26.547542] kasan_save_stack+0x45/0x70 [ 26.547694] kasan_save_track+0x18/0x40 [ 26.547838] kasan_save_alloc_info+0x3b/0x50 [ 26.548362] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.548955] remove_element+0x11e/0x190 [ 26.549123] mempool_alloc_preallocated+0x4d/0x90 [ 26.549340] mempool_oob_right_helper+0x8a/0x380 [ 26.549762] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.549970] kunit_try_run_case+0x1a5/0x480 [ 26.550182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.550550] kthread+0x337/0x6f0 [ 26.550719] ret_from_fork+0x116/0x1d0 [ 26.550890] ret_from_fork_asm+0x1a/0x30 [ 26.551333] [ 26.551412] The buggy address belongs to the object at ffff8881060c3000 [ 26.551412] which belongs to the cache kmalloc-128 of size 128 [ 26.552188] The buggy address is located 0 bytes to the right of [ 26.552188] allocated 115-byte region [ffff8881060c3000, ffff8881060c3073) [ 26.552667] [ 26.552777] The buggy address belongs to the physical page: [ 26.553055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c3 [ 26.553405] flags: 0x200000000000000(node=0|zone=2) [ 26.553601] page_type: f5(slab) [ 26.553736] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.554141] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.554641] page dumped because: kasan: bad access detected [ 26.555422] [ 26.555524] Memory state around the buggy address: [ 26.556012] ffff8881060c2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.556315] ffff8881060c2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.556929] >ffff8881060c3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.557307] ^ [ 26.557859] ffff8881060c3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.558193] ffff8881060c3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.558683] ================================================================== [ 26.592321] ================================================================== [ 26.593145] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.593392] Read of size 1 at addr ffff8881058572bb by task kunit_try_catch/273 [ 26.593633] [ 26.593733] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 26.593784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.593796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.593820] Call Trace: [ 26.593834] <TASK> [ 26.593853] dump_stack_lvl+0x73/0xb0 [ 26.593881] print_report+0xd1/0x610 [ 26.593904] ? __virt_addr_valid+0x1db/0x2d0 [ 26.593928] ? mempool_oob_right_helper+0x318/0x380 [ 26.593952] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.593980] ? mempool_oob_right_helper+0x318/0x380 [ 26.594003] kasan_report+0x141/0x180 [ 26.594024] ? mempool_oob_right_helper+0x318/0x380 [ 26.594051] __asan_report_load1_noabort+0x18/0x20 [ 26.594075] mempool_oob_right_helper+0x318/0x380 [ 26.594099] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.594125] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.594147] ? finish_task_switch.isra.0+0x153/0x700 [ 26.594174] mempool_slab_oob_right+0xed/0x140 [ 26.594198] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 26.594223] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.594248] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.594272] ? __pfx_read_tsc+0x10/0x10 [ 26.594294] ? ktime_get_ts64+0x86/0x230 [ 26.594318] kunit_try_run_case+0x1a5/0x480 [ 26.594341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.594360] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.594383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.594406] ? __kthread_parkme+0x82/0x180 [ 26.594427] ? preempt_count_sub+0x50/0x80 [ 26.594449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.594470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.594560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.594590] kthread+0x337/0x6f0 [ 26.594610] ? trace_preempt_on+0x20/0xc0 [ 26.594647] ? __pfx_kthread+0x10/0x10 [ 26.594668] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.594689] ? calculate_sigpending+0x7b/0xa0 [ 26.594722] ? __pfx_kthread+0x10/0x10 [ 26.594744] ret_from_fork+0x116/0x1d0 [ 26.594763] ? __pfx_kthread+0x10/0x10 [ 26.594826] ret_from_fork_asm+0x1a/0x30 [ 26.594858] </TASK> [ 26.594870] [ 26.607374] Allocated by task 273: [ 26.607593] kasan_save_stack+0x45/0x70 [ 26.608231] kasan_save_track+0x18/0x40 [ 26.608685] kasan_save_alloc_info+0x3b/0x50 [ 26.609094] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.609327] remove_element+0x11e/0x190 [ 26.609526] mempool_alloc_preallocated+0x4d/0x90 [ 26.609762] mempool_oob_right_helper+0x8a/0x380 [ 26.610056] mempool_slab_oob_right+0xed/0x140 [ 26.610390] kunit_try_run_case+0x1a5/0x480 [ 26.610678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.610883] kthread+0x337/0x6f0 [ 26.611321] ret_from_fork+0x116/0x1d0 [ 26.611465] ret_from_fork_asm+0x1a/0x30 [ 26.612187] [ 26.612287] The buggy address belongs to the object at ffff888105857240 [ 26.612287] which belongs to the cache test_cache of size 123 [ 26.612976] The buggy address is located 0 bytes to the right of [ 26.612976] allocated 123-byte region [ffff888105857240, ffff8881058572bb) [ 26.613734] [ 26.613903] The buggy address belongs to the physical page: [ 26.614097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105857 [ 26.614557] flags: 0x200000000000000(node=0|zone=2) [ 26.614957] page_type: f5(slab) [ 26.615276] raw: 0200000000000000 ffff888101ab3640 dead000000000122 0000000000000000 [ 26.615718] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.616057] page dumped because: kasan: bad access detected [ 26.616293] [ 26.616378] Memory state around the buggy address: [ 26.617105] ffff888105857180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.617397] ffff888105857200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 26.617990] >ffff888105857280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 26.618234] ^ [ 26.618479] ffff888105857300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.619058] ffff888105857380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.619319] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 25.944135] ================================================================== [ 25.945199] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 25.945967] Read of size 1 at addr ffff888101ab33c0 by task kunit_try_catch/263 [ 25.946386] [ 25.946480] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.946548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.946561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.946585] Call Trace: [ 25.946599] <TASK> [ 25.946621] dump_stack_lvl+0x73/0xb0 [ 25.946660] print_report+0xd1/0x610 [ 25.946684] ? __virt_addr_valid+0x1db/0x2d0 [ 25.946723] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.946748] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.946774] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.946798] kasan_report+0x141/0x180 [ 25.946821] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.946847] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.946872] __kasan_check_byte+0x3d/0x50 [ 25.946893] kmem_cache_destroy+0x25/0x1d0 [ 25.946921] kmem_cache_double_destroy+0x1bf/0x380 [ 25.946945] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 25.946969] ? finish_task_switch.isra.0+0x153/0x700 [ 25.947074] ? __switch_to+0x47/0xf80 [ 25.947111] ? __pfx_read_tsc+0x10/0x10 [ 25.947133] ? ktime_get_ts64+0x86/0x230 [ 25.947160] kunit_try_run_case+0x1a5/0x480 [ 25.947185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.947207] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.947232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.947256] ? __kthread_parkme+0x82/0x180 [ 25.947277] ? preempt_count_sub+0x50/0x80 [ 25.947300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.947322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.947347] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.947372] kthread+0x337/0x6f0 [ 25.947392] ? trace_preempt_on+0x20/0xc0 [ 25.947417] ? __pfx_kthread+0x10/0x10 [ 25.947437] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.947459] ? calculate_sigpending+0x7b/0xa0 [ 25.947484] ? __pfx_kthread+0x10/0x10 [ 25.947519] ret_from_fork+0x116/0x1d0 [ 25.947539] ? __pfx_kthread+0x10/0x10 [ 25.947559] ret_from_fork_asm+0x1a/0x30 [ 25.947591] </TASK> [ 25.947604] [ 25.961049] Allocated by task 263: [ 25.961361] kasan_save_stack+0x45/0x70 [ 25.961529] kasan_save_track+0x18/0x40 [ 25.961901] kasan_save_alloc_info+0x3b/0x50 [ 25.962157] __kasan_slab_alloc+0x91/0xa0 [ 25.962302] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.962460] __kmem_cache_create_args+0x169/0x240 [ 25.963096] kmem_cache_double_destroy+0xd5/0x380 [ 25.963578] kunit_try_run_case+0x1a5/0x480 [ 25.964026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.964628] kthread+0x337/0x6f0 [ 25.964824] ret_from_fork+0x116/0x1d0 [ 25.965188] ret_from_fork_asm+0x1a/0x30 [ 25.965569] [ 25.965735] Freed by task 263: [ 25.965956] kasan_save_stack+0x45/0x70 [ 25.966294] kasan_save_track+0x18/0x40 [ 25.966430] kasan_save_free_info+0x3f/0x60 [ 25.966762] __kasan_slab_free+0x56/0x70 [ 25.967193] kmem_cache_free+0x249/0x420 [ 25.967565] slab_kmem_cache_release+0x2e/0x40 [ 25.968082] kmem_cache_release+0x16/0x20 [ 25.968237] kobject_put+0x181/0x450 [ 25.968365] sysfs_slab_release+0x16/0x20 [ 25.968573] kmem_cache_destroy+0xf0/0x1d0 [ 25.969030] kmem_cache_double_destroy+0x14e/0x380 [ 25.969528] kunit_try_run_case+0x1a5/0x480 [ 25.970025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.970525] kthread+0x337/0x6f0 [ 25.970765] ret_from_fork+0x116/0x1d0 [ 25.971140] ret_from_fork_asm+0x1a/0x30 [ 25.971279] [ 25.971347] The buggy address belongs to the object at ffff888101ab33c0 [ 25.971347] which belongs to the cache kmem_cache of size 208 [ 25.972198] The buggy address is located 0 bytes inside of [ 25.972198] freed 208-byte region [ffff888101ab33c0, ffff888101ab3490) [ 25.973325] [ 25.973499] The buggy address belongs to the physical page: [ 25.974050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ab3 [ 25.974545] flags: 0x200000000000000(node=0|zone=2) [ 25.974727] page_type: f5(slab) [ 25.975008] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 25.975675] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 25.976394] page dumped because: kasan: bad access detected [ 25.976605] [ 25.976771] Memory state around the buggy address: [ 25.977269] ffff888101ab3280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.978005] ffff888101ab3300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 25.978280] >ffff888101ab3380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.978505] ^ [ 25.979065] ffff888101ab3400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.979710] ffff888101ab3480: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.980390] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 25.881112] ================================================================== [ 25.881635] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.882152] Read of size 1 at addr ffff8881060c1000 by task kunit_try_catch/261 [ 25.882416] [ 25.882527] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.882583] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.882595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.882620] Call Trace: [ 25.882634] <TASK> [ 25.882694] dump_stack_lvl+0x73/0xb0 [ 25.882739] print_report+0xd1/0x610 [ 25.882764] ? __virt_addr_valid+0x1db/0x2d0 [ 25.882809] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.882832] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.882857] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.882881] kasan_report+0x141/0x180 [ 25.882903] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.882931] __asan_report_load1_noabort+0x18/0x20 [ 25.882956] kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.882978] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 25.883001] ? finish_task_switch.isra.0+0x153/0x700 [ 25.883025] ? __switch_to+0x47/0xf80 [ 25.883055] ? __pfx_read_tsc+0x10/0x10 [ 25.883078] ? ktime_get_ts64+0x86/0x230 [ 25.883104] kunit_try_run_case+0x1a5/0x480 [ 25.883129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.883150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.883176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.883199] ? __kthread_parkme+0x82/0x180 [ 25.883221] ? preempt_count_sub+0x50/0x80 [ 25.883244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.883266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.883291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.883317] kthread+0x337/0x6f0 [ 25.883338] ? trace_preempt_on+0x20/0xc0 [ 25.883362] ? __pfx_kthread+0x10/0x10 [ 25.883383] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.883405] ? calculate_sigpending+0x7b/0xa0 [ 25.883430] ? __pfx_kthread+0x10/0x10 [ 25.883452] ret_from_fork+0x116/0x1d0 [ 25.883471] ? __pfx_kthread+0x10/0x10 [ 25.883523] ret_from_fork_asm+0x1a/0x30 [ 25.883556] </TASK> [ 25.883569] [ 25.894207] Allocated by task 261: [ 25.894375] kasan_save_stack+0x45/0x70 [ 25.894606] kasan_save_track+0x18/0x40 [ 25.894844] kasan_save_alloc_info+0x3b/0x50 [ 25.895234] __kasan_slab_alloc+0x91/0xa0 [ 25.895408] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.895610] kmem_cache_rcu_uaf+0x155/0x510 [ 25.896089] kunit_try_run_case+0x1a5/0x480 [ 25.896472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.897206] kthread+0x337/0x6f0 [ 25.897401] ret_from_fork+0x116/0x1d0 [ 25.897627] ret_from_fork_asm+0x1a/0x30 [ 25.898084] [ 25.898254] Freed by task 0: [ 25.898430] kasan_save_stack+0x45/0x70 [ 25.898586] kasan_save_track+0x18/0x40 [ 25.898996] kasan_save_free_info+0x3f/0x60 [ 25.899385] __kasan_slab_free+0x56/0x70 [ 25.899688] slab_free_after_rcu_debug+0xe4/0x310 [ 25.900035] rcu_core+0x66f/0x1c40 [ 25.900360] rcu_core_si+0x12/0x20 [ 25.900667] handle_softirqs+0x209/0x730 [ 25.900986] __irq_exit_rcu+0xc9/0x110 [ 25.901378] irq_exit_rcu+0x12/0x20 [ 25.901762] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.902118] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.902287] [ 25.902355] Last potentially related work creation: [ 25.902547] kasan_save_stack+0x45/0x70 [ 25.902949] kasan_record_aux_stack+0xb2/0xc0 [ 25.903338] kmem_cache_free+0x131/0x420 [ 25.903740] kmem_cache_rcu_uaf+0x194/0x510 [ 25.904225] kunit_try_run_case+0x1a5/0x480 [ 25.904610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.905229] kthread+0x337/0x6f0 [ 25.905449] ret_from_fork+0x116/0x1d0 [ 25.905807] ret_from_fork_asm+0x1a/0x30 [ 25.906119] [ 25.906190] The buggy address belongs to the object at ffff8881060c1000 [ 25.906190] which belongs to the cache test_cache of size 200 [ 25.906667] The buggy address is located 0 bytes inside of [ 25.906667] freed 200-byte region [ffff8881060c1000, ffff8881060c10c8) [ 25.907873] [ 25.908095] The buggy address belongs to the physical page: [ 25.908583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c1 [ 25.909269] flags: 0x200000000000000(node=0|zone=2) [ 25.909605] page_type: f5(slab) [ 25.909747] raw: 0200000000000000 ffff888101d98b40 dead000000000122 0000000000000000 [ 25.910076] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.910768] page dumped because: kasan: bad access detected [ 25.911286] [ 25.911442] Memory state around the buggy address: [ 25.911922] ffff8881060c0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.912388] ffff8881060c0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.912746] >ffff8881060c1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.913516] ^ [ 25.913916] ffff8881060c1080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.914414] ffff8881060c1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.914789] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 25.813270] ================================================================== [ 25.813757] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 25.814437] Free of addr ffff888105852001 by task kunit_try_catch/259 [ 25.815044] [ 25.815245] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.815305] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.815317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.815341] Call Trace: [ 25.815354] <TASK> [ 25.815376] dump_stack_lvl+0x73/0xb0 [ 25.815408] print_report+0xd1/0x610 [ 25.815432] ? __virt_addr_valid+0x1db/0x2d0 [ 25.815458] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.815483] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.815507] kasan_report_invalid_free+0x10a/0x130 [ 25.815540] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.815566] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.815589] check_slab_allocation+0x11f/0x130 [ 25.815611] __kasan_slab_pre_free+0x28/0x40 [ 25.815631] kmem_cache_free+0xed/0x420 [ 25.815655] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.815678] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.815715] kmem_cache_invalid_free+0x1d8/0x460 [ 25.815739] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 25.815762] ? finish_task_switch.isra.0+0x153/0x700 [ 25.815795] ? __switch_to+0x47/0xf80 [ 25.815824] ? __pfx_read_tsc+0x10/0x10 [ 25.815852] ? ktime_get_ts64+0x86/0x230 [ 25.815878] kunit_try_run_case+0x1a5/0x480 [ 25.815901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.815921] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.815946] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.815969] ? __kthread_parkme+0x82/0x180 [ 25.815989] ? preempt_count_sub+0x50/0x80 [ 25.816011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.816032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.816056] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.816081] kthread+0x337/0x6f0 [ 25.816100] ? trace_preempt_on+0x20/0xc0 [ 25.816124] ? __pfx_kthread+0x10/0x10 [ 25.816144] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.816165] ? calculate_sigpending+0x7b/0xa0 [ 25.816194] ? __pfx_kthread+0x10/0x10 [ 25.816215] ret_from_fork+0x116/0x1d0 [ 25.816234] ? __pfx_kthread+0x10/0x10 [ 25.816254] ret_from_fork_asm+0x1a/0x30 [ 25.816286] </TASK> [ 25.816298] [ 25.827812] Allocated by task 259: [ 25.828570] kasan_save_stack+0x45/0x70 [ 25.828962] kasan_save_track+0x18/0x40 [ 25.829117] kasan_save_alloc_info+0x3b/0x50 [ 25.829472] __kasan_slab_alloc+0x91/0xa0 [ 25.829676] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.830137] kmem_cache_invalid_free+0x157/0x460 [ 25.830380] kunit_try_run_case+0x1a5/0x480 [ 25.830733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.831189] kthread+0x337/0x6f0 [ 25.831364] ret_from_fork+0x116/0x1d0 [ 25.831738] ret_from_fork_asm+0x1a/0x30 [ 25.832079] [ 25.832160] The buggy address belongs to the object at ffff888105852000 [ 25.832160] which belongs to the cache test_cache of size 200 [ 25.832918] The buggy address is located 1 bytes inside of [ 25.832918] 200-byte region [ffff888105852000, ffff8881058520c8) [ 25.833612] [ 25.833915] The buggy address belongs to the physical page: [ 25.834176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105852 [ 25.834681] flags: 0x200000000000000(node=0|zone=2) [ 25.835153] page_type: f5(slab) [ 25.835431] raw: 0200000000000000 ffff888101ab3280 dead000000000122 0000000000000000 [ 25.836101] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.836419] page dumped because: kasan: bad access detected [ 25.836679] [ 25.837101] Memory state around the buggy address: [ 25.837301] ffff888105851f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.837865] ffff888105851f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.838247] >ffff888105852000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.838589] ^ [ 25.838764] ffff888105852080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.839356] ffff888105852100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.839790] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 25.768776] ================================================================== [ 25.769345] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 25.770180] Free of addr ffff888104397000 by task kunit_try_catch/257 [ 25.770653] [ 25.770777] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.771045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.771059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.771083] Call Trace: [ 25.771098] <TASK> [ 25.771119] dump_stack_lvl+0x73/0xb0 [ 25.771154] print_report+0xd1/0x610 [ 25.771178] ? __virt_addr_valid+0x1db/0x2d0 [ 25.771205] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.771230] ? kmem_cache_double_free+0x1e5/0x480 [ 25.771255] kasan_report_invalid_free+0x10a/0x130 [ 25.771278] ? kmem_cache_double_free+0x1e5/0x480 [ 25.771303] ? kmem_cache_double_free+0x1e5/0x480 [ 25.771326] check_slab_allocation+0x101/0x130 [ 25.771347] __kasan_slab_pre_free+0x28/0x40 [ 25.771367] kmem_cache_free+0xed/0x420 [ 25.771392] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.771416] ? kmem_cache_double_free+0x1e5/0x480 [ 25.771442] kmem_cache_double_free+0x1e5/0x480 [ 25.771465] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 25.771504] ? finish_task_switch.isra.0+0x153/0x700 [ 25.771528] ? __switch_to+0x47/0xf80 [ 25.771558] ? __pfx_read_tsc+0x10/0x10 [ 25.771580] ? ktime_get_ts64+0x86/0x230 [ 25.771606] kunit_try_run_case+0x1a5/0x480 [ 25.771629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.771649] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.771673] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.771696] ? __kthread_parkme+0x82/0x180 [ 25.771729] ? preempt_count_sub+0x50/0x80 [ 25.771751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.771772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.771808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.771834] kthread+0x337/0x6f0 [ 25.771861] ? trace_preempt_on+0x20/0xc0 [ 25.771885] ? __pfx_kthread+0x10/0x10 [ 25.771905] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.771926] ? calculate_sigpending+0x7b/0xa0 [ 25.771951] ? __pfx_kthread+0x10/0x10 [ 25.771975] ret_from_fork+0x116/0x1d0 [ 25.771994] ? __pfx_kthread+0x10/0x10 [ 25.772015] ret_from_fork_asm+0x1a/0x30 [ 25.772046] </TASK> [ 25.772059] [ 25.784601] Allocated by task 257: [ 25.785015] kasan_save_stack+0x45/0x70 [ 25.785339] kasan_save_track+0x18/0x40 [ 25.785648] kasan_save_alloc_info+0x3b/0x50 [ 25.786069] __kasan_slab_alloc+0x91/0xa0 [ 25.786391] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.786846] kmem_cache_double_free+0x14f/0x480 [ 25.787229] kunit_try_run_case+0x1a5/0x480 [ 25.787416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.787779] kthread+0x337/0x6f0 [ 25.788242] ret_from_fork+0x116/0x1d0 [ 25.788630] ret_from_fork_asm+0x1a/0x30 [ 25.788878] [ 25.788975] Freed by task 257: [ 25.789092] kasan_save_stack+0x45/0x70 [ 25.789598] kasan_save_track+0x18/0x40 [ 25.790036] kasan_save_free_info+0x3f/0x60 [ 25.790247] __kasan_slab_free+0x56/0x70 [ 25.790538] kmem_cache_free+0x249/0x420 [ 25.791003] kmem_cache_double_free+0x16a/0x480 [ 25.791199] kunit_try_run_case+0x1a5/0x480 [ 25.791398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.791873] kthread+0x337/0x6f0 [ 25.792055] ret_from_fork+0x116/0x1d0 [ 25.792243] ret_from_fork_asm+0x1a/0x30 [ 25.792417] [ 25.792830] The buggy address belongs to the object at ffff888104397000 [ 25.792830] which belongs to the cache test_cache of size 200 [ 25.793300] The buggy address is located 0 bytes inside of [ 25.793300] 200-byte region [ffff888104397000, ffff8881043970c8) [ 25.793878] [ 25.794088] The buggy address belongs to the physical page: [ 25.794443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104397 [ 25.794910] flags: 0x200000000000000(node=0|zone=2) [ 25.795088] page_type: f5(slab) [ 25.795267] raw: 0200000000000000 ffff888101d98a00 dead000000000122 0000000000000000 [ 25.795806] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.796105] page dumped because: kasan: bad access detected [ 25.796326] [ 25.796401] Memory state around the buggy address: [ 25.797048] ffff888104396f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.797459] ffff888104396f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.798016] >ffff888104397000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.798390] ^ [ 25.798528] ffff888104397080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.799091] ffff888104397100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.799368] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 25.719205] ================================================================== [ 25.719986] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 25.720281] Read of size 1 at addr ffff8881058510c8 by task kunit_try_catch/255 [ 25.720560] [ 25.720692] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.720755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.720767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.720790] Call Trace: [ 25.720803] <TASK> [ 25.720823] dump_stack_lvl+0x73/0xb0 [ 25.720852] print_report+0xd1/0x610 [ 25.720874] ? __virt_addr_valid+0x1db/0x2d0 [ 25.720900] ? kmem_cache_oob+0x402/0x530 [ 25.720993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.721019] ? kmem_cache_oob+0x402/0x530 [ 25.721041] kasan_report+0x141/0x180 [ 25.721063] ? kmem_cache_oob+0x402/0x530 [ 25.721090] __asan_report_load1_noabort+0x18/0x20 [ 25.721113] kmem_cache_oob+0x402/0x530 [ 25.721136] ? __pfx_kmem_cache_oob+0x10/0x10 [ 25.721157] ? __schedule+0x207f/0x2b60 [ 25.721178] ? schedule+0x7c/0x2e0 [ 25.721198] ? trace_hardirqs_on+0x37/0xe0 [ 25.721225] ? __pfx_read_tsc+0x10/0x10 [ 25.721247] ? ktime_get_ts64+0x86/0x230 [ 25.721271] kunit_try_run_case+0x1a5/0x480 [ 25.721294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.721314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.721337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.721359] ? __kthread_parkme+0x82/0x180 [ 25.721380] ? preempt_count_sub+0x50/0x80 [ 25.721404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.721425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.721449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.721474] kthread+0x337/0x6f0 [ 25.721494] ? trace_preempt_on+0x20/0xc0 [ 25.721515] ? __pfx_kthread+0x10/0x10 [ 25.721552] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.721573] ? calculate_sigpending+0x7b/0xa0 [ 25.721597] ? __pfx_kthread+0x10/0x10 [ 25.721619] ret_from_fork+0x116/0x1d0 [ 25.721638] ? __pfx_kthread+0x10/0x10 [ 25.721658] ret_from_fork_asm+0x1a/0x30 [ 25.721689] </TASK> [ 25.721711] [ 25.731967] Allocated by task 255: [ 25.732228] kasan_save_stack+0x45/0x70 [ 25.732569] kasan_save_track+0x18/0x40 [ 25.733012] kasan_save_alloc_info+0x3b/0x50 [ 25.733239] __kasan_slab_alloc+0x91/0xa0 [ 25.733629] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.734038] kmem_cache_oob+0x157/0x530 [ 25.734260] kunit_try_run_case+0x1a5/0x480 [ 25.734591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.734964] kthread+0x337/0x6f0 [ 25.735106] ret_from_fork+0x116/0x1d0 [ 25.735296] ret_from_fork_asm+0x1a/0x30 [ 25.735647] [ 25.735861] The buggy address belongs to the object at ffff888105851000 [ 25.735861] which belongs to the cache test_cache of size 200 [ 25.736321] The buggy address is located 0 bytes to the right of [ 25.736321] allocated 200-byte region [ffff888105851000, ffff8881058510c8) [ 25.737251] [ 25.737729] The buggy address belongs to the physical page: [ 25.738095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105851 [ 25.738568] flags: 0x200000000000000(node=0|zone=2) [ 25.738812] page_type: f5(slab) [ 25.739074] raw: 0200000000000000 ffff888101ab3140 dead000000000122 0000000000000000 [ 25.739373] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.739708] page dumped because: kasan: bad access detected [ 25.740058] [ 25.740238] Memory state around the buggy address: [ 25.740430] ffff888105850f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.740770] ffff888105851000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.741021] >ffff888105851080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.741326] ^ [ 25.741804] ffff888105851100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.742237] ffff888105851180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.742585] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 25.678858] ================================================================== [ 25.679253] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 25.679556] Read of size 8 at addr ffff8881043c0600 by task kunit_try_catch/248 [ 25.680028] [ 25.680155] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.680206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.680219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.680241] Call Trace: [ 25.680255] <TASK> [ 25.680274] dump_stack_lvl+0x73/0xb0 [ 25.680304] print_report+0xd1/0x610 [ 25.680327] ? __virt_addr_valid+0x1db/0x2d0 [ 25.680353] ? workqueue_uaf+0x4d6/0x560 [ 25.680374] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.680399] ? workqueue_uaf+0x4d6/0x560 [ 25.680420] kasan_report+0x141/0x180 [ 25.680442] ? workqueue_uaf+0x4d6/0x560 [ 25.680467] __asan_report_load8_noabort+0x18/0x20 [ 25.680505] workqueue_uaf+0x4d6/0x560 [ 25.680527] ? __pfx_workqueue_uaf+0x10/0x10 [ 25.680549] ? __schedule+0x10cc/0x2b60 [ 25.680571] ? __pfx_read_tsc+0x10/0x10 [ 25.680593] ? ktime_get_ts64+0x86/0x230 [ 25.680618] kunit_try_run_case+0x1a5/0x480 [ 25.680640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.680660] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.680683] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.680718] ? __kthread_parkme+0x82/0x180 [ 25.680739] ? preempt_count_sub+0x50/0x80 [ 25.680763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.680820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.680846] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.680871] kthread+0x337/0x6f0 [ 25.680890] ? trace_preempt_on+0x20/0xc0 [ 25.680913] ? __pfx_kthread+0x10/0x10 [ 25.680934] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.680955] ? calculate_sigpending+0x7b/0xa0 [ 25.680979] ? __pfx_kthread+0x10/0x10 [ 25.681000] ret_from_fork+0x116/0x1d0 [ 25.681019] ? __pfx_kthread+0x10/0x10 [ 25.681039] ret_from_fork_asm+0x1a/0x30 [ 25.681069] </TASK> [ 25.681081] [ 25.690963] Allocated by task 248: [ 25.691134] kasan_save_stack+0x45/0x70 [ 25.691324] kasan_save_track+0x18/0x40 [ 25.691778] kasan_save_alloc_info+0x3b/0x50 [ 25.692037] __kasan_kmalloc+0xb7/0xc0 [ 25.692362] __kmalloc_cache_noprof+0x189/0x420 [ 25.692716] workqueue_uaf+0x152/0x560 [ 25.693072] kunit_try_run_case+0x1a5/0x480 [ 25.693277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.693733] kthread+0x337/0x6f0 [ 25.694190] ret_from_fork+0x116/0x1d0 [ 25.694380] ret_from_fork_asm+0x1a/0x30 [ 25.694945] [ 25.695121] Freed by task 44: [ 25.695265] kasan_save_stack+0x45/0x70 [ 25.695448] kasan_save_track+0x18/0x40 [ 25.695993] kasan_save_free_info+0x3f/0x60 [ 25.696268] __kasan_slab_free+0x56/0x70 [ 25.696757] kfree+0x222/0x3f0 [ 25.697136] workqueue_uaf_work+0x12/0x20 [ 25.697336] process_one_work+0x5ee/0xf60 [ 25.697660] worker_thread+0x758/0x1220 [ 25.697973] kthread+0x337/0x6f0 [ 25.698260] ret_from_fork+0x116/0x1d0 [ 25.698456] ret_from_fork_asm+0x1a/0x30 [ 25.698780] [ 25.698899] Last potentially related work creation: [ 25.699275] kasan_save_stack+0x45/0x70 [ 25.699648] kasan_record_aux_stack+0xb2/0xc0 [ 25.699999] __queue_work+0x61a/0xe70 [ 25.700328] queue_work_on+0xb6/0xc0 [ 25.700644] workqueue_uaf+0x26d/0x560 [ 25.700985] kunit_try_run_case+0x1a5/0x480 [ 25.701189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.701419] kthread+0x337/0x6f0 [ 25.701879] ret_from_fork+0x116/0x1d0 [ 25.702262] ret_from_fork_asm+0x1a/0x30 [ 25.702611] [ 25.702723] The buggy address belongs to the object at ffff8881043c0600 [ 25.702723] which belongs to the cache kmalloc-32 of size 32 [ 25.703920] The buggy address is located 0 