Date
July 11, 2025, 10:11 a.m.
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 60.680294] ================================================================== [ 60.680692] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 60.680692] [ 60.681087] Use-after-free read at 0x(____ptrval____) (in kfence-#159): [ 60.681855] test_krealloc+0x6fc/0xbe0 [ 60.682058] kunit_try_run_case+0x1a5/0x480 [ 60.682481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.682694] kthread+0x337/0x6f0 [ 60.682886] ret_from_fork+0x116/0x1d0 [ 60.683067] ret_from_fork_asm+0x1a/0x30 [ 60.683248] [ 60.683328] kfence-#159: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 60.683328] [ 60.684070] allocated by task 387 on cpu 0 at 60.679698s (0.004369s ago): [ 60.684571] test_alloc+0x364/0x10f0 [ 60.684862] test_krealloc+0xad/0xbe0 [ 60.685154] kunit_try_run_case+0x1a5/0x480 [ 60.685357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.685824] kthread+0x337/0x6f0 [ 60.686096] ret_from_fork+0x116/0x1d0 [ 60.686285] ret_from_fork_asm+0x1a/0x30 [ 60.686644] [ 60.686795] freed by task 387 on cpu 0 at 60.679927s (0.006846s ago): [ 60.687229] krealloc_noprof+0x108/0x340 [ 60.687511] test_krealloc+0x226/0xbe0 [ 60.687667] kunit_try_run_case+0x1a5/0x480 [ 60.687959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.688329] kthread+0x337/0x6f0 [ 60.688615] ret_from_fork+0x116/0x1d0 [ 60.688846] ret_from_fork_asm+0x1a/0x30 [ 60.689164] [ 60.689301] CPU: 0 UID: 0 PID: 387 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 60.689939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.690142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.690702] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 60.589018] ================================================================== [ 60.589601] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.589601] [ 60.590442] Use-after-free read at 0x(____ptrval____) (in kfence-#158): [ 60.590670] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.590936] kunit_try_run_case+0x1a5/0x480 [ 60.591144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.591379] kthread+0x337/0x6f0 [ 60.591518] ret_from_fork+0x116/0x1d0 [ 60.591710] ret_from_fork_asm+0x1a/0x30 [ 60.591903] [ 60.591978] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 60.591978] [ 60.592350] allocated by task 385 on cpu 0 at 60.575849s (0.016499s ago): [ 60.592786] test_alloc+0x2a6/0x10f0 [ 60.592941] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 60.593157] kunit_try_run_case+0x1a5/0x480 [ 60.593361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.593640] kthread+0x337/0x6f0 [ 60.593812] ret_from_fork+0x116/0x1d0 [ 60.593952] ret_from_fork_asm+0x1a/0x30 [ 60.594145] [ 60.594237] freed by task 385 on cpu 0 at 60.575979s (0.018255s ago): [ 60.594519] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 60.594740] kunit_try_run_case+0x1a5/0x480 [ 60.594936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.595180] kthread+0x337/0x6f0 [ 60.595348] ret_from_fork+0x116/0x1d0 [ 60.595499] ret_from_fork_asm+0x1a/0x30 [ 60.595634] [ 60.595741] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 60.596210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.596413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.596866] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 35.209963] ================================================================== [ 35.210661] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 35.210661] [ 35.211182] Invalid read at 0x(____ptrval____): [ 35.212018] test_invalid_access+0xf0/0x210 [ 35.212432] kunit_try_run_case+0x1a5/0x480 [ 35.212697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.213033] kthread+0x337/0x6f0 [ 35.213173] ret_from_fork+0x116/0x1d0 [ 35.213644] ret_from_fork_asm+0x1a/0x30 [ 35.214116] [ 35.214217] CPU: 0 UID: 0 PID: 381 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 35.214869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.215081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.215636] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 34.991860] ================================================================== [ 34.992235] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.992235] [ 34.992614] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#154): [ 34.993231] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.993891] kunit_try_run_case+0x1a5/0x480 [ 34.994256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.994597] kthread+0x337/0x6f0 [ 34.994762] ret_from_fork+0x116/0x1d0 [ 34.995070] ret_from_fork_asm+0x1a/0x30 [ 34.995253] [ 34.995346] kfence-#154: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 34.995346] [ 34.995999] allocated by task 375 on cpu 1 at 34.991595s (0.004402s ago): [ 34.996229] test_alloc+0x364/0x10f0 [ 34.996365] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 34.996975] kunit_try_run_case+0x1a5/0x480 [ 34.997160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.997379] kthread+0x337/0x6f0 [ 34.997588] ret_from_fork+0x116/0x1d0 [ 34.997981] ret_from_fork_asm+0x1a/0x30 [ 34.998171] [ 34.998247] freed by task 375 on cpu 1 at 34.991722s (0.006522s ago): [ 34.998570] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 34.999002] kunit_try_run_case+0x1a5/0x480 [ 34.999247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.999467] kthread+0x337/0x6f0 [ 34.999704] ret_from_fork+0x116/0x1d0 [ 34.999874] ret_from_fork_asm+0x1a/0x30 [ 35.000075] [ 35.000171] CPU: 1 UID: 0 PID: 375 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 35.000996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.001181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.001752] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 34.887857] ================================================================== [ 34.888246] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.888246] [ 34.888681] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#153): [ 34.889388] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 34.889615] kunit_try_run_case+0x1a5/0x480 [ 34.890072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.890316] kthread+0x337/0x6f0 [ 34.890597] ret_from_fork+0x116/0x1d0 [ 34.890763] ret_from_fork_asm+0x1a/0x30 [ 34.890965] [ 34.891052] kfence-#153: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 34.891052] [ 34.891716] allocated by task 373 on cpu 1 at 34.887606s (0.004107s ago): [ 34.892010] test_alloc+0x364/0x10f0 [ 34.892330] test_kmalloc_aligned_oob_read+0x105/0x560 [ 34.892646] kunit_try_run_case+0x1a5/0x480 [ 34.892924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.893224] kthread+0x337/0x6f0 [ 34.893356] ret_from_fork+0x116/0x1d0 [ 34.893573] ret_from_fork_asm+0x1a/0x30 [ 34.893771] [ 34.893878] CPU: 1 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 34.894385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 34.894871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.895343] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 30.727693] ================================================================== [ 30.728084] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 30.728084] [ 30.728570] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#113): [ 30.728915] test_corruption+0x216/0x3e0 [ 30.729075] kunit_try_run_case+0x1a5/0x480 [ 30.729282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.729521] kthread+0x337/0x6f0 [ 30.729644] ret_from_fork+0x116/0x1d0 [ 30.729838] ret_from_fork_asm+0x1a/0x30 [ 30.730038] [ 30.730128] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.730128] [ 30.730503] allocated by task 363 on cpu 0 at 30.727568s (0.002933s ago): [ 30.730819] test_alloc+0x2a6/0x10f0 [ 30.730999] test_corruption+0x1cb/0x3e0 [ 30.731163] kunit_try_run_case+0x1a5/0x480 [ 30.731312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.731481] kthread+0x337/0x6f0 [ 30.731763] ret_from_fork+0x116/0x1d0 [ 30.731951] ret_from_fork_asm+0x1a/0x30 [ 30.732163] [ 30.732230] freed by task 363 on cpu 0 at 30.727611s (0.004617s ago): [ 30.732442] test_corruption+0x216/0x3e0 [ 30.732773] kunit_try_run_case+0x1a5/0x480 [ 30.732948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.733136] kthread+0x337/0x6f0 [ 30.733301] ret_from_fork+0x116/0x1d0 [ 30.733554] ret_from_fork_asm+0x1a/0x30 [ 30.733725] [ 30.733824] CPU: 0 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 30.734297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.734575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.734914] ================================================================== [ 30.311652] ================================================================== [ 30.312043] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 30.312043] [ 30.312356] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#109): [ 30.312982] test_corruption+0x131/0x3e0 [ 30.313181] kunit_try_run_case+0x1a5/0x480 [ 30.313390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.313581] kthread+0x337/0x6f0 [ 30.313761] ret_from_fork+0x116/0x1d0 [ 30.313949] ret_from_fork_asm+0x1a/0x30 [ 30.314126] [ 30.314193] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.314193] [ 30.314605] allocated by task 363 on cpu 0 at 30.311532s (0.003072s ago): [ 30.314830] test_alloc+0x2a6/0x10f0 [ 30.315084] test_corruption+0xe6/0x3e0 [ 30.315278] kunit_try_run_case+0x1a5/0x480 [ 30.315498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.315708] kthread+0x337/0x6f0 [ 30.315836] ret_from_fork+0x116/0x1d0 [ 30.316000] ret_from_fork_asm+0x1a/0x30 [ 30.316189] [ 30.316278] freed by task 363 on cpu 0 at 30.311575s (0.004701s ago): [ 30.316750] test_corruption+0x131/0x3e0 [ 30.316883] kunit_try_run_case+0x1a5/0x480 [ 30.317055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.317307] kthread+0x337/0x6f0 [ 30.317469] ret_from_fork+0x116/0x1d0 [ 30.317647] ret_from_fork_asm+0x1a/0x30 [ 30.317825] [ 30.317931] CPU: 0 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 30.318361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.318564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.318939] ================================================================== [ 30.207882] ================================================================== [ 30.208261] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 30.208261] [ 30.208671] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#108): [ 30.209090] test_corruption+0x2df/0x3e0 [ 30.209275] kunit_try_run_case+0x1a5/0x480 [ 30.209419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.209831] kthread+0x337/0x6f0 [ 30.210089] ret_from_fork+0x116/0x1d0 [ 30.210230] ret_from_fork_asm+0x1a/0x30 [ 30.210363] [ 30.210479] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.210479] [ 30.210872] allocated by task 361 on cpu 1 at 30.207621s (0.003249s ago): [ 30.211125] test_alloc+0x364/0x10f0 [ 30.211253] test_corruption+0x1cb/0x3e0 [ 30.211385] kunit_try_run_case+0x1a5/0x480 [ 30.211598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.211864] kthread+0x337/0x6f0 [ 30.212036] ret_from_fork+0x116/0x1d0 [ 30.212224] ret_from_fork_asm+0x1a/0x30 [ 30.212434] [ 30.212512] freed by task 361 on cpu 1 at 30.207703s (0.004807s ago): [ 30.212768] test_corruption+0x2df/0x3e0 [ 30.212898] kunit_try_run_case+0x1a5/0x480 [ 30.213060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.213303] kthread+0x337/0x6f0 [ 30.213462] ret_from_fork+0x116/0x1d0 [ 30.213710] ret_from_fork_asm+0x1a/0x30 [ 30.213909] [ 30.214024] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 30.214512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.214679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.214948] ================================================================== [ 29.999891] ================================================================== [ 30.000318] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 30.000318] [ 30.000668] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#106): [ 30.001388] test_corruption+0x2d2/0x3e0 [ 30.001616] kunit_try_run_case+0x1a5/0x480 [ 30.001802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.002015] kthread+0x337/0x6f0 [ 30.002138] ret_from_fork+0x116/0x1d0 [ 30.002325] ret_from_fork_asm+0x1a/0x30 [ 30.002532] [ 30.002636] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.002636] [ 30.003016] allocated by task 361 on cpu 1 at 29.999631s (0.003382s ago): [ 30.003284] test_alloc+0x364/0x10f0 [ 30.003515] test_corruption+0xe6/0x3e0 [ 30.003653] kunit_try_run_case+0x1a5/0x480 [ 30.003802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.004006] kthread+0x337/0x6f0 [ 30.004178] ret_from_fork+0x116/0x1d0 [ 30.004359] ret_from_fork_asm+0x1a/0x30 [ 30.004541] [ 30.004607] freed by task 361 on cpu 1 at 29.999714s (0.004891s ago): [ 30.004911] test_corruption+0x2d2/0x3e0 [ 30.005107] kunit_try_run_case+0x1a5/0x480 [ 30.005315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.005539] kthread+0x337/0x6f0 [ 30.005728] ret_from_fork+0x116/0x1d0 [ 30.005877] ret_from_fork_asm+0x1a/0x30 [ 30.006011] [ 30.006103] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 30.006615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.006830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.007161] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 29.791722] ================================================================== [ 29.792104] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 29.792104] [ 29.792373] Invalid free of 0x(____ptrval____) (in kfence-#104): [ 29.792935] test_invalid_addr_free+0x1e1/0x260 [ 29.793111] kunit_try_run_case+0x1a5/0x480 [ 29.793299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.793552] kthread+0x337/0x6f0 [ 29.793722] ret_from_fork+0x116/0x1d0 [ 29.793902] ret_from_fork_asm+0x1a/0x30 [ 29.794039] [ 29.794133] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.794133] [ 29.794538] allocated by task 357 on cpu 0 at 29.791601s (0.002934s ago): [ 29.794778] test_alloc+0x364/0x10f0 [ 29.794972] test_invalid_addr_free+0xdb/0x260 [ 29.795181] kunit_try_run_case+0x1a5/0x480 [ 29.795367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.795716] kthread+0x337/0x6f0 [ 29.795842] ret_from_fork+0x116/0x1d0 [ 29.795969] ret_from_fork_asm+0x1a/0x30 [ 29.796162] [ 29.796278] CPU: 0 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 29.796831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.796963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.797343] ================================================================== [ 29.895783] ================================================================== [ 29.896167] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 29.896167] [ 29.896566] Invalid free of 0x(____ptrval____) (in kfence-#105): [ 29.896852] test_invalid_addr_free+0xfb/0x260 [ 29.897077] kunit_try_run_case+0x1a5/0x480 [ 29.897269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.897605] kthread+0x337/0x6f0 [ 29.897740] ret_from_fork+0x116/0x1d0 [ 29.897866] ret_from_fork_asm+0x1a/0x30 [ 29.897997] [ 29.898092] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.898092] [ 29.898547] allocated by task 359 on cpu 0 at 29.895639s (0.002906s ago): [ 29.898939] test_alloc+0x2a6/0x10f0 [ 29.899464] test_invalid_addr_free+0xdb/0x260 [ 29.899724] kunit_try_run_case+0x1a5/0x480 [ 29.899941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.900175] kthread+0x337/0x6f0 [ 29.900348] ret_from_fork+0x116/0x1d0 [ 29.901208] ret_from_fork_asm+0x1a/0x30 [ 29.901384] [ 29.901910] CPU: 0 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 29.902434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.902649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.903184] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 29.687825] ================================================================== [ 29.688211] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 29.688211] [ 29.688604] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 29.688971] test_double_free+0x112/0x260 [ 29.689174] kunit_try_run_case+0x1a5/0x480 [ 29.689315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.689727] kthread+0x337/0x6f0 [ 29.689891] ret_from_fork+0x116/0x1d0 [ 29.690102] ret_from_fork_asm+0x1a/0x30 [ 29.690305] [ 29.690390] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.690390] [ 29.690775] allocated by task 355 on cpu 0 at 29.687615s (0.003157s ago): [ 29.691040] test_alloc+0x2a6/0x10f0 [ 29.691190] test_double_free+0xdb/0x260 [ 29.691380] kunit_try_run_case+0x1a5/0x480 [ 29.691590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.691837] kthread+0x337/0x6f0 [ 29.691987] ret_from_fork+0x116/0x1d0 [ 29.692169] ret_from_fork_asm+0x1a/0x30 [ 29.692348] [ 29.692476] freed by task 355 on cpu 0 at 29.687673s (0.004801s ago): [ 29.692884] test_double_free+0xfa/0x260 [ 29.693043] kunit_try_run_case+0x1a5/0x480 [ 29.693269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.693551] kthread+0x337/0x6f0 [ 29.693703] ret_from_fork+0x116/0x1d0 [ 29.693895] ret_from_fork_asm+0x1a/0x30 [ 29.694121] [ 29.694242] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 29.694725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.694864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.695166] ================================================================== [ 29.583924] ================================================================== [ 29.584349] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 29.584349] [ 29.584761] Invalid free of 0x(____ptrval____) (in kfence-#102): [ 29.585082] test_double_free+0x1d3/0x260 [ 29.585271] kunit_try_run_case+0x1a5/0x480 [ 29.585802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.586083] kthread+0x337/0x6f0 [ 29.586611] ret_from_fork+0x116/0x1d0 [ 29.586790] ret_from_fork_asm+0x1a/0x30 [ 29.586988] [ 29.587169] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.587169] [ 29.587454] allocated by task 353 on cpu 1 at 29.583624s (0.003828s ago): [ 29.587954] test_alloc+0x364/0x10f0 [ 29.588122] test_double_free+0xdb/0x260 [ 29.588386] kunit_try_run_case+0x1a5/0x480 [ 29.588524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.588689] kthread+0x337/0x6f0 [ 29.588814] ret_from_fork+0x116/0x1d0 [ 29.588940] ret_from_fork_asm+0x1a/0x30 [ 29.589069] [ 29.589134] freed by task 353 on cpu 1 at 29.583702s (0.005430s ago): [ 29.589335] test_double_free+0x1e0/0x260 [ 29.589465] kunit_try_run_case+0x1a5/0x480 [ 29.589598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.589813] kthread+0x337/0x6f0 [ 29.589955] ret_from_fork+0x116/0x1d0 [ 29.590436] ret_from_fork_asm+0x1a/0x30 [ 29.590870] [ 29.591002] CPU: 1 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 29.592861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.594127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.594997] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 29.167875] ================================================================== [ 29.168417] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.168417] [ 29.168842] Use-after-free read at 0x(____ptrval____) (in kfence-#98): [ 29.169109] test_use_after_free_read+0x129/0x270 [ 29.169324] kunit_try_run_case+0x1a5/0x480 [ 29.170004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.170380] kthread+0x337/0x6f0 [ 29.170637] ret_from_fork+0x116/0x1d0 [ 29.170804] ret_from_fork_asm+0x1a/0x30 [ 29.171076] [ 29.171172] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.171172] [ 29.171760] allocated by task 345 on cpu 0 at 29.167624s (0.004133s ago): [ 29.172224] test_alloc+0x364/0x10f0 [ 29.172489] test_use_after_free_read+0xdc/0x270 [ 29.172785] kunit_try_run_case+0x1a5/0x480 [ 29.172960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.173317] kthread+0x337/0x6f0 [ 29.173482] ret_from_fork+0x116/0x1d0 [ 29.173775] ret_from_fork_asm+0x1a/0x30 [ 29.173990] [ 29.174194] freed by task 345 on cpu 0 at 29.167702s (0.006406s ago): [ 29.174704] test_use_after_free_read+0x1e7/0x270 [ 29.175033] kunit_try_run_case+0x1a5/0x480 [ 29.175226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.175633] kthread+0x337/0x6f0 [ 29.175785] ret_from_fork+0x116/0x1d0 [ 29.176082] ret_from_fork_asm+0x1a/0x30 [ 29.176302] [ 29.176417] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 29.176928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.177105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.177727] ================================================================== [ 29.271750] ================================================================== [ 29.272097] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.272097] [ 29.272551] Use-after-free read at 0x(____ptrval____) (in kfence-#99): [ 29.272828] test_use_after_free_read+0x129/0x270 [ 29.273524] kunit_try_run_case+0x1a5/0x480 [ 29.273708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.273956] kthread+0x337/0x6f0 [ 29.274127] ret_from_fork+0x116/0x1d0 [ 29.274295] ret_from_fork_asm+0x1a/0x30 [ 29.274869] [ 29.274962] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.274962] [ 29.275325] allocated by task 347 on cpu 1 at 29.271591s (0.003732s ago): [ 29.275697] test_alloc+0x2a6/0x10f0 [ 29.275853] test_use_after_free_read+0xdc/0x270 [ 29.276246] kunit_try_run_case+0x1a5/0x480 [ 29.276443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.276630] kthread+0x337/0x6f0 [ 29.277011] ret_from_fork+0x116/0x1d0 [ 29.277185] ret_from_fork_asm+0x1a/0x30 [ 29.277436] [ 29.277598] freed by task 347 on cpu 1 at 29.271649s (0.005947s ago): [ 29.278036] test_use_after_free_read+0xfb/0x270 [ 29.278212] kunit_try_run_case+0x1a5/0x480 [ 29.278375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.278572] kthread+0x337/0x6f0 [ 29.278689] ret_from_fork+0x116/0x1d0 [ 29.278911] ret_from_fork_asm+0x1a/0x30 [ 29.279393] [ 29.279516] CPU: 1 UID: 0 PID: 347 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 29.280142] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.280411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.280875] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 28.959685] ================================================================== [ 28.960085] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 28.960085] [ 28.960562] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#96): [ 28.961230] test_out_of_bounds_write+0x10d/0x260 [ 28.961566] kunit_try_run_case+0x1a5/0x480 [ 28.961986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.962300] kthread+0x337/0x6f0 [ 28.962563] ret_from_fork+0x116/0x1d0 [ 28.962818] ret_from_fork_asm+0x1a/0x30 [ 28.962981] [ 28.963080] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.963080] [ 28.963627] allocated by task 341 on cpu 1 at 28.959570s (0.004055s ago): [ 28.963953] test_alloc+0x364/0x10f0 [ 28.964133] test_out_of_bounds_write+0xd4/0x260 [ 28.964331] kunit_try_run_case+0x1a5/0x480 [ 28.964807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.965023] kthread+0x337/0x6f0 [ 28.965306] ret_from_fork+0x116/0x1d0 [ 28.965492] ret_from_fork_asm+0x1a/0x30 [ 28.965823] [ 28.965999] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.966572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.966844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.967195] ================================================================== [ 29.063680] ================================================================== [ 29.064077] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 29.064077] [ 29.064594] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#97): [ 29.064861] test_out_of_bounds_write+0x10d/0x260 [ 29.065076] kunit_try_run_case+0x1a5/0x480 [ 29.065291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.065638] kthread+0x337/0x6f0 [ 29.065857] ret_from_fork+0x116/0x1d0 [ 29.066050] ret_from_fork_asm+0x1a/0x30 [ 29.066255] [ 29.066359] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.066359] [ 29.066718] allocated by task 343 on cpu 0 at 29.063624s (0.003092s ago): [ 29.066965] test_alloc+0x2a6/0x10f0 [ 29.067173] test_out_of_bounds_write+0xd4/0x260 [ 29.067405] kunit_try_run_case+0x1a5/0x480 [ 29.067626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.067939] kthread+0x337/0x6f0 [ 29.068118] ret_from_fork+0x116/0x1d0 [ 29.068305] ret_from_fork_asm+0x1a/0x30 [ 29.068552] [ 29.069103] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 29.069470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.069602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.069868] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 28.751635] ================================================================== [ 28.752045] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.752045] [ 28.752560] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#94): [ 28.753229] test_out_of_bounds_read+0x126/0x4e0 [ 28.753466] kunit_try_run_case+0x1a5/0x480 [ 28.753662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.753891] kthread+0x337/0x6f0 [ 28.754049] ret_from_fork+0x116/0x1d0 [ 28.754221] ret_from_fork_asm+0x1a/0x30 [ 28.754400] [ 28.754953] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.754953] [ 28.755375] allocated by task 339 on cpu 0 at 28.751572s (0.003801s ago): [ 28.755837] test_alloc+0x2a6/0x10f0 [ 28.756092] test_out_of_bounds_read+0xed/0x4e0 [ 28.756289] kunit_try_run_case+0x1a5/0x480 [ 28.756750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.757080] kthread+0x337/0x6f0 [ 28.757311] ret_from_fork+0x116/0x1d0 [ 28.757458] ret_from_fork_asm+0x1a/0x30 [ 28.757656] [ 28.757781] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.758278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.758704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.759170] ================================================================== [ 28.544623] ================================================================== [ 28.545091] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.545091] [ 28.545595] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#92): [ 28.546071] test_out_of_bounds_read+0x126/0x4e0 [ 28.546243] kunit_try_run_case+0x1a5/0x480 [ 28.546403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.546652] kthread+0x337/0x6f0 [ 28.546835] ret_from_fork+0x116/0x1d0 [ 28.546966] ret_from_fork_asm+0x1a/0x30 [ 28.547109] [ 28.547309] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.547309] [ 28.547689] allocated by task 337 on cpu 1 at 28.543621s (0.004014s ago): [ 28.548153] test_alloc+0x364/0x10f0 [ 28.548299] test_out_of_bounds_read+0xed/0x4e0 [ 28.548451] kunit_try_run_case+0x1a5/0x480 [ 28.548584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.548776] kthread+0x337/0x6f0 [ 28.548894] ret_from_fork+0x116/0x1d0 [ 28.549020] ret_from_fork_asm+0x1a/0x30 [ 28.549237] [ 28.549394] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.549803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.549937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.550203] ================================================================== [ 28.647841] ================================================================== [ 28.648227] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.648227] [ 28.648799] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#93): [ 28.649159] test_out_of_bounds_read+0x216/0x4e0 [ 28.649350] kunit_try_run_case+0x1a5/0x480 [ 28.649631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.649870] kthread+0x337/0x6f0 [ 28.650058] ret_from_fork+0x116/0x1d0 [ 28.650240] ret_from_fork_asm+0x1a/0x30 [ 28.650395] [ 28.650498] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.650498] [ 28.650810] allocated by task 337 on cpu 1 at 28.647647s (0.003162s ago): [ 28.651173] test_alloc+0x364/0x10f0 [ 28.651362] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.651616] kunit_try_run_case+0x1a5/0x480 [ 28.651843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.652051] kthread+0x337/0x6f0 [ 28.652223] ret_from_fork+0x116/0x1d0 [ 28.652417] ret_from_fork_asm+0x1a/0x30 [ 28.652614] [ 28.652726] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.653224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.653405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.653848] ================================================================== [ 28.855703] ================================================================== [ 28.856089] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.856089] [ 28.856536] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#95): [ 28.856892] test_out_of_bounds_read+0x216/0x4e0 [ 28.857320] kunit_try_run_case+0x1a5/0x480 [ 28.857940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.858159] kthread+0x337/0x6f0 [ 28.858339] ret_from_fork+0x116/0x1d0 [ 28.858702] ret_from_fork_asm+0x1a/0x30 [ 28.858906] [ 28.859070] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.859070] [ 28.859531] allocated by task 339 on cpu 0 at 28.855649s (0.003878s ago): [ 28.859988] test_alloc+0x2a6/0x10f0 [ 28.860153] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.860630] kunit_try_run_case+0x1a5/0x480 [ 28.860839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.861066] kthread+0x337/0x6f0 [ 28.861220] ret_from_fork+0x116/0x1d0 [ 28.861372] ret_from_fork_asm+0x1a/0x30 [ 28.861845] [ 28.861955] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.862597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.862793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.863315] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 28.130581] ================================================================== [ 28.131150] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 28.131903] Write of size 1 at addr ffff88810622c278 by task kunit_try_catch/335 [ 28.132688] [ 28.133106] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.133168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.133184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.133210] Call Trace: [ 28.133231] <TASK> [ 28.133285] dump_stack_lvl+0x73/0xb0 [ 28.133320] print_report+0xd1/0x610 [ 28.133344] ? __virt_addr_valid+0x1db/0x2d0 [ 28.133369] ? strncpy_from_user+0x1a5/0x1d0 [ 28.133393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.133435] ? strncpy_from_user+0x1a5/0x1d0 [ 28.133459] kasan_report+0x141/0x180 [ 28.133483] ? strncpy_from_user+0x1a5/0x1d0 [ 28.133512] __asan_report_store1_noabort+0x1b/0x30 [ 28.133538] strncpy_from_user+0x1a5/0x1d0 [ 28.133564] copy_user_test_oob+0x760/0x10f0 [ 28.133590] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.133613] ? finish_task_switch.isra.0+0x153/0x700 [ 28.133636] ? __switch_to+0x47/0xf80 [ 28.133662] ? __schedule+0x10cc/0x2b60 [ 28.133688] ? __pfx_read_tsc+0x10/0x10 [ 28.133710] ? ktime_get_ts64+0x86/0x230 [ 28.133749] kunit_try_run_case+0x1a5/0x480 [ 28.133772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.133794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.133819] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.133843] ? __kthread_parkme+0x82/0x180 [ 28.133865] ? preempt_count_sub+0x50/0x80 [ 28.133889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.133912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.133939] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.133965] kthread+0x337/0x6f0 [ 28.133986] ? trace_preempt_on+0x20/0xc0 [ 28.134011] ? __pfx_kthread+0x10/0x10 [ 28.134034] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.134059] ? calculate_sigpending+0x7b/0xa0 [ 28.134086] ? __pfx_kthread+0x10/0x10 [ 28.134110] ret_from_fork+0x116/0x1d0 [ 28.134129] ? __pfx_kthread+0x10/0x10 [ 28.134152] ret_from_fork_asm+0x1a/0x30 [ 28.134183] </TASK> [ 28.134195] [ 28.144839] Allocated by task 335: [ 28.145013] kasan_save_stack+0x45/0x70 [ 28.145206] kasan_save_track+0x18/0x40 [ 28.145383] kasan_save_alloc_info+0x3b/0x50 [ 28.145852] __kasan_kmalloc+0xb7/0xc0 [ 28.146148] __kmalloc_noprof+0x1c9/0x500 [ 28.146459] kunit_kmalloc_array+0x25/0x60 [ 28.146850] copy_user_test_oob+0xab/0x10f0 [ 28.147058] kunit_try_run_case+0x1a5/0x480 [ 28.147243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.147759] kthread+0x337/0x6f0 [ 28.148021] ret_from_fork+0x116/0x1d0 [ 28.148280] ret_from_fork_asm+0x1a/0x30 [ 28.148587] [ 28.148846] The buggy address belongs to the object at ffff88810622c200 [ 28.148846] which belongs to the cache kmalloc-128 of size 128 [ 28.149355] The buggy address is located 0 bytes to the right of [ 28.149355] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.150195] [ 28.150413] The buggy address belongs to the physical page: [ 28.150663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.150999] flags: 0x200000000000000(node=0|zone=2) [ 28.151211] page_type: f5(slab) [ 28.151363] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.152018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.152608] page dumped because: kasan: bad access detected [ 28.152979] [ 28.153212] Memory state around the buggy address: [ 28.153572] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.153876] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.154158] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.154710] ^ [ 28.155181] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.155693] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.156193] ================================================================== [ 28.104490] ================================================================== [ 28.104832] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 28.105129] Write of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.105743] [ 28.105992] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.106054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.106069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.106094] Call Trace: [ 28.106115] <TASK> [ 28.106167] dump_stack_lvl+0x73/0xb0 [ 28.106202] print_report+0xd1/0x610 [ 28.106225] ? __virt_addr_valid+0x1db/0x2d0 [ 28.106250] ? strncpy_from_user+0x2e/0x1d0 [ 28.106277] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.106305] ? strncpy_from_user+0x2e/0x1d0 [ 28.106329] kasan_report+0x141/0x180 [ 28.106352] ? strncpy_from_user+0x2e/0x1d0 [ 28.106380] kasan_check_range+0x10c/0x1c0 [ 28.106404] __kasan_check_write+0x18/0x20 [ 28.106438] strncpy_from_user+0x2e/0x1d0 [ 28.106461] ? __kasan_check_read+0x15/0x20 [ 28.106488] copy_user_test_oob+0x760/0x10f0 [ 28.106513] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.106537] ? finish_task_switch.isra.0+0x153/0x700 [ 28.106559] ? __switch_to+0x47/0xf80 [ 28.106586] ? __schedule+0x10cc/0x2b60 [ 28.106610] ? __pfx_read_tsc+0x10/0x10 [ 28.106633] ? ktime_get_ts64+0x86/0x230 [ 28.106660] kunit_try_run_case+0x1a5/0x480 [ 28.106682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.106704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.106728] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.106766] ? __kthread_parkme+0x82/0x180 [ 28.106789] ? preempt_count_sub+0x50/0x80 [ 28.106812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.106835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.106861] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.106887] kthread+0x337/0x6f0 [ 28.106908] ? trace_preempt_on+0x20/0xc0 [ 28.106932] ? __pfx_kthread+0x10/0x10 [ 28.106954] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.106976] ? calculate_sigpending+0x7b/0xa0 [ 28.107002] ? __pfx_kthread+0x10/0x10 [ 28.107026] ret_from_fork+0x116/0x1d0 [ 28.107047] ? __pfx_kthread+0x10/0x10 [ 28.107068] ret_from_fork_asm+0x1a/0x30 [ 28.107100] </TASK> [ 28.107112] [ 28.118235] Allocated by task 335: [ 28.118635] kasan_save_stack+0x45/0x70 [ 28.118949] kasan_save_track+0x18/0x40 [ 28.119261] kasan_save_alloc_info+0x3b/0x50 [ 28.119571] __kasan_kmalloc+0xb7/0xc0 [ 28.119861] __kmalloc_noprof+0x1c9/0x500 [ 28.120071] kunit_kmalloc_array+0x25/0x60 [ 28.120254] copy_user_test_oob+0xab/0x10f0 [ 28.120627] kunit_try_run_case+0x1a5/0x480 [ 28.120952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.121379] kthread+0x337/0x6f0 [ 28.121561] ret_from_fork+0x116/0x1d0 [ 28.121745] ret_from_fork_asm+0x1a/0x30 [ 28.121921] [ 28.122005] The buggy address belongs to the object at ffff88810622c200 [ 28.122005] which belongs to the cache kmalloc-128 of size 128 [ 28.122891] The buggy address is located 0 bytes inside of [ 28.122891] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.123654] [ 28.123890] The buggy address belongs to the physical page: [ 28.124343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.124826] flags: 0x200000000000000(node=0|zone=2) [ 28.125167] page_type: f5(slab) [ 28.125334] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.125877] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.126311] page dumped because: kasan: bad access detected [ 28.126653] [ 28.126884] Memory state around the buggy address: [ 28.127106] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.127399] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.127927] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.128404] ^ [ 28.128720] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.129022] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.129306] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 28.019893] ================================================================== [ 28.020211] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.020525] Write of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.020841] [ 