bytes inside of [ 25.703920] freed 32-byte region [ffff8881043c0600, ffff8881043c0620) [ 25.704637] [ 25.704933] The buggy address belongs to the physical page: [ 25.705370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1043c0 [ 25.706168] flags: 0x200000000000000(node=0|zone=2) [ 25.706474] page_type: f5(slab) [ 25.706655] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.707183] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.707659] page dumped because: kasan: bad access detected [ 25.708064] [ 25.708292] Memory state around the buggy address: [ 25.708693] ffff8881043c0500: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 25.709461] ffff8881043c0580: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.709797] >ffff8881043c0600: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 25.710147] ^ [ 25.710298] ffff8881043c0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.711024] ffff8881043c0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.711476] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 25.631885] ================================================================== [ 25.632875] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 25.633460] Read of size 4 at addr ffff888105846e40 by task swapper/0/0 [ 25.633888] [ 25.633981] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.634031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.634043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.634065] Call Trace: [ 25.634091] <IRQ> [ 25.634111] dump_stack_lvl+0x73/0xb0 [ 25.634143] print_report+0xd1/0x610 [ 25.634166] ? __virt_addr_valid+0x1db/0x2d0 [ 25.634192] ? rcu_uaf_reclaim+0x50/0x60 [ 25.634213] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.634239] ? rcu_uaf_reclaim+0x50/0x60 [ 25.634259] kasan_report+0x141/0x180 [ 25.634283] ? rcu_uaf_reclaim+0x50/0x60 [ 25.634308] __asan_report_load4_noabort+0x18/0x20 [ 25.634333] rcu_uaf_reclaim+0x50/0x60 [ 25.634353] rcu_core+0x66f/0x1c40 [ 25.634383] ? __pfx_rcu_core+0x10/0x10 [ 25.634405] ? ktime_get+0x6b/0x150 [ 25.634428] ? handle_softirqs+0x18e/0x730 [ 25.634453] rcu_core_si+0x12/0x20 [ 25.634474] handle_softirqs+0x209/0x730 [ 25.634505] ? hrtimer_interrupt+0x2fe/0x780 [ 25.634528] ? __pfx_handle_softirqs+0x10/0x10 [ 25.634553] __irq_exit_rcu+0xc9/0x110 [ 25.634574] irq_exit_rcu+0x12/0x20 [ 25.634594] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.634619] </IRQ> [ 25.634643] <TASK> [ 25.634655] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.634755] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 25.635139] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d c3 0f 18 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 25.635234] RSP: 0000:ffffffff91a07dd8 EFLAGS: 00010216 [ 25.635323] RAX: ffff8881c821d000 RBX: ffffffff91a1cb00 RCX: ffffffff9090aa25 [ 25.635371] RDX: ffffed102b606193 RSI: 0000000000000004 RDI: 000000000012d91c [ 25.635422] RBP: ffffffff91a07de0 R08: 0000000000000001 R09: ffffed102b606192 [ 25.635465] R10: ffff88815b030c93 R11: ffffffff92e18700 R12: 0000000000000000 [ 25.635537] R13: fffffbfff2343960 R14: ffffffff925f2fd0 R15: 0000000000000000 [ 25.635604] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 25.635661] ? default_idle+0xd/0x20 [ 25.635684] arch_cpu_idle+0xd/0x20 [ 25.635717] default_idle_call+0x48/0x80 [ 25.635740] do_idle+0x379/0x4f0 [ 25.635766] ? __pfx_do_idle+0x10/0x10 [ 25.635863] cpu_startup_entry+0x5c/0x70 [ 25.635901] rest_init+0x11a/0x140 [ 25.635920] ? acpi_subsystem_init+0x5d/0x150 [ 25.635947] start_kernel+0x352/0x400 [ 25.635972] x86_64_start_reservations+0x1c/0x30 [ 25.635997] x86_64_start_kernel+0x10d/0x120 [ 25.636021] common_startup_64+0x13e/0x148 [ 25.636054] </TASK> [ 25.636066] [ 25.655085] Allocated by task 246: [ 25.655437] kasan_save_stack+0x45/0x70 [ 25.655832] kasan_save_track+0x18/0x40 [ 25.656107] kasan_save_alloc_info+0x3b/0x50 [ 25.656256] __kasan_kmalloc+0xb7/0xc0 [ 25.656384] __kmalloc_cache_noprof+0x189/0x420 [ 25.656562] rcu_uaf+0xb0/0x330 [ 25.656877] kunit_try_run_case+0x1a5/0x480 [ 25.657328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.657989] kthread+0x337/0x6f0 [ 25.658305] ret_from_fork+0x116/0x1d0 [ 25.658650] ret_from_fork_asm+0x1a/0x30 [ 25.659176] [ 25.659337] Freed by task 0: [ 25.659626] kasan_save_stack+0x45/0x70 [ 25.660026] kasan_save_track+0x18/0x40 [ 25.660163] kasan_save_free_info+0x3f/0x60 [ 25.660299] __kasan_slab_free+0x56/0x70 [ 25.660426] kfree+0x222/0x3f0 [ 25.660596] rcu_uaf_reclaim+0x1f/0x60 [ 25.661038] rcu_core+0x66f/0x1c40 [ 25.661296] rcu_core_si+0x12/0x20 [ 25.661414] handle_softirqs+0x209/0x730 [ 25.661650] __irq_exit_rcu+0xc9/0x110 [ 25.662047] irq_exit_rcu+0x12/0x20 [ 25.662376] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.662964] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.663207] [ 25.663299] Last potentially related work creation: [ 25.663453] kasan_save_stack+0x45/0x70 [ 25.663806] kasan_record_aux_stack+0xb2/0xc0 [ 25.664290] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 25.664853] call_rcu+0x12/0x20 [ 25.665190] rcu_uaf+0x168/0x330 [ 25.665547] kunit_try_run_case+0x1a5/0x480 [ 25.666004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.666228] kthread+0x337/0x6f0 [ 25.666341] ret_from_fork+0x116/0x1d0 [ 25.666465] ret_from_fork_asm+0x1a/0x30 [ 25.666846] [ 25.667153] The buggy address belongs to the object at ffff888105846e40 [ 25.667153] which belongs to the cache kmalloc-32 of size 32 [ 25.668346] The buggy address is located 0 bytes inside of [ 25.668346] freed 32-byte region [ffff888105846e40, ffff888105846e60) [ 25.669276] [ 25.669350] The buggy address belongs to the physical page: [ 25.669559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105846 [ 25.670348] flags: 0x200000000000000(node=0|zone=2) [ 25.670988] page_type: f5(slab) [ 25.671312] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.671950] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.672178] page dumped because: kasan: bad access detected [ 25.672340] [ 25.672402] Memory state around the buggy address: [ 25.672606] ffff888105846d00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.672967] ffff888105846d80: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 25.673288] >ffff888105846e00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.673547] ^ [ 25.673823] ffff888105846e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.674101] ffff888105846f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.674365] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 25.589466] ================================================================== [ 25.590155] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 25.590969] Read of size 1 at addr ffff88810583a778 by task kunit_try_catch/244 [ 25.591622] [ 25.591807] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.591859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.591871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.591892] Call Trace: [ 25.591905] <TASK> [ 25.591923] dump_stack_lvl+0x73/0xb0 [ 25.591965] print_report+0xd1/0x610 [ 25.591987] ? __virt_addr_valid+0x1db/0x2d0 [ 25.592013] ? ksize_uaf+0x5e4/0x6c0 [ 25.592033] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.592058] ? ksize_uaf+0x5e4/0x6c0 [ 25.592078] kasan_report+0x141/0x180 [ 25.592099] ? ksize_uaf+0x5e4/0x6c0 [ 25.592124] __asan_report_load1_noabort+0x18/0x20 [ 25.592147] ksize_uaf+0x5e4/0x6c0 [ 25.592167] ? __pfx_ksize_uaf+0x10/0x10 [ 25.592189] ? __schedule+0x10cc/0x2b60 [ 25.592211] ? __pfx_read_tsc+0x10/0x10 [ 25.592235] ? ktime_get_ts64+0x86/0x230 [ 25.592261] kunit_try_run_case+0x1a5/0x480 [ 25.592284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.592326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.592349] ? __kthread_parkme+0x82/0x180 [ 25.592370] ? preempt_count_sub+0x50/0x80 [ 25.592393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.592439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.592463] kthread+0x337/0x6f0 [ 25.592484] ? trace_preempt_on+0x20/0xc0 [ 25.592570] ? __pfx_kthread+0x10/0x10 [ 25.592591] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.592613] ? calculate_sigpending+0x7b/0xa0 [ 25.592636] ? __pfx_kthread+0x10/0x10 [ 25.592658] ret_from_fork+0x116/0x1d0 [ 25.592677] ? __pfx_kthread+0x10/0x10 [ 25.592709] ret_from_fork_asm+0x1a/0x30 [ 25.592740] </TASK> [ 25.592752] [ 25.604410] Allocated by task 244: [ 25.604691] kasan_save_stack+0x45/0x70 [ 25.605035] kasan_save_track+0x18/0x40 [ 25.605375] kasan_save_alloc_info+0x3b/0x50 [ 25.605641] __kasan_kmalloc+0xb7/0xc0 [ 25.605823] __kmalloc_cache_noprof+0x189/0x420 [ 25.606230] ksize_uaf+0xaa/0x6c0 [ 25.606542] kunit_try_run_case+0x1a5/0x480 [ 25.607053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.607282] kthread+0x337/0x6f0 [ 25.607400] ret_from_fork+0x116/0x1d0 [ 25.607605] ret_from_fork_asm+0x1a/0x30 [ 25.608048] [ 25.608226] Freed by task 244: [ 25.608502] kasan_save_stack+0x45/0x70 [ 25.608931] kasan_save_track+0x18/0x40 [ 25.609288] kasan_save_free_info+0x3f/0x60 [ 25.609677] __kasan_slab_free+0x56/0x70 [ 25.609909] kfree+0x222/0x3f0 [ 25.610028] ksize_uaf+0x12c/0x6c0 [ 25.610149] kunit_try_run_case+0x1a5/0x480 [ 25.610289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.610460] kthread+0x337/0x6f0 [ 25.610771] ret_from_fork+0x116/0x1d0 [ 25.611140] ret_from_fork_asm+0x1a/0x30 [ 25.611662] [ 25.611863] The buggy address belongs to the object at ffff88810583a700 [ 25.611863] which belongs to the cache kmalloc-128 of size 128 [ 25.613087] The buggy address is located 120 bytes inside of [ 25.613087] freed 128-byte region [ffff88810583a700, ffff88810583a780) [ 25.614179] [ 25.614336] The buggy address belongs to the physical page: [ 25.614978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a [ 25.615338] flags: 0x200000000000000(node=0|zone=2) [ 25.615523] page_type: f5(slab) [ 25.615884] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.616549] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.617259] page dumped because: kasan: bad access detected [ 25.617683] [ 25.617762] Memory state around the buggy address: [ 25.618227] ffff88810583a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.618676] ffff88810583a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.619090] >ffff88810583a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.619736] ^ [ 25.620408] ffff88810583a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.621160] ffff88810583a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.621561] ================================================================== [ 25.556857] ================================================================== [ 25.557888] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 25.558664] Read of size 1 at addr ffff88810583a700 by task kunit_try_catch/244 [ 25.559421] [ 25.559541] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.559593] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.559605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.559629] Call Trace: [ 25.559648] <TASK> [ 25.559667] dump_stack_lvl+0x73/0xb0 [ 25.559712] print_report+0xd1/0x610 [ 25.559734] ? __virt_addr_valid+0x1db/0x2d0 [ 25.559758] ? ksize_uaf+0x5fe/0x6c0 [ 25.559778] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.559804] ? ksize_uaf+0x5fe/0x6c0 [ 25.559824] kasan_report+0x141/0x180 [ 25.559853] ? ksize_uaf+0x5fe/0x6c0 [ 25.559877] __asan_report_load1_noabort+0x18/0x20 [ 25.559953] ksize_uaf+0x5fe/0x6c0 [ 25.559973] ? __pfx_ksize_uaf+0x10/0x10 [ 25.559995] ? __schedule+0x10cc/0x2b60 [ 25.560018] ? __pfx_read_tsc+0x10/0x10 [ 25.560041] ? ktime_get_ts64+0x86/0x230 [ 25.560069] kunit_try_run_case+0x1a5/0x480 [ 25.560092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.560111] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.560134] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.560157] ? __kthread_parkme+0x82/0x180 [ 25.560177] ? preempt_count_sub+0x50/0x80 [ 25.560200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.560223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.560247] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.560272] kthread+0x337/0x6f0 [ 25.560293] ? trace_preempt_on+0x20/0xc0 [ 25.560315] ? __pfx_kthread+0x10/0x10 [ 25.560337] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.560358] ? calculate_sigpending+0x7b/0xa0 [ 25.560382] ? __pfx_kthread+0x10/0x10 [ 25.560403] ret_from_fork+0x116/0x1d0 [ 25.560422] ? __pfx_kthread+0x10/0x10 [ 25.560443] ret_from_fork_asm+0x1a/0x30 [ 25.560473] </TASK> [ 25.560485] [ 25.572739] Allocated by task 244: [ 25.573124] kasan_save_stack+0x45/0x70 [ 25.573464] kasan_save_track+0x18/0x40 [ 25.573916] kasan_save_alloc_info+0x3b/0x50 [ 25.574176] __kasan_kmalloc+0xb7/0xc0 [ 25.574305] __kmalloc_cache_noprof+0x189/0x420 [ 25.574458] ksize_uaf+0xaa/0x6c0 [ 25.574861] kunit_try_run_case+0x1a5/0x480 [ 25.575243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.575806] kthread+0x337/0x6f0 [ 25.576137] ret_from_fork+0x116/0x1d0 [ 25.576484] ret_from_fork_asm+0x1a/0x30 [ 25.576857] [ 25.576963] Freed by task 244: [ 25.577123] kasan_save_stack+0x45/0x70 [ 25.577260] kasan_save_track+0x18/0x40 [ 25.577390] kasan_save_free_info+0x3f/0x60 [ 25.577554] __kasan_slab_free+0x56/0x70 [ 25.577905] kfree+0x222/0x3f0 [ 25.578246] ksize_uaf+0x12c/0x6c0 [ 25.578596] kunit_try_run_case+0x1a5/0x480 [ 25.579172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.579902] kthread+0x337/0x6f0 [ 25.580210] ret_from_fork+0x116/0x1d0 [ 25.580540] ret_from_fork_asm+0x1a/0x30 [ 25.580980] [ 25.581136] The buggy address belongs to the object at ffff88810583a700 [ 25.581136] which belongs to the cache kmalloc-128 of size 128 [ 25.581506] The buggy address is located 0 bytes inside of [ 25.581506] freed 128-byte region [ffff88810583a700, ffff88810583a780) [ 25.582152] [ 25.582313] The buggy address belongs to the physical page: [ 25.582947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a [ 25.583463] flags: 0x200000000000000(node=0|zone=2) [ 25.583640] page_type: f5(slab) [ 25.583775] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.584477] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.585230] page dumped because: kasan: bad access detected [ 25.585555] [ 25.585622] Memory state around the buggy address: [ 25.585785] ffff88810583a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.586409] ffff88810583a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.587142] >ffff88810583a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.587929] ^ [ 25.588094] ffff88810583a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.588307] ffff88810583a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.588534] ================================================================== [ 25.523063] ================================================================== [ 25.524305] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 25.524640] Read of size 1 at addr ffff88810583a700 by task kunit_try_catch/244 [ 25.525438] [ 25.525684] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.525749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.525761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.525843] Call Trace: [ 25.525858] <TASK> [ 25.525878] dump_stack_lvl+0x73/0xb0 [ 25.525945] print_report+0xd1/0x610 [ 25.525971] ? __virt_addr_valid+0x1db/0x2d0 [ 25.525996] ? ksize_uaf+0x19d/0x6c0 [ 25.526016] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.526041] ? ksize_uaf+0x19d/0x6c0 [ 25.526061] kasan_report+0x141/0x180 [ 25.526082] ? ksize_uaf+0x19d/0x6c0 [ 25.526105] ? ksize_uaf+0x19d/0x6c0 [ 25.526125] __kasan_check_byte+0x3d/0x50 [ 25.526146] ksize+0x20/0x60 [ 25.526170] ksize_uaf+0x19d/0x6c0 [ 25.526191] ? __pfx_ksize_uaf+0x10/0x10 [ 25.526211] ? __schedule+0x10cc/0x2b60 [ 25.526234] ? __pfx_read_tsc+0x10/0x10 [ 25.526256] ? ktime_get_ts64+0x86/0x230 [ 25.526282] kunit_try_run_case+0x1a5/0x480 [ 25.526304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.526324] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.526346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.526368] ? __kthread_parkme+0x82/0x180 [ 25.526389] ? preempt_count_sub+0x50/0x80 [ 25.526412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.526434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.526457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.526482] kthread+0x337/0x6f0 [ 25.526516] ? trace_preempt_on+0x20/0xc0 [ 25.526539] ? __pfx_kthread+0x10/0x10 [ 25.526559] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.526580] ? calculate_sigpending+0x7b/0xa0 [ 25.526604] ? __pfx_kthread+0x10/0x10 [ 25.526625] ret_from_fork+0x116/0x1d0 [ 25.526644] ? __pfx_kthread+0x10/0x10 [ 25.526664] ret_from_fork_asm+0x1a/0x30 [ 25.526694] </TASK> [ 25.526720] [ 25.538727] Allocated by task 244: [ 25.539133] kasan_save_stack+0x45/0x70 [ 25.539513] kasan_save_track+0x18/0x40 [ 25.539984] kasan_save_alloc_info+0x3b/0x50 [ 25.540393] __kasan_kmalloc+0xb7/0xc0 [ 25.540826] __kmalloc_cache_noprof+0x189/0x420 [ 25.541117] ksize_uaf+0xaa/0x6c0 [ 25.541238] kunit_try_run_case+0x1a5/0x480 [ 25.541377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.541688] kthread+0x337/0x6f0 [ 25.542011] ret_from_fork+0x116/0x1d0 [ 25.542478] ret_from_fork_asm+0x1a/0x30 [ 25.542929] [ 25.543115] Freed by task 244: [ 25.543415] kasan_save_stack+0x45/0x70 [ 25.543859] kasan_save_track+0x18/0x40 [ 25.544234] kasan_save_free_info+0x3f/0x60 [ 25.544416] __kasan_slab_free+0x56/0x70 [ 25.544887] kfree+0x222/0x3f0 [ 25.545201] ksize_uaf+0x12c/0x6c0 [ 25.545387] kunit_try_run_case+0x1a5/0x480 [ 25.545711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.546335] kthread+0x337/0x6f0 [ 25.546586] ret_from_fork+0x116/0x1d0 [ 25.546818] ret_from_fork_asm+0x1a/0x30 [ 25.547261] [ 25.547415] The buggy address belongs to the object at ffff88810583a700 [ 25.547415] which belongs to the cache kmalloc-128 of size 128 [ 25.548306] The buggy address is located 0 bytes inside of [ 25.548306] freed 128-byte region [ffff88810583a700, ffff88810583a780) [ 25.549183] [ 25.549260] The buggy address belongs to the physical page: [ 25.549430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a [ 25.550094] flags: 0x200000000000000(node=0|zone=2) [ 25.550551] page_type: f5(slab) [ 25.550926] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.551683] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.552105] page dumped because: kasan: bad access detected [ 25.552274] [ 25.552337] Memory state around the buggy address: [ 25.552487] ffff88810583a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.553246] ffff88810583a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.553971] >ffff88810583a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.554588] ^ [ 25.554935] ffff88810583a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.555468] ffff88810583a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.556043] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 25.448232] ================================================================== [ 25.448753] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 25.449147] Read of size 1 at addr ffff888105182d73 by task kunit_try_catch/242 [ 25.449437] [ 25.449575] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.449624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.449636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.449657] Call Trace: [ 25.449671] <TASK> [ 25.449689] dump_stack_lvl+0x73/0xb0 [ 25.449734] print_report+0xd1/0x610 [ 25.449757] ? __virt_addr_valid+0x1db/0x2d0 [ 25.449826] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.449852] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.449878] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.449900] kasan_report+0x141/0x180 [ 25.449922] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.449949] __asan_report_load1_noabort+0x18/0x20 [ 25.449973] ksize_unpoisons_memory+0x81c/0x9b0 [ 25.449996] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.450018] ? finish_task_switch.isra.0+0x153/0x700 [ 25.450042] ? __switch_to+0x47/0xf80 [ 25.450069] ? __schedule+0x10cc/0x2b60 [ 25.450092] ? __pfx_read_tsc+0x10/0x10 [ 25.450113] ? ktime_get_ts64+0x86/0x230 [ 25.450138] kunit_try_run_case+0x1a5/0x480 [ 25.450160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.450181] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.450204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.450227] ? __kthread_parkme+0x82/0x180 [ 25.450248] ? preempt_count_sub+0x50/0x80 [ 25.450271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.450293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.450317] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.450342] kthread+0x337/0x6f0 [ 25.450362] ? trace_preempt_on+0x20/0xc0 [ 25.450385] ? __pfx_kthread+0x10/0x10 [ 25.450406] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.450427] ? calculate_sigpending+0x7b/0xa0 [ 25.450450] ? __pfx_kthread+0x10/0x10 [ 25.450472] ret_from_fork+0x116/0x1d0 [ 25.450491] ? __pfx_kthread+0x10/0x10 [ 25.450521] ret_from_fork_asm+0x1a/0x30 [ 25.450552] </TASK> [ 25.450564] [ 25.458075] Allocated by task 242: [ 25.458266] kasan_save_stack+0x45/0x70 [ 25.458465] kasan_save_track+0x18/0x40 [ 25.458646] kasan_save_alloc_info+0x3b/0x50 [ 25.458900] __kasan_kmalloc+0xb7/0xc0 [ 25.459083] __kmalloc_cache_noprof+0x189/0x420 [ 25.459267] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.459417] kunit_try_run_case+0x1a5/0x480 [ 25.459558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.459761] kthread+0x337/0x6f0 [ 25.459935] ret_from_fork+0x116/0x1d0 [ 25.460162] ret_from_fork_asm+0x1a/0x30 [ 25.460358] [ 25.460454] The buggy address belongs to the object at ffff888105182d00 [ 25.460454] which belongs to the cache kmalloc-128 of size 128 [ 25.461334] The buggy address is located 0 bytes to the right of [ 25.461334] allocated 115-byte region [ffff888105182d00, ffff888105182d73) [ 25.462052] [ 25.462155] The buggy address belongs to the physical page: [ 25.462373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 25.462744] flags: 0x200000000000000(node=0|zone=2) [ 25.463081] page_type: f5(slab) [ 25.463206] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.463433] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.463665] page dumped because: kasan: bad access detected [ 25.463941] [ 25.464029] Memory state around the buggy address: [ 25.464250] ffff888105182c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.464624] ffff888105182c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.464998] >ffff888105182d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.465213] ^ [ 25.465417] ffff888105182d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.465884] ffff888105182e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.466202] ================================================================== [ 25.488919] ================================================================== [ 25.489287] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.489798] Read of size 1 at addr ffff888105182d7f by task kunit_try_catch/242 [ 25.490736] [ 25.491068] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.491120] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.491132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.491153] Call Trace: [ 25.491170] <TASK> [ 25.491187] dump_stack_lvl+0x73/0xb0 [ 25.491217] print_report+0xd1/0x610 [ 25.491241] ? __virt_addr_valid+0x1db/0x2d0 [ 25.491265] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.491288] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.491313] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.491335] kasan_report+0x141/0x180 [ 25.491356] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.491383] __asan_report_load1_noabort+0x18/0x20 [ 25.491406] ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.491429] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.491450] ? finish_task_switch.isra.0+0x153/0x700 [ 25.491471] ? __switch_to+0x47/0xf80 [ 25.491505] ? __schedule+0x10cc/0x2b60 [ 25.491527] ? __pfx_read_tsc+0x10/0x10 [ 25.491548] ? ktime_get_ts64+0x86/0x230 [ 25.491572] kunit_try_run_case+0x1a5/0x480 [ 25.491593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.491613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.491635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.491658] ? __kthread_parkme+0x82/0x180 [ 25.491677] ? preempt_count_sub+0x50/0x80 [ 25.491709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.491730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.491756] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.491879] kthread+0x337/0x6f0 [ 25.491899] ? trace_preempt_on+0x20/0xc0 [ 25.491923] ? __pfx_kthread+0x10/0x10 [ 25.491943] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.491964] ? calculate_sigpending+0x7b/0xa0 [ 25.491988] ? __pfx_kthread+0x10/0x10 [ 25.492011] ret_from_fork+0x116/0x1d0 [ 25.492030] ? __pfx_kthread+0x10/0x10 [ 25.492050] ret_from_fork_asm+0x1a/0x30 [ 25.492081] </TASK> [ 25.492092] [ 25.507177] Allocated by task 242: [ 25.507315] kasan_save_stack+0x45/0x70 [ 25.507467] kasan_save_track+0x18/0x40 [ 25.507617] kasan_save_alloc_info+0x3b/0x50 [ 25.508211] __kasan_kmalloc+0xb7/0xc0 [ 25.508416] __kmalloc_cache_noprof+0x189/0x420 [ 25.509067] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.509236] kunit_try_run_case+0x1a5/0x480 [ 25.509379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.510087] kthread+0x337/0x6f0 [ 25.510423] ret_from_fork+0x116/0x1d0 [ 25.510777] ret_from_fork_asm+0x1a/0x30 [ 25.510973] [ 25.511064] The buggy address belongs to the object at ffff888105182d00 [ 25.511064] which belongs to the cache kmalloc-128 of size 128 [ 25.511560] The buggy address is located 12 bytes to the right of [ 25.511560] allocated 115-byte region [ffff888105182d00, ffff888105182d73) [ 25.512590] [ 25.513029] The buggy address belongs to the physical page: [ 25.513343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 25.514028] flags: 0x200000000000000(node=0|zone=2) [ 25.514261] page_type: f5(slab) [ 25.514423] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.515340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.515878] page dumped because: kasan: bad access detected [ 25.516127] [ 25.516214] Memory state around the buggy address: [ 25.516422] ffff888105182c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.517263] ffff888105182c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.517828] >ffff888105182d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.518409] ^ [ 25.518919] ffff888105182d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.519225] ffff888105182e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.519715] ================================================================== [ 25.466920] ================================================================== [ 25.467270] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.467650] Read of size 1 at addr ffff888105182d78 by task kunit_try_catch/242 [ 25.468191] [ 25.468313] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.468360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.468373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.468393] Call Trace: [ 25.468410] <TASK> [ 25.468426] dump_stack_lvl+0x73/0xb0 [ 25.468455] print_report+0xd1/0x610 [ 25.468478] ? __virt_addr_valid+0x1db/0x2d0 [ 25.468518] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.468541] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.468566] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.468589] kasan_report+0x141/0x180 [ 25.468611] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.468638] __asan_report_load1_noabort+0x18/0x20 [ 25.468662] ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.468685] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.468721] ? finish_task_switch.isra.0+0x153/0x700 [ 25.468743] ? __switch_to+0x47/0xf80 [ 25.468769] ? __schedule+0x10cc/0x2b60 [ 25.468792] ? __pfx_read_tsc+0x10/0x10 [ 25.468813] ? ktime_get_ts64+0x86/0x230 [ 25.468839] kunit_try_run_case+0x1a5/0x480 [ 25.468861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.468880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.469148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.469177] ? __kthread_parkme+0x82/0x180 [ 25.469198] ? preempt_count_sub+0x50/0x80 [ 25.469220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.469242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.469267] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.469292] kthread+0x337/0x6f0 [ 25.469312] ? trace_preempt_on+0x20/0xc0 [ 25.469336] ? __pfx_kthread+0x10/0x10 [ 25.469356] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.469377] ? calculate_sigpending+0x7b/0xa0 [ 25.469400] ? __pfx_kthread+0x10/0x10 [ 25.469421] ret_from_fork+0x116/0x1d0 [ 25.469440] ? __pfx_kthread+0x10/0x10 [ 25.469461] ret_from_fork_asm+0x1a/0x30 [ 25.469492] </TASK> [ 25.469504] [ 25.477036] Allocated by task 242: [ 25.477230] kasan_save_stack+0x45/0x70 [ 25.477449] kasan_save_track+0x18/0x40 [ 25.477906] kasan_save_alloc_info+0x3b/0x50 [ 25.478104] __kasan_kmalloc+0xb7/0xc0 [ 25.478290] __kmalloc_cache_noprof+0x189/0x420 [ 25.478446] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.478654] kunit_try_run_case+0x1a5/0x480 [ 25.479091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.479344] kthread+0x337/0x6f0 [ 25.479528] ret_from_fork+0x116/0x1d0 [ 25.479671] ret_from_fork_asm+0x1a/0x30 [ 25.479819] [ 25.479921] The buggy address belongs to the object at ffff888105182d00 [ 25.479921] which belongs to the cache kmalloc-128 of size 128 [ 25.480644] The buggy address is located 5 bytes to the right of [ 25.480644] allocated 115-byte region [ffff888105182d00, ffff888105182d73) [ 25.481216] [ 25.481313] The buggy address belongs to the physical page: [ 25.481558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 25.481860] flags: 0x200000000000000(node=0|zone=2) [ 25.482201] page_type: f5(slab) [ 25.482579] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.482866] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.483093] page dumped because: kasan: bad access detected [ 25.483261] [ 25.483326] Memory state around the buggy address: [ 25.484311] ffff888105182c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.484980] ffff888105182c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.485317] >ffff888105182d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.485760] ^ [ 25.486376] ffff888105182d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.486725] ffff888105182e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.487254] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 25.415885] ================================================================== [ 25.416248] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 25.416530] Free of addr ffff888103cd6780 by task kunit_try_catch/240 [ 25.416964] [ 25.417072] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.417121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.417132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.417153] Call Trace: [ 25.417165] <TASK> [ 25.417182] dump_stack_lvl+0x73/0xb0 [ 25.417210] print_report+0xd1/0x610 [ 25.417233] ? __virt_addr_valid+0x1db/0x2d0 [ 25.417257] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.417281] ? kfree_sensitive+0x2e/0x90 [ 25.417306] kasan_report_invalid_free+0x10a/0x130 [ 25.417329] ? kfree_sensitive+0x2e/0x90 [ 25.417354] ? kfree_sensitive+0x2e/0x90 [ 25.417376] check_slab_allocation+0x101/0x130 [ 25.417397] __kasan_slab_pre_free+0x28/0x40 [ 25.417417] kfree+0xf0/0x3f0 [ 25.417438] ? kfree_sensitive+0x2e/0x90 [ 25.417463] kfree_sensitive+0x2e/0x90 [ 25.417486] kmalloc_double_kzfree+0x19c/0x350 [ 25.417518] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.417541] ? __schedule+0x10cc/0x2b60 [ 25.417563] ? __pfx_read_tsc+0x10/0x10 [ 25.417584] ? ktime_get_ts64+0x86/0x230 [ 25.417608] kunit_try_run_case+0x1a5/0x480 [ 25.417629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.417649] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.417671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.417693] ? __kthread_parkme+0x82/0x180 [ 25.417729] ? preempt_count_sub+0x50/0x80 [ 25.417752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.417773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.418006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.418031] kthread+0x337/0x6f0 [ 25.418051] ? trace_preempt_on+0x20/0xc0 [ 25.418073] ? __pfx_kthread+0x10/0x10 [ 25.418093] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.418115] ? calculate_sigpending+0x7b/0xa0 [ 25.418138] ? __pfx_kthread+0x10/0x10 [ 25.418159] ret_from_fork+0x116/0x1d0 [ 25.418178] ? __pfx_kthread+0x10/0x10 [ 25.418198] ret_from_fork_asm+0x1a/0x30 [ 25.418228] </TASK> [ 25.418240] [ 25.426966] Allocated by task 240: [ 25.427153] kasan_save_stack+0x45/0x70 [ 25.427344] kasan_save_track+0x18/0x40 [ 25.427672] kasan_save_alloc_info+0x3b/0x50 [ 25.428001] __kasan_kmalloc+0xb7/0xc0 [ 25.428288] __kmalloc_cache_noprof+0x189/0x420 [ 25.428630] kmalloc_double_kzfree+0xa9/0x350 [ 25.428941] kunit_try_run_case+0x1a5/0x480 [ 25.429150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.429386] kthread+0x337/0x6f0 [ 25.429821] ret_from_fork+0x116/0x1d0 [ 25.430043] ret_from_fork_asm+0x1a/0x30 [ 25.430339] [ 25.430573] Freed by task 240: [ 25.430847] kasan_save_stack+0x45/0x70 [ 25.431041] kasan_save_track+0x18/0x40 [ 25.431218] kasan_save_free_info+0x3f/0x60 [ 25.431405] __kasan_slab_free+0x56/0x70 [ 25.431948] kfree+0x222/0x3f0 [ 25.432210] kfree_sensitive+0x67/0x90 [ 25.432465] kmalloc_double_kzfree+0x12b/0x350 [ 25.432798] kunit_try_run_case+0x1a5/0x480 [ 25.433196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.433441] kthread+0x337/0x6f0 [ 25.433758] ret_from_fork+0x116/0x1d0 [ 25.434062] ret_from_fork_asm+0x1a/0x30 [ 25.434251] [ 25.434337] The buggy address belongs to the object at ffff888103cd6780 [ 25.434337] which belongs to the cache kmalloc-16 of size 16 [ 25.435241] The buggy address is located 0 bytes inside of [ 25.435241] 16-byte region [ffff888103cd6780, ffff888103cd6790) [ 25.436312] [ 25.436594] The buggy address belongs to the physical page: [ 25.436853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cd6 [ 25.437186] flags: 0x200000000000000(node=0|zone=2) [ 25.437397] page_type: f5(slab) [ 25.437900] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.438323] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.438808] page dumped because: kasan: bad access detected [ 25.439156] [ 25.439383] Memory state around the buggy address: [ 25.439809] ffff888103cd6680: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 25.440115] ffff888103cd6700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.440392] >ffff888103cd6780: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.441027] ^ [ 25.441311] ffff888103cd6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.441918] ffff888103cd6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.442407] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 25.376866] ================================================================== [ 25.377318] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 25.377561] Read of size 1 at addr ffff888103cd6780 by task kunit_try_catch/240 [ 25.377794] [ 25.377882] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.377933] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.377945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.377967] Call Trace: [ 25.377980] <TASK> [ 25.377999] dump_stack_lvl+0x73/0xb0 [ 25.378028] print_report+0xd1/0x610 [ 25.378050] ? __virt_addr_valid+0x1db/0x2d0 [ 25.378074] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.378096] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.378121] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.378143] kasan_report+0x141/0x180 [ 25.378163] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.378187] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.378209] __kasan_check_byte+0x3d/0x50 [ 25.378229] kfree_sensitive+0x22/0x90 [ 25.378254] kmalloc_double_kzfree+0x19c/0x350 [ 25.378276] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.378298] ? __schedule+0x10cc/0x2b60 [ 25.378320] ? __pfx_read_tsc+0x10/0x10 [ 25.378341] ? ktime_get_ts64+0x86/0x230 [ 25.378365] kunit_try_run_case+0x1a5/0x480 [ 25.378386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.378405] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.378427] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.378449] ? __kthread_parkme+0x82/0x180 [ 25.378469] ? preempt_count_sub+0x50/0x80 [ 25.378492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.378512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.378536] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.378559] kthread+0x337/0x6f0 [ 25.378578] ? trace_preempt_on+0x20/0xc0 [ 25.378600] ? __pfx_kthread+0x10/0x10 [ 25.378620] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.378640] ? calculate_sigpending+0x7b/0xa0 [ 25.378662] ? __pfx_kthread+0x10/0x10 [ 25.378683] ret_from_fork+0x116/0x1d0 [ 25.379023] ? __pfx_kthread+0x10/0x10 [ 25.379056] ret_from_fork_asm+0x1a/0x30 [ 25.379088] </TASK> [ 25.379102] [ 25.398450] Allocated by task 240: [ 25.398601] kasan_save_stack+0x45/0x70 [ 25.398768] kasan_save_track+0x18/0x40 [ 25.398901] kasan_save_alloc_info+0x3b/0x50 [ 25.399810] __kasan_kmalloc+0xb7/0xc0 [ 25.400208] __kmalloc_cache_noprof+0x189/0x420 [ 25.400677] kmalloc_double_kzfree+0xa9/0x350 [ 25.401111] kunit_try_run_case+0x1a5/0x480 [ 25.401277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.401451] kthread+0x337/0x6f0 [ 25.401768] ret_from_fork+0x116/0x1d0 [ 25.402249] ret_from_fork_asm+0x1a/0x30 [ 25.402667] [ 25.402836] Freed by task 240: [ 25.403227] kasan_save_stack+0x45/0x70 [ 25.403634] kasan_save_track+0x18/0x40 [ 25.404005] kasan_save_free_info+0x3f/0x60 [ 25.404336] __kasan_slab_free+0x56/0x70 [ 25.404559] kfree+0x222/0x3f0 [ 25.404674] kfree_sensitive+0x67/0x90 [ 25.405086] kmalloc_double_kzfree+0x12b/0x350 [ 25.405545] kunit_try_run_case+0x1a5/0x480 [ 25.406025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.406424] kthread+0x337/0x6f0 [ 25.406552] ret_from_fork+0x116/0x1d0 [ 25.407002] ret_from_fork_asm+0x1a/0x30 [ 25.407384] [ 25.407548] The buggy address belongs to the object at ffff888103cd6780 [ 25.407548] which belongs to the cache kmalloc-16 of size 16 [ 25.408414] The buggy address is located 0 bytes inside of [ 25.408414] freed 16-byte region [ffff888103cd6780, ffff888103cd6790) [ 25.408843] [ 25.409161] The buggy address belongs to the physical page: [ 25.409640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cd6 [ 25.410627] flags: 0x200000000000000(node=0|zone=2) [ 25.411026] page_type: f5(slab) [ 25.411319] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.411616] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.411978] page dumped because: kasan: bad access detected [ 25.412459] [ 25.412624] Memory state around the buggy address: [ 25.413197] ffff888103cd6680: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 25.413902] ffff888103cd6700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.414117] >ffff888103cd6780: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.414328] ^ [ 25.414440] ffff888103cd6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.414684] ffff888103cd6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.415227] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 25.350006] ================================================================== [ 25.350425] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 25.350716] Read of size 1 at addr ffff888105847c28 by task kunit_try_catch/236 [ 25.351127] [ 25.351242] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.351290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.351302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.351323] Call Trace: [ 25.351336] <TASK> [ 25.351354] dump_stack_lvl+0x73/0xb0 [ 25.351382] print_report+0xd1/0x610 [ 25.351405] ? __virt_addr_valid+0x1db/0x2d0 [ 25.351429] ? kmalloc_uaf2+0x4a8/0x520 [ 25.351448] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.351473] ? kmalloc_uaf2+0x4a8/0x520 [ 25.351502] kasan_report+0x141/0x180 [ 25.351523] ? kmalloc_uaf2+0x4a8/0x520 [ 25.351547] __asan_report_load1_noabort+0x18/0x20 [ 25.351571] kmalloc_uaf2+0x4a8/0x520 [ 25.351591] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 25.351610] ? finish_task_switch.isra.0+0x153/0x700 [ 25.351632] ? __switch_to+0x47/0xf80 [ 25.351659] ? __schedule+0x10cc/0x2b60 [ 25.351682] ? __pfx_read_tsc+0x10/0x10 [ 25.351716] ? ktime_get_ts64+0x86/0x230 [ 25.351740] kunit_try_run_case+0x1a5/0x480 [ 25.351762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.351829] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.351865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.351888] ? __kthread_parkme+0x82/0x180 [ 25.351909] ? preempt_count_sub+0x50/0x80 [ 25.351931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.351953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.351977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.352002] kthread+0x337/0x6f0 [ 25.352021] ? trace_preempt_on+0x20/0xc0 [ 25.352044] ? __pfx_kthread+0x10/0x10 [ 25.352065] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.352086] ? calculate_sigpending+0x7b/0xa0 [ 25.352110] ? __pfx_kthread+0x10/0x10 [ 25.352131] ret_from_fork+0x116/0x1d0 [ 25.352149] ? __pfx_kthread+0x10/0x10 [ 25.352170] ret_from_fork_asm+0x1a/0x30 [ 25.352200] </TASK> [ 25.352212] [ 25.359735] Allocated by task 236: [ 25.360044] kasan_save_stack+0x45/0x70 [ 25.360240] kasan_save_track+0x18/0x40 [ 25.360401] kasan_save_alloc_info+0x3b/0x50 [ 25.360622] __kasan_kmalloc+0xb7/0xc0 [ 25.360882] __kmalloc_cache_noprof+0x189/0x420 [ 25.361084] kmalloc_uaf2+0xc6/0x520 [ 25.361241] kunit_try_run_case+0x1a5/0x480 [ 25.361424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.361693] kthread+0x337/0x6f0 [ 25.361822] ret_from_fork+0x116/0x1d0 [ 25.362000] ret_from_fork_asm+0x1a/0x30 [ 25.362201] [ 25.362292] Freed by task 236: [ 25.362449] kasan_save_stack+0x45/0x70 [ 25.362668] kasan_save_track+0x18/0x40 [ 25.362904] kasan_save_free_info+0x3f/0x60 [ 25.363097] __kasan_slab_free+0x56/0x70 [ 25.363228] kfree+0x222/0x3f0 [ 25.363358] kmalloc_uaf2+0x14c/0x520 [ 25.363580] kunit_try_run_case+0x1a5/0x480 [ 25.363834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.364048] kthread+0x337/0x6f0 [ 25.364214] ret_from_fork+0x116/0x1d0 [ 25.364403] ret_from_fork_asm+0x1a/0x30 [ 25.364591] [ 25.364665] The buggy address belongs to the object at ffff888105847c00 [ 25.364665] which belongs to the cache kmalloc-64 of size 64 [ 25.365033] The buggy address is located 40 bytes inside of [ 25.365033] freed 64-byte region [ffff888105847c00, ffff888105847c40) [ 25.365380] [ 25.365447] The buggy address belongs to the physical page: [ 25.365684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105847 [ 25.366363] flags: 0x200000000000000(node=0|zone=2) [ 25.366851] page_type: f5(slab) [ 25.367025] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.367361] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.367710] page dumped because: kasan: bad access detected [ 25.367986] [ 25.368083] Memory state around the buggy address: [ 25.368259] ffff888105847b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.368472] ffff888105847b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.368879] >ffff888105847c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.369205] ^ [ 25.369391] ffff888105847c80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 25.369692] ffff888105847d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.370026] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 25.326614] ================================================================== [ 25.327038] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 25.327340] Write of size 33 at addr ffff888105847b00 by task kunit_try_catch/234 [ 25.327873] [ 25.327980] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.328029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.328041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.328063] Call Trace: [ 25.328076] <TASK> [ 25.328094] dump_stack_lvl+0x73/0xb0 [ 25.328122] print_report+0xd1/0x610 [ 25.328145] ? __virt_addr_valid+0x1db/0x2d0 [ 25.328169] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.328189] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.328214] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.328235] kasan_report+0x141/0x180 [ 25.328256] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.328281] kasan_check_range+0x10c/0x1c0 [ 25.328303] __asan_memset+0x27/0x50 [ 25.328326] kmalloc_uaf_memset+0x1a3/0x360 [ 25.328346] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 25.328368] ? __schedule+0x10cc/0x2b60 [ 25.328390] ? __pfx_read_tsc+0x10/0x10 [ 25.328411] ? ktime_get_ts64+0x86/0x230 [ 25.328435] kunit_try_run_case+0x1a5/0x480 [ 25.328457] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.328477] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.328500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.328522] ? __kthread_parkme+0x82/0x180 [ 25.328600] ? preempt_count_sub+0x50/0x80 [ 25.328624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.328646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.328670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.328694] kthread+0x337/0x6f0 [ 25.328740] ? trace_preempt_on+0x20/0xc0 [ 25.328763] ? __pfx_kthread+0x10/0x10 [ 25.328831] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.328853] ? calculate_sigpending+0x7b/0xa0 [ 25.328877] ? __pfx_kthread+0x10/0x10 [ 25.328898] ret_from_fork+0x116/0x1d0 [ 25.328918] ? __pfx_kthread+0x10/0x10 [ 25.328938] ret_from_fork_asm+0x1a/0x30 [ 25.328969] </TASK> [ 25.328981] [ 25.335861] Allocated by task 234: [ 25.336097] kasan_save_stack+0x45/0x70 [ 25.336302] kasan_save_track+0x18/0x40 [ 25.336485] kasan_save_alloc_info+0x3b/0x50 [ 25.336995] __kasan_kmalloc+0xb7/0xc0 [ 25.337169] __kmalloc_cache_noprof+0x189/0x420 [ 25.337379] kmalloc_uaf_memset+0xa9/0x360 [ 25.337590] kunit_try_run_case+0x1a5/0x480 [ 25.337741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.337913] kthread+0x337/0x6f0 [ 25.338096] ret_from_fork+0x116/0x1d0 [ 25.338283] ret_from_fork_asm+0x1a/0x30 [ 25.338474] [ 25.338563] Freed by task 234: [ 25.338728] kasan_save_stack+0x45/0x70 [ 25.338913] kasan_save_track+0x18/0x40 [ 25.339043] kasan_save_free_info+0x3f/0x60 [ 25.339184] __kasan_slab_free+0x56/0x70 [ 25.339317] kfree+0x222/0x3f0 [ 25.339603] kmalloc_uaf_memset+0x12b/0x360 [ 25.340072] kunit_try_run_case+0x1a5/0x480 [ 25.340305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.340663] kthread+0x337/0x6f0 [ 25.340854] ret_from_fork+0x116/0x1d0 [ 25.341069] ret_from_fork_asm+0x1a/0x30 [ 25.341243] [ 25.341310] The buggy address belongs to the object at ffff888105847b00 [ 25.341310] which belongs to the cache kmalloc-64 of size 64 [ 25.341744] The buggy address is located 0 bytes inside of [ 25.341744] freed 64-byte region [ffff888105847b00, ffff888105847b40) [ 25.342323] [ 25.342420] The buggy address belongs to the physical page: [ 25.342611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105847 [ 25.342860] flags: 0x200000000000000(node=0|zone=2) [ 25.343021] page_type: f5(slab) [ 25.343140] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.343863] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.344204] page dumped because: kasan: bad access detected [ 25.344449] [ 25.344575] Memory state around the buggy address: [ 25.344742] ffff888105847a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.345270] ffff888105847a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.345615] >ffff888105847b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.346082] ^ [ 25.346232] ffff888105847b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.346510] ffff888105847c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.346831] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 25.291351] ================================================================== [ 25.292138] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 25.292602] Read of size 1 at addr ffff888105807f88 by task kunit_try_catch/232 [ 25.293210] [ 25.293335] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.293391] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.293403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.293427] Call Trace: [ 25.293441] <TASK> [ 25.293462] dump_stack_lvl+0x73/0xb0 [ 25.293655] print_report+0xd1/0x610 [ 25.293685] ? __virt_addr_valid+0x1db/0x2d0 [ 25.293731] ? kmalloc_uaf+0x320/0x380 [ 25.293750] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.293776] ? kmalloc_uaf+0x320/0x380 [ 25.293892] kasan_report+0x141/0x180 [ 25.293914] ? kmalloc_uaf+0x320/0x380 [ 25.293940] __asan_report_load1_noabort+0x18/0x20 [ 25.293963] kmalloc_uaf+0x320/0x380 [ 25.293983] ? __pfx_kmalloc_uaf+0x10/0x10 [ 25.294004] ? __schedule+0x10cc/0x2b60 [ 25.294027] ? __pfx_read_tsc+0x10/0x10 [ 25.294050] ? ktime_get_ts64+0x86/0x230 [ 25.294076] kunit_try_run_case+0x1a5/0x480 [ 25.294099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.294119] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.294142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.294165] ? __kthread_parkme+0x82/0x180 [ 25.294187] ? preempt_count_sub+0x50/0x80 [ 25.294210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.294233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.294258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.294282] kthread+0x337/0x6f0 [ 25.294302] ? trace_preempt_on+0x20/0xc0 [ 25.294326] ? __pfx_kthread+0x10/0x10 [ 25.294346] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.294367] ? calculate_sigpending+0x7b/0xa0 [ 25.294392] ? __pfx_kthread+0x10/0x10 [ 25.294413] ret_from_fork+0x116/0x1d0 [ 25.294433] ? __pfx_kthread+0x10/0x10 [ 25.294454] ret_from_fork_asm+0x1a/0x30 [ 25.294486] </TASK> [ 25.294511] [ 25.306408] Allocated by task 232: [ 25.306589] kasan_save_stack+0x45/0x70 [ 25.307018] kasan_save_track+0x18/0x40 [ 25.307216] kasan_save_alloc_info+0x3b/0x50 [ 25.307413] __kasan_kmalloc+0xb7/0xc0 [ 25.308036] __kmalloc_cache_noprof+0x189/0x420 [ 25.308409] kmalloc_uaf+0xaa/0x380 [ 25.308857] kunit_try_run_case+0x1a5/0x480 [ 25.309115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.309361] kthread+0x337/0x6f0 [ 25.309745] ret_from_fork+0x116/0x1d0 [ 25.310023] ret_from_fork_asm+0x1a/0x30 [ 25.310217] [ 25.310304] Freed by task 232: [ 25.310447] kasan_save_stack+0x45/0x70 [ 25.311057] kasan_save_track+0x18/0x40 [ 25.311394] kasan_save_free_info+0x3f/0x60 [ 25.311997] __kasan_slab_free+0x56/0x70 [ 25.312196] kfree+0x222/0x3f0 [ 25.312345] kmalloc_uaf+0x12c/0x380 [ 25.312742] kunit_try_run_case+0x1a5/0x480 [ 25.313104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.313355] kthread+0x337/0x6f0 [ 25.313729] ret_from_fork+0x116/0x1d0 [ 25.314219] ret_from_fork_asm+0x1a/0x30 [ 25.314466] [ 25.314744] The buggy address belongs to the object at ffff888105807f80 [ 25.314744] which belongs to the cache kmalloc-16 of size 16 [ 25.315299] The buggy address is located 8 bytes inside of [ 25.315299] freed 16-byte region [ffff888105807f80, ffff888105807f90) [ 25.316291] [ 25.316389] The buggy address belongs to the physical page: [ 25.317057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105807 [ 25.317396] flags: 0x200000000000000(node=0|zone=2) [ 25.317811] page_type: f5(slab) [ 25.318193] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.318817] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.319137] page dumped because: kasan: bad access detected [ 25.319348] [ 25.319434] Memory state around the buggy address: [ 25.319989] ffff888105807e80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.320494] ffff888105807f00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.321117] >ffff888105807f80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.321595] ^ [ 25.321783] ffff888105808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.322359] ffff888105808080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 25.322930] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.259694] ================================================================== [ 25.260269] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.261114] Read of size 64 at addr ffff888105847904 by task kunit_try_catch/230 [ 25.261766] [ 25.262057] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.262112] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.262133] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.262156] Call Trace: [ 25.262170] <TASK> [ 25.262190] dump_stack_lvl+0x73/0xb0 [ 25.262222] print_report+0xd1/0x610 [ 25.262247] ? __virt_addr_valid+0x1db/0x2d0 [ 25.262272] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.262295] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.262320] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.262344] kasan_report+0x141/0x180 [ 25.262365] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.262393] kasan_check_range+0x10c/0x1c0 [ 25.262417] __asan_memmove+0x27/0x70 [ 25.262440] kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.262463] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.262585] ? __schedule+0x10cc/0x2b60 [ 25.262615] ? __pfx_read_tsc+0x10/0x10 [ 25.262638] ? ktime_get_ts64+0x86/0x230 [ 25.262663] kunit_try_run_case+0x1a5/0x480 [ 25.262685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.262751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.262831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.262860] ? __kthread_parkme+0x82/0x180 [ 25.262881] ? preempt_count_sub+0x50/0x80 [ 25.262905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.262926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.262951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.262976] kthread+0x337/0x6f0 [ 25.262995] ? trace_preempt_on+0x20/0xc0 [ 25.263018] ? __pfx_kthread+0x10/0x10 [ 25.263039] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.263060] ? calculate_sigpending+0x7b/0xa0 [ 25.263084] ? __pfx_kthread+0x10/0x10 [ 25.263105] ret_from_fork+0x116/0x1d0 [ 25.263124] ? __pfx_kthread+0x10/0x10 [ 25.263144] ret_from_fork_asm+0x1a/0x30 [ 25.263175] </TASK> [ 25.263188] [ 25.275225] Allocated by task 230: [ 25.275395] kasan_save_stack+0x45/0x70 [ 25.276034] kasan_save_track+0x18/0x40 [ 25.276300] kasan_save_alloc_info+0x3b/0x50 [ 25.276660] __kasan_kmalloc+0xb7/0xc0 [ 25.276924] __kmalloc_cache_noprof+0x189/0x420 [ 25.277136] kmalloc_memmove_invalid_size+0xac/0x330 [ 25.277351] kunit_try_run_case+0x1a5/0x480 [ 25.277909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.278205] kthread+0x337/0x6f0 [ 25.278565] ret_from_fork+0x116/0x1d0 [ 25.279078] ret_from_fork_asm+0x1a/0x30 [ 25.279666] [ 25.279839] The buggy address belongs to the object at ffff888105847900 [ 25.279839] which belongs to the cache kmalloc-64 of size 64 [ 25.280323] The buggy address is located 4 bytes inside of [ 25.280323] allocated 64-byte region [ffff888105847900, ffff888105847940) [ 25.281322] [ 25.281562] The buggy address belongs to the physical page: [ 25.282031] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105847 [ 25.282390] flags: 0x200000000000000(node=0|zone=2) [ 25.282783] page_type: f5(slab) [ 25.283093] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.283424] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.284152] page dumped because: kasan: bad access detected [ 25.284769] [ 25.284867] Memory state around the buggy address: [ 25.285076] ffff888105847800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.285369] ffff888105847880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.285654] >ffff888105847900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.285946] ^ [ 25.286169] ffff888105847980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.286456] ffff888105847a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.287194] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.229891] ================================================================== [ 25.230333] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 25.230661] Read of size 18446744073709551614 at addr ffff888105847884 by task kunit_try_catch/228 [ 25.231088] [ 25.231200] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.231249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.231261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.231282] Call Trace: [ 25.231294] <TASK> [ 25.231312] dump_stack_lvl+0x73/0xb0 [ 25.231339] print_report+0xd1/0x610 [ 25.231361] ? __virt_addr_valid+0x1db/0x2d0 [ 25.231385] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.231409] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.231434] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.231611] kasan_report+0x141/0x180 [ 25.231643] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.231672] kasan_check_range+0x10c/0x1c0 [ 25.231695] __asan_memmove+0x27/0x70 [ 25.231729] kmalloc_memmove_negative_size+0x171/0x330 [ 25.231754] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.231836] ? __schedule+0x10cc/0x2b60 [ 25.231864] ? __pfx_read_tsc+0x10/0x10 [ 25.231886] ? ktime_get_ts64+0x86/0x230 [ 25.231910] kunit_try_run_case+0x1a5/0x480 [ 25.231932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.231952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.231974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.231997] ? __kthread_parkme+0x82/0x180 [ 25.232017] ? preempt_count_sub+0x50/0x80 [ 25.232041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.232062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.232086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.232110] kthread+0x337/0x6f0 [ 25.232130] ? trace_preempt_on+0x20/0xc0 [ 25.232152] ? __pfx_kthread+0x10/0x10 [ 25.232174] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.232195] ? calculate_sigpending+0x7b/0xa0 [ 25.232218] ? __pfx_kthread+0x10/0x10 [ 25.232239] ret_from_fork+0x116/0x1d0 [ 25.232259] ? __pfx_kthread+0x10/0x10 [ 25.232279] ret_from_fork_asm+0x1a/0x30 [ 25.232310] </TASK> [ 25.232322] [ 25.241507] Allocated by task 228: [ 25.241723] kasan_save_stack+0x45/0x70 [ 25.243264] kasan_save_track+0x18/0x40 [ 25.243499] kasan_save_alloc_info+0x3b/0x50 [ 25.243664] __kasan_kmalloc+0xb7/0xc0 [ 25.243871] __kmalloc_cache_noprof+0x189/0x420 [ 25.244105] kmalloc_memmove_negative_size+0xac/0x330 [ 25.244342] kunit_try_run_case+0x1a5/0x480 [ 25.244533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.246288] kthread+0x337/0x6f0 [ 25.246765] ret_from_fork+0x116/0x1d0 [ 25.247292] ret_from_fork_asm+0x1a/0x30 [ 25.248260] [ 25.248631] The buggy address belongs to the object at ffff888105847880 [ 25.248631] which belongs to the cache kmalloc-64 of size 64 [ 25.249738] The buggy address is located 4 bytes inside of [ 25.249738] 64-byte region [ffff888105847880, ffff8881058478c0) [ 25.250757] [ 25.250938] The buggy address belongs to the physical page: [ 25.251289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105847 [ 25.251745] flags: 0x200000000000000(node=0|zone=2) [ 25.252236] page_type: f5(slab) [ 25.252441] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.252988] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.253337] page dumped because: kasan: bad access detected [ 25.253739] [ 25.253912] Memory state around the buggy address: [ 25.254303] ffff888105847780: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 25.254822] ffff888105847800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.255145] >ffff888105847880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.255422] ^ [ 25.255613] ffff888105847900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.256012] ffff888105847980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.256276] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.207425] ================================================================== [ 25.208104] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 25.208463] Write of size 16 at addr ffff888105182c69 by task kunit_try_catch/226 [ 25.208727] [ 25.208822] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.208873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.208884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.208906] Call Trace: [ 25.208920] <TASK> [ 25.208939] dump_stack_lvl+0x73/0xb0 [ 25.209034] print_report+0xd1/0x610 [ 25.209061] ? __virt_addr_valid+0x1db/0x2d0 [ 25.209086] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.209107] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.209132] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.209153] kasan_report+0x141/0x180 [ 25.209174] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.209200] kasan_check_range+0x10c/0x1c0 [ 25.209222] __asan_memset+0x27/0x50 [ 25.209245] kmalloc_oob_memset_16+0x166/0x330 [ 25.209267] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.209289] ? __schedule+0x10cc/0x2b60 [ 25.209314] ? __pfx_read_tsc+0x10/0x10 [ 25.209336] ? ktime_get_ts64+0x86/0x230 [ 25.209361] kunit_try_run_case+0x1a5/0x480 [ 25.209383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209405] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.209429] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.209451] ? __kthread_parkme+0x82/0x180 [ 25.209472] ? preempt_count_sub+0x50/0x80 [ 25.209517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.209538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.209562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.209586] kthread+0x337/0x6f0 [ 25.209606] ? trace_preempt_on+0x20/0xc0 [ 25.209629] ? __pfx_kthread+0x10/0x10 [ 25.209649] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.209669] ? calculate_sigpending+0x7b/0xa0 [ 25.209693] ? __pfx_kthread+0x10/0x10 [ 25.209722] ret_from_fork+0x116/0x1d0 [ 25.209740] ? __pfx_kthread+0x10/0x10 [ 25.209760] ret_from_fork_asm+0x1a/0x30 [ 25.209959] </TASK> [ 25.209972] [ 25.217267] Allocated by task 226: [ 25.217396] kasan_save_stack+0x45/0x70 [ 25.217566] kasan_save_track+0x18/0x40 [ 25.217725] kasan_save_alloc_info+0x3b/0x50 [ 25.217997] __kasan_kmalloc+0xb7/0xc0 [ 25.218188] __kmalloc_cache_noprof+0x189/0x420 [ 25.218411] kmalloc_oob_memset_16+0xac/0x330 [ 25.218648] kunit_try_run_case+0x1a5/0x480 [ 25.218873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.219121] kthread+0x337/0x6f0 [ 25.219258] ret_from_fork+0x116/0x1d0 [ 25.219426] ret_from_fork_asm+0x1a/0x30 [ 25.219592] [ 25.219657] The buggy address belongs to the object at ffff888105182c00 [ 25.219657] which belongs to the cache kmalloc-128 of size 128 [ 25.220191] The buggy address is located 105 bytes inside of [ 25.220191] allocated 120-byte region [ffff888105182c00, ffff888105182c78) [ 25.220674] [ 25.220992] The buggy address belongs to the physical page: [ 25.221234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 25.221593] flags: 0x200000000000000(node=0|zone=2) [ 25.221834] page_type: f5(slab) [ 25.221965] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.222210] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.222568] page dumped because: kasan: bad access detected [ 25.222904] [ 25.223001] Memory state around the buggy address: [ 25.223227] ffff888105182b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.223560] ffff888105182b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.223918] >ffff888105182c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.224212] ^ [ 