28.020962] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.021015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.021776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.021808] Call Trace: [ 28.021824] <TASK> [ 28.021846] dump_stack_lvl+0x73/0xb0 [ 28.021880] print_report+0xd1/0x610 [ 28.021904] ? __virt_addr_valid+0x1db/0x2d0 [ 28.021930] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.021954] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.021984] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.022009] kasan_report+0x141/0x180 [ 28.022032] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.022061] kasan_check_range+0x10c/0x1c0 [ 28.022086] __kasan_check_write+0x18/0x20 [ 28.022111] copy_user_test_oob+0x3fd/0x10f0 [ 28.022138] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.022162] ? finish_task_switch.isra.0+0x153/0x700 [ 28.022187] ? __switch_to+0x47/0xf80 [ 28.022215] ? __schedule+0x10cc/0x2b60 [ 28.022239] ? __pfx_read_tsc+0x10/0x10 [ 28.022262] ? ktime_get_ts64+0x86/0x230 [ 28.022291] kunit_try_run_case+0x1a5/0x480 [ 28.022313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.022335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.022360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.022384] ? __kthread_parkme+0x82/0x180 [ 28.022507] ? preempt_count_sub+0x50/0x80 [ 28.022537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.022562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.022588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.022615] kthread+0x337/0x6f0 [ 28.022636] ? trace_preempt_on+0x20/0xc0 [ 28.022661] ? __pfx_kthread+0x10/0x10 [ 28.022684] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.022707] ? calculate_sigpending+0x7b/0xa0 [ 28.022745] ? __pfx_kthread+0x10/0x10 [ 28.022768] ret_from_fork+0x116/0x1d0 [ 28.022789] ? __pfx_kthread+0x10/0x10 [ 28.022811] ret_from_fork_asm+0x1a/0x30 [ 28.022842] </TASK> [ 28.022854] [ 28.031266] Allocated by task 335: [ 28.031390] kasan_save_stack+0x45/0x70 [ 28.031610] kasan_save_track+0x18/0x40 [ 28.031769] kasan_save_alloc_info+0x3b/0x50 [ 28.031911] __kasan_kmalloc+0xb7/0xc0 [ 28.032033] __kmalloc_noprof+0x1c9/0x500 [ 28.032167] kunit_kmalloc_array+0x25/0x60 [ 28.032297] copy_user_test_oob+0xab/0x10f0 [ 28.032478] kunit_try_run_case+0x1a5/0x480 [ 28.032691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.032894] kthread+0x337/0x6f0 [ 28.033012] ret_from_fork+0x116/0x1d0 [ 28.033148] ret_from_fork_asm+0x1a/0x30 [ 28.033341] [ 28.033466] The buggy address belongs to the object at ffff88810622c200 [ 28.033466] which belongs to the cache kmalloc-128 of size 128 [ 28.033945] The buggy address is located 0 bytes inside of [ 28.033945] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.034921] [ 28.034998] The buggy address belongs to the physical page: [ 28.035419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.035681] flags: 0x200000000000000(node=0|zone=2) [ 28.035880] page_type: f5(slab) [ 28.035998] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.036218] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.036786] page dumped because: kasan: bad access detected [ 28.037056] [ 28.037150] Memory state around the buggy address: [ 28.037375] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.037690] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.037907] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.038108] ^ [ 28.038308] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.038759] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.039073] ================================================================== [ 28.078459] ================================================================== [ 28.078853] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.079503] Read of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.079829] [ 28.079936] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.079988] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.080002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.080026] Call Trace: [ 28.080045] <TASK> [ 28.080063] dump_stack_lvl+0x73/0xb0 [ 28.080095] print_report+0xd1/0x610 [ 28.080118] ? __virt_addr_valid+0x1db/0x2d0 [ 28.080143] ? copy_user_test_oob+0x604/0x10f0 [ 28.080167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.080194] ? copy_user_test_oob+0x604/0x10f0 [ 28.080218] kasan_report+0x141/0x180 [ 28.080241] ? copy_user_test_oob+0x604/0x10f0 [ 28.080270] kasan_check_range+0x10c/0x1c0 [ 28.080294] __kasan_check_read+0x15/0x20 [ 28.080324] copy_user_test_oob+0x604/0x10f0 [ 28.080350] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.080374] ? finish_task_switch.isra.0+0x153/0x700 [ 28.080398] ? __switch_to+0x47/0xf80 [ 28.080578] ? __schedule+0x10cc/0x2b60 [ 28.080607] ? __pfx_read_tsc+0x10/0x10 [ 28.080629] ? ktime_get_ts64+0x86/0x230 [ 28.080655] kunit_try_run_case+0x1a5/0x480 [ 28.080680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.080751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.080778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.080803] ? __kthread_parkme+0x82/0x180 [ 28.080825] ? preempt_count_sub+0x50/0x80 [ 28.080849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.080872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.080898] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.080924] kthread+0x337/0x6f0 [ 28.080945] ? trace_preempt_on+0x20/0xc0 [ 28.080970] ? __pfx_kthread+0x10/0x10 [ 28.080992] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.081014] ? calculate_sigpending+0x7b/0xa0 [ 28.081040] ? __pfx_kthread+0x10/0x10 [ 28.081063] ret_from_fork+0x116/0x1d0 [ 28.081083] ? __pfx_kthread+0x10/0x10 [ 28.081105] ret_from_fork_asm+0x1a/0x30 [ 28.081137] </TASK> [ 28.081149] [ 28.091708] Allocated by task 335: [ 28.091923] kasan_save_stack+0x45/0x70 [ 28.092218] kasan_save_track+0x18/0x40 [ 28.092527] kasan_save_alloc_info+0x3b/0x50 [ 28.092755] __kasan_kmalloc+0xb7/0xc0 [ 28.092926] __kmalloc_noprof+0x1c9/0x500 [ 28.093103] kunit_kmalloc_array+0x25/0x60 [ 28.093282] copy_user_test_oob+0xab/0x10f0 [ 28.093716] kunit_try_run_case+0x1a5/0x480 [ 28.094040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.094457] kthread+0x337/0x6f0 [ 28.094846] ret_from_fork+0x116/0x1d0 [ 28.095102] ret_from_fork_asm+0x1a/0x30 [ 28.095394] [ 28.095506] The buggy address belongs to the object at ffff88810622c200 [ 28.095506] which belongs to the cache kmalloc-128 of size 128 [ 28.096006] The buggy address is located 0 bytes inside of [ 28.096006] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.096749] [ 28.096982] The buggy address belongs to the physical page: [ 28.097422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.097930] flags: 0x200000000000000(node=0|zone=2) [ 28.098316] page_type: f5(slab) [ 28.098626] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.099105] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.099573] page dumped because: kasan: bad access detected [ 28.099903] [ 28.100122] Memory state around the buggy address: [ 28.100473] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.100783] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.101079] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.101363] ^ [ 28.102072] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.102559] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.103068] ================================================================== [ 28.039673] ================================================================== [ 28.040220] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.040558] Read of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.040807] [ 28.040892] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.040944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.040958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.040981] Call Trace: [ 28.040998] <TASK> [ 28.041015] dump_stack_lvl+0x73/0xb0 [ 28.041045] print_report+0xd1/0x610 [ 28.041070] ? __virt_addr_valid+0x1db/0x2d0 [ 28.041095] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.041119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.041146] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.041170] kasan_report+0x141/0x180 [ 28.041195] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.041224] kasan_check_range+0x10c/0x1c0 [ 28.041248] __kasan_check_read+0x15/0x20 [ 28.041272] copy_user_test_oob+0x4aa/0x10f0 [ 28.041299] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.041323] ? finish_task_switch.isra.0+0x153/0x700 [ 28.041347] ? __switch_to+0x47/0xf80 [ 28.041374] ? __schedule+0x10cc/0x2b60 [ 28.041398] ? __pfx_read_tsc+0x10/0x10 [ 28.041433] ? ktime_get_ts64+0x86/0x230 [ 28.041461] kunit_try_run_case+0x1a5/0x480 [ 28.041483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.041506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.041531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.041557] ? __kthread_parkme+0x82/0x180 [ 28.041579] ? preempt_count_sub+0x50/0x80 [ 28.041603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.041626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.041653] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.041680] kthread+0x337/0x6f0 [ 28.041702] ? trace_preempt_on+0x20/0xc0 [ 28.041727] ? __pfx_kthread+0x10/0x10 [ 28.041762] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.041785] ? calculate_sigpending+0x7b/0xa0 [ 28.041810] ? __pfx_kthread+0x10/0x10 [ 28.041833] ret_from_fork+0x116/0x1d0 [ 28.041853] ? __pfx_kthread+0x10/0x10 [ 28.041875] ret_from_fork_asm+0x1a/0x30 [ 28.041907] </TASK> [ 28.041921] [ 28.049073] Allocated by task 335: [ 28.049254] kasan_save_stack+0x45/0x70 [ 28.049447] kasan_save_track+0x18/0x40 [ 28.049634] kasan_save_alloc_info+0x3b/0x50 [ 28.049849] __kasan_kmalloc+0xb7/0xc0 [ 28.050037] __kmalloc_noprof+0x1c9/0x500 [ 28.050368] kunit_kmalloc_array+0x25/0x60 [ 28.050521] copy_user_test_oob+0xab/0x10f0 [ 28.050663] kunit_try_run_case+0x1a5/0x480 [ 28.050828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.051086] kthread+0x337/0x6f0 [ 28.051255] ret_from_fork+0x116/0x1d0 [ 28.051455] ret_from_fork_asm+0x1a/0x30 [ 28.051628] [ 28.051721] The buggy address belongs to the object at ffff88810622c200 [ 28.051721] which belongs to the cache kmalloc-128 of size 128 [ 28.052159] The buggy address is located 0 bytes inside of [ 28.052159] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.052684] [ 28.052788] The buggy address belongs to the physical page: [ 28.052977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.053213] flags: 0x200000000000000(node=0|zone=2) [ 28.053371] page_type: f5(slab) [ 28.053677] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.054028] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.054297] page dumped because: kasan: bad access detected [ 28.054548] [ 28.054611] Memory state around the buggy address: [ 28.054763] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.054965] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.055248] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.055747] ^ [ 28.056055] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.056375] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.056691] ================================================================== [ 28.057184] ================================================================== [ 28.057514] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.057811] Write of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 28.058100] [ 28.058204] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 28.058253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.058267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.058291] Call Trace: [ 28.058310] <TASK> [ 28.058328] dump_stack_lvl+0x73/0xb0 [ 28.058358] print_report+0xd1/0x610 [ 28.058382] ? __virt_addr_valid+0x1db/0x2d0 [ 28.058417] ? copy_user_test_oob+0x557/0x10f0 [ 28.058443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.058471] ? copy_user_test_oob+0x557/0x10f0 [ 28.058495] kasan_report+0x141/0x180 [ 28.058519] ? copy_user_test_oob+0x557/0x10f0 [ 28.058548] kasan_check_range+0x10c/0x1c0 [ 28.058573] __kasan_check_write+0x18/0x20 [ 28.058597] copy_user_test_oob+0x557/0x10f0 [ 28.058623] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.058647] ? finish_task_switch.isra.0+0x153/0x700 [ 28.058671] ? __switch_to+0x47/0xf80 [ 28.058699] ? __schedule+0x10cc/0x2b60 [ 28.058723] ? __pfx_read_tsc+0x10/0x10 [ 28.058759] ? ktime_get_ts64+0x86/0x230 [ 