25.224459] ffff888105182c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.224689] ffff888105182d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.225213] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.175919] ================================================================== [ 25.176360] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 25.177101] Write of size 8 at addr ffff88810583a671 by task kunit_try_catch/224 [ 25.177848] [ 25.178031] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.178082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.178112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.178135] Call Trace: [ 25.178148] <TASK> [ 25.178166] dump_stack_lvl+0x73/0xb0 [ 25.178198] print_report+0xd1/0x610 [ 25.178222] ? __virt_addr_valid+0x1db/0x2d0 [ 25.178247] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.178268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.178293] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.178315] kasan_report+0x141/0x180 [ 25.178337] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.178363] kasan_check_range+0x10c/0x1c0 [ 25.178386] __asan_memset+0x27/0x50 [ 25.178409] kmalloc_oob_memset_8+0x166/0x330 [ 25.178431] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.178453] ? __schedule+0x10cc/0x2b60 [ 25.178483] ? __pfx_read_tsc+0x10/0x10 [ 25.178505] ? ktime_get_ts64+0x86/0x230 [ 25.178531] kunit_try_run_case+0x1a5/0x480 [ 25.178554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.178574] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.178596] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.178618] ? __kthread_parkme+0x82/0x180 [ 25.178639] ? preempt_count_sub+0x50/0x80 [ 25.178662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.178683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.178717] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.178741] kthread+0x337/0x6f0 [ 25.178760] ? trace_preempt_on+0x20/0xc0 [ 25.178783] ? __pfx_kthread+0x10/0x10 [ 25.178803] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.178824] ? calculate_sigpending+0x7b/0xa0 [ 25.178848] ? __pfx_kthread+0x10/0x10 [ 25.178934] ret_from_fork+0x116/0x1d0 [ 25.178967] ? __pfx_kthread+0x10/0x10 [ 25.178990] ret_from_fork_asm+0x1a/0x30 [ 25.179021] </TASK> [ 25.179033] [ 25.190242] Allocated by task 224: [ 25.190681] kasan_save_stack+0x45/0x70 [ 25.191161] kasan_save_track+0x18/0x40 [ 25.191530] kasan_save_alloc_info+0x3b/0x50 [ 25.191898] __kasan_kmalloc+0xb7/0xc0 [ 25.192252] __kmalloc_cache_noprof+0x189/0x420 [ 25.192402] kmalloc_oob_memset_8+0xac/0x330 [ 25.192557] kunit_try_run_case+0x1a5/0x480 [ 25.192974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.193524] kthread+0x337/0x6f0 [ 25.193902] ret_from_fork+0x116/0x1d0 [ 25.194065] ret_from_fork_asm+0x1a/0x30 [ 25.194311] [ 25.194486] The buggy address belongs to the object at ffff88810583a600 [ 25.194486] which belongs to the cache kmalloc-128 of size 128 [ 25.195603] The buggy address is located 113 bytes inside of [ 25.195603] allocated 120-byte region [ffff88810583a600, ffff88810583a678) [ 25.196527] [ 25.196601] The buggy address belongs to the physical page: [ 25.196778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a [ 25.197517] flags: 0x200000000000000(node=0|zone=2) [ 25.198019] page_type: f5(slab) [ 25.198379] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.198913] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.199570] page dumped because: kasan: bad access detected [ 25.199750] [ 25.199856] Memory state around the buggy address: [ 25.200626] ffff88810583a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.201407] ffff88810583a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.202081] >ffff88810583a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.202725] ^ [ 25.203230] ffff88810583a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.203867] ffff88810583a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.204319] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.147362] ================================================================== [ 25.148473] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 25.149271] Write of size 4 at addr ffff888105182b75 by task kunit_try_catch/222 [ 25.149690] [ 25.149907] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.149960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.149973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.149994] Call Trace: [ 25.150007] <TASK> [ 25.150065] dump_stack_lvl+0x73/0xb0 [ 25.150121] print_report+0xd1/0x610 [ 25.150145] ? __virt_addr_valid+0x1db/0x2d0 [ 25.150169] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.150190] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.150215] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.150236] kasan_report+0x141/0x180 [ 25.150258] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.150283] kasan_check_range+0x10c/0x1c0 [ 25.150306] __asan_memset+0x27/0x50 [ 25.150329] kmalloc_oob_memset_4+0x166/0x330 [ 25.150351] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.150373] ? __schedule+0x10cc/0x2b60 [ 25.150395] ? __pfx_read_tsc+0x10/0x10 [ 25.150416] ? ktime_get_ts64+0x86/0x230 [ 25.150441] kunit_try_run_case+0x1a5/0x480 [ 25.150464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.150484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.150517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.150540] ? __kthread_parkme+0x82/0x180 [ 25.150560] ? preempt_count_sub+0x50/0x80 [ 25.150584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.150605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.150629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.150654] kthread+0x337/0x6f0 [ 25.150673] ? trace_preempt_on+0x20/0xc0 [ 25.150696] ? __pfx_kthread+0x10/0x10 [ 25.150731] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.150752] ? calculate_sigpending+0x7b/0xa0 [ 25.150827] ? __pfx_kthread+0x10/0x10 [ 25.150852] ret_from_fork+0x116/0x1d0 [ 25.150871] ? __pfx_kthread+0x10/0x10 [ 25.150892] ret_from_fork_asm+0x1a/0x30 [ 25.150922] </TASK> [ 25.150935] [ 25.159668] Allocated by task 222: [ 25.159811] kasan_save_stack+0x45/0x70 [ 25.160994] kasan_save_track+0x18/0x40 [ 25.161569] kasan_save_alloc_info+0x3b/0x50 [ 25.162211] __kasan_kmalloc+0xb7/0xc0 [ 25.162391] __kmalloc_cache_noprof+0x189/0x420 [ 25.162557] kmalloc_oob_memset_4+0xac/0x330 [ 25.162711] kunit_try_run_case+0x1a5/0x480 [ 25.162851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.163107] kthread+0x337/0x6f0 [ 25.163234] ret_from_fork+0x116/0x1d0 [ 25.163361] ret_from_fork_asm+0x1a/0x30 [ 25.163495] [ 25.163562] The buggy address belongs to the object at ffff888105182b00 [ 25.163562] which belongs to the cache kmalloc-128 of size 128 [ 25.164112] The buggy address is located 117 bytes inside of [ 25.164112] allocated 120-byte region [ffff888105182b00, ffff888105182b78) [ 25.165049] [ 25.165128] The buggy address belongs to the physical page: [ 25.165301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 25.165547] flags: 0x200000000000000(node=0|zone=2) [ 25.165741] page_type: f5(slab) [ 25.165910] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.166298] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.166656] page dumped because: kasan: bad access detected [ 25.166975] [ 25.167044] Memory state around the buggy address: [ 25.167266] ffff888105182a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.167839] ffff888105182a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.168086] >ffff888105182b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.168374] ^ [ 25.169338] ffff888105182b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.170254] ffff888105182c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.170765] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 25.112556] ================================================================== [ 25.113261] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 25.113609] Write of size 2 at addr ffff888105182a77 by task kunit_try_catch/220 [ 25.114879] [ 25.115220] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.115274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.115287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.115309] Call Trace: [ 25.115324] <TASK> [ 25.115342] dump_stack_lvl+0x73/0xb0 [ 25.115499] print_report+0xd1/0x610 [ 25.115528] ? __virt_addr_valid+0x1db/0x2d0 [ 25.115553] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.115574] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.115600] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.115622] kasan_report+0x141/0x180 [ 25.115643] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.115669] kasan_check_range+0x10c/0x1c0 [ 25.115692] __asan_memset+0x27/0x50 [ 25.115727] kmalloc_oob_memset_2+0x166/0x330 [ 25.115749] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.115810] ? __schedule+0x10cc/0x2b60 [ 25.115836] ? __pfx_read_tsc+0x10/0x10 [ 25.115865] ? ktime_get_ts64+0x86/0x230 [ 25.115892] kunit_try_run_case+0x1a5/0x480 [ 25.115916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.115936] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.115959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.115982] ? __kthread_parkme+0x82/0x180 [ 25.116002] ? preempt_count_sub+0x50/0x80 [ 25.116025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.116046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.116071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.116096] kthread+0x337/0x6f0 [ 25.116115] ? trace_preempt_on+0x20/0xc0 [ 25.116137] ? __pfx_kthread+0x10/0x10 [ 25.116158] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.116179] ? calculate_sigpending+0x7b/0xa0 [ 25.116202] ? __pfx_kthread+0x10/0x10 [ 25.116223] ret_from_fork+0x116/0x1d0 [ 25.116242] ? __pfx_kthread+0x10/0x10 [ 25.116262] ret_from_fork_asm+0x1a/0x30 [ 25.116293] </TASK> [ 25.116305] [ 25.130840] Allocated by task 220: [ 25.130998] kasan_save_stack+0x45/0x70 [ 25.131384] kasan_save_track+0x18/0x40 [ 25.131564] kasan_save_alloc_info+0x3b/0x50 [ 25.132036] __kasan_kmalloc+0xb7/0xc0 [ 25.132185] __kmalloc_cache_noprof+0x189/0x420 [ 25.132337] kmalloc_oob_memset_2+0xac/0x330 [ 25.132476] kunit_try_run_case+0x1a5/0x480 [ 25.132900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.133432] kthread+0x337/0x6f0 [ 25.133807] ret_from_fork+0x116/0x1d0 [ 25.134229] ret_from_fork_asm+0x1a/0x30 [ 25.134581] [ 25.134762] The buggy address belongs to the object at ffff888105182a00 [ 25.134762] which belongs to the cache kmalloc-128 of size 128 [ 25.135553] The buggy address is located 119 bytes inside of [ 25.135553] allocated 120-byte region [ffff888105182a00, ffff888105182a78) [ 25.136143] [ 25.136216] The buggy address belongs to the physical page: [ 25.136385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 25.136978] flags: 0x200000000000000(node=0|zone=2) [ 25.137461] page_type: f5(slab) [ 25.137948] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.138612] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.139544] page dumped because: kasan: bad access detected [ 25.140143] [ 25.140219] Memory state around the buggy address: [ 25.140367] ffff888105182900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.140771] ffff888105182980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.141510] >ffff888105182a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.142172] ^ [ 25.142713] ffff888105182a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.143128] ffff888105182b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.143911] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 25.079242] ================================================================== [ 25.079615] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 25.080546] Write of size 128 at addr ffff888105182900 by task kunit_try_catch/218 [ 25.081618] [ 25.082003] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.082061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.082074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.082097] Call Trace: [ 25.082112] <TASK> [ 25.082132] dump_stack_lvl+0x73/0xb0 [ 25.082165] print_report+0xd1/0x610 [ 25.082190] ? __virt_addr_valid+0x1db/0x2d0 [ 25.082216] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.082239] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.082265] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.082288] kasan_report+0x141/0x180 [ 25.082311] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.082338] kasan_check_range+0x10c/0x1c0 [ 25.082362] __asan_memset+0x27/0x50 [ 25.082386] kmalloc_oob_in_memset+0x15f/0x320 [ 25.082409] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 25.082433] ? __schedule+0x10cc/0x2b60 [ 25.082457] ? __pfx_read_tsc+0x10/0x10 [ 25.082479] ? ktime_get_ts64+0x86/0x230 [ 25.082684] kunit_try_run_case+0x1a5/0x480 [ 25.082735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.082757] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.082831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.082859] ? __kthread_parkme+0x82/0x180 [ 25.082881] ? preempt_count_sub+0x50/0x80 [ 25.082906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.082929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.082955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.082981] kthread+0x337/0x6f0 [ 25.083001] ? trace_preempt_on+0x20/0xc0 [ 25.083026] ? __pfx_kthread+0x10/0x10 [ 25.083048] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.083070] ? calculate_sigpending+0x7b/0xa0 [ 25.083096] ? __pfx_kthread+0x10/0x10 [ 25.083118] ret_from_fork+0x116/0x1d0 [ 25.083137] ? __pfx_kthread+0x10/0x10 [ 25.083158] ret_from_fork_asm+0x1a/0x30 [ 25.083191] </TASK> [ 25.083203] [ 25.095478] Allocated by task 218: [ 25.095807] kasan_save_stack+0x45/0x70 [ 25.096270] kasan_save_track+0x18/0x40 [ 25.096459] kasan_save_alloc_info+0x3b/0x50 [ 25.096897] __kasan_kmalloc+0xb7/0xc0 [ 25.097244] __kmalloc_cache_noprof+0x189/0x420 [ 25.097598] kmalloc_oob_in_memset+0xac/0x320 [ 25.097761] kunit_try_run_case+0x1a5/0x480 [ 25.098326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.098927] kthread+0x337/0x6f0 [ 25.099179] ret_from_fork+0x116/0x1d0 [ 25.099312] ret_from_fork_asm+0x1a/0x30 [ 25.099450] [ 25.099562] The buggy address belongs to the object at ffff888105182900 [ 25.099562] which belongs to the cache kmalloc-128 of size 128 [ 25.100936] The buggy address is located 0 bytes inside of [ 25.100936] allocated 120-byte region [ffff888105182900, ffff888105182978) [ 25.101906] [ 25.102090] The buggy address belongs to the physical page: [ 25.102607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 25.103237] flags: 0x200000000000000(node=0|zone=2) [ 25.103406] page_type: f5(slab) [ 25.103546] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.104370] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.105266] page dumped because: kasan: bad access detected [ 25.105752] [ 25.106056] Memory state around the buggy address: [ 25.106275] ffff888105182800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.106489] ffff888105182880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.107217] >ffff888105182900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.108008] ^ [ 25.108459] ffff888105182980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.109175] ffff888105182a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.109670] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 25.045035] ================================================================== [ 25.046170] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 25.046853] Read of size 16 at addr ffff888103cd6760 by task kunit_try_catch/216 [ 25.047166] [ 25.047281] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.047333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.047345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.047366] Call Trace: [ 25.047380] <TASK> [ 25.047399] dump_stack_lvl+0x73/0xb0 [ 25.047429] print_report+0xd1/0x610 [ 25.047453] ? __virt_addr_valid+0x1db/0x2d0 [ 25.047478] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.047774] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.047819] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.047841] kasan_report+0x141/0x180 [ 25.047869] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.047927] __asan_report_load16_noabort+0x18/0x20 [ 25.047953] kmalloc_uaf_16+0x47b/0x4c0 [ 25.047974] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 25.047995] ? __schedule+0x10cc/0x2b60 [ 25.048020] ? __pfx_read_tsc+0x10/0x10 [ 25.048042] ? ktime_get_ts64+0x86/0x230 [ 25.048067] kunit_try_run_case+0x1a5/0x480 [ 25.048089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.048109] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.048132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.048155] ? __kthread_parkme+0x82/0x180 [ 25.048175] ? preempt_count_sub+0x50/0x80 [ 25.048200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.048221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.048246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.048270] kthread+0x337/0x6f0 [ 25.048290] ? trace_preempt_on+0x20/0xc0 [ 25.048314] ? __pfx_kthread+0x10/0x10 [ 25.048334] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.048355] ? calculate_sigpending+0x7b/0xa0 [ 25.048379] ? __pfx_kthread+0x10/0x10 [ 25.048400] ret_from_fork+0x116/0x1d0 [ 25.048419] ? __pfx_kthread+0x10/0x10 [ 25.048439] ret_from_fork_asm+0x1a/0x30 [ 25.048469] </TASK> [ 25.048482] [ 25.059519] Allocated by task 216: [ 25.059889] kasan_save_stack+0x45/0x70 [ 25.060179] kasan_save_track+0x18/0x40 [ 25.060355] kasan_save_alloc_info+0x3b/0x50 [ 25.060761] __kasan_kmalloc+0xb7/0xc0 [ 25.061138] __kmalloc_cache_noprof+0x189/0x420 [ 25.061359] kmalloc_uaf_16+0x15b/0x4c0 [ 25.061869] kunit_try_run_case+0x1a5/0x480 [ 25.062064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.062303] kthread+0x337/0x6f0 [ 25.062462] ret_from_fork+0x116/0x1d0 [ 25.062991] ret_from_fork_asm+0x1a/0x30 [ 25.063261] [ 25.063356] Freed by task 216: [ 25.063683] kasan_save_stack+0x45/0x70 [ 25.063964] kasan_save_track+0x18/0x40 [ 25.064144] kasan_save_free_info+0x3f/0x60 [ 25.064324] __kasan_slab_free+0x56/0x70 [ 25.064746] kfree+0x222/0x3f0 [ 25.065067] kmalloc_uaf_16+0x1d6/0x4c0 [ 25.065437] kunit_try_run_case+0x1a5/0x480 [ 25.065849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.066100] kthread+0x337/0x6f0 [ 25.066258] ret_from_fork+0x116/0x1d0 [ 25.066430] ret_from_fork_asm+0x1a/0x30 [ 25.066997] [ 25.067093] The buggy address belongs to the object at ffff888103cd6760 [ 25.067093] which belongs to the cache kmalloc-16 of size 16 [ 25.068031] The buggy address is located 0 bytes inside of [ 25.068031] freed 16-byte region [ffff888103cd6760, ffff888103cd6770) [ 25.068775] [ 25.069028] The buggy address belongs to the physical page: [ 25.069381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cd6 [ 25.070211] flags: 0x200000000000000(node=0|zone=2) [ 25.070436] page_type: f5(slab) [ 25.070755] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.071415] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.072070] page dumped because: kasan: bad access detected [ 25.072432] [ 25.072540] Memory state around the buggy address: [ 25.072952] ffff888103cd6600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.073416] ffff888103cd6680: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 25.074048] >ffff888103cd6700: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 25.074714] ^ [ 25.075205] ffff888103cd6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.075668] ffff888103cd6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.076105] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 25.014614] ================================================================== [ 25.016453] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 25.017425] Write of size 16 at addr ffff888103cd6700 by task kunit_try_catch/214 [ 25.018439] [ 25.018930] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 25.019024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.019037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.019060] Call Trace: [ 25.019075] <TASK> [ 25.019095] dump_stack_lvl+0x73/0xb0 [ 25.019126] print_report+0xd1/0x610 [ 25.019151] ? __virt_addr_valid+0x1db/0x2d0 [ 25.019176] ? kmalloc_oob_16+0x452/0x4a0 [ 25.019196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.019221] ? kmalloc_oob_16+0x452/0x4a0 [ 25.019241] kasan_report+0x141/0x180 [ 25.019364] ? kmalloc_oob_16+0x452/0x4a0 [ 25.019389] __asan_report_store16_noabort+0x1b/0x30 [ 25.019413] kmalloc_oob_16+0x452/0x4a0 [ 25.019433] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 25.019455] ? __schedule+0x10cc/0x2b60 [ 25.019478] ? __pfx_read_tsc+0x10/0x10 [ 25.019509] ? ktime_get_ts64+0x86/0x230 [ 25.019533] kunit_try_run_case+0x1a5/0x480 [ 25.019555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.019575] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.019598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.019620] ? __kthread_parkme+0x82/0x180 [ 25.019641] ? preempt_count_sub+0x50/0x80 [ 25.019665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.019686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.019723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.019747] kthread+0x337/0x6f0 [ 25.019766] ? trace_preempt_on+0x20/0xc0 [ 25.019805] ? __pfx_kthread+0x10/0x10 [ 25.019826] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.019852] ? calculate_sigpending+0x7b/0xa0 [ 25.019876] ? __pfx_kthread+0x10/0x10 [ 25.019897] ret_from_fork+0x116/0x1d0 [ 25.019916] ? __pfx_kthread+0x10/0x10 [ 25.019936] ret_from_fork_asm+0x1a/0x30 [ 25.019966] </TASK> [ 25.019978] [ 25.030573] Allocated by task 214: [ 25.030803] kasan_save_stack+0x45/0x70 [ 25.031210] kasan_save_track+0x18/0x40 [ 25.031386] kasan_save_alloc_info+0x3b/0x50 [ 25.031543] __kasan_kmalloc+0xb7/0xc0 [ 25.031978] __kmalloc_cache_noprof+0x189/0x420 [ 25.032286] kmalloc_oob_16+0xa8/0x4a0 [ 25.032473] kunit_try_run_case+0x1a5/0x480 [ 25.033001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.033283] kthread+0x337/0x6f0 [ 25.033585] ret_from_fork+0x116/0x1d0 [ 25.033872] ret_from_fork_asm+0x1a/0x30 [ 25.034177] [ 25.034295] The buggy address belongs to the object at ffff888103cd6700 [ 25.034295] which belongs to the cache kmalloc-16 of size 16 [ 25.035103] The buggy address is located 0 bytes inside of [ 25.035103] allocated 13-byte region [ffff888103cd6700, ffff888103cd670d) [ 25.035944] [ 25.036044] The buggy address belongs to the physical page: [ 25.036272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cd6 [ 25.036908] flags: 0x200000000000000(node=0|zone=2) [ 25.037255] page_type: f5(slab) [ 25.037443] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.037985] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.038315] page dumped because: kasan: bad access detected [ 25.038797] [ 25.039050] Memory state around the buggy address: [ 25.039342] ffff888103cd6600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.039789] ffff888103cd6680: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 25.040135] >ffff888103cd6700: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.040440] ^ [ 25.040921] ffff888103cd6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.041206] ffff888103cd6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.041503] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 24.959730] ================================================================== [ 24.960210] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 24.960521] Read of size 1 at addr ffff888100a1c200 by task kunit_try_catch/212 [ 24.961079] [ 24.961198] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.961249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.961261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.961283] Call Trace: [ 24.961296] <TASK> [ 24.961314] dump_stack_lvl+0x73/0xb0 [ 24.961347] print_report+0xd1/0x610 [ 24.961370] ? __virt_addr_valid+0x1db/0x2d0 [ 24.961395] ? krealloc_uaf+0x1b8/0x5e0 [ 24.961416] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.961441] ? krealloc_uaf+0x1b8/0x5e0 [ 24.961462] kasan_report+0x141/0x180 [ 24.961513] ? krealloc_uaf+0x1b8/0x5e0 [ 24.961537] ? krealloc_uaf+0x1b8/0x5e0 [ 24.961558] __kasan_check_byte+0x3d/0x50 [ 24.961579] krealloc_noprof+0x3f/0x340 [ 24.961606] krealloc_uaf+0x1b8/0x5e0 [ 24.961627] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.961647] ? finish_task_switch.isra.0+0x153/0x700 [ 24.961670] ? __switch_to+0x47/0xf80 [ 24.961696] ? __schedule+0x10cc/0x2b60 [ 24.961730] ? __pfx_read_tsc+0x10/0x10 [ 24.961752] ? ktime_get_ts64+0x86/0x230 [ 24.961807] kunit_try_run_case+0x1a5/0x480 [ 24.961830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.961850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.961872] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.961895] ? __kthread_parkme+0x82/0x180 [ 24.961915] ? preempt_count_sub+0x50/0x80 [ 24.961937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.961958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.961983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.962008] kthread+0x337/0x6f0 [ 24.962028] ? trace_preempt_on+0x20/0xc0 [ 24.962051] ? __pfx_kthread+0x10/0x10 [ 24.962072] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.962093] ? calculate_sigpending+0x7b/0xa0 [ 24.962116] ? __pfx_kthread+0x10/0x10 [ 24.962137] ret_from_fork+0x116/0x1d0 [ 24.962156] ? __pfx_kthread+0x10/0x10 [ 24.962177] ret_from_fork_asm+0x1a/0x30 [ 24.962208] </TASK> [ 24.962220] [ 24.970026] Allocated by task 212: [ 24.970163] kasan_save_stack+0x45/0x70 [ 24.970307] kasan_save_track+0x18/0x40 [ 24.970508] kasan_save_alloc_info+0x3b/0x50 [ 24.970729] __kasan_kmalloc+0xb7/0xc0 [ 24.970911] __kmalloc_cache_noprof+0x189/0x420 [ 24.971123] krealloc_uaf+0xbb/0x5e0 [ 24.971278] kunit_try_run_case+0x1a5/0x480 [ 24.971468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.971671] kthread+0x337/0x6f0 [ 24.972101] ret_from_fork+0x116/0x1d0 [ 24.972294] ret_from_fork_asm+0x1a/0x30 [ 24.972450] [ 24.972549] Freed by task 212: [ 24.972670] kasan_save_stack+0x45/0x70 [ 24.972966] kasan_save_track+0x18/0x40 [ 24.973155] kasan_save_free_info+0x3f/0x60 [ 24.973330] __kasan_slab_free+0x56/0x70 [ 24.973519] kfree+0x222/0x3f0 [ 24.973661] krealloc_uaf+0x13d/0x5e0 [ 24.973912] kunit_try_run_case+0x1a5/0x480 [ 24.974066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.974240] kthread+0x337/0x6f0 [ 24.974355] ret_from_fork+0x116/0x1d0 [ 24.974481] ret_from_fork_asm+0x1a/0x30 [ 24.974707] [ 24.974873] The buggy address belongs to the object at ffff888100a1c200 [ 24.974873] which belongs to the cache kmalloc-256 of size 256 [ 24.975463] The buggy address is located 0 bytes inside of [ 24.975463] freed 256-byte region [ffff888100a1c200, ffff888100a1c300) [ 24.976158] [ 24.976264] The buggy address belongs to the physical page: [ 24.976552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 24.976927] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.977247] anon flags: 0x200000000000040(head|node=0|zone=2) [ 24.977443] page_type: f5(slab) [ 24.977563] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 24.978938] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.979299] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 24.981315] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.981587] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 24.982778] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.983409] page dumped because: kasan: bad access detected [ 24.983591] [ 24.983661] Memory state around the buggy address: [ 24.984543] ffff888100a1c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.984989] ffff888100a1c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.985321] >ffff888100a1c200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.985633] ^ [ 24.986004] ffff888100a1c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.986241] ffff888100a1c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.986515] ================================================================== [ 24.987150] ================================================================== [ 24.987450] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 24.988725] Read of size 1 at addr ffff888100a1c200 by task kunit_try_catch/212 [ 24.989108] [ 24.989213] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.989263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.989275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.989296] Call Trace: [ 24.989315] <TASK> [ 24.989332] dump_stack_lvl+0x73/0xb0 [ 24.989361] print_report+0xd1/0x610 [ 24.989385] ? __virt_addr_valid+0x1db/0x2d0 [ 24.989410] ? krealloc_uaf+0x53c/0x5e0 [ 24.989430] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.989455] ? krealloc_uaf+0x53c/0x5e0 [ 24.989476] kasan_report+0x141/0x180 [ 24.989497] ? krealloc_uaf+0x53c/0x5e0 [ 24.989543] __asan_report_load1_noabort+0x18/0x20 [ 24.989567] krealloc_uaf+0x53c/0x5e0 [ 24.989588] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.989608] ? finish_task_switch.isra.0+0x153/0x700 [ 24.989629] ? __switch_to+0x47/0xf80 [ 24.989655] ? __schedule+0x10cc/0x2b60 [ 24.989677] ? __pfx_read_tsc+0x10/0x10 [ 24.989712] ? ktime_get_ts64+0x86/0x230 [ 24.989736] kunit_try_run_case+0x1a5/0x480 [ 24.989758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.989967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.989993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.990016] ? __kthread_parkme+0x82/0x180 [ 24.990037] ? preempt_count_sub+0x50/0x80 [ 24.990060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.990082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.990108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.990133] kthread+0x337/0x6f0 [ 24.990152] ? trace_preempt_on+0x20/0xc0 [ 24.990175] ? __pfx_kthread+0x10/0x10 [ 24.990195] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.990216] ? calculate_sigpending+0x7b/0xa0 [ 24.990239] ? __pfx_kthread+0x10/0x10 [ 24.990260] ret_from_fork+0x116/0x1d0 [ 24.990280] ? __pfx_kthread+0x10/0x10 [ 24.990300] ret_from_fork_asm+0x1a/0x30 [ 24.990331] </TASK> [ 24.990343] [ 24.997610] Allocated by task 212: [ 24.997746] kasan_save_stack+0x45/0x70 [ 24.998109] kasan_save_track+0x18/0x40 [ 24.998300] kasan_save_alloc_info+0x3b/0x50 [ 24.998505] __kasan_kmalloc+0xb7/0xc0 [ 24.998723] __kmalloc_cache_noprof+0x189/0x420 [ 24.999293] krealloc_uaf+0xbb/0x5e0 [ 24.999488] kunit_try_run_case+0x1a5/0x480 [ 24.999720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.000030] kthread+0x337/0x6f0 [ 25.000200] ret_from_fork+0x116/0x1d0 [ 25.000356] ret_from_fork_asm+0x1a/0x30 [ 25.000576] [ 25.000653] Freed by task 212: [ 25.000877] kasan_save_stack+0x45/0x70 [ 25.001037] kasan_save_track+0x18/0x40 [ 25.001222] kasan_save_free_info+0x3f/0x60 [ 25.001396] __kasan_slab_free+0x56/0x70 [ 25.001608] kfree+0x222/0x3f0 [ 25.001757] krealloc_uaf+0x13d/0x5e0 [ 25.002140] kunit_try_run_case+0x1a5/0x480 [ 25.002316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.002528] kthread+0x337/0x6f0 [ 25.002713] ret_from_fork+0x116/0x1d0 [ 25.002888] ret_from_fork_asm+0x1a/0x30 [ 25.003063] [ 25.003156] The buggy address belongs to the object at ffff888100a1c200 [ 25.003156] which belongs to the cache kmalloc-256 of size 256 [ 25.003638] The buggy address is located 0 bytes inside of [ 25.003638] freed 256-byte region [ffff888100a1c200, ffff888100a1c300) [ 25.004090] [ 25.004183] The buggy address belongs to the physical page: [ 25.004411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 25.004869] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.005219] anon flags: 0x200000000000040(head|node=0|zone=2) [ 25.005519] page_type: f5(slab) [ 25.005670] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 