28.058786] kunit_try_run_case+0x1a5/0x480 [ 28.058811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.058860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.058884] ? __kthread_parkme+0x82/0x180 [ 28.058906] ? preempt_count_sub+0x50/0x80 [ 28.058931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.058980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.059007] kthread+0x337/0x6f0 [ 28.059027] ? trace_preempt_on+0x20/0xc0 [ 28.059053] ? __pfx_kthread+0x10/0x10 [ 28.059074] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.059097] ? calculate_sigpending+0x7b/0xa0 [ 28.059123] ? __pfx_kthread+0x10/0x10 [ 28.059145] ret_from_fork+0x116/0x1d0 [ 28.059165] ? __pfx_kthread+0x10/0x10 [ 28.059187] ret_from_fork_asm+0x1a/0x30 [ 28.059219] </TASK> [ 28.059231] [ 28.065915] Allocated by task 335: [ 28.066035] kasan_save_stack+0x45/0x70 [ 28.066310] kasan_save_track+0x18/0x40 [ 28.066590] kasan_save_alloc_info+0x3b/0x50 [ 28.066774] __kasan_kmalloc+0xb7/0xc0 [ 28.066938] __kmalloc_noprof+0x1c9/0x500 [ 28.067106] kunit_kmalloc_array+0x25/0x60 [ 28.067237] copy_user_test_oob+0xab/0x10f0 [ 28.067372] kunit_try_run_case+0x1a5/0x480 [ 28.067504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.069215] kthread+0x337/0x6f0 [ 28.069407] ret_from_fork+0x116/0x1d0 [ 28.069608] ret_from_fork_asm+0x1a/0x30 [ 28.069809] [ 28.069889] The buggy address belongs to the object at ffff88810622c200 [ 28.069889] which belongs to the cache kmalloc-128 of size 128 [ 28.070243] The buggy address is located 0 bytes inside of [ 28.070243] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.070886] [ 28.071491] The buggy address belongs to the physical page: [ 28.071831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.072190] flags: 0x200000000000000(node=0|zone=2) [ 28.072422] page_type: f5(slab) [ 28.072919] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.073381] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.073899] page dumped because: kasan: bad access detected [ 28.074303] [ 28.074397] Memory state around the buggy address: [ 28.074779] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.075083] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.075373] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.075933] ^ [ 28.076550] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.076930] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.077229] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 27.998400] ================================================================== [ 27.998701] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 27.999030] Read of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 27.999327] [ 27.999424] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.999478] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.999492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.999537] Call Trace: [ 27.999556] <TASK> [ 27.999591] dump_stack_lvl+0x73/0xb0 [ 27.999623] print_report+0xd1/0x610 [ 27.999647] ? __virt_addr_valid+0x1db/0x2d0 [ 27.999672] ? _copy_to_user+0x3c/0x70 [ 27.999694] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.999722] ? _copy_to_user+0x3c/0x70 [ 27.999756] kasan_report+0x141/0x180 [ 27.999779] ? _copy_to_user+0x3c/0x70 [ 27.999805] kasan_check_range+0x10c/0x1c0 [ 27.999830] __kasan_check_read+0x15/0x20 [ 27.999874] _copy_to_user+0x3c/0x70 [ 27.999897] copy_user_test_oob+0x364/0x10f0 [ 27.999923] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.999947] ? finish_task_switch.isra.0+0x153/0x700 [ 27.999972] ? __switch_to+0x47/0xf80 [ 28.000000] ? __schedule+0x10cc/0x2b60 [ 28.000039] ? __pfx_read_tsc+0x10/0x10 [ 28.000062] ? ktime_get_ts64+0x86/0x230 [ 28.000088] kunit_try_run_case+0x1a5/0x480 [ 28.000110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.000131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.000157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.000182] ? __kthread_parkme+0x82/0x180 [ 28.000203] ? preempt_count_sub+0x50/0x80 [ 28.000227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.000250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.000276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.000302] kthread+0x337/0x6f0 [ 28.000329] ? trace_preempt_on+0x20/0xc0 [ 28.000354] ? __pfx_kthread+0x10/0x10 [ 28.000376] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.000399] ? calculate_sigpending+0x7b/0xa0 [ 28.000435] ? __pfx_kthread+0x10/0x10 [ 28.000457] ret_from_fork+0x116/0x1d0 [ 28.000477] ? __pfx_kthread+0x10/0x10 [ 28.000499] ret_from_fork_asm+0x1a/0x30 [ 28.000531] </TASK> [ 28.000543] [ 28.008016] Allocated by task 335: [ 28.008182] kasan_save_stack+0x45/0x70 [ 28.008360] kasan_save_track+0x18/0x40 [ 28.008589] kasan_save_alloc_info+0x3b/0x50 [ 28.008782] __kasan_kmalloc+0xb7/0xc0 [ 28.008910] __kmalloc_noprof+0x1c9/0x500 [ 28.009048] kunit_kmalloc_array+0x25/0x60 [ 28.009182] copy_user_test_oob+0xab/0x10f0 [ 28.009383] kunit_try_run_case+0x1a5/0x480 [ 28.009580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.009833] kthread+0x337/0x6f0 [ 28.009950] ret_from_fork+0x116/0x1d0 [ 28.010077] ret_from_fork_asm+0x1a/0x30 [ 28.010209] [ 28.010336] The buggy address belongs to the object at ffff88810622c200 [ 28.010336] which belongs to the cache kmalloc-128 of size 128 [ 28.011170] The buggy address is located 0 bytes inside of [ 28.011170] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 28.011644] [ 28.011747] The buggy address belongs to the physical page: [ 28.011966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 28.012225] flags: 0x200000000000000(node=0|zone=2) [ 28.012401] page_type: f5(slab) [ 28.012577] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.012921] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.013141] page dumped because: kasan: bad access detected [ 28.013306] [ 28.013396] Memory state around the buggy address: [ 28.013625] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.013945] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.014193] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.014398] ^ [ 28.014637] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.015043] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.015354] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 27.971343] ================================================================== [ 27.971985] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 27.972351] Write of size 121 at addr ffff88810622c200 by task kunit_try_catch/335 [ 27.973092] [ 27.973224] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.973286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.973315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.973480] Call Trace: [ 27.973498] <TASK> [ 27.973522] dump_stack_lvl+0x73/0xb0 [ 27.973559] print_report+0xd1/0x610 [ 27.973586] ? __virt_addr_valid+0x1db/0x2d0 [ 27.973614] ? _copy_from_user+0x32/0x90 [ 27.973636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.973665] ? _copy_from_user+0x32/0x90 [ 27.973689] kasan_report+0x141/0x180 [ 27.973714] ? _copy_from_user+0x32/0x90 [ 27.973755] kasan_check_range+0x10c/0x1c0 [ 27.973780] __kasan_check_write+0x18/0x20 [ 27.973804] _copy_from_user+0x32/0x90 [ 27.973828] copy_user_test_oob+0x2be/0x10f0 [ 27.973855] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.973879] ? finish_task_switch.isra.0+0x153/0x700 [ 27.973905] ? __switch_to+0x47/0xf80 [ 27.973934] ? __schedule+0x10cc/0x2b60 [ 27.973960] ? __pfx_read_tsc+0x10/0x10 [ 27.973983] ? ktime_get_ts64+0x86/0x230 [ 27.974011] kunit_try_run_case+0x1a5/0x480 [ 27.974035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.974056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.974080] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.974106] ? __kthread_parkme+0x82/0x180 [ 27.974129] ? preempt_count_sub+0x50/0x80 [ 27.974152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.974176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.974202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.974229] kthread+0x337/0x6f0 [ 27.974251] ? trace_preempt_on+0x20/0xc0 [ 27.974276] ? __pfx_kthread+0x10/0x10 [ 27.974298] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.974321] ? calculate_sigpending+0x7b/0xa0 [ 27.974348] ? __pfx_kthread+0x10/0x10 [ 27.974371] ret_from_fork+0x116/0x1d0 [ 27.974392] ? __pfx_kthread+0x10/0x10 [ 27.974414] ret_from_fork_asm+0x1a/0x30 [ 27.974447] </TASK> [ 27.974460] [ 27.984382] Allocated by task 335: [ 27.984803] kasan_save_stack+0x45/0x70 [ 27.985008] kasan_save_track+0x18/0x40 [ 27.985297] kasan_save_alloc_info+0x3b/0x50 [ 27.985625] __kasan_kmalloc+0xb7/0xc0 [ 27.985858] __kmalloc_noprof+0x1c9/0x500 [ 27.986166] kunit_kmalloc_array+0x25/0x60 [ 27.986378] copy_user_test_oob+0xab/0x10f0 [ 27.986756] kunit_try_run_case+0x1a5/0x480 [ 27.986967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.987195] kthread+0x337/0x6f0 [ 27.987348] ret_from_fork+0x116/0x1d0 [ 27.987769] ret_from_fork_asm+0x1a/0x30 [ 27.987931] [ 27.988041] The buggy address belongs to the object at ffff88810622c200 [ 27.988041] which belongs to the cache kmalloc-128 of size 128 [ 27.988873] The buggy address is located 0 bytes inside of [ 27.988873] allocated 120-byte region [ffff88810622c200, ffff88810622c278) [ 27.989496] [ 27.989615] The buggy address belongs to the physical page: [ 27.989967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 27.990331] flags: 0x200000000000000(node=0|zone=2) [ 27.990760] page_type: f5(slab) [ 27.991034] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.991415] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.991851] page dumped because: kasan: bad access detected [ 27.992185] [ 27.992303] Memory state around the buggy address: [ 27.992642] ffff88810622c100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.992951] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.993253] >ffff88810622c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.993710] ^ [ 27.994097] ffff88810622c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.994471] ffff88810622c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.994876] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 27.939681] ================================================================== [ 27.940036] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.940381] Write of size 8 at addr ffff88810622c178 by task kunit_try_catch/331 [ 27.940720] [ 27.940837] CPU: 0 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.940887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.940901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.940924] Call Trace: [ 27.940941] <TASK> [ 27.940959] dump_stack_lvl+0x73/0xb0 [ 27.940989] print_report+0xd1/0x610 [ 27.941012] ? __virt_addr_valid+0x1db/0x2d0 [ 27.941037] ? copy_to_kernel_nofault+0x99/0x260 [ 27.941062] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.941097] ? copy_to_kernel_nofault+0x99/0x260 [ 27.941121] kasan_report+0x141/0x180 [ 27.941145] ? copy_to_kernel_nofault+0x99/0x260 [ 27.941174] kasan_check_range+0x10c/0x1c0 [ 27.941199] __kasan_check_write+0x18/0x20 [ 27.941223] copy_to_kernel_nofault+0x99/0x260 [ 27.941248] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.941274] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.941298] ? finish_task_switch.isra.0+0x153/0x700 [ 27.941336] ? __schedule+0x10cc/0x2b60 [ 27.941361] ? trace_hardirqs_on+0x37/0xe0 [ 27.941392] ? __pfx_read_tsc+0x10/0x10 [ 27.941428] ? ktime_get_ts64+0x86/0x230 [ 27.941454] kunit_try_run_case+0x1a5/0x480 [ 27.941478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.941499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.941523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.941548] ? __kthread_parkme+0x82/0x180 [ 27.941569] ? preempt_count_sub+0x50/0x80 [ 27.941593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.941615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.941641] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.941668] kthread+0x337/0x6f0 [ 27.941689] ? trace_preempt_on+0x20/0xc0 [ 27.941712] ? __pfx_kthread+0x10/0x10 [ 27.941743] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.941767] ? calculate_sigpending+0x7b/0xa0 [ 27.941792] ? __pfx_kthread+0x10/0x10 [ 27.941814] ret_from_fork+0x116/0x1d0 [ 27.941835] ? __pfx_kthread+0x10/0x10 [ 27.941857] ret_from_fork_asm+0x1a/0x30 [ 27.941889] </TASK> [ 27.941900] [ 27.950549] Allocated by task 331: [ 27.950669] kasan_save_stack+0x45/0x70 [ 27.950815] kasan_save_track+0x18/0x40 [ 27.950946] kasan_save_alloc_info+0x3b/0x50 [ 27.951087] __kasan_kmalloc+0xb7/0xc0 [ 27.951213] __kmalloc_cache_noprof+0x189/0x420 [ 27.951362] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.951692] kunit_try_run_case+0x1a5/0x480 [ 27.951897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.952145] kthread+0x337/0x6f0 [ 27.952375] ret_from_fork+0x116/0x1d0 [ 27.952527] ret_from_fork_asm+0x1a/0x30 [ 27.952661] [ 27.952726] The buggy address belongs to the object at ffff88810622c100 [ 27.952726] which belongs to the cache kmalloc-128 of size 128 [ 27.953267] The buggy address is located 0 bytes to the right of [ 27.953267] allocated 120-byte region [ffff88810622c100, ffff88810622c178) [ 27.953800] [ 27.953871] The buggy address belongs to the physical page: [ 27.954038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 27.954315] flags: 0x200000000000000(node=0|zone=2) [ 27.954546] page_type: f5(slab) [ 27.954710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.955397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.955854] page dumped because: kasan: bad access detected [ 27.956072] [ 27.956136] Memory state around the buggy address: [ 27.956285] ffff88810622c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.956505] ffff88810622c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.956765] >ffff88810622c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.957404] ^ [ 27.957725] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.957952] ffff88810622c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.958160] ================================================================== [ 27.920697] ================================================================== [ 27.921359] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.921770] Read of size 8 at addr ffff88810622c178 by task kunit_try_catch/331 [ 27.922105] [ 27.922285] CPU: 0 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.922344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.922358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.922383] Call Trace: [ 27.922398] <TASK> [ 27.922422] dump_stack_lvl+0x73/0xb0 [ 27.922459] print_report+0xd1/0x610 [ 27.922486] ? __virt_addr_valid+0x1db/0x2d0 [ 27.922514] ? copy_to_kernel_nofault+0x225/0x260 [ 27.922539] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.922567] ? copy_to_kernel_nofault+0x225/0x260 [ 27.922591] kasan_report+0x141/0x180 [ 27.922614] ? copy_to_kernel_nofault+0x225/0x260 [ 27.922644] __asan_report_load8_noabort+0x18/0x20 [ 27.922684] copy_to_kernel_nofault+0x225/0x260 [ 27.922710] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.922746] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.922770] ? finish_task_switch.isra.0+0x153/0x700 [ 27.922795] ? __schedule+0x10cc/0x2b60 [ 27.922820] ? trace_hardirqs_on+0x37/0xe0 [ 27.922854] ? __pfx_read_tsc+0x10/0x10 [ 27.922878] ? ktime_get_ts64+0x86/0x230 [ 27.922906] kunit_try_run_case+0x1a5/0x480 [ 27.922932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.922955] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.922979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.923003] ? __kthread_parkme+0x82/0x180 [ 27.923026] ? preempt_count_sub+0x50/0x80 [ 27.923049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.923072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.923098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.923125] kthread+0x337/0x6f0 [ 27.923146] ? trace_preempt_on+0x20/0xc0 [ 27.923169] ? __pfx_kthread+0x10/0x10 [ 27.923191] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.923214] ? calculate_sigpending+0x7b/0xa0 [ 27.923240] ? __pfx_kthread+0x10/0x10 [ 27.923263] ret_from_fork+0x116/0x1d0 [ 27.923283] ? __pfx_kthread+0x10/0x10 [ 27.923305] ret_from_fork_asm+0x1a/0x30 [ 27.923338] </TASK> [ 27.923352] [ 27.931377] Allocated by task 331: [ 27.931532] kasan_save_stack+0x45/0x70 [ 27.931673] kasan_save_track+0x18/0x40 [ 27.931920] kasan_save_alloc_info+0x3b/0x50 [ 27.932141] __kasan_kmalloc+0xb7/0xc0 [ 27.932364] __kmalloc_cache_noprof+0x189/0x420 [ 27.932750] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.932912] kunit_try_run_case+0x1a5/0x480 [ 27.933067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.933322] kthread+0x337/0x6f0 [ 27.933548] ret_from_fork+0x116/0x1d0 [ 27.933800] ret_from_fork_asm+0x1a/0x30 [ 27.933944] [ 27.934082] The buggy address belongs to the object at ffff88810622c100 [ 27.934082] which belongs to the cache kmalloc-128 of size 128 [ 27.934533] The buggy address is located 0 bytes to the right of [ 27.934533] allocated 120-byte region [ffff88810622c100, ffff88810622c178) [ 27.935073] [ 27.935157] The buggy address belongs to the physical page: [ 27.935380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10622c [ 27.935902] flags: 0x200000000000000(node=0|zone=2) [ 27.936062] page_type: f5(slab) [ 27.936179] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.936407] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.936626] page dumped because: kasan: bad access detected [ 27.936944] [ 27.937113] Memory state around the buggy address: [ 27.937607] ffff88810622c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.937937] ffff88810622c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.938237] >ffff88810622c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.938576] ^ [ 27.938832] ffff88810622c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.939040] ffff88810622c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.939247] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 26.372398] ================================================================== [ 26.372700] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 26.373044] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.373782] [ 26.374056] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.374114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.374128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.374152] Call Trace: [ 26.374174] <TASK> [ 26.374194] dump_stack_lvl+0x73/0xb0 [ 26.374228] print_report+0xd1/0x610 [ 26.374252] ? __virt_addr_valid+0x1db/0x2d0 [ 26.374545] ? kasan_atomics_helper+0x3df/0x5450 [ 26.374571] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.374598] ? kasan_atomics_helper+0x3df/0x5450 [ 26.374621] kasan_report+0x141/0x180 [ 26.374644] ? kasan_atomics_helper+0x3df/0x5450 [ 26.374671] kasan_check_range+0x10c/0x1c0 [ 26.374695] __kasan_check_read+0x15/0x20 [ 26.374719] kasan_atomics_helper+0x3df/0x5450 [ 26.374757] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.374784] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.374811] ? kasan_atomics+0x152/0x310 [ 26.374838] kasan_atomics+0x1dc/0x310 [ 26.374862] ? __pfx_kasan_atomics+0x10/0x10 [ 26.374887] ? __pfx_read_tsc+0x10/0x10 [ 26.374910] ? ktime_get_ts64+0x86/0x230 [ 26.374937] kunit_try_run_case+0x1a5/0x480 [ 26.374961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.374983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.375009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.375034] ? __kthread_parkme+0x82/0x180 [ 26.375056] ? preempt_count_sub+0x50/0x80 [ 26.375083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.375106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.375133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.375160] kthread+0x337/0x6f0 [ 26.375182] ? trace_preempt_on+0x20/0xc0 [ 26.375207] ? __pfx_kthread+0x10/0x10 [ 26.375230] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.375253] ? calculate_sigpending+0x7b/0xa0 [ 26.375297] ? __pfx_kthread+0x10/0x10 [ 26.375321] ret_from_fork+0x116/0x1d0 [ 26.375341] ? __pfx_kthread+0x10/0x10 [ 26.375364] ret_from_fork_asm+0x1a/0x30 [ 26.375396] </TASK> [ 26.375418] [ 26.387157] Allocated by task 315: [ 26.387426] kasan_save_stack+0x45/0x70 [ 26.387798] kasan_save_track+0x18/0x40 [ 26.388100] kasan_save_alloc_info+0x3b/0x50 [ 26.388359] __kasan_kmalloc+0xb7/0xc0 [ 26.388688] __kmalloc_cache_noprof+0x189/0x420 [ 26.389011] kasan_atomics+0x95/0x310 [ 26.389255] kunit_try_run_case+0x1a5/0x480 [ 26.389757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.390107] kthread+0x337/0x6f0 [ 26.390243] ret_from_fork+0x116/0x1d0 [ 26.390745] ret_from_fork_asm+0x1a/0x30 [ 26.390979] [ 26.391214] The buggy address belongs to the object at ffff88810613ea80 [ 26.391214] which belongs to the cache kmalloc-64 of size 64 [ 26.391849] The buggy address is located 0 bytes to the right of [ 26.391849] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.392697] [ 26.392794] The buggy address belongs to the physical page: [ 26.393048] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.393660] flags: 0x200000000000000(node=0|zone=2) [ 26.393866] page_type: f5(slab) [ 26.394187] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.394978] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.395333] page dumped because: kasan: bad access detected [ 26.395837] [ 26.395934] Memory state around the buggy address: [ 26.396341] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.396854] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.397330] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.397719] ^ [ 26.398065] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.398597] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.398919] ================================================================== [ 27.139122] ================================================================== [ 27.139386] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 27.140301] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.140796] [ 27.141173] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.141237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.141252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.141278] Call Trace: [ 27.141303] <TASK> [ 27.141324] dump_stack_lvl+0x73/0xb0 [ 27.141369] print_report+0xd1/0x610 [ 27.141393] ? __virt_addr_valid+0x1db/0x2d0 [ 27.141419] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.141529] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.141562] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.141586] kasan_report+0x141/0x180 [ 27.141610] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.141636] kasan_check_range+0x10c/0x1c0 [ 27.141662] __kasan_check_read+0x15/0x20 [ 27.141686] kasan_atomics_helper+0x13b5/0x5450 [ 27.141709] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.141748] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.141775] ? kasan_atomics+0x152/0x310 [ 27.141801] kasan_atomics+0x1dc/0x310 [ 27.141825] ? __pfx_kasan_atomics+0x10/0x10 [ 27.141850] ? __pfx_read_tsc+0x10/0x10 [ 27.141873] ? ktime_get_ts64+0x86/0x230 [ 27.141900] kunit_try_run_case+0x1a5/0x480 [ 27.141924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.141945] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.141971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.141996] ? __kthread_parkme+0x82/0x180 [ 27.142018] ? preempt_count_sub+0x50/0x80 [ 27.142043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.142066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.142091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.142118] kthread+0x337/0x6f0 [ 27.142140] ? trace_preempt_on+0x20/0xc0 [ 27.142164] ? __pfx_kthread+0x10/0x10 [ 27.142188] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.142211] ? calculate_sigpending+0x7b/0xa0 [ 27.142237] ? __pfx_kthread+0x10/0x10 [ 27.142261] ret_from_fork+0x116/0x1d0 [ 27.142293] ? __pfx_kthread+0x10/0x10 [ 27.142316] ret_from_fork_asm+0x1a/0x30 [ 27.142349] </TASK> [ 27.142362] [ 27.152944] Allocated by task 315: [ 27.153116] kasan_save_stack+0x45/0x70 [ 27.153501] kasan_save_track+0x18/0x40 [ 27.153901] kasan_save_alloc_info+0x3b/0x50 [ 27.154069] __kasan_kmalloc+0xb7/0xc0 [ 27.154418] __kmalloc_cache_noprof+0x189/0x420 [ 27.154687] kasan_atomics+0x95/0x310 [ 27.154988] kunit_try_run_case+0x1a5/0x480 [ 27.155157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.155416] kthread+0x337/0x6f0 [ 27.155655] ret_from_fork+0x116/0x1d0 [ 27.155949] ret_from_fork_asm+0x1a/0x30 [ 27.156418] [ 27.156552] The buggy address belongs to the object at ffff88810613ea80 [ 27.156552] which belongs to the cache kmalloc-64 of size 64 [ 27.157246] The buggy address is located 0 bytes to the right of [ 27.157246] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.157827] [ 27.157917] The buggy address belongs to the physical page: [ 27.158137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.158798] flags: 0x200000000000000(node=0|zone=2) [ 27.159098] page_type: f5(slab) [ 27.159244] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.159688] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.160167] page dumped because: kasan: bad access detected [ 27.160422] [ 27.160526] Memory state around the buggy address: [ 27.160858] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.161422] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.161914] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.162269] ^ [ 27.162495] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.162998] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.163360] ================================================================== [ 27.512997] ================================================================== [ 27.514004] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 27.514678] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.514988] [ 27.515098] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.515153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.515167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.515192] Call Trace: [ 27.515215] <TASK> [ 27.515235] dump_stack_lvl+0x73/0xb0 [ 27.515268] print_report+0xd1/0x610 [ 27.515293] ? __virt_addr_valid+0x1db/0x2d0 [ 27.515322] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.515346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.515373] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.515404] kasan_report+0x141/0x180 [ 27.515427] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.515454] kasan_check_range+0x10c/0x1c0 [ 27.515479] __kasan_check_write+0x18/0x20 [ 27.515504] kasan_atomics_helper+0x1b22/0x5450 [ 27.515526] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.515554] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.515580] ? kasan_atomics+0x152/0x310 [ 27.515607] kasan_atomics+0x1dc/0x310 [ 27.515630] ? __pfx_kasan_atomics+0x10/0x10 [ 27.515655] ? __pfx_read_tsc+0x10/0x10 [ 27.515678] ? ktime_get_ts64+0x86/0x230 [ 27.515705] kunit_try_run_case+0x1a5/0x480 [ 27.515728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.515983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.516026] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.516051] ? __kthread_parkme+0x82/0x180 [ 27.516076] ? preempt_count_sub+0x50/0x80 [ 27.516322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.516363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.516392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.516429] kthread+0x337/0x6f0 [ 27.516454] ? trace_preempt_on+0x20/0xc0 [ 27.516479] ? __pfx_kthread+0x10/0x10 [ 27.516513] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.516538] ? calculate_sigpending+0x7b/0xa0 [ 27.516564] ? __pfx_kthread+0x10/0x10 [ 27.516589] ret_from_fork+0x116/0x1d0 [ 27.516610] ? __pfx_kthread+0x10/0x10 [ 27.516633] ret_from_fork_asm+0x1a/0x30 [ 27.516665] </TASK> [ 27.516679] [ 27.529841] Allocated by task 315: [ 27.530011] kasan_save_stack+0x45/0x70 [ 27.530197] kasan_save_track+0x18/0x40 [ 27.530787] kasan_save_alloc_info+0x3b/0x50 [ 27.531080] __kasan_kmalloc+0xb7/0xc0 [ 27.531459] __kmalloc_cache_noprof+0x189/0x420 [ 27.531805] kasan_atomics+0x95/0x310 [ 27.531997] kunit_try_run_case+0x1a5/0x480 [ 27.532186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.532795] kthread+0x337/0x6f0 [ 27.533381] ret_from_fork+0x116/0x1d0 [ 27.533685] ret_from_fork_asm+0x1a/0x30 [ 27.533998] [ 27.534071] The buggy address belongs to the object at ffff88810613ea80 [ 27.534071] which belongs to the cache kmalloc-64 of size 64 [ 27.534997] The buggy address is located 0 bytes to the right of [ 27.534997] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.536328] [ 27.536403] The buggy address belongs to the physical page: [ 27.536582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.537374] flags: 0x200000000000000(node=0|zone=2) [ 27.537876] page_type: f5(slab) [ 27.538178] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.538559] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.539326] page dumped because: kasan: bad access detected [ 27.539532] [ 27.539702] Memory state around the buggy address: [ 27.540154] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.540872] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.541313] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.542088] ^ [ 27.542252] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.543009] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.543441] ================================================================== [ 27.330577] ================================================================== [ 27.330915] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 27.331230] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.331648] [ 27.333051] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.333116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.333131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.333156] Call Trace: [ 27.333179] <TASK> [ 27.333199] dump_stack_lvl+0x73/0xb0 [ 27.333236] print_report+0xd1/0x610 [ 27.333317] ? __virt_addr_valid+0x1db/0x2d0 [ 27.333348] ? kasan_atomics_helper+0x177f/0x5450 [ 27.333372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.333416] ? kasan_atomics_helper+0x177f/0x5450 [ 27.333441] kasan_report+0x141/0x180 [ 27.333464] ? kasan_atomics_helper+0x177f/0x5450 [ 27.333491] kasan_check_range+0x10c/0x1c0 [ 27.333516] __kasan_check_write+0x18/0x20 [ 27.333540] kasan_atomics_helper+0x177f/0x5450 [ 27.333564] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.333591] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.333618] ? kasan_atomics+0x152/0x310 [ 27.333646] kasan_atomics+0x1dc/0x310 [ 27.333670] ? __pfx_kasan_atomics+0x10/0x10 [ 27.333695] ? __pfx_read_tsc+0x10/0x10 [ 27.333719] ? ktime_get_ts64+0x86/0x230 [ 27.333755] kunit_try_run_case+0x1a5/0x480 [ 27.333779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.333829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.333854] ? __kthread_parkme+0x82/0x180 [ 27.333877] ? preempt_count_sub+0x50/0x80 [ 27.333903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.333954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.333981] kthread+0x337/0x6f0 [ 27.334003] ? trace_preempt_on+0x20/0xc0 [ 27.334029] ? __pfx_kthread+0x10/0x10 [ 27.334052] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.334076] ? calculate_sigpending+0x7b/0xa0 [ 27.334103] ? __pfx_kthread+0x10/0x10 [ 27.334127] ret_from_fork+0x116/0x1d0 [ 27.334147] ? __pfx_kthread+0x10/0x10 [ 27.334170] ret_from_fork_asm+0x1a/0x30 [ 27.334203] </TASK> [ 27.334216] [ 27.345127] Allocated by task 315: [ 27.345434] kasan_save_stack+0x45/0x70 [ 27.345803] kasan_save_track+0x18/0x40 [ 27.346136] kasan_save_alloc_info+0x3b/0x50 [ 27.346498] __kasan_kmalloc+0xb7/0xc0 [ 27.346943] __kmalloc_cache_noprof+0x189/0x420 [ 27.347495] kasan_atomics+0x95/0x310 [ 27.347891] kunit_try_run_case+0x1a5/0x480 [ 27.348379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.348952] kthread+0x337/0x6f0 [ 27.349259] ret_from_fork+0x116/0x1d0 [ 27.349633] ret_from_fork_asm+0x1a/0x30 [ 27.350064] [ 27.350241] The buggy address belongs to the object at ffff88810613ea80 [ 27.350241] which belongs to the cache kmalloc-64 of size 64 [ 27.351442] The buggy address is located 0 bytes to the right of [ 27.351442] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.352715] [ 27.352909] The buggy address belongs to the physical page: [ 27.353522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.354306] flags: 0x200000000000000(node=0|zone=2) [ 27.354833] page_type: f5(slab) [ 27.355136] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.356024] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.356948] page dumped because: kasan: bad access detected [ 27.357518] [ 27.357710] Memory state around the buggy address: [ 27.358203] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.358839] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.359636] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.359859] ^ [ 27.360012] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.360223] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.360785] ================================================================== [ 26.575650] ================================================================== [ 26.576368] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 26.576709] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.576998] [ 26.577081] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.577133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.577147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.577170] Call Trace: [ 26.577188] <TASK> [ 26.577205] dump_stack_lvl+0x73/0xb0 [ 26.577237] print_report+0xd1/0x610 [ 26.577259] ? __virt_addr_valid+0x1db/0x2d0 [ 26.577286] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.577309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.577337] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.577360] kasan_report+0x141/0x180 [ 26.577384] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.577412] kasan_check_range+0x10c/0x1c0 [ 26.577439] __kasan_check_write+0x18/0x20 [ 26.577464] kasan_atomics_helper+0x7c7/0x5450 [ 26.577487] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.577514] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.577541] ? kasan_atomics+0x152/0x310 [ 26.577569] kasan_atomics+0x1dc/0x310 [ 26.577594] ? __pfx_kasan_atomics+0x10/0x10 [ 26.577619] ? __pfx_read_tsc+0x10/0x10 [ 26.577643] ? ktime_get_ts64+0x86/0x230 [ 26.577669] kunit_try_run_case+0x1a5/0x480 [ 26.577692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.577714] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.577766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.577791] ? __kthread_parkme+0x82/0x180 [ 26.577827] ? preempt_count_sub+0x50/0x80 [ 26.577853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.577876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.577902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.577968] kthread+0x337/0x6f0 [ 26.578019] ? trace_preempt_on+0x20/0xc0 [ 26.578044] ? __pfx_kthread+0x10/0x10 [ 26.578067] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.578091] ? calculate_sigpending+0x7b/0xa0 [ 26.578117] ? __pfx_kthread+0x10/0x10 [ 26.578140] ret_from_fork+0x116/0x1d0 [ 26.578160] ? __pfx_kthread+0x10/0x10 [ 26.578183] ret_from_fork_asm+0x1a/0x30 [ 26.578215] </TASK> [ 26.578227] [ 26.589267] Allocated by task 315: [ 26.590428] kasan_save_stack+0x45/0x70 [ 26.590639] kasan_save_track+0x18/0x40 [ 26.590783] kasan_save_alloc_info+0x3b/0x50 [ 26.590929] __kasan_kmalloc+0xb7/0xc0 [ 26.591056] __kmalloc_cache_noprof+0x189/0x420 [ 26.591792] kasan_atomics+0x95/0x310 [ 26.592059] kunit_try_run_case+0x1a5/0x480 [ 26.592436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.592815] kthread+0x337/0x6f0 [ 26.592986] ret_from_fork+0x116/0x1d0 [ 26.593155] ret_from_fork_asm+0x1a/0x30 [ 26.593683] [ 26.593966] The buggy address belongs to the object at ffff88810613ea80 [ 26.593966] which belongs to the cache kmalloc-64 of size 64 [ 26.594893] The buggy address is located 0 bytes to the right of [ 26.594893] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.595622] [ 26.595866] The buggy address belongs to the physical page: [ 26.596247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.596621] flags: 0x200000000000000(node=0|zone=2) [ 26.596843] page_type: f5(slab) [ 26.596998] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.597613] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.597862] page dumped because: kasan: bad access detected [ 26.598083] [ 26.598167] Memory state around the buggy address: [ 26.598625] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.599287] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.599626] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.599918] ^ [ 26.600125] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.600842] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.601354] ================================================================== [ 27.270030] ================================================================== [ 27.270576] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 27.270860] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.271230] [ 27.271405] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.271512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.271526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.271550] Call Trace: [ 27.271570] <TASK> [ 27.271589] dump_stack_lvl+0x73/0xb0 [ 27.271621] print_report+0xd1/0x610 [ 27.271644] ? __virt_addr_valid+0x1db/0x2d0 [ 27.271670] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.271693] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.271720] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.271755] kasan_report+0x141/0x180 [ 27.271778] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.271805] kasan_check_range+0x10c/0x1c0 [ 27.271830] __kasan_check_write+0x18/0x20 [ 27.271864] kasan_atomics_helper+0x15b6/0x5450 [ 27.271888] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.271914] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.271951] ? kasan_atomics+0x152/0x310 [ 27.271978] kasan_atomics+0x1dc/0x310 [ 27.272001] ? __pfx_kasan_atomics+0x10/0x10 [ 27.272026] ? __pfx_read_tsc+0x10/0x10 [ 27.272050] ? ktime_get_ts64+0x86/0x230 [ 27.272076] kunit_try_run_case+0x1a5/0x480 [ 27.272099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.272121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.272148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.272173] ? __kthread_parkme+0x82/0x180 [ 27.272196] ? preempt_count_sub+0x50/0x80 [ 27.272221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.272245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.272312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.272359] kthread+0x337/0x6f0 [ 27.272382] ? trace_preempt_on+0x20/0xc0 [ 27.272419] ? __pfx_kthread+0x10/0x10 [ 27.272443] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.272467] ? calculate_sigpending+0x7b/0xa0 [ 27.272493] ? __pfx_kthread+0x10/0x10 [ 27.272536] ret_from_fork+0x116/0x1d0 [ 27.272558] ? __pfx_kthread+0x10/0x10 [ 27.272591] ret_from_fork_asm+0x1a/0x30 [ 27.272623] </TASK> [ 27.272636] [ 27.280698] Allocated by task 315: [ 27.280891] kasan_save_stack+0x45/0x70 [ 27.281088] kasan_save_track+0x18/0x40 [ 27.281258] kasan_save_alloc_info+0x3b/0x50 [ 27.281712] __kasan_kmalloc+0xb7/0xc0 [ 27.281914] __kmalloc_cache_noprof+0x189/0x420 [ 27.282134] kasan_atomics+0x95/0x310 [ 27.282386] kunit_try_run_case+0x1a5/0x480 [ 27.282621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.282872] kthread+0x337/0x6f0 [ 27.283041] ret_from_fork+0x116/0x1d0 [ 27.283196] ret_from_fork_asm+0x1a/0x30 [ 27.283357] [ 27.283455] The buggy address belongs to the object at ffff88810613ea80 [ 27.283455] which belongs to the cache kmalloc-64 of size 64 [ 27.284122] The buggy address is located 0 bytes to the right of [ 27.284122] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.284714] [ 27.284832] The buggy address belongs to the physical page: [ 27.285053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.285463] flags: 0x200000000000000(node=0|zone=2) [ 27.285711] page_type: f5(slab) [ 27.285911] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.286183] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.286407] page dumped because: kasan: bad access detected [ 27.286580] [ 27.286645] Memory state around the buggy address: [ 27.286803] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.287361] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.288239] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.288672] ^ [ 27.288841] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289051] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.289257] ================================================================== [ 27.544418] ================================================================== [ 27.545133] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 27.545983] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.546655] [ 27.546927] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.546985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.546998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.547022] Call Trace: [ 27.547039] <TASK> [ 27.547057] dump_stack_lvl+0x73/0xb0 [ 27.547092] print_report+0xd1/0x610 [ 27.547115] ? __virt_addr_valid+0x1db/0x2d0 [ 27.547141] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.547164] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.547191] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.547214] kasan_report+0x141/0x180 [ 27.547237] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.547264] kasan_check_range+0x10c/0x1c0 [ 27.547287] __kasan_check_write+0x18/0x20 [ 27.547312] kasan_atomics_helper+0x1c18/0x5450 [ 27.547336] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.547363] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.547388] ? kasan_atomics+0x152/0x310 [ 27.547425] kasan_atomics+0x1dc/0x310 [ 27.547448] ? __pfx_kasan_atomics+0x10/0x10 [ 27.547473] ? __pfx_read_tsc+0x10/0x10 [ 27.547496] ? ktime_get_ts64+0x86/0x230 [ 27.547522] kunit_try_run_case+0x1a5/0x480 [ 27.547546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.547568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.547592] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.547617] ? __kthread_parkme+0x82/0x180 [ 27.547640] ? preempt_count_sub+0x50/0x80 [ 27.547664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.547687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.547713] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.547752] kthread+0x337/0x6f0 [ 27.547777] ? trace_preempt_on+0x20/0xc0 [ 27.547801] ? __pfx_kthread+0x10/0x10 [ 27.547823] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.547847] ? calculate_sigpending+0x7b/0xa0 [ 27.547873] ? __pfx_kthread+0x10/0x10 [ 27.547896] ret_from_fork+0x116/0x1d0 [ 27.547916] ? __pfx_kthread+0x10/0x10 [ 27.547939] ret_from_fork_asm+0x1a/0x30 [ 27.547972] </TASK> [ 27.547984] [ 27.559109] Allocated by task 315: [ 27.559442] kasan_save_stack+0x45/0x70 [ 27.559815] kasan_save_track+0x18/0x40 [ 27.560151] kasan_save_alloc_info+0x3b/0x50 [ 27.560880] __kasan_kmalloc+0xb7/0xc0 [ 27.561238] __kmalloc_cache_noprof+0x189/0x420 [ 27.561675] kasan_atomics+0x95/0x310 [ 27.562029] kunit_try_run_case+0x1a5/0x480 [ 27.562408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.562908] kthread+0x337/0x6f0 [ 27.563214] ret_from_fork+0x116/0x1d0 [ 27.563594] ret_from_fork_asm+0x1a/0x30 [ 27.563965] [ 27.564118] The buggy address belongs to the object at ffff88810613ea80 [ 27.564118] which belongs to the cache kmalloc-64 of size 64 [ 27.565152] The buggy address is located 0 bytes to the right of [ 27.565152] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.565884] [ 27.565960] The buggy address belongs to the physical page: [ 27.566130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.566364] flags: 0x200000000000000(node=0|zone=2) [ 27.566796] page_type: f5(slab) [ 27.567083] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.567787] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.568420] page dumped because: kasan: bad access detected [ 27.569026] [ 27.569178] Memory state around the buggy address: [ 27.569612] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.570225] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.570949] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.571515] ^ [ 27.571666] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.571884] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.572094] ================================================================== [ 27.828376] ================================================================== [ 27.828750] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 27.829023] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.829244] [ 27.829430] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.829479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.829493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.829516] Call Trace: [ 27.829533] <TASK> [ 27.829549] dump_stack_lvl+0x73/0xb0 [ 27.829579] print_report+0xd1/0x610 [ 27.829603] ? __virt_addr_valid+0x1db/0x2d0 [ 27.829628] ? kasan_atomics_helper+0x218a/0x5450 [ 27.829650] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.829678] ? kasan_atomics_helper+0x218a/0x5450 [ 27.829702] kasan_report+0x141/0x180 [ 27.829725] ? kasan_atomics_helper+0x218a/0x5450 [ 27.829774] kasan_check_range+0x10c/0x1c0 [ 27.829799] __kasan_check_write+0x18/0x20 [ 27.829823] kasan_atomics_helper+0x218a/0x5450 [ 27.829857] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.829884] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.829911] ? kasan_atomics+0x152/0x310 [ 27.829947] kasan_atomics+0x1dc/0x310 [ 27.829970] ? __pfx_kasan_atomics+0x10/0x10 [ 27.829996] ? __pfx_read_tsc+0x10/0x10 [ 27.830029] ? ktime_get_ts64+0x86/0x230 [ 27.830056] kunit_try_run_case+0x1a5/0x480 [ 27.830079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.830101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.830135] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.830161] ? __kthread_parkme+0x82/0x180 [ 27.830193] ? preempt_count_sub+0x50/0x80 [ 27.830219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.830243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.830277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.830305] kthread+0x337/0x6f0 [ 27.830328] ? trace_preempt_on+0x20/0xc0 [ 27.830363] ? __pfx_kthread+0x10/0x10 [ 27.830386] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.830418] ? calculate_sigpending+0x7b/0xa0 [ 27.830452] ? __pfx_kthread+0x10/0x10 [ 27.830477] ret_from_fork+0x116/0x1d0 [ 27.830497] ? __pfx_kthread+0x10/0x10 [ 27.830530] ret_from_fork_asm+0x1a/0x30 [ 27.830563] </TASK> [ 27.830575] [ 27.837995] Allocated by task 315: [ 27.838121] kasan_save_stack+0x45/0x70 [ 27.838257] kasan_save_track+0x18/0x40 [ 27.838386] kasan_save_alloc_info+0x3b/0x50 [ 27.838527] __kasan_kmalloc+0xb7/0xc0 [ 27.838653] __kmalloc_cache_noprof+0x189/0x420 [ 27.838915] kasan_atomics+0x95/0x310 [ 27.839098] kunit_try_run_case+0x1a5/0x480 [ 27.839297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.839724] kthread+0x337/0x6f0 [ 27.839898] ret_from_fork+0x116/0x1d0 [ 27.840079] ret_from_fork_asm+0x1a/0x30 [ 27.840269] [ 27.840363] The buggy address belongs to the object at ffff88810613ea80 [ 27.840363] which belongs to the cache kmalloc-64 of size 64 [ 27.841172] The buggy address is located 0 bytes to the right of [ 27.841172] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.841543] [ 27.841610] The buggy address belongs to the physical page: [ 27.841787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.842020] flags: 0x200000000000000(node=0|zone=2) [ 27.842177] page_type: f5(slab) [ 27.842339] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.842919] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.843290] page dumped because: kasan: bad access detected [ 27.843569] [ 27.843662] Memory state around the buggy address: [ 27.843897] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.844263] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.844628] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.844902] ^ [ 27.845142] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.845356] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.845640] ================================================================== [ 26.303578] ================================================================== [ 26.304051] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 26.304527] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.304835] [ 26.305258] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.305365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.305378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.305402] Call Trace: [ 26.305428] <TASK> [ 26.305452] dump_stack_lvl+0x73/0xb0 [ 26.305487] print_report+0xd1/0x610 [ 26.305509] ? __virt_addr_valid+0x1db/0x2d0 [ 26.305533] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.305564] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.305589] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.305621] kasan_report+0x141/0x180 [ 26.305643] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.305669] __asan_report_store4_noabort+0x1b/0x30 [ 26.305694] kasan_atomics_helper+0x4ba2/0x5450 [ 26.305716] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.305752] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.305786] ? kasan_atomics+0x152/0x310 [ 