25.006161] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.006407] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 25.006668] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.007101] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 25.007443] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.007880] page dumped because: kasan: bad access detected [ 25.008131] [ 25.008218] Memory state around the buggy address: [ 25.008381] ffff888100a1c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.008620] ffff888100a1c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.009015] >ffff888100a1c200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.009332] ^ [ 25.009475] ffff888100a1c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.009748] ffff888100a1c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.010189] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 24.938864] ================================================================== [ 24.939187] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.939558] Write of size 1 at addr ffff8881060de0eb by task kunit_try_catch/210 [ 24.940049] [ 24.940167] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.940214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.940225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.940245] Call Trace: [ 24.940260] <TASK> [ 24.940275] dump_stack_lvl+0x73/0xb0 [ 24.940302] print_report+0xd1/0x610 [ 24.940324] ? __virt_addr_valid+0x1db/0x2d0 [ 24.940347] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.940370] ? kasan_addr_to_slab+0x11/0xa0 [ 24.940390] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.940414] kasan_report+0x141/0x180 [ 24.940435] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.940463] __asan_report_store1_noabort+0x1b/0x30 [ 24.940487] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.940512] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.940535] ? finish_task_switch.isra.0+0x153/0x700 [ 24.940556] ? __switch_to+0x47/0xf80 [ 24.940581] ? __schedule+0x10cc/0x2b60 [ 24.940625] ? __pfx_read_tsc+0x10/0x10 [ 24.940650] krealloc_large_less_oob+0x1c/0x30 [ 24.940672] kunit_try_run_case+0x1a5/0x480 [ 24.940694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.940724] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.940746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.940835] ? __kthread_parkme+0x82/0x180 [ 24.940859] ? preempt_count_sub+0x50/0x80 [ 24.940881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.940903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.940928] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.940952] kthread+0x337/0x6f0 [ 24.940972] ? trace_preempt_on+0x20/0xc0 [ 24.940994] ? __pfx_kthread+0x10/0x10 [ 24.941015] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.941036] ? calculate_sigpending+0x7b/0xa0 [ 24.941059] ? __pfx_kthread+0x10/0x10 [ 24.941080] ret_from_fork+0x116/0x1d0 [ 24.941098] ? __pfx_kthread+0x10/0x10 [ 24.941119] ret_from_fork_asm+0x1a/0x30 [ 24.941149] </TASK> [ 24.941160] [ 24.948578] The buggy address belongs to the physical page: [ 24.948825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.949086] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.949416] flags: 0x200000000000040(head|node=0|zone=2) [ 24.949647] page_type: f8(unknown) [ 24.949916] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.950200] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.950524] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.951036] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.951284] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.951542] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.952742] page dumped because: kasan: bad access detected [ 24.953716] [ 24.953855] Memory state around the buggy address: [ 24.954090] ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.954416] ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.954760] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.955074] ^ [ 24.955344] ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.955638] ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.956046] ================================================================== [ 24.796572] ================================================================== [ 24.796916] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.797224] Write of size 1 at addr ffff8881049906eb by task kunit_try_catch/206 [ 24.797569] [ 24.797651] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.797697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.797719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.797739] Call Trace: [ 24.797755] <TASK> [ 24.797836] dump_stack_lvl+0x73/0xb0 [ 24.797867] print_report+0xd1/0x610 [ 24.797889] ? __virt_addr_valid+0x1db/0x2d0 [ 24.797912] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.797935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.797960] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.797984] kasan_report+0x141/0x180 [ 24.798006] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.798033] __asan_report_store1_noabort+0x1b/0x30 [ 24.798057] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.798082] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.798105] ? finish_task_switch.isra.0+0x153/0x700 [ 24.798127] ? __switch_to+0x47/0xf80 [ 24.798152] ? __schedule+0x10cc/0x2b60 [ 24.798174] ? __pfx_read_tsc+0x10/0x10 [ 24.798198] krealloc_less_oob+0x1c/0x30 [ 24.798220] kunit_try_run_case+0x1a5/0x480 [ 24.798242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.798262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.798285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.798307] ? __kthread_parkme+0x82/0x180 [ 24.798327] ? preempt_count_sub+0x50/0x80 [ 24.798350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.798371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.798395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.798419] kthread+0x337/0x6f0 [ 24.798439] ? trace_preempt_on+0x20/0xc0 [ 24.798460] ? __pfx_kthread+0x10/0x10 [ 24.798481] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.798502] ? calculate_sigpending+0x7b/0xa0 [ 24.798543] ? __pfx_kthread+0x10/0x10 [ 24.798564] ret_from_fork+0x116/0x1d0 [ 24.798583] ? __pfx_kthread+0x10/0x10 [ 24.798603] ret_from_fork_asm+0x1a/0x30 [ 24.798633] </TASK> [ 24.798645] [ 24.806821] Allocated by task 206: [ 24.807015] kasan_save_stack+0x45/0x70 [ 24.807192] kasan_save_track+0x18/0x40 [ 24.807356] kasan_save_alloc_info+0x3b/0x50 [ 24.807818] __kasan_krealloc+0x190/0x1f0 [ 24.808012] krealloc_noprof+0xf3/0x340 [ 24.808206] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.808434] krealloc_less_oob+0x1c/0x30 [ 24.808649] kunit_try_run_case+0x1a5/0x480 [ 24.808889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.809152] kthread+0x337/0x6f0 [ 24.809299] ret_from_fork+0x116/0x1d0 [ 24.809466] ret_from_fork_asm+0x1a/0x30 [ 24.809657] [ 24.809759] The buggy address belongs to the object at ffff888104990600 [ 24.809759] which belongs to the cache kmalloc-256 of size 256 [ 24.810289] The buggy address is located 34 bytes to the right of [ 24.810289] allocated 201-byte region [ffff888104990600, ffff8881049906c9) [ 24.811038] [ 24.811140] The buggy address belongs to the physical page: [ 24.811362] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990 [ 24.811715] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.812026] flags: 0x200000000000040(head|node=0|zone=2) [ 24.812205] page_type: f5(slab) [ 24.812323] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.812652] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.813080] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.813422] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.813678] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff [ 24.813927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.814245] page dumped because: kasan: bad access detected [ 24.814494] [ 24.814586] Memory state around the buggy address: [ 24.815031] ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.815364] ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.815684] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.816391] ^ [ 24.816713] ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.817099] ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.817413] ================================================================== [ 24.889644] ================================================================== [ 24.890215] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.890479] Write of size 1 at addr ffff8881060de0d0 by task kunit_try_catch/210 [ 24.890938] [ 24.891046] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.891094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.891105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.891126] Call Trace: [ 24.891138] <TASK> [ 24.891154] dump_stack_lvl+0x73/0xb0 [ 24.891182] print_report+0xd1/0x610 [ 24.891205] ? __virt_addr_valid+0x1db/0x2d0 [ 24.891229] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.891253] ? kasan_addr_to_slab+0x11/0xa0 [ 24.891273] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.891296] kasan_report+0x141/0x180 [ 24.891318] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.891346] __asan_report_store1_noabort+0x1b/0x30 [ 24.891369] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.891394] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.891418] ? finish_task_switch.isra.0+0x153/0x700 [ 24.891440] ? __switch_to+0x47/0xf80 [ 24.891465] ? __schedule+0x10cc/0x2b60 [ 24.891488] ? __pfx_read_tsc+0x10/0x10 [ 24.891512] krealloc_large_less_oob+0x1c/0x30 [ 24.891534] kunit_try_run_case+0x1a5/0x480 [ 24.891556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.891576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.891598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.891621] ? __kthread_parkme+0x82/0x180 [ 24.891642] ? preempt_count_sub+0x50/0x80 [ 24.891665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.891686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.891724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.891748] kthread+0x337/0x6f0 [ 24.891768] ? trace_preempt_on+0x20/0xc0 [ 24.891790] ? __pfx_kthread+0x10/0x10 [ 24.891811] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.891832] ? calculate_sigpending+0x7b/0xa0 [ 24.891862] ? __pfx_kthread+0x10/0x10 [ 24.891928] ret_from_fork+0x116/0x1d0 [ 24.891948] ? __pfx_kthread+0x10/0x10 [ 24.891969] ret_from_fork_asm+0x1a/0x30 [ 24.891999] </TASK> [ 24.892011] [ 24.899823] The buggy address belongs to the physical page: [ 24.900102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.900464] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.901152] flags: 0x200000000000040(head|node=0|zone=2) [ 24.901401] page_type: f8(unknown) [ 24.901586] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.902000] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.902278] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.902515] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.903015] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.903352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.903670] page dumped because: kasan: bad access detected [ 24.904003] [ 24.904098] Memory state around the buggy address: [ 24.904261] ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.904474] ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.904832] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.905158] ^ [ 24.905385] ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.905596] ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.905845] ================================================================== [ 24.776389] ================================================================== [ 24.776745] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.776993] Write of size 1 at addr ffff8881049906ea by task kunit_try_catch/206 [ 24.777314] [ 24.777421] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.777468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.777482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.777505] Call Trace: [ 24.777521] <TASK> [ 24.777536] dump_stack_lvl+0x73/0xb0 [ 24.777562] print_report+0xd1/0x610 [ 24.777585] ? __virt_addr_valid+0x1db/0x2d0 [ 24.777609] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.777632] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.777656] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.777679] kasan_report+0x141/0x180 [ 24.777711] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.777739] __asan_report_store1_noabort+0x1b/0x30 [ 24.777762] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.777787] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.777809] ? finish_task_switch.isra.0+0x153/0x700 [ 24.777830] ? __switch_to+0x47/0xf80 [ 24.777854] ? __schedule+0x10cc/0x2b60 [ 24.777876] ? __pfx_read_tsc+0x10/0x10 [ 24.777899] krealloc_less_oob+0x1c/0x30 [ 24.777919] kunit_try_run_case+0x1a5/0x480 [ 24.777940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.777960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.777982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.778004] ? __kthread_parkme+0x82/0x180 [ 24.778023] ? preempt_count_sub+0x50/0x80 [ 24.778045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.778066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.778089] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.778113] kthread+0x337/0x6f0 [ 24.778131] ? trace_preempt_on+0x20/0xc0 [ 24.778154] ? __pfx_kthread+0x10/0x10 [ 24.778173] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.778193] ? calculate_sigpending+0x7b/0xa0 [ 24.778216] ? __pfx_kthread+0x10/0x10 [ 24.778236] ret_from_fork+0x116/0x1d0 [ 24.778254] ? __pfx_kthread+0x10/0x10 [ 24.778274] ret_from_fork_asm+0x1a/0x30 [ 24.778303] </TASK> [ 24.778314] [ 24.786118] Allocated by task 206: [ 24.786298] kasan_save_stack+0x45/0x70 [ 24.786494] kasan_save_track+0x18/0x40 [ 24.786682] kasan_save_alloc_info+0x3b/0x50 [ 24.787057] __kasan_krealloc+0x190/0x1f0 [ 24.787267] krealloc_noprof+0xf3/0x340 [ 24.787403] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.787559] krealloc_less_oob+0x1c/0x30 [ 24.787853] kunit_try_run_case+0x1a5/0x480 [ 24.788068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.788273] kthread+0x337/0x6f0 [ 24.788440] ret_from_fork+0x116/0x1d0 [ 24.788626] ret_from_fork_asm+0x1a/0x30 [ 24.788900] [ 24.788983] The buggy address belongs to the object at ffff888104990600 [ 24.788983] which belongs to the cache kmalloc-256 of size 256 [ 24.789456] The buggy address is located 33 bytes to the right of [ 24.789456] allocated 201-byte region [ffff888104990600, ffff8881049906c9) [ 24.790057] [ 24.790147] The buggy address belongs to the physical page: [ 24.790376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990 [ 24.790641] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.791137] flags: 0x200000000000040(head|node=0|zone=2) [ 24.791396] page_type: f5(slab) [ 24.791563] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.791960] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.792307] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.792662] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.792950] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff [ 24.793294] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.793587] page dumped because: kasan: bad access detected [ 24.793825] [ 24.793894] Memory state around the buggy address: [ 24.794088] ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.794302] ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.794586] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.795126] ^ [ 24.795346] ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.795660] ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.796077] ================================================================== [ 24.735564] ================================================================== [ 24.736098] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.736466] Write of size 1 at addr ffff8881049906d0 by task kunit_try_catch/206 [ 24.736772] [ 24.736878] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.736930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.736943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.736965] Call Trace: [ 24.736979] <TASK> [ 24.737000] dump_stack_lvl+0x73/0xb0 [ 24.737032] print_report+0xd1/0x610 [ 24.737056] ? __virt_addr_valid+0x1db/0x2d0 [ 24.737081] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.737105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.737131] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.737155] kasan_report+0x141/0x180 [ 24.737177] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.737204] __asan_report_store1_noabort+0x1b/0x30 [ 24.737228] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.737254] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.737277] ? finish_task_switch.isra.0+0x153/0x700 [ 24.737300] ? __switch_to+0x47/0xf80 [ 24.737326] ? __schedule+0x10cc/0x2b60 [ 24.737349] ? __pfx_read_tsc+0x10/0x10 [ 24.737374] krealloc_less_oob+0x1c/0x30 [ 24.737395] kunit_try_run_case+0x1a5/0x480 [ 24.737417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.737437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.737460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.737483] ? __kthread_parkme+0x82/0x180 [ 24.737503] ? preempt_count_sub+0x50/0x80 [ 24.737525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.737547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.737571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.737596] kthread+0x337/0x6f0 [ 24.737615] ? trace_preempt_on+0x20/0xc0 [ 24.737640] ? __pfx_kthread+0x10/0x10 [ 24.737660] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.737681] ? calculate_sigpending+0x7b/0xa0 [ 24.737716] ? __pfx_kthread+0x10/0x10 [ 24.737737] ret_from_fork+0x116/0x1d0 [ 24.737756] ? __pfx_kthread+0x10/0x10 [ 24.737777] ret_from_fork_asm+0x1a/0x30 [ 24.737809] </TASK> [ 24.737821] [ 24.745476] Allocated by task 206: [ 24.745678] kasan_save_stack+0x45/0x70 [ 24.745962] kasan_save_track+0x18/0x40 [ 24.746160] kasan_save_alloc_info+0x3b/0x50 [ 24.746370] __kasan_krealloc+0x190/0x1f0 [ 24.746559] krealloc_noprof+0xf3/0x340 [ 24.746825] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.747009] krealloc_less_oob+0x1c/0x30 [ 24.747143] kunit_try_run_case+0x1a5/0x480 [ 24.747282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.747493] kthread+0x337/0x6f0 [ 24.747675] ret_from_fork+0x116/0x1d0 [ 24.748057] ret_from_fork_asm+0x1a/0x30 [ 24.748264] [ 24.748357] The buggy address belongs to the object at ffff888104990600 [ 24.748357] which belongs to the cache kmalloc-256 of size 256 [ 24.748991] The buggy address is located 7 bytes to the right of [ 24.748991] allocated 201-byte region [ffff888104990600, ffff8881049906c9) [ 24.749402] [ 24.749521] The buggy address belongs to the physical page: [ 24.749862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990 [ 24.750224] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.750497] flags: 0x200000000000040(head|node=0|zone=2) [ 24.750759] page_type: f5(slab) [ 24.750892] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.751189] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.751499] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.751814] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.752124] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff [ 24.752743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.753113] page dumped because: kasan: bad access detected [ 24.753318] [ 24.753385] Memory state around the buggy address: [ 24.753566] ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.753967] ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.754290] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.754540] ^ [ 24.754833] ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.755160] ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.755472] ================================================================== [ 24.906376] ================================================================== [ 24.906719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.907086] Write of size 1 at addr ffff8881060de0da by task kunit_try_catch/210 [ 24.907311] [ 24.907391] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.907437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.907448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.907468] Call Trace: [ 24.907482] <TASK> [ 24.907505] dump_stack_lvl+0x73/0xb0 [ 24.907532] print_report+0xd1/0x610 [ 24.907555] ? __virt_addr_valid+0x1db/0x2d0 [ 24.907578] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.907601] ? kasan_addr_to_slab+0x11/0xa0 [ 24.907621] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.907645] kasan_report+0x141/0x180 [ 24.907666] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.907694] __asan_report_store1_noabort+0x1b/0x30 [ 24.907731] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.907756] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.907824] ? finish_task_switch.isra.0+0x153/0x700 [ 24.907853] ? __switch_to+0x47/0xf80 [ 24.907880] ? __schedule+0x10cc/0x2b60 [ 24.907903] ? __pfx_read_tsc+0x10/0x10 [ 24.907927] krealloc_large_less_oob+0x1c/0x30 [ 24.907949] kunit_try_run_case+0x1a5/0x480 [ 24.907972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.907992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.908015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.908037] ? __kthread_parkme+0x82/0x180 [ 24.908058] ? preempt_count_sub+0x50/0x80 [ 24.908080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.908102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.908126] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.908151] kthread+0x337/0x6f0 [ 24.908170] ? trace_preempt_on+0x20/0xc0 [ 24.908193] ? __pfx_kthread+0x10/0x10 [ 24.908214] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.908235] ? calculate_sigpending+0x7b/0xa0 [ 24.908259] ? __pfx_kthread+0x10/0x10 [ 24.908280] ret_from_fork+0x116/0x1d0 [ 24.908299] ? __pfx_kthread+0x10/0x10 [ 24.908319] ret_from_fork_asm+0x1a/0x30 [ 24.908350] </TASK> [ 24.908362] [ 24.916659] The buggy address belongs to the physical page: [ 24.916869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.917185] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.917705] flags: 0x200000000000040(head|node=0|zone=2) [ 24.917913] page_type: f8(unknown) [ 24.918127] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.918355] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.918751] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.919172] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.919813] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.920175] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.920423] page dumped because: kasan: bad access detected [ 24.920587] [ 24.920676] Memory state around the buggy address: [ 24.920924] ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.921247] ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.921549] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.921969] ^ [ 24.922168] ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.922450] ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.922842] ================================================================== [ 24.923196] ================================================================== [ 24.923434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.924002] Write of size 1 at addr ffff8881060de0ea by task kunit_try_catch/210 [ 24.924253] [ 24.924334] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.924378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.924389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.924409] Call Trace: [ 24.924424] <TASK> [ 24.924440] dump_stack_lvl+0x73/0xb0 [ 24.924467] print_report+0xd1/0x610 [ 24.924513] ? __virt_addr_valid+0x1db/0x2d0 [ 24.924536] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.924559] ? kasan_addr_to_slab+0x11/0xa0 [ 24.924579] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.924602] kasan_report+0x141/0x180 [ 24.924624] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.924651] __asan_report_store1_noabort+0x1b/0x30 [ 24.924675] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.924710] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.924733] ? finish_task_switch.isra.0+0x153/0x700 [ 24.924755] ? __switch_to+0x47/0xf80 [ 24.924851] ? __schedule+0x10cc/0x2b60 [ 24.924874] ? __pfx_read_tsc+0x10/0x10 [ 24.924899] krealloc_large_less_oob+0x1c/0x30 [ 24.924923] kunit_try_run_case+0x1a5/0x480 [ 24.924944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.924965] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.924987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.925010] ? __kthread_parkme+0x82/0x180 [ 24.925030] ? preempt_count_sub+0x50/0x80 [ 24.925053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.925074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.925098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.925123] kthread+0x337/0x6f0 [ 24.925142] ? trace_preempt_on+0x20/0xc0 [ 24.925165] ? __pfx_kthread+0x10/0x10 [ 24.925185] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.925206] ? calculate_sigpending+0x7b/0xa0 [ 24.925229] ? __pfx_kthread+0x10/0x10 [ 24.925252] ret_from_fork+0x116/0x1d0 [ 24.925271] ? __pfx_kthread+0x10/0x10 [ 24.925291] ret_from_fork_asm+0x1a/0x30 [ 24.925321] </TASK> [ 24.925333] [ 24.932929] The buggy address belongs to the physical page: [ 24.933174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.933500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.933859] flags: 0x200000000000040(head|node=0|zone=2) [ 24.934087] page_type: f8(unknown) [ 24.934250] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.934550] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.934858] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.935138] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.935434] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.935945] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.936246] page dumped because: kasan: bad access detected [ 24.936468] [ 24.936579] Memory state around the buggy address: [ 24.936848] ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.937141] ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.937437] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.937737] ^ [ 24.938043] ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.938296] ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.938523] ================================================================== [ 24.708392] ================================================================== [ 24.709232] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.709627] Write of size 1 at addr ffff8881049906c9 by task kunit_try_catch/206 [ 24.709994] [ 24.710110] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.710208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.710234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.710257] Call Trace: [ 24.710271] <TASK> [ 24.710289] dump_stack_lvl+0x73/0xb0 [ 24.710320] print_report+0xd1/0x610 [ 24.710353] ? __virt_addr_valid+0x1db/0x2d0 [ 24.710378] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.710413] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.710438] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.710461] kasan_report+0x141/0x180 [ 24.710483] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.710522] __asan_report_store1_noabort+0x1b/0x30 [ 24.710546] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.710572] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.710595] ? finish_task_switch.isra.0+0x153/0x700 [ 24.710627] ? __switch_to+0x47/0xf80 [ 24.710653] ? __schedule+0x10cc/0x2b60 [ 24.710676] ? __pfx_read_tsc+0x10/0x10 [ 24.710721] krealloc_less_oob+0x1c/0x30 [ 24.710742] kunit_try_run_case+0x1a5/0x480 [ 24.710765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.710785] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.710808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.710839] ? __kthread_parkme+0x82/0x180 [ 24.710859] ? preempt_count_sub+0x50/0x80 [ 24.710882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.710953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.710983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.711008] kthread+0x337/0x6f0 [ 24.711028] ? trace_preempt_on+0x20/0xc0 [ 24.711052] ? __pfx_kthread+0x10/0x10 [ 24.711073] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.711094] ? calculate_sigpending+0x7b/0xa0 [ 24.711117] ? __pfx_kthread+0x10/0x10 [ 24.711138] ret_from_fork+0x116/0x1d0 [ 24.711157] ? __pfx_kthread+0x10/0x10 [ 24.711178] ret_from_fork_asm+0x1a/0x30 [ 24.711208] </TASK> [ 24.711221] [ 24.720940] Allocated by task 206: [ 24.721377] kasan_save_stack+0x45/0x70 [ 24.721550] kasan_save_track+0x18/0x40 [ 24.721684] kasan_save_alloc_info+0x3b/0x50 [ 24.721844] __kasan_krealloc+0x190/0x1f0 [ 24.721980] krealloc_noprof+0xf3/0x340 [ 24.722117] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.722281] krealloc_less_oob+0x1c/0x30 [ 24.722418] kunit_try_run_case+0x1a5/0x480 [ 24.722557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.723213] kthread+0x337/0x6f0 [ 24.724607] ret_from_fork+0x116/0x1d0 [ 24.725272] ret_from_fork_asm+0x1a/0x30 [ 24.726191] [ 24.726314] The buggy address belongs to the object at ffff888104990600 [ 24.726314] which belongs to the cache kmalloc-256 of size 256 [ 24.727448] The buggy address is located 0 bytes to the right of [ 24.727448] allocated 201-byte region [ffff888104990600, ffff8881049906c9) [ 24.728397] [ 24.728495] The buggy address belongs to the physical page: [ 24.729057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990 [ 24.729397] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.729838] flags: 0x200000000000040(head|node=0|zone=2) [ 24.730050] page_type: f5(slab) [ 24.730202] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.730502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.730816] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.731073] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.731414] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff [ 24.731691] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.732234] page dumped because: kasan: bad access detected [ 24.732469] [ 24.732582] Memory state around the buggy address: [ 24.732853] ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.733137] ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.733426] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.733754] ^ [ 24.734069] ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.734380] ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.734674] ================================================================== [ 24.756185] ================================================================== [ 24.756498] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.756893] Write of size 1 at addr ffff8881049906da by task kunit_try_catch/206 [ 24.757220] [ 24.757326] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.757372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.757384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.757405] Call Trace: [ 24.757422] <TASK> [ 24.757438] dump_stack_lvl+0x73/0xb0 [ 24.757467] print_report+0xd1/0x610 [ 24.757490] ? __virt_addr_valid+0x1db/0x2d0 [ 24.757513] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.757556] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.757582] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.757605] kasan_report+0x141/0x180 [ 24.757627] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.757654] __asan_report_store1_noabort+0x1b/0x30 [ 24.757678] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.757712] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.757735] ? finish_task_switch.isra.0+0x153/0x700 [ 24.757756] ? __switch_to+0x47/0xf80 [ 24.757853] ? __schedule+0x10cc/0x2b60 [ 24.757877] ? __pfx_read_tsc+0x10/0x10 [ 24.757901] krealloc_less_oob+0x1c/0x30 [ 24.757922] kunit_try_run_case+0x1a5/0x480 [ 24.757944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.757964] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.757986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.758009] ? __kthread_parkme+0x82/0x180 [ 24.758029] ? preempt_count_sub+0x50/0x80 [ 24.758052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.758073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.758097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.758121] kthread+0x337/0x6f0 [ 24.758141] ? trace_preempt_on+0x20/0xc0 [ 24.758163] ? __pfx_kthread+0x10/0x10 [ 24.758183] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.758204] ? calculate_sigpending+0x7b/0xa0 [ 24.758227] ? __pfx_kthread+0x10/0x10 [ 24.758248] ret_from_fork+0x116/0x1d0 [ 24.758267] ? __pfx_kthread+0x10/0x10 [ 24.758287] ret_from_fork_asm+0x1a/0x30 [ 24.758317] </TASK> [ 24.758328] [ 24.766001] Allocated by task 206: [ 24.766185] kasan_save_stack+0x45/0x70 [ 24.766333] kasan_save_track+0x18/0x40 [ 24.766463] kasan_save_alloc_info+0x3b/0x50 [ 24.766669] __kasan_krealloc+0x190/0x1f0 [ 24.766942] krealloc_noprof+0xf3/0x340 [ 24.767143] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.767374] krealloc_less_oob+0x1c/0x30 [ 24.767590] kunit_try_run_case+0x1a5/0x480 [ 24.767842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.768099] kthread+0x337/0x6f0 [ 24.768247] ret_from_fork+0x116/0x1d0 [ 24.768404] ret_from_fork_asm+0x1a/0x30 [ 24.768600] [ 24.768690] The buggy address belongs to the object at ffff888104990600 [ 24.768690] which belongs to the cache kmalloc-256 of size 256 [ 24.769346] The buggy address is located 17 bytes to the right of [ 24.769346] allocated 201-byte region [ffff888104990600, ffff8881049906c9) [ 24.769944] [ 24.770043] The buggy address belongs to the physical page: [ 24.770271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990 [ 24.770510] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.770859] flags: 0x200000000000040(head|node=0|zone=2) [ 24.771112] page_type: f5(slab) [ 24.771277] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.771642] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.772063] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.772311] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.772679] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff [ 24.773177] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.773494] page dumped because: kasan: bad access detected [ 24.773756] [ 24.773912] Memory state around the buggy address: [ 24.774104] ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.774386] ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.774676] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.774986] ^ [ 24.775216] ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.775548] ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.775949] ================================================================== [ 24.872484] ================================================================== [ 24.872958] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.873479] Write of size 1 at addr ffff8881060de0c9 by task kunit_try_catch/210 [ 24.873826] [ 24.874004] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.874051] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.874063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.874084] Call Trace: [ 24.874097] <TASK> [ 24.874113] dump_stack_lvl+0x73/0xb0 [ 24.874143] print_report+0xd1/0x610 [ 24.874166] ? __virt_addr_valid+0x1db/0x2d0 [ 24.874191] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.874215] ? kasan_addr_to_slab+0x11/0xa0 [ 24.874243] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.874267] kasan_report+0x141/0x180 [ 24.874289] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.874316] __asan_report_store1_noabort+0x1b/0x30 [ 24.874340] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.874365] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.874388] ? finish_task_switch.isra.0+0x153/0x700 [ 24.874411] ? __switch_to+0x47/0xf80 [ 24.874436] ? __schedule+0x10cc/0x2b60 [ 24.874458] ? __pfx_read_tsc+0x10/0x10 [ 24.874483] krealloc_large_less_oob+0x1c/0x30 [ 24.874505] kunit_try_run_case+0x1a5/0x480 [ 24.874528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.874547] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.874570] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.874592] ? __kthread_parkme+0x82/0x180 [ 24.874620] ? preempt_count_sub+0x50/0x80 [ 24.874643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.874664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.874688] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.874725] kthread+0x337/0x6f0 [ 24.874745] ? trace_preempt_on+0x20/0xc0 [ 24.874768] ? __pfx_kthread+0x10/0x10 [ 24.874808] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.874829] ? calculate_sigpending+0x7b/0xa0 [ 24.874852] ? __pfx_kthread+0x10/0x10 [ 24.874874] ret_from_fork+0x116/0x1d0 [ 24.874893] ? __pfx_kthread+0x10/0x10 [ 24.874913] ret_from_fork_asm+0x1a/0x30 [ 24.874944] </TASK> [ 24.874956] [ 24.882735] The buggy address belongs to the physical page: [ 24.883173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.883478] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.883926] flags: 0x200000000000040(head|node=0|zone=2) [ 24.884103] page_type: f8(unknown) [ 24.884231] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.884691] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.885310] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.885545] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.885947] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.886299] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.886770] page dumped because: kasan: bad access detected [ 24.887077] [ 24.887173] Memory state around the buggy address: [ 24.887332] ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.887547] ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.887806] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.888132] ^ [ 24.888398] ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.888671] ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.888944] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 24.674117] ================================================================== [ 24.674431] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.675173] Write of size 1 at addr ffff8881049904f0 by task kunit_try_catch/204 [ 24.675518] [ 24.675735] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.675784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.675796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.675817] Call Trace: [ 24.675835] <TASK> [ 24.675858] dump_stack_lvl+0x73/0xb0 [ 24.676167] print_report+0xd1/0x610 [ 24.676200] ? __virt_addr_valid+0x1db/0x2d0 [ 24.676224] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.676247] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.676272] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.676296] kasan_report+0x141/0x180 [ 24.676317] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.676344] __asan_report_store1_noabort+0x1b/0x30 [ 24.676368] krealloc_more_oob_helper+0x7eb/0x930 [ 24.676390] ? __schedule+0x10cc/0x2b60 [ 24.676413] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.676436] ? finish_task_switch.isra.0+0x153/0x700 [ 24.676458] ? __switch_to+0x47/0xf80 [ 24.676483] ? __schedule+0x10cc/0x2b60 [ 24.676519] ? __pfx_read_tsc+0x10/0x10 [ 24.676544] krealloc_more_oob+0x1c/0x30 [ 24.676565] kunit_try_run_case+0x1a5/0x480 [ 24.676587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.676607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.676630] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.676652] ? __kthread_parkme+0x82/0x180 [ 24.676672] ? preempt_count_sub+0x50/0x80 [ 24.676695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.676728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.676753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.676846] kthread+0x337/0x6f0 [ 24.676869] ? trace_preempt_on+0x20/0xc0 [ 24.676893] ? __pfx_kthread+0x10/0x10 [ 24.676914] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.676935] ? calculate_sigpending+0x7b/0xa0 [ 24.676958] ? __pfx_kthread+0x10/0x10 [ 24.676979] ret_from_fork+0x116/0x1d0 [ 24.676998] ? __pfx_kthread+0x10/0x10 [ 24.677018] ret_from_fork_asm+0x1a/0x30 [ 24.677049] </TASK> [ 24.677060] [ 24.689979] Allocated by task 204: [ 24.690283] kasan_save_stack+0x45/0x70 [ 24.690649] kasan_save_track+0x18/0x40 [ 24.690865] kasan_save_alloc_info+0x3b/0x50 [ 24.691328] __kasan_krealloc+0x190/0x1f0 [ 24.691481] krealloc_noprof+0xf3/0x340 [ 24.692088] krealloc_more_oob_helper+0x1a9/0x930 [ 24.692442] krealloc_more_oob+0x1c/0x30 [ 24.692657] kunit_try_run_case+0x1a5/0x480 [ 24.693060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.693335] kthread+0x337/0x6f0 [ 24.693550] ret_from_fork+0x116/0x1d0 [ 24.693689] ret_from_fork_asm+0x1a/0x30 [ 24.693949] [ 24.694017] The buggy address belongs to the object at ffff888104990400 [ 24.694017] which belongs to the cache kmalloc-256 of size 256 [ 24.694614] The buggy address is located 5 bytes to the right of [ 24.694614] allocated 235-byte region [ffff888104990400, ffff8881049904eb) [ 24.695406] [ 24.695529] The buggy address belongs to the physical page: [ 24.696178] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990 [ 24.696636] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.697168] flags: 0x200000000000040(head|node=0|zone=2) [ 24.697511] page_type: f5(slab) [ 24.697759] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.698155] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.698489] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.698969] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.699550] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff [ 24.699893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.700352] page dumped because: kasan: bad access detected [ 24.700588] [ 24.700690] Memory state around the buggy address: [ 24.700984] ffff888104990380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.701500] ffff888104990400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.701926] >ffff888104990480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.702209] ^ [ 24.702457] ffff888104990500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.702753] ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.703018] ================================================================== [ 24.850652] ================================================================== [ 24.851040] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.851593] Write of size 1 at addr ffff8881060de0f0 by task kunit_try_catch/208 [ 24.852020] [ 24.852134] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.852182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.852194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.852215] Call Trace: [ 24.852227] <TASK> [ 24.852385] dump_stack_lvl+0x73/0xb0 [ 24.852477] print_report+0xd1/0x610 [ 24.852511] ? __virt_addr_valid+0x1db/0x2d0 [ 24.852536] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.852559] ? kasan_addr_to_slab+0x11/0xa0 [ 24.852579] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.852602] kasan_report+0x141/0x180 [ 24.852623] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.852650] __asan_report_store1_noabort+0x1b/0x30 [ 24.852673] krealloc_more_oob_helper+0x7eb/0x930 [ 24.852695] ? __schedule+0x10cc/0x2b60 [ 24.852730] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.852753] ? finish_task_switch.isra.0+0x153/0x700 [ 24.852774] ? __switch_to+0x47/0xf80 [ 24.852939] ? __schedule+0x10cc/0x2b60 [ 24.852961] ? __pfx_read_tsc+0x10/0x10 [ 24.852985] krealloc_large_more_oob+0x1c/0x30 [ 24.853008] kunit_try_run_case+0x1a5/0x480 [ 24.853030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.853050] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.853072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.853094] ? __kthread_parkme+0x82/0x180 [ 24.853114] ? preempt_count_sub+0x50/0x80 [ 24.853136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.853157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.853181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.853205] kthread+0x337/0x6f0 [ 24.853224] ? trace_preempt_on+0x20/0xc0 [ 24.853246] ? __pfx_kthread+0x10/0x10 [ 24.853266] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.853287] ? calculate_sigpending+0x7b/0xa0 [ 24.853309] ? __pfx_kthread+0x10/0x10 [ 24.853330] ret_from_fork+0x116/0x1d0 [ 24.853349] ? __pfx_kthread+0x10/0x10 [ 24.853369] ret_from_fork_asm+0x1a/0x30 [ 24.853399] </TASK> [ 24.853411] [ 24.861272] The buggy address belongs to the physical page: [ 24.861693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.862066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.862411] flags: 0x200000000000040(head|node=0|zone=2) [ 24.862728] page_type: f8(unknown) [ 24.862925] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.863228] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.863476] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.863869] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.864207] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.864558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.864992] page dumped because: kasan: bad access detected [ 24.865243] [ 24.865327] Memory state around the buggy address: [ 24.865555] ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.865902] ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.866237] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.866609] ^ [ 24.866917] ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.867212] ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.867421] ================================================================== [ 24.649851] ================================================================== [ 24.650274] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.650869] Write of size 1 at addr ffff8881049904eb by task kunit_try_catch/204 [ 24.651652] [ 24.651973] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.652041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.652053] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.652075] Call Trace: [ 24.652088] <TASK> [ 24.652107] dump_stack_lvl+0x73/0xb0 [ 24.652189] print_report+0xd1/0x610 [ 24.652214] ? __virt_addr_valid+0x1db/0x2d0 [ 24.652251] ? krealloc_more_oob_helper+0x821/0x930 [ 24.652274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.652299] ? krealloc_more_oob_helper+0x821/0x930 [ 24.652323] kasan_report+0x141/0x180 [ 24.652344] ? krealloc_more_oob_helper+0x821/0x930 [ 24.652371] __asan_report_store1_noabort+0x1b/0x30 [ 24.652395] krealloc_more_oob_helper+0x821/0x930 [ 24.652417] ? __schedule+0x10cc/0x2b60 [ 24.652439] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.652462] ? finish_task_switch.isra.0+0x153/0x700 [ 24.652503] ? __switch_to+0x47/0xf80 [ 24.652530] ? __schedule+0x10cc/0x2b60 [ 24.652551] ? __pfx_read_tsc+0x10/0x10 [ 24.652575] krealloc_more_oob+0x1c/0x30 [ 24.652596] kunit_try_run_case+0x1a5/0x480 [ 24.652620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.652640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.652663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.652685] ? __kthread_parkme+0x82/0x180 [ 24.652714] ? preempt_count_sub+0x50/0x80 [ 24.652736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.652757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.652849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.652874] kthread+0x337/0x6f0 [ 24.652895] ? trace_preempt_on+0x20/0xc0 [ 24.652923] ? __pfx_kthread+0x10/0x10 [ 24.652943] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.652964] ? calculate_sigpending+0x7b/0xa0 [ 24.652988] ? __pfx_kthread+0x10/0x10 [ 24.653009] ret_from_fork+0x116/0x1d0 [ 24.653028] ? __pfx_kthread+0x10/0x10 [ 24.653048] ret_from_fork_asm+0x1a/0x30 [ 24.653079] </TASK> [ 24.653091] [ 24.661666] Allocated by task 204: [ 24.661932] kasan_save_stack+0x45/0x70 [ 24.662179] kasan_save_track+0x18/0x40 [ 24.662312] kasan_save_alloc_info+0x3b/0x50 [ 24.662539] __kasan_krealloc+0x190/0x1f0 [ 24.662852] krealloc_noprof+0xf3/0x340 [ 24.663048] krealloc_more_oob_helper+0x1a9/0x930 [ 24.663272] krealloc_more_oob+0x1c/0x30 [ 24.663466] kunit_try_run_case+0x1a5/0x480 [ 24.663643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.663893] kthread+0x337/0x6f0 [ 24.664042] ret_from_fork+0x116/0x1d0 [ 24.664193] ret_from_fork_asm+0x1a/0x30 [ 24.664375] [ 24.664440] The buggy address belongs to the object at ffff888104990400 [ 24.664440] which belongs to the cache kmalloc-256 of size 256 [ 24.665171] The buggy address is located 0 bytes to the right of [ 24.665171] allocated 235-byte region [ffff888104990400, ffff8881049904eb) [ 24.665668] [ 24.665749] The buggy address belongs to the physical page: [ 24.666077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990 [ 24.666628] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.667087] flags: 0x200000000000040(head|node=0|zone=2) [ 24.667281] page_type: f5(slab) [ 24.667528] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.668008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.668303] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.668693] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.669208] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff [ 24.669601] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.670077] page dumped because: kasan: bad access detected [ 24.670319] [ 24.670422] Memory state around the buggy address: [ 24.670669] ffff888104990380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.671129] ffff888104990400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.671502] >ffff888104990480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.671878] ^ [ 24.672150] ffff888104990500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.672436] ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.672754] ================================================================== [ 24.821417] ================================================================== [ 24.822122] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.823160] Write of size 1 at addr ffff8881060de0eb by task kunit_try_catch/208 [ 24.823408] [ 24.823498] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.823547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.823559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.823580] Call Trace: [ 24.823593] <TASK> [ 24.823611] dump_stack_lvl+0x73/0xb0 [ 24.823639] print_report+0xd1/0x610 [ 24.823664] ? __virt_addr_valid+0x1db/0x2d0 [ 24.823688] ? krealloc_more_oob_helper+0x821/0x930 [ 24.823730] ? kasan_addr_to_slab+0x11/0xa0 [ 24.823751] ? krealloc_more_oob_helper+0x821/0x930 [ 24.823774] kasan_report+0x141/0x180 [ 24.823796] ? krealloc_more_oob_helper+0x821/0x930 [ 24.823823] __asan_report_store1_noabort+0x1b/0x30 [ 24.823865] krealloc_more_oob_helper+0x821/0x930 [ 24.823887] ? __schedule+0x10cc/0x2b60 [ 24.823909] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.823938] ? finish_task_switch.isra.0+0x153/0x700 [ 24.823987] ? __switch_to+0x47/0xf80 [ 24.824013] ? __schedule+0x10cc/0x2b60 [ 24.824035] ? __pfx_read_tsc+0x10/0x10 [ 24.824059] krealloc_large_more_oob+0x1c/0x30 [ 24.824082] kunit_try_run_case+0x1a5/0x480 [ 24.824103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.824123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.824145] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.824167] ? __kthread_parkme+0x82/0x180 [ 24.824188] ? preempt_count_sub+0x50/0x80 [ 24.824209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.824230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.824254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.824279] kthread+0x337/0x6f0 [ 24.824298] ? trace_preempt_on+0x20/0xc0 [ 24.824320] ? __pfx_kthread+0x10/0x10 [ 24.824340] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.824361] ? calculate_sigpending+0x7b/0xa0 [ 24.824384] ? __pfx_kthread+0x10/0x10 [ 24.824405] ret_from_fork+0x116/0x1d0 [ 24.824423] ? __pfx_kthread+0x10/0x10 [ 24.824445] ret_from_fork_asm+0x1a/0x30 [ 24.824476] </TASK> [ 24.824488] [ 24.839850] The buggy address belongs to the physical page: [ 24.840129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 24.840373] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.840860] flags: 0x200000000000040(head|node=0|zone=2) [ 24.841401] page_type: f8(unknown) [ 24.841795] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.842716] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.843499] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.844397] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.844923] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff [ 24.845255] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.845562] page dumped because: kasan: bad access detected [ 24.845798] [ 24.845883] Memory state around the buggy address: [ 24.846091] ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.846379] ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.846675] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.847422] ^ [ 24.848166] ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.848629] ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.849381] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 24.626676] ================================================================== [ 24.628419] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 24.629036] Read of size 1 at addr ffff888106200000 by task kunit_try_catch/202 [ 24.629633] [ 24.629745] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.629805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.629818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.629840] Call Trace: [ 24.629854] <TASK> [ 24.629872] dump_stack_lvl+0x73/0xb0 [ 24.629902] print_report+0xd1/0x610 [ 24.629925] ? __virt_addr_valid+0x1db/0x2d0 [ 24.629949] ? page_alloc_uaf+0x356/0x3d0 [ 24.629970] ? kasan_addr_to_slab+0x11/0xa0 [ 24.629990] ? page_alloc_uaf+0x356/0x3d0 [ 24.630011] kasan_report+0x141/0x180 [ 24.630033] ? page_alloc_uaf+0x356/0x3d0 [ 24.630058] __asan_report_load1_noabort+0x18/0x20 [ 24.630082] page_alloc_uaf+0x356/0x3d0 [ 24.630103] ? __pfx_page_alloc_uaf+0x10/0x10 [ 24.630125] ? __schedule+0x10cc/0x2b60 [ 24.630147] ? __pfx_read_tsc+0x10/0x10 [ 24.630169] ? ktime_get_ts64+0x86/0x230 [ 24.630194] kunit_try_run_case+0x1a5/0x480 [ 24.630217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.630237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.630259] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.630281] ? __kthread_parkme+0x82/0x180 [ 24.630302] ? preempt_count_sub+0x50/0x80 [ 24.630325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.630349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.630373] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.630398] kthread+0x337/0x6f0 [ 24.630419] ? trace_preempt_on+0x20/0xc0 [ 24.630442] ? __pfx_kthread+0x10/0x10 [ 24.630463] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.630484] ? calculate_sigpending+0x7b/0xa0 [ 24.630570] ? __pfx_kthread+0x10/0x10 [ 24.630592] ret_from_fork+0x116/0x1d0 [ 24.630611] ? __pfx_kthread+0x10/0x10 [ 24.630631] ret_from_fork_asm+0x1a/0x30 [ 24.630662] </TASK> [ 24.630675] [ 24.640017] The buggy address belongs to the physical page: [ 24.640305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106200 [ 24.640798] flags: 0x200000000000000(node=0|zone=2) [ 24.641486] page_type: f0(buddy) [ 24.641969] raw: 0200000000000000 ffff88817fffc5c8 ffff88817fffc5c8 0000000000000000 [ 24.642286] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000 [ 24.642789] page dumped because: kasan: bad access detected [ 24.643235] [ 24.643477] Memory state around the buggy address: [ 24.643869] ffff8881061fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.644360] ffff8881061fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.644813] >ffff888106200000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.645272] ^ [ 24.645418] ffff888106200080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.646225] ffff888106200100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.646765] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 24.596441] ================================================================== [ 24.597008] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 24.597332] Free of addr ffff8881060d8001 by task kunit_try_catch/198 [ 24.597613] [ 24.597730] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.597779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.597811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.597832] Call Trace: [ 24.597860] <TASK> [ 24.597891] dump_stack_lvl+0x73/0xb0 [ 24.597920] print_report+0xd1/0x610 [ 24.597944] ? __virt_addr_valid+0x1db/0x2d0 [ 24.597970] ? kasan_addr_to_slab+0x11/0xa0 [ 24.597990] ? kfree+0x274/0x3f0 [ 24.598011] kasan_report_invalid_free+0x10a/0x130 [ 24.598051] ? kfree+0x274/0x3f0 [ 24.598074] ? kfree+0x274/0x3f0 [ 24.598094] __kasan_kfree_large+0x86/0xd0 [ 24.598115] free_large_kmalloc+0x52/0x110 [ 24.598138] kfree+0x274/0x3f0 [ 24.598162] kmalloc_large_invalid_free+0x120/0x2b0 [ 24.598185] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 24.598207] ? __schedule+0x10cc/0x2b60 [ 24.598230] ? __pfx_read_tsc+0x10/0x10 [ 24.598252] ? ktime_get_ts64+0x86/0x230 [ 24.598277] kunit_try_run_case+0x1a5/0x480 [ 24.598299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.598319] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.598342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.598383] ? __kthread_parkme+0x82/0x180 [ 24.598404] ? preempt_count_sub+0x50/0x80 [ 24.598427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.598448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.598473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.598505] kthread+0x337/0x6f0 [ 24.598525] ? trace_preempt_on+0x20/0xc0 [ 24.598565] ? __pfx_kthread+0x10/0x10 [ 24.598585] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.598607] ? calculate_sigpending+0x7b/0xa0 [ 24.598630] ? __pfx_kthread+0x10/0x10 [ 24.598651] ret_from_fork+0x116/0x1d0 [ 24.598670] ? __pfx_kthread+0x10/0x10 [ 24.598690] ret_from_fork_asm+0x1a/0x30 [ 24.598731] </TASK> [ 24.598743] [ 24.608767] The buggy address belongs to the physical page: [ 24.608945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 24.609177] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.609393] flags: 0x200000000000040(head|node=0|zone=2) [ 24.610127] page_type: f8(unknown) [ 24.610646] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.611445] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.612280] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.613152] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.614094] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 24.614500] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.615346] page dumped because: kasan: bad access detected [ 24.615542] [ 24.615746] Memory state around the buggy address: [ 24.616315] ffff8881060d7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.616762] ffff8881060d7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.616970] >ffff8881060d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.617173] ^ [ 24.617284] ffff8881060d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.617537] ffff8881060d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.618420] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 24.574892] ================================================================== [ 24.576070] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 24.577030] Read of size 1 at addr ffff888106198000 by task kunit_try_catch/196 [ 24.577845] [ 24.578051] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.578104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.578116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.578137] Call Trace: [ 24.578150] <TASK> [ 24.578169] dump_stack_lvl+0x73/0xb0 [ 24.578199] print_report+0xd1/0x610 [ 24.578222] ? __virt_addr_valid+0x1db/0x2d0 [ 24.578246] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.578266] ? kasan_addr_to_slab+0x11/0xa0 [ 24.578287] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.578307] kasan_report+0x141/0x180 [ 24.578329] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.578354] __asan_report_load1_noabort+0x18/0x20 [ 24.578378] kmalloc_large_uaf+0x2f1/0x340 [ 24.578398] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 24.578420] ? __schedule+0x10cc/0x2b60 [ 24.578442] ? __pfx_read_tsc+0x10/0x10 [ 24.578464] ? ktime_get_ts64+0x86/0x230 [ 24.578503] kunit_try_run_case+0x1a5/0x480 [ 24.578526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.578546] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.578569] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.578591] ? __kthread_parkme+0x82/0x180 [ 24.578612] ? preempt_count_sub+0x50/0x80 [ 24.578635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.578656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.578681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.578718] kthread+0x337/0x6f0 [ 24.578738] ? trace_preempt_on+0x20/0xc0 [ 24.578761] ? __pfx_kthread+0x10/0x10 [ 24.578798] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.578819] ? calculate_sigpending+0x7b/0xa0 [ 24.578843] ? __pfx_kthread+0x10/0x10 [ 24.578864] ret_from_fork+0x116/0x1d0 [ 24.578883] ? __pfx_kthread+0x10/0x10 [ 24.578903] ret_from_fork_asm+0x1a/0x30 [ 24.578934] </TASK> [ 24.578946] [ 24.588976] The buggy address belongs to the physical page: [ 24.589407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106198 [ 24.589975] flags: 0x200000000000000(node=0|zone=2) [ 24.590201] raw: 0200000000000000 ffffea0004186708 ffff88815b139fc0 0000000000000000 [ 24.590514] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.590972] page dumped because: kasan: bad access detected [ 24.591204] [ 24.591269] Memory state around the buggy address: [ 24.591622] ffff888106197f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.591994] ffff888106197f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.592374] >ffff888106198000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.592760] ^ [ 24.592961] ffff888106198080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.593230] ffff888106198100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.593561] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 24.543417] ================================================================== [ 24.544356] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 24.545029] Write of size 1 at addr ffff88810619600a by task kunit_try_catch/194 [ 24.545260] [ 24.545346] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.545395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.545408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.545430] Call Trace: [ 24.545444] <TASK> [ 24.545461] dump_stack_lvl+0x73/0xb0 [ 24.545488] print_report+0xd1/0x610 [ 24.545553] ? __virt_addr_valid+0x1db/0x2d0 [ 24.545578] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.545626] ? kasan_addr_to_slab+0x11/0xa0 [ 24.545646] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.545667] kasan_report+0x141/0x180 [ 24.545689] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.545727] __asan_report_store1_noabort+0x1b/0x30 [ 24.545750] kmalloc_large_oob_right+0x2e9/0x330 [ 24.545772] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 24.545794] ? __schedule+0x10cc/0x2b60 [ 24.545816] ? __pfx_read_tsc+0x10/0x10 [ 24.545837] ? ktime_get_ts64+0x86/0x230 [ 24.545862] kunit_try_run_case+0x1a5/0x480 [ 24.545916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.545937] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.545982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.546005] ? __kthread_parkme+0x82/0x180 [ 24.546025] ? preempt_count_sub+0x50/0x80 [ 24.546049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.546069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.546094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.546118] kthread+0x337/0x6f0 [ 24.546139] ? trace_preempt_on+0x20/0xc0 [ 24.546162] ? __pfx_kthread+0x10/0x10 [ 24.546183] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.546203] ? calculate_sigpending+0x7b/0xa0 [ 24.546227] ? __pfx_kthread+0x10/0x10 [ 24.546248] ret_from_fork+0x116/0x1d0 [ 24.546266] ? __pfx_kthread+0x10/0x10 [ 24.546286] ret_from_fork_asm+0x1a/0x30 [ 24.546316] </TASK> [ 24.546328] [ 24.560359] The buggy address belongs to the physical page: [ 24.560919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106194 [ 24.561782] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.562256] flags: 0x200000000000040(head|node=0|zone=2) [ 24.563015] page_type: f8(unknown) [ 24.563311] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.563681] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.564475] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.565256] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.565593] head: 0200000000000002 ffffea0004186501 00000000ffffffff 00000000ffffffff [ 24.566529] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.567208] page dumped because: kasan: bad access detected [ 24.567649] [ 24.567729] Memory state around the buggy address: [ 24.568153] ffff888106195f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.568584] ffff888106195f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.569600] >ffff888106196000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.570103] ^ [ 24.570239] ffff888106196080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.570454] ffff888106196100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.570884] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 24.514944] ================================================================== [ 24.515474] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 24.516406] Write of size 1 at addr ffff888102b95f00 by task kunit_try_catch/192 [ 24.517199] [ 24.517448] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.517517] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.517530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.517552] Call Trace: [ 24.517610] <TASK> [ 24.517631] dump_stack_lvl+0x73/0xb0 [ 24.517665] print_report+0xd1/0x610 [ 24.517709] ? __virt_addr_valid+0x1db/0x2d0 [ 24.517736] ? kmalloc_big_oob_right+0x316/0x370 [ 24.517758] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.517803] ? kmalloc_big_oob_right+0x316/0x370 [ 24.517827] kasan_report+0x141/0x180 [ 24.517848] ? kmalloc_big_oob_right+0x316/0x370 [ 24.517874] __asan_report_store1_noabort+0x1b/0x30 [ 24.517898] kmalloc_big_oob_right+0x316/0x370 [ 24.517920] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 24.517943] ? __schedule+0x10cc/0x2b60 [ 24.517967] ? __pfx_read_tsc+0x10/0x10 [ 24.517989] ? ktime_get_ts64+0x86/0x230 [ 24.518016] kunit_try_run_case+0x1a5/0x480 [ 24.518039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.518059] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.518082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.518105] ? __kthread_parkme+0x82/0x180 [ 24.518126] ? preempt_count_sub+0x50/0x80 [ 24.518149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.518170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.518195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.518220] kthread+0x337/0x6f0 [ 24.518239] ? trace_preempt_on+0x20/0xc0 [ 24.518263] ? __pfx_kthread+0x10/0x10 [ 24.518283] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.518304] ? calculate_sigpending+0x7b/0xa0 [ 24.518329] ? __pfx_kthread+0x10/0x10 [ 24.518350] ret_from_fork+0x116/0x1d0 [ 24.518369] ? __pfx_kthread+0x10/0x10 [ 24.518389] ret_from_fork_asm+0x1a/0x30 [ 24.518421] </TASK> [ 24.518433] [ 24.530390] Allocated by task 192: [ 24.530650] kasan_save_stack+0x45/0x70 [ 24.530990] kasan_save_track+0x18/0x40 [ 24.531134] kasan_save_alloc_info+0x3b/0x50 [ 24.531280] __kasan_kmalloc+0xb7/0xc0 [ 24.531407] __kmalloc_cache_noprof+0x189/0x420 [ 24.531573] kmalloc_big_oob_right+0xa9/0x370 [ 24.531730] kunit_try_run_case+0x1a5/0x480 [ 24.531873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.532101] kthread+0x337/0x6f0 [ 24.532262] ret_from_fork+0x116/0x1d0 [ 24.532440] ret_from_fork_asm+0x1a/0x30 [ 24.532617] [ 24.532711] The buggy address belongs to the object at ffff888102b94000 [ 24.532711] which belongs to the cache kmalloc-8k of size 8192 [ 24.533168] The buggy address is located 0 bytes to the right of [ 24.533168] allocated 7936-byte region [ffff888102b94000, ffff888102b95f00) [ 24.533868] [ 24.533971] The buggy address belongs to the physical page: [ 24.534242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b90 [ 24.534621] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.534945] flags: 0x200000000000040(head|node=0|zone=2) [ 24.535204] page_type: f5(slab) [ 24.535449] raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 24.535782] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.536095] head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 24.536460] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.536879] head: 0200000000000003 ffffea00040ae401 00000000ffffffff 00000000ffffffff [ 24.537135] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.537526] page dumped because: kasan: bad access detected [ 24.537867] [ 24.537977] Memory state around the buggy address: [ 24.538171] ffff888102b95e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.538533] ffff888102b95e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.538912] >ffff888102b95f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.539234] ^ [ 24.539394] ffff888102b95f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.539749] ffff888102b96000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.540081] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 24.461180] ================================================================== [ 24.461574] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.461892] Write of size 1 at addr ffff88810583a478 by task kunit_try_catch/190 [ 24.462115] [ 24.462202] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.462251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.462263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.462285] Call Trace: [ 24.462297] <TASK> [ 24.462315] dump_stack_lvl+0x73/0xb0 [ 24.462343] print_report+0xd1/0x610 [ 24.462367] ? __virt_addr_valid+0x1db/0x2d0 [ 24.462391] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.462415] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.462440] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.462463] kasan_report+0x141/0x180 [ 24.462484] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.462511] __asan_report_store1_noabort+0x1b/0x30 [ 24.462534] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.462557] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.462581] ? __schedule+0x10cc/0x2b60 [ 24.462603] ? __pfx_read_tsc+0x10/0x10 [ 24.462624] ? ktime_get_ts64+0x86/0x230 [ 24.462648] kunit_try_run_case+0x1a5/0x480 [ 24.462669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.462688] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.462734] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.462756] ? __kthread_parkme+0x82/0x180 [ 24.462776] ? preempt_count_sub+0x50/0x80 [ 24.462798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.462819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.462842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.462866] kthread+0x337/0x6f0 [ 24.462885] ? trace_preempt_on+0x20/0xc0 [ 24.462924] ? __pfx_kthread+0x10/0x10 [ 24.462946] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.462967] ? calculate_sigpending+0x7b/0xa0 [ 24.462990] ? __pfx_kthread+0x10/0x10 [ 24.463011] ret_from_fork+0x116/0x1d0 [ 24.463030] ? __pfx_kthread+0x10/0x10 [ 24.463050] ret_from_fork_asm+0x1a/0x30 [ 24.463080] </TASK> [ 24.463092] [ 24.474267] Allocated by task 190: [ 24.474574] kasan_save_stack+0x45/0x70 [ 24.474994] kasan_save_track+0x18/0x40 [ 24.475180] kasan_save_alloc_info+0x3b/0x50 [ 24.475362] __kasan_kmalloc+0xb7/0xc0 [ 24.475873] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.476303] kmalloc_track_caller_oob_right+0x99/0x520 [ 24.476725] kunit_try_run_case+0x1a5/0x480 [ 24.477056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.477295] kthread+0x337/0x6f0 [ 24.477446] ret_from_fork+0x116/0x1d0 [ 24.477959] ret_from_fork_asm+0x1a/0x30 [ 24.478273] [ 24.478496] The buggy address belongs to the object at ffff88810583a400 [ 24.478496] which belongs to the cache kmalloc-128 of size 128 [ 24.479348] The buggy address is located 0 bytes to the right of [ 24.479348] allocated 120-byte region [ffff88810583a400, ffff88810583a478) [ 24.480398] [ 24.480667] The buggy address belongs to the physical page: [ 24.481003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a [ 24.481316] flags: 0x200000000000000(node=0|zone=2) [ 24.481796] page_type: f5(slab) [ 24.482104] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.482956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.483348] page dumped because: kasan: bad access detected [ 24.483854] [ 24.483935] Memory state around the buggy address: [ 24.484363] ffff88810583a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.484818] ffff88810583a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.485122] >ffff88810583a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.485425] ^ [ 24.486109] ffff88810583a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.486606] ffff88810583a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.487354] ================================================================== [ 24.489266] ================================================================== [ 24.489695] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.490017] Write of size 1 at addr ffff88810583a578 by task kunit_try_catch/190 [ 24.490569] [ 24.490680] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.490742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.490754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.490785] Call Trace: [ 24.490797] <TASK> [ 24.490815] dump_stack_lvl+0x73/0xb0 [ 24.490845] print_report+0xd1/0x610 [ 24.490868] ? __virt_addr_valid+0x1db/0x2d0 [ 24.490892] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.490917] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.490942] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.490967] kasan_report+0x141/0x180 [ 24.490988] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.491016] __asan_report_store1_noabort+0x1b/0x30 [ 24.491040] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.491064] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.491089] ? __schedule+0x10cc/0x2b60 [ 24.491112] ? __pfx_read_tsc+0x10/0x10 [ 24.491132] ? ktime_get_ts64+0x86/0x230 [ 24.491157] kunit_try_run_case+0x1a5/0x480 [ 24.491179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.491198] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.491221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.491244] ? __kthread_parkme+0x82/0x180 [ 24.491265] ? preempt_count_sub+0x50/0x80 [ 24.491288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.491309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.491333] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.491358] kthread+0x337/0x6f0 [ 24.491379] ? trace_preempt_on+0x20/0xc0 [ 24.491402] ? __pfx_kthread+0x10/0x10 [ 24.491424] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.491445] ? calculate_sigpending+0x7b/0xa0 [ 24.491469] ? __pfx_kthread+0x10/0x10 [ 24.491490] ret_from_fork+0x116/0x1d0 [ 24.491533] ? __pfx_kthread+0x10/0x10 [ 24.491554] ret_from_fork_asm+0x1a/0x30 [ 24.491584] </TASK> [ 24.491595] [ 24.500726] Allocated by task 190: [ 24.501167] kasan_save_stack+0x45/0x70 [ 24.501443] kasan_save_track+0x18/0x40 [ 24.501694] kasan_save_alloc_info+0x3b/0x50 [ 24.502082] __kasan_kmalloc+0xb7/0xc0 [ 24.502348] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.502607] kmalloc_track_caller_oob_right+0x19a/0x520 [ 24.503290] kunit_try_run_case+0x1a5/0x480 [ 24.503511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.503762] kthread+0x337/0x6f0 [ 24.504114] ret_from_fork+0x116/0x1d0 [ 24.504304] ret_from_fork_asm+0x1a/0x30 [ 24.504488] [ 24.504730] The buggy address belongs to the object at ffff88810583a500 [ 24.504730] which belongs to the cache kmalloc-128 of size 128 [ 24.505216] The buggy address is located 0 bytes to the right of [ 24.505216] allocated 120-byte region [ffff88810583a500, ffff88810583a578) [ 24.506017] [ 24.506173] The buggy address belongs to the physical page: [ 24.506401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583a [ 24.506939] flags: 0x200000000000000(node=0|zone=2) [ 24.507282] page_type: f5(slab) [ 24.507459] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.508147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.508429] page dumped because: kasan: bad access detected [ 24.508674] [ 24.508841] Memory state around the buggy address: [ 24.509332] ffff88810583a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.509728] ffff88810583a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.510160] >ffff88810583a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.510444] ^ [ 24.511026] ffff88810583a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.511411] ffff88810583a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.511927] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 24.419246] ================================================================== [ 24.419655] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 24.419927] Read of size 1 at addr ffff888106039000 by task kunit_try_catch/188 [ 24.420146] [ 24.420244] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.420295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.420306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.420330] Call Trace: [ 24.420344] <TASK> [ 24.420364] dump_stack_lvl+0x73/0xb0 [ 24.420394] print_report+0xd1/0x610 [ 24.420417] ? __virt_addr_valid+0x1db/0x2d0 [ 24.420441] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.420462] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.420487] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.420510] kasan_report+0x141/0x180 [ 24.420531] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.420557] __asan_report_load1_noabort+0x18/0x20 [ 24.420580] kmalloc_node_oob_right+0x369/0x3c0 [ 24.420602] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 24.420626] ? __schedule+0x10cc/0x2b60 [ 24.420648] ? __pfx_read_tsc+0x10/0x10 [ 24.420670] ? ktime_get_ts64+0x86/0x230 [ 24.420695] kunit_try_run_case+0x1a5/0x480 [ 24.421096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.421119] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.421400] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.421425] ? __kthread_parkme+0x82/0x180 [ 24.421446] ? preempt_count_sub+0x50/0x80 [ 24.421470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.421512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.421538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.421564] kthread+0x337/0x6f0 [ 24.421583] ? trace_preempt_on+0x20/0xc0 [ 24.421608] ? __pfx_kthread+0x10/0x10 [ 24.421629] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.421650] ? calculate_sigpending+0x7b/0xa0 [ 24.421674] ? __pfx_kthread+0x10/0x10 [ 24.421695] ret_from_fork+0x116/0x1d0 [ 24.421723] ? __pfx_kthread+0x10/0x10 [ 24.421743] ret_from_fork_asm+0x1a/0x30 [ 24.421792] </TASK> [ 24.421805] [ 24.438660] Allocated by task 188: [ 24.439308] kasan_save_stack+0x45/0x70 [ 24.439877] kasan_save_track+0x18/0x40 [ 24.440524] kasan_save_alloc_info+0x3b/0x50 [ 24.441250] __kasan_kmalloc+0xb7/0xc0 [ 24.441742] __kmalloc_cache_node_noprof+0x188/0x420 [ 24.442242] kmalloc_node_oob_right+0xab/0x3c0 [ 24.442411] kunit_try_run_case+0x1a5/0x480 [ 24.442925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.443742] kthread+0x337/0x6f0 [ 24.444290] ret_from_fork+0x116/0x1d0 [ 24.444846] ret_from_fork_asm+0x1a/0x30 [ 24.445297] [ 24.445668] The buggy address belongs to the object at ffff888106038000 [ 24.445668] which belongs to the cache kmalloc-4k of size 4096 [ 24.446416] The buggy address is located 0 bytes to the right of [ 24.446416] allocated 4096-byte region [ffff888106038000, ffff888106039000) [ 24.447314] [ 24.447511] The buggy address belongs to the physical page: [ 24.448161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 24.449030] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.449415] flags: 0x200000000000040(head|node=0|zone=2) [ 24.450198] page_type: f5(slab) [ 24.450519] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 24.451059] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.451320] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 24.451582] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.452024] head: 0200000000000003 ffffea0004180e01 00000000ffffffff 00000000ffffffff [ 24.452337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.452689] page dumped because: kasan: bad access detected [ 24.452915] [ 24.453086] Memory state around the buggy address: [ 24.453302] ffff888106038f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.453583] ffff888106038f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.453971] >ffff888106039000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.454276] ^ [ 24.454422] ffff888106039080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.454739] ffff888106039100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.455040] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 24.385869] ================================================================== [ 24.386356] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 24.386618] Read of size 1 at addr ffff888103cd651f by task kunit_try_catch/186 [ 24.389360] [ 24.389482] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.389536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.389691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.389734] Call Trace: [ 24.389750] <TASK> [ 24.389769] dump_stack_lvl+0x73/0xb0 [ 24.389805] print_report+0xd1/0x610 [ 24.389830] ? __virt_addr_valid+0x1db/0x2d0 [ 24.389855] ? kmalloc_oob_left+0x361/0x3c0 [ 24.389875] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.389901] ? kmalloc_oob_left+0x361/0x3c0 [ 24.389922] kasan_report+0x141/0x180 [ 24.389943] ? kmalloc_oob_left+0x361/0x3c0 [ 24.389968] __asan_report_load1_noabort+0x18/0x20 [ 24.389991] kmalloc_oob_left+0x361/0x3c0 [ 24.390012] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 24.390033] ? __schedule+0x10cc/0x2b60 [ 24.390056] ? __pfx_read_tsc+0x10/0x10 [ 24.390077] ? ktime_get_ts64+0x86/0x230 [ 24.390101] kunit_try_run_case+0x1a5/0x480 [ 24.390123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.390143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.390165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.390187] ? __kthread_parkme+0x82/0x180 [ 24.390208] ? preempt_count_sub+0x50/0x80 [ 24.390231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.390252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.390276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.390300] kthread+0x337/0x6f0 [ 24.390319] ? trace_preempt_on+0x20/0xc0 [ 24.390343] ? __pfx_kthread+0x10/0x10 [ 24.390364] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.390384] ? calculate_sigpending+0x7b/0xa0 [ 24.390408] ? __pfx_kthread+0x10/0x10 [ 24.390429] ret_from_fork+0x116/0x1d0 [ 24.390447] ? __pfx_kthread+0x10/0x10 [ 24.390467] ret_from_fork_asm+0x1a/0x30 [ 24.390498] </TASK> [ 24.390510] [ 24.400215] Allocated by task 116: [ 24.400370] kasan_save_stack+0x45/0x70 [ 24.400709] kasan_save_track+0x18/0x40 [ 24.400915] kasan_save_alloc_info+0x3b/0x50 [ 24.401388] __kasan_kmalloc+0xb7/0xc0 [ 24.401570] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.402039] kvasprintf+0xc5/0x150 [ 24.402307] kasprintf+0xb6/0xf0 [ 24.402439] miscdev_test_can_open+0x9a/0x2e0 [ 24.402876] miscdev_test_collision+0x374/0x700 [ 24.403085] kunit_try_run_case+0x1a5/0x480 [ 24.403394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.403791] kthread+0x337/0x6f0 [ 24.404162] ret_from_fork+0x116/0x1d0 [ 24.404309] ret_from_fork_asm+0x1a/0x30 [ 24.404507] [ 24.404878] Freed by task 116: [ 24.405059] kasan_save_stack+0x45/0x70 [ 24.405356] kasan_save_track+0x18/0x40 [ 24.405615] kasan_save_free_info+0x3f/0x60 [ 24.405900] __kasan_slab_free+0x56/0x70 [ 24.406144] kfree+0x222/0x3f0 [ 24.406300] miscdev_test_can_open+0x12c/0x2e0 [ 24.406748] miscdev_test_collision+0x374/0x700 [ 24.407084] kunit_try_run_case+0x1a5/0x480 [ 24.407254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.407729] kthread+0x337/0x6f0 [ 24.408001] ret_from_fork+0x116/0x1d0 [ 24.408150] ret_from_fork_asm+0x1a/0x30 [ 24.408433] [ 24.408515] The buggy address belongs to the object at ffff888103cd6500 [ 24.408515] which belongs to the cache kmalloc-16 of size 16 [ 24.409386] The buggy address is located 15 bytes to the right of [ 24.409386] allocated 16-byte region [ffff888103cd6500, ffff888103cd6510) [ 24.410274] [ 24.410361] The buggy address belongs to the physical page: [ 24.410728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cd6 [ 24.411337] flags: 0x200000000000000(node=0|zone=2) [ 24.411617] page_type: f5(slab) [ 24.411935] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.412352] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.412657] page dumped because: kasan: bad access detected [ 24.412905] [ 24.413213] Memory state around the buggy address: [ 24.413502] ffff888103cd6400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.413951] ffff888103cd6480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.414416] >ffff888103cd6500: fa fb fc fc 00 07 fc fc fa fb fc fc fa fb fc fc [ 24.414874] ^ [ 24.415026] ffff888103cd6580: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 24.415662] ffff888103cd6600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.415960] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 24.333554] ================================================================== [ 24.334117] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 24.334368] Write of size 1 at addr ffff888105182878 by task kunit_try_catch/184 [ 24.334650] [ 24.334770] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.334817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.334829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.334851] Call Trace: [ 24.334866] <TASK> [ 24.334884] dump_stack_lvl+0x73/0xb0 [ 24.334911] print_report+0xd1/0x610 [ 24.334933] ? __virt_addr_valid+0x1db/0x2d0 [ 24.335030] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.335053] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.335080] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.335101] kasan_report+0x141/0x180 [ 24.335123] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.335149] __asan_report_store1_noabort+0x1b/0x30 [ 24.335173] kmalloc_oob_right+0x6bd/0x7f0 [ 24.335195] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.335217] ? __schedule+0x10cc/0x2b60 [ 24.335238] ? irqentry_exit+0x2a/0x60 [ 24.335260] ? __pfx_read_tsc+0x10/0x10 [ 24.335281] ? ktime_get_ts64+0x86/0x230 [ 24.335306] kunit_try_run_case+0x1a5/0x480 [ 24.335328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.335349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.335371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.335394] ? __kthread_parkme+0x82/0x180 [ 24.335414] ? preempt_count_sub+0x50/0x80 [ 24.335437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.335459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.335483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.335518] kthread+0x337/0x6f0 [ 24.335537] ? trace_preempt_on+0x20/0xc0 [ 24.335561] ? __pfx_kthread+0x10/0x10 [ 24.335582] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.335603] ? calculate_sigpending+0x7b/0xa0 [ 24.335627] ? __pfx_kthread+0x10/0x10 [ 24.335648] ret_from_fork+0x116/0x1d0 [ 24.335667] ? __pfx_kthread+0x10/0x10 [ 24.335688] ret_from_fork_asm+0x1a/0x30 [ 24.335728] </TASK> [ 24.335739] [ 24.346187] Allocated by task 184: [ 24.346324] kasan_save_stack+0x45/0x70 [ 24.346473] kasan_save_track+0x18/0x40 [ 24.347540] kasan_save_alloc_info+0x3b/0x50 [ 24.348046] __kasan_kmalloc+0xb7/0xc0 [ 24.348534] __kmalloc_cache_noprof+0x189/0x420 [ 24.348970] kmalloc_oob_right+0xa9/0x7f0 [ 24.349403] kunit_try_run_case+0x1a5/0x480 [ 24.349570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.349769] kthread+0x337/0x6f0 [ 24.350093] ret_from_fork+0x116/0x1d0 [ 24.350512] ret_from_fork_asm+0x1a/0x30 [ 24.350955] [ 24.351117] The buggy address belongs to the object at ffff888105182800 [ 24.351117] which belongs to the cache kmalloc-128 of size 128 [ 24.352214] The buggy address is located 5 bytes to the right of [ 24.352214] allocated 115-byte region [ffff888105182800, ffff888105182873) [ 24.352892] [ 24.353063] The buggy address belongs to the physical page: [ 24.353636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 24.354364] flags: 0x200000000000000(node=0|zone=2) [ 24.354637] page_type: f5(slab) [ 24.355032] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.355415] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.356194] page dumped because: kasan: bad access detected [ 24.356582] [ 24.356648] Memory state around the buggy address: [ 24.356810] ffff888105182700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.357062] ffff888105182780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.357424] >ffff888105182800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.357862] ^ [ 24.358512] ffff888105182880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.359095] ffff888105182900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.359310] ================================================================== [ 24.359851] ================================================================== [ 24.360208] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 24.360453] Read of size 1 at addr ffff888105182880 by task kunit_try_catch/184 [ 24.361132] [ 24.361239] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.361287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.361299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.361320] Call Trace: [ 24.361338] <TASK> [ 24.361354] dump_stack_lvl+0x73/0xb0 [ 24.361383] print_report+0xd1/0x610 [ 24.361439] ? __virt_addr_valid+0x1db/0x2d0 [ 24.361463] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.361483] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.361549] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.361592] kasan_report+0x141/0x180 [ 24.361613] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.361649] __asan_report_load1_noabort+0x18/0x20 [ 24.361672] kmalloc_oob_right+0x68a/0x7f0 [ 24.361693] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.361725] ? __schedule+0x10cc/0x2b60 [ 24.361747] ? irqentry_exit+0x2a/0x60 [ 24.361768] ? __pfx_read_tsc+0x10/0x10 [ 24.361842] ? ktime_get_ts64+0x86/0x230 [ 24.361899] kunit_try_run_case+0x1a5/0x480 [ 24.361921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.361941] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.361974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.361997] ? __kthread_parkme+0x82/0x180 [ 24.362017] ? preempt_count_sub+0x50/0x80 [ 24.362066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.362087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.362111] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.362146] kthread+0x337/0x6f0 [ 24.362167] ? trace_preempt_on+0x20/0xc0 [ 24.362189] ? __pfx_kthread+0x10/0x10 [ 24.362209] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.362230] ? calculate_sigpending+0x7b/0xa0 [ 24.362253] ? __pfx_kthread+0x10/0x10 [ 24.362274] ret_from_fork+0x116/0x1d0 [ 24.362292] ? __pfx_kthread+0x10/0x10 [ 24.362312] ret_from_fork_asm+0x1a/0x30 [ 24.362343] </TASK> [ 24.362354] [ 24.371339] Allocated by task 184: [ 24.371678] kasan_save_stack+0x45/0x70 [ 24.371988] kasan_save_track+0x18/0x40 [ 24.372218] kasan_save_alloc_info+0x3b/0x50 [ 24.372410] __kasan_kmalloc+0xb7/0xc0 [ 24.372623] __kmalloc_cache_noprof+0x189/0x420 [ 24.372922] kmalloc_oob_right+0xa9/0x7f0 [ 24.373161] kunit_try_run_case+0x1a5/0x480 [ 24.373383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.373737] kthread+0x337/0x6f0 [ 24.373991] ret_from_fork+0x116/0x1d0 [ 24.374214] ret_from_fork_asm+0x1a/0x30 [ 24.374433] [ 24.374559] The buggy address belongs to the object at ffff888105182800 [ 24.374559] which belongs to the cache kmalloc-128 of size 128 [ 24.375318] The buggy address is located 13 bytes to the right of [ 24.375318] allocated 115-byte region [ffff888105182800, ffff888105182873) [ 24.376031] [ 24.376135] The buggy address belongs to the physical page: [ 24.376385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 24.376719] flags: 0x200000000000000(node=0|zone=2) [ 24.377067] page_type: f5(slab) [ 24.377278] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.377656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.378100] page dumped because: kasan: bad access detected [ 24.378378] [ 24.378463] Memory state around the buggy address: [ 24.378669] ffff888105182780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.379216] ffff888105182800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.379575] >ffff888105182880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.380005] ^ [ 24.380160] ffff888105182900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.380406] ffff888105182980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.380852] ================================================================== [ 24.301132] ================================================================== [ 24.302072] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 24.302726] Write of size 1 at addr ffff888105182873 by task kunit_try_catch/184 [ 24.303224] [ 24.304213] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 24.304552] Tainted: [N]=TEST [ 24.304585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.304826] Call Trace: [ 24.304899] <TASK> [ 24.305044] dump_stack_lvl+0x73/0xb0 [ 24.305133] print_report+0xd1/0x610 [ 24.305163] ? __virt_addr_valid+0x1db/0x2d0 [ 24.305190] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.305211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.305236] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.305257] kasan_report+0x141/0x180 [ 24.305279] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.305304] __asan_report_store1_noabort+0x1b/0x30 [ 24.305328] kmalloc_oob_right+0x6f0/0x7f0 [ 24.305350] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.305372] ? __schedule+0x10cc/0x2b60 [ 24.305396] ? irqentry_exit+0x2a/0x60 [ 24.305420] ? __pfx_read_tsc+0x10/0x10 [ 24.305443] ? ktime_get_ts64+0x86/0x230 [ 24.305470] kunit_try_run_case+0x1a5/0x480 [ 24.305502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.305522] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.305545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.305568] ? __kthread_parkme+0x82/0x180 [ 24.305590] ? preempt_count_sub+0x50/0x80 [ 24.305613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.305635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.305659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.305684] kthread+0x337/0x6f0 [ 24.305715] ? trace_preempt_on+0x20/0xc0 [ 24.305739] ? __pfx_kthread+0x10/0x10 [ 24.305761] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.305878] ? calculate_sigpending+0x7b/0xa0 [ 24.305907] ? __pfx_kthread+0x10/0x10 [ 24.305929] ret_from_fork+0x116/0x1d0 [ 24.305949] ? __pfx_kthread+0x10/0x10 [ 24.305969] ret_from_fork_asm+0x1a/0x30 [ 24.306035] </TASK> [ 24.306107] [ 24.316282] Allocated by task 184: [ 24.316974] kasan_save_stack+0x45/0x70 [ 24.317193] kasan_save_track+0x18/0x40 [ 24.317333] kasan_save_alloc_info+0x3b/0x50 [ 24.317657] __kasan_kmalloc+0xb7/0xc0 [ 24.317966] __kmalloc_cache_noprof+0x189/0x420 [ 24.318241] kmalloc_oob_right+0xa9/0x7f0 [ 24.318515] kunit_try_run_case+0x1a5/0x480 [ 24.318883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.319635] kthread+0x337/0x6f0 [ 24.319776] ret_from_fork+0x116/0x1d0 [ 24.320133] ret_from_fork_asm+0x1a/0x30 [ 24.320723] [ 24.320993] The buggy address belongs to the object at ffff888105182800 [ 24.320993] which belongs to the cache kmalloc-128 of size 128 [ 24.322005] The buggy address is located 0 bytes to the right of [ 24.322005] allocated 115-byte region [ffff888105182800, ffff888105182873) [ 24.323459] [ 24.323665] The buggy address belongs to the physical page: [ 24.324400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105182 [ 24.325568] flags: 0x200000000000000(node=0|zone=2) [ 24.326378] page_type: f5(slab) [ 24.327007] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.327730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.328605] page dumped because: kasan: bad access detected [ 24.328976] [ 24.329145] Memory state around the buggy address: [ 24.329990] ffff888105182700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.330370] ffff888105182780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.330637] >ffff888105182800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.330918] ^ [ 24.331542] ffff888105182880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.331771] ffff888105182900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.332086] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 198.432834] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2924 [ 198.433364] Modules linked in: [ 198.433540] CPU: 0 UID: 0 PID: 2924 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 198.434286] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.434559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.434969] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 198.435536] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 198.436432] RSP: 0000:ffff88810428fc78 EFLAGS: 00010286 [ 198.436717] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 198.437209] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff90e600bc [ 198.437509] RBP: ffff88810428fca0 R08: 0000000000000000 R09: ffffed1020c8ab00 [ 198.437837] R10: ffff888106455807 R11: 0000000000000000 R12: ffffffff90e600a8 [ 198.438293] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810428fd38 [ 198.438641] FS: 0000000000000000(0000) GS:ffff8881c821d000(0000) knlGS:0000000000000000 [ 198.438938] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.439220] CR2: 00007ffff7ffe000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 198.439635] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9502 [ 198.440028] DR3: ffffffff92ea9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.440345] Call Trace: [ 198.440502] <TASK> [ 198.440630] drm_test_rect_calc_vscale+0x108/0x270 [ 198.440851] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 198.441177] ? __schedule+0x10cc/0x2b60 [ 198.441365] ? __pfx_read_tsc+0x10/0x10 [ 198.441596] ? ktime_get_ts64+0x86/0x230 [ 198.441856] kunit_try_run_case+0x1a5/0x480 [ 198.442285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.442478] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.442699] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.442953] ? __kthread_parkme+0x82/0x180 [ 198.443274] ? preempt_count_sub+0x50/0x80 [ 198.443469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.443714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.444058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.444376] kthread+0x337/0x6f0 [ 198.444533] ? trace_preempt_on+0x20/0xc0 [ 198.444778] ? __pfx_kthread+0x10/0x10 [ 198.445020] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.445253] ? calculate_sigpending+0x7b/0xa0 [ 198.445477] ? __pfx_kthread+0x10/0x10 [ 198.445689] ret_from_fork+0x116/0x1d0 [ 198.446040] ? __pfx_kthread+0x10/0x10 [ 198.446232] ret_from_fork_asm+0x1a/0x30 [ 198.446383] </TASK> [ 198.446497] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 198.451349] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2926 [ 198.451827] Modules linked in: [ 198.452050] CPU: 0 UID: 0 PID: 2926 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 198.452529] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.452746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.453169] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 198.453360] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 198.454524] RSP: 0000:ffff888103eefc78 EFLAGS: 00010286 [ 198.455030] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 198.455341] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff90e600f4 [ 198.455638] RBP: ffff888103eefca0 R08: 0000000000000000 R09: ffffed1020c8ab20 [ 198.455938] R10: ffff888106455907 R11: 0000000000000000 R12: ffffffff90e600e0 [ 198.456291] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103eefd38 [ 198.456564] FS: 0000000000000000(0000) GS:ffff8881c821d000(0000) knlGS:0000000000000000 [ 198.456911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.457174] CR2: 00007ffff7ffe000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 198.457407] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9502 [ 198.457865] DR3: ffffffff92ea9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.458793] Call Trace: [ 198.458963] <TASK> [ 198.459084] drm_test_rect_calc_vscale+0x108/0x270 [ 198.459314] ? __kasan_check_write+0x18/0x20 [ 198.459504] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 198.459695] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 198.460007] ? __pfx_read_tsc+0x10/0x10 [ 198.460336] ? ktime_get_ts64+0x86/0x230 [ 198.460592] kunit_try_run_case+0x1a5/0x480 [ 198.460792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.461022] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 198.461226] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.461446] ? __kthread_parkme+0x82/0x180 [ 198.461676] ? preempt_count_sub+0x50/0x80 [ 198.461850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.462077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.462391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.462666] kthread+0x337/0x6f0 [ 198.462861] ? trace_preempt_on+0x20/0xc0 [ 198.463838] ? __pfx_kthread+0x10/0x10 [ 198.464133] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.464319] ? calculate_sigpending+0x7b/0xa0 [ 198.464521] ? __pfx_kthread+0x10/0x10 [ 198.464759] ret_from_fork+0x116/0x1d0 [ 198.464941] ? __pfx_kthread+0x10/0x10 [ 198.465143] ret_from_fork_asm+0x1a/0x30 [ 198.465333] </TASK> [ 198.465462] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 198.377541] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2912 [ 198.378134] Modules linked in: [ 198.378410] CPU: 0 UID: 0 PID: 2912 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 198.379143] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.379372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.380110] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 198.380424] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 4b 06 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 198.381485] RSP: 0000:ffff888104407c78 EFLAGS: 00010286 [ 198.381686] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 198.381949] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90e600c0 [ 198.382328] RBP: ffff888104407ca0 R08: 0000000000000000 R09: ffffed10216ea3c0 [ 198.382787] R10: ffff88810b751e07 R11: 0000000000000000 R12: ffffffff90e600a8 [ 198.383162] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888104407d38 [ 198.383455] FS: 0000000000000000(0000) GS:ffff8881c821d000(0000) knlGS:0000000000000000 [ 198.384099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.384373] CR2: 00007ffff7ffe000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 198.384672] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9502 [ 198.385371] DR3: ffffffff92ea9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.385726] Call Trace: [ 198.385921] <TASK> [ 198.386195] drm_test_rect_calc_hscale+0x108/0x270 [ 198.386397] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 198.386680] ? __schedule+0x10cc/0x2b60 [ 198.387027] ? __pfx_read_tsc+0x10/0x10 [ 198.387244] ? ktime_get_ts64+0x86/0x230 [ 198.387430] kunit_try_run_case+0x1a5/0x480 [ 198.387640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.388016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.388270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.388545] ? __kthread_parkme+0x82/0x180 [ 198.388821] ? preempt_count_sub+0x50/0x80 [ 198.389630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.389983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.390246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.390564] kthread+0x337/0x6f0 [ 198.390750] ? trace_preempt_on+0x20/0xc0 [ 198.391120] ? __pfx_kthread+0x10/0x10 [ 198.391291] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.391578] ? calculate_sigpending+0x7b/0xa0 [ 198.391924] ? __pfx_kthread+0x10/0x10 [ 198.392187] ret_from_fork+0x116/0x1d0 [ 198.392368] ? __pfx_kthread+0x10/0x10 [ 198.392548] ret_from_fork_asm+0x1a/0x30 [ 198.392751] </TASK> [ 198.393058] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 198.397418] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2914 [ 198.398104] Modules linked in: [ 198.398311] CPU: 0 UID: 0 PID: 2914 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 198.398812] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.399382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.399815] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 198.400014] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 4b 06 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 198.401163] RSP: 0000:ffff888103ebfc78 EFLAGS: 00010286 [ 198.401523] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 198.402221] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90e600f8 [ 198.402526] RBP: ffff888103ebfca0 R08: 0000000000000000 R09: ffffed10216ea3e0 [ 198.402798] R10: ffff88810b751f07 R11: 0000000000000000 R12: ffffffff90e600e0 [ 198.403009] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103ebfd38 [ 198.403221] FS: 0000000000000000(0000) GS:ffff8881c821d000(0000) knlGS:0000000000000000 [ 198.404152] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.404341] CR2: 00007ffff7ffe000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 198.404548] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9502 [ 198.404764] DR3: ffffffff92ea9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.404971] Call Trace: [ 198.405064] <TASK> [ 198.405155] drm_test_rect_calc_hscale+0x108/0x270 [ 198.405327] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 198.405499] ? __schedule+0x10cc/0x2b60 [ 198.405700] ? __pfx_read_tsc+0x10/0x10 [ 198.405858] ? ktime_get_ts64+0x86/0x230 [ 198.405999] kunit_try_run_case+0x1a5/0x480 [ 198.406223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.406377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.406530] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.406690] ? __kthread_parkme+0x82/0x180 [ 198.406845] ? preempt_count_sub+0x50/0x80 [ 198.406995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.408191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.408500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.408850] kthread+0x337/0x6f0 [ 198.409180] ? trace_preempt_on+0x20/0xc0 [ 198.409323] ? __pfx_kthread+0x10/0x10 [ 198.409508] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.409746] ? calculate_sigpending+0x7b/0xa0 [ 198.409957] ? __pfx_kthread+0x10/0x10 [ 198.410642] ret_from_fork+0x116/0x1d0 [ 198.410900] ? __pfx_kthread+0x10/0x10 [ 198.411036] ret_from_fork_asm+0x1a/0x30 [ 198.411179] </TASK> [ 198.411266] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 197.667477] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 197.667570] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2717 [ 197.668682] Modules linked in: [ 197.669037] CPU: 1 UID: 0 PID: 2717 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 197.669536] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.669821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.670243] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 197.670541] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 1d cf 81 00 48 c7 c1 e0 3f e1 90 4c 89 f2 48 c7 c7 00 3c e1 90 48 89 c6 e8 04 ef 71 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 197.671546] RSP: 0000:ffff888104647d18 EFLAGS: 00010286 [ 197.672059] RAX: 0000000000000000 RBX: ffff888108593400 RCX: 1ffffffff2364b70 [ 197.672350] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 197.672628] RBP: ffff888104647d48 R08: 0000000000000000 R09: fffffbfff2364b70 [ 197.673014] R10: 0000000000000003 R11: 000000000003b300 R12: ffff888104b12800 [ 197.673319] R13: ffff8881085934f8 R14: ffff88810c904d80 R15: ffff8881003c7b48 [ 197.673607] FS: 0000000000000000(0000) GS:ffff8881c831d000(0000) knlGS:0000000000000000 [ 197.674068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.674483] CR2: ffffffffffffffff CR3: 0000000123abc000 CR4: 00000000000006f0 [ 197.675036] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9503 [ 197.675662] DR3: ffffffff92ea9505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.676073] Call Trace: [ 197.676199] <TASK> [ 197.676333] ? trace_preempt_on+0x20/0xc0 [ 197.676579] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 197.676834] drm_gem_shmem_free_wrapper+0x12/0x20 [ 197.677167] __kunit_action_free+0x57/0x70 [ 197.677413] kunit_remove_resource+0x133/0x200 [ 197.677615] ? preempt_count_sub+0x50/0x80 [ 197.677797] kunit_cleanup+0x7a/0x120 [ 197.677980] kunit_try_run_case_cleanup+0xbd/0xf0 [ 197.678294] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 197.678894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.679352] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.679761] kthread+0x337/0x6f0 [ 197.680205] ? trace_preempt_on+0x20/0xc0 [ 197.680415] ? __pfx_kthread+0x10/0x10 [ 197.680696] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.681064] ? calculate_sigpending+0x7b/0xa0 [ 197.681400] ? __pfx_kthread+0x10/0x10 [ 197.681622] ret_from_fork+0x116/0x1d0 [ 197.682025] ? __pfx_kthread+0x10/0x10 [ 197.682255] ret_from_fork_asm+0x1a/0x30 [ 197.682583] </TASK> [ 197.682732] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 197.523124] WARNING: drivers/gpu/drm/drm_framebuffer.c:869 at drm_framebuffer_init+0x49/0x8d0, CPU#0: kunit_try_catch/2698 [ 197.523458] Modules linked in: [ 197.523829] CPU: 0 UID: 0 PID: 2698 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 197.525348] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.525963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.526921] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 197.527247] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 197.528739] RSP: 0000:ffff88810453fb20 EFLAGS: 00010246 [ 197.529200] RAX: ffff88810453fba8 RBX: ffff88810453fc28 RCX: 1ffff110208a7f8e [ 197.529412] RDX: dffffc0000000000 RSI: ffff888104a1e000 RDI: ffff888104a1e000 [ 197.529873] RBP: ffff88810453fb70 R08: ffff888104a1e000 R09: ffffffff90e03e00 [ 197.530736] R10: 0000000000000003 R11: 000000005df38536 R12: 1ffff110208a7f71 [ 197.531485] R13: ffff88810453fc70 R14: ffff88810453fdb8 R15: 0000000000000000 [ 197.532241] FS: 0000000000000000(0000) GS:ffff8881c821d000(0000) knlGS:0000000000000000 [ 197.532476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.532645] CR2: 00007ffff7ffe000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 197.533123] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9502 [ 197.533336] DR3: ffffffff92ea9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.533777] Call Trace: [ 197.534145] <TASK> [ 197.534404] ? trace_preempt_on+0x20/0xc0 [ 197.534942] ? add_dr+0xc1/0x1d0 [ 197.535302] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 197.535902] ? add_dr+0x148/0x1d0 [ 197.536362] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 197.536960] ? __drmm_add_action+0x1a4/0x280 [ 197.537314] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 197.537502] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 197.537684] ? __drmm_add_action_or_reset+0x22/0x50 [ 197.538165] ? __schedule+0x10cc/0x2b60 [ 197.538576] ? __pfx_read_tsc+0x10/0x10 [ 197.539080] ? ktime_get_ts64+0x86/0x230 [ 197.539495] kunit_try_run_case+0x1a5/0x480 [ 197.540017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.540382] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 197.540663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 197.541400] ? __kthread_parkme+0x82/0x180 [ 197.541866] ? preempt_count_sub+0x50/0x80 [ 197.542053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.542213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.542395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.542830] kthread+0x337/0x6f0 [ 197.543275] ? trace_preempt_on+0x20/0xc0 [ 197.544048] ? __pfx_kthread+0x10/0x10 [ 197.544421] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.544891] ? calculate_sigpending+0x7b/0xa0 [ 197.545416] ? __pfx_kthread+0x10/0x10 [ 197.545841] ret_from_fork+0x116/0x1d0 [ 197.546156] ? __pfx_kthread+0x10/0x10 [ 197.546440] ret_from_fork_asm+0x1a/0x30 [ 197.546617] </TASK> [ 197.546851] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 197.490278] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 197.490400] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2694 [ 197.491404] Modules linked in: [ 197.491558] CPU: 0 UID: 0 PID: 2694 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 197.492071] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.492319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.492980] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 197.493733] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 db 06 89 00 48 c7 c1 a0 e8 df 90 4c 89 fa 48 c7 c7 00 e9 df 90 48 89 c6 e8 c2 26 79 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 197.494903] RSP: 0000:ffff888104a4fb68 EFLAGS: 00010282 [ 197.495309] RAX: 0000000000000000 RBX: ffff888104a4fc40 RCX: 1ffffffff2364b70 [ 197.495770] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 197.496286] RBP: ffff888104a4fb90 R08: 0000000000000000 R09: fffffbfff2364b70 [ 197.496748] R10: 0000000000000003 R11: 0000000000039898 R12: ffff888104a4fc18 [ 197.497178] R13: ffff888104970800 R14: ffff888104a1c000 R15: ffff888107dd4380 [ 197.497472] FS: 0000000000000000(0000) GS:ffff8881c821d000(0000) knlGS:0000000000000000 [ 197.497781] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.498081] CR2: 00007ffff7ffe000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 197.498439] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9502 [ 197.498747] DR3: ffffffff92ea9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.499111] Call Trace: [ 197.499258] <TASK> [ 197.499372] drm_test_framebuffer_free+0x1ab/0x610 [ 197.500082] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 197.500422] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 197.500917] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 197.501306] ? __drmm_add_action_or_reset+0x22/0x50 [ 197.501721] ? __schedule+0x10cc/0x2b60 [ 197.502205] ? __pfx_read_tsc+0x10/0x10 [ 197.502500] ? ktime_get_ts64+0x86/0x230 [ 197.502718] kunit_try_run_case+0x1a5/0x480 [ 197.502934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.503349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 197.503547] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 197.504012] ? __kthread_parkme+0x82/0x180 [ 197.504281] ? preempt_count_sub+0x50/0x80 [ 197.504482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.504776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.505076] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.505367] kthread+0x337/0x6f0 [ 197.505530] ? trace_preempt_on+0x20/0xc0 [ 197.505756] ? __pfx_kthread+0x10/0x10 [ 197.505979] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.506185] ? calculate_sigpending+0x7b/0xa0 [ 197.506403] ? __pfx_kthread+0x10/0x10 [ 197.506622] ret_from_fork+0x116/0x1d0 [ 197.506787] ? __pfx_kthread+0x10/0x10 [ 197.507019] ret_from_fork_asm+0x1a/0x30 [ 197.507214] </TASK> [ 197.507476] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 196.148444] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2134 [ 196.149274] Modules linked in: [ 196.149491] CPU: 0 UID: 0 PID: 2134 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 196.150072] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 196.150306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 196.150638] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 196.150893] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 12 5f 2a 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 00 5f 2a 02 48 89 df e8 68 [ 196.151810] RSP: 0000:ffff888105f67c90 EFLAGS: 00010246 [ 196.152066] RAX: dffffc0000000000 RBX: ffff888105fbe000 RCX: 0000000000000000 [ 196.152294] RDX: 1ffff11020bf7c34 RSI: ffffffff8e0045a8 RDI: ffff888105fbe1a0 [ 196.152642] RBP: ffff888105f67ca0 R08: 1ffff11020078f6a R09: ffffed1020becf65 [ 196.153066] R10: 0000000000000003 R11: ffffffff8d582b28 R12: 0000000000000000 [ 196.153570] R13: ffff888105f67d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 196.153951] FS: 0000000000000000(0000) GS:ffff8881c821d000(0000) knlGS:0000000000000000 [ 196.154246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.154495] CR2: 00007ffff7ffe000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 196.154717] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9502 [ 196.154968] DR3: ffffffff92ea9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 196.155439] Call Trace: [ 196.155733] <TASK> [ 196.155994] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 196.156298] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 196.156587] ? __schedule+0x10cc/0x2b60 [ 196.156800] ? __pfx_read_tsc+0x10/0x10 [ 196.157221] ? ktime_get_ts64+0x86/0x230 [ 196.157452] kunit_try_run_case+0x1a5/0x480 [ 196.157691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.157884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 196.158129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 196.158467] ? __kthread_parkme+0x82/0x180 [ 196.158672] ? preempt_count_sub+0x50/0x80 [ 196.159008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.159235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.159488] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 196.159981] kthread+0x337/0x6f0 [ 196.160124] ? trace_preempt_on+0x20/0xc0 [ 196.160266] ? __pfx_kthread+0x10/0x10 [ 196.160397] ? _raw_spin_unlock_irq+0x47/0x80 [ 196.160539] ? calculate_sigpending+0x7b/0xa0 [ 196.161167] ? __pfx_kthread+0x10/0x10 [ 196.161366] ret_from_fork+0x116/0x1d0 [ 196.161544] ? __pfx_kthread+0x10/0x10 [ 196.161748] ret_from_fork_asm+0x1a/0x30 [ 196.161961] </TASK> [ 196.162202] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 196.221243] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2142 [ 196.222650] Modules linked in: [ 196.222938] CPU: 1 UID: 0 PID: 2142 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 196.223695] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 196.224101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 196.224554] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 196.225198] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 12 5f 2a 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 00 5f 2a 02 48 89 df e8 68 [ 196.226323] RSP: 0000:ffff888105e77c90 EFLAGS: 00010246 [ 196.226609] RAX: dffffc0000000000 RBX: ffff888105fca000 RCX: 0000000000000000 [ 196.227064] RDX: 1ffff11020bf9434 RSI: ffffffff8e0045a8 RDI: ffff888105fca1a0 [ 196.227583] RBP: ffff888105e77ca0 R08: 1ffff11020078f6a R09: ffffed1020bcef65 [ 196.228031] R10: 0000000000000003 R11: ffffffff8d582b28 R12: 0000000000000000 [ 196.228438] R13: ffff888105e77d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 196.229097] FS: 0000000000000000(0000) GS:ffff8881c831d000(0000) knlGS:0000000000000000 [ 196.229495] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.229916] CR2: ffffffffffffffff CR3: 0000000123abc000 CR4: 00000000000006f0 [ 196.230303] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9503 [ 196.230605] DR3: ffffffff92ea9505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 196.231021] Call Trace: [ 196.231280] <TASK> [ 196.231485] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 196.231764] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 196.232282] ? __schedule+0x10cc/0x2b60 [ 196.232463] ? __pfx_read_tsc+0x10/0x10 [ 196.232774] ? ktime_get_ts64+0x86/0x230 [ 196.233048] kunit_try_run_case+0x1a5/0x480 [ 196.233227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.233457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 196.233750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 196.233933] ? __kthread_parkme+0x82/0x180 [ 196.234470] ? preempt_count_sub+0x50/0x80 [ 196.234658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.235319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.235547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 196.236030] kthread+0x337/0x6f0 [ 196.236213] ? trace_preempt_on+0x20/0xc0 [ 196.236494] ? __pfx_kthread+0x10/0x10 [ 196.236765] ? _raw_spin_unlock_irq+0x47/0x80 [ 196.237121] ? calculate_sigpending+0x7b/0xa0 [ 196.237347] ? __pfx_kthread+0x10/0x10 [ 196.237684] ret_from_fork+0x116/0x1d0 [ 196.237855] ? __pfx_kthread+0x10/0x10 [ 196.238234] ret_from_fork_asm+0x1a/0x30 [ 196.238438] </TASK> [ 196.238650] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 125.308445] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#1: kunit_try_catch/706 [ 125.308892] Modules linked in: [ 125.309343] CPU: 1 UID: 0 PID: 706 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 125.310191] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 125.310835] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 125.311715] RIP: 0010:intlog10+0x2a/0x40 [ 125.312280] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 d7 18 90 02 90 <0f> 0b 90 31 c0 e9 cc 18 90 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 125.313754] RSP: 0000:ffff888102de7cb0 EFLAGS: 00010246 [ 125.314518] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff110205bcfb4 [ 125.315094] RDX: 1ffffffff21931d0 RSI: 1ffff110205bcfb3 RDI: 0000000000000000 [ 125.315314] RBP: ffff888102de7d60 R08: 0000000000000000 R09: ffffed1021681460 [ 125.315624] R10: ffff88810b40a307 R11: 0000000000000000 R12: 1ffff110205bcf97 [ 125.316460] R13: ffffffff90c98e80 R14: 0000000000000000 R15: ffff888102de7d38 [ 125.317387] FS: 0000000000000000(0000) GS:ffff8881c831d000(0000) knlGS:0000000000000000 [ 125.318511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.319044] CR2: dffffc0000000000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 125.319681] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9503 [ 125.320708] DR3: ffffffff92ea9505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 125.321173] Call Trace: [ 125.321451] <TASK> [ 125.321740] ? intlog10_test+0xf2/0x220 [ 125.322276] ? __pfx_intlog10_test+0x10/0x10 [ 125.322455] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 125.322625] ? trace_hardirqs_on+0x37/0xe0 [ 125.322839] ? __pfx_read_tsc+0x10/0x10 [ 125.323248] ? ktime_get_ts64+0x86/0x230 [ 125.323627] kunit_try_run_case+0x1a5/0x480 [ 125.324186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.324657] ? queued_spin_lock_slowpath+0x116/0xb40 [ 125.325202] ? __kthread_parkme+0x82/0x180 [ 125.325600] ? preempt_count_sub+0x50/0x80 [ 125.325755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.325948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 125.326128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 125.326311] kthread+0x337/0x6f0 [ 125.326427] ? trace_preempt_on+0x20/0xc0 [ 125.326603] ? __pfx_kthread+0x10/0x10 [ 125.326989] ? _raw_spin_unlock_irq+0x47/0x80 [ 125.327271] ? calculate_sigpending+0x7b/0xa0 [ 125.327419] ? __pfx_kthread+0x10/0x10 [ 125.327572] ret_from_fork+0x116/0x1d0 [ 125.327738] ? __pfx_kthread+0x10/0x10 [ 125.328176] ret_from_fork_asm+0x1a/0x30 [ 125.328559] </TASK> [ 125.328778] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 125.268100] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/688 [ 125.269010] Modules linked in: [ 125.269193] CPU: 1 UID: 0 PID: 688 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) [ 125.269571] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 125.270341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 125.270990] RIP: 0010:intlog2+0xdf/0x110 [ 125.271348] Code: c9 90 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 42 19 90 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 2f bf 55 ff 8b 45 e4 eb [ 125.272461] RSP: 0000:ffff888102de7cb0 EFLAGS: 00010246 [ 125.272723] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff110205bcfb4 [ 125.273084] RDX: 1ffffffff2193224 RSI: 1ffff110205bcfb3 RDI: 0000000000000000 [ 125.273384] RBP: ffff888102de7d60 R08: 0000000000000000 R09: ffffed1020170ae0 [ 125.274031] R10: ffff888100b85707 R11: 0000000000000000 R12: 1ffff110205bcf97 [ 125.274442] R13: ffffffff90c99120 R14: 0000000000000000 R15: ffff888102de7d38 [ 125.274962] FS: 0000000000000000(0000) GS:ffff8881c831d000(0000) knlGS:0000000000000000 [ 125.275442] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.276131] CR2: dffffc0000000000 CR3: 0000000123abc000 CR4: 00000000000006f0 [ 125.276447] DR0: ffffffff92ea9500 DR1: ffffffff92ea9501 DR2: ffffffff92ea9503 [ 125.276920] DR3: ffffffff92ea9505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 125.277429] Call Trace: [ 125.277779] <TASK> [ 125.278097] ? intlog2_test+0xf2/0x220 [ 125.278348] ? __pfx_intlog2_test+0x10/0x10 [ 125.278676] ? __schedule+0x10cc/0x2b60 [ 125.279117] ? __pfx_read_tsc+0x10/0x10 [ 125.279319] ? ktime_get_ts64+0x86/0x230 [ 125.279524] kunit_try_run_case+0x1a5/0x480 [ 125.280080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.280409] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 125.280843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 125.281075] ? __kthread_parkme+0x82/0x180 [ 125.281359] ? preempt_count_sub+0x50/0x80 [ 125.281686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.282205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 125.282470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 125.282810] kthread+0x337/0x6f0 [ 125.283034] ? trace_preempt_on+0x20/0xc0 [ 125.283277] ? __pfx_kthread+0x10/0x10 [ 125.283449] ? _raw_spin_unlock_irq+0x47/0x80 [ 125.283637] ? calculate_sigpending+0x7b/0xa0 [ 125.283969] ? __pfx_kthread+0x10/0x10 [ 125.284237] ret_from_fork+0x116/0x1d0 [ 125.284463] ? __pfx_kthread+0x10/0x10 [ 125.284895] ret_from_fork_asm+0x1a/0x30 [ 125.285108] </TASK> [ 125.285258] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 124.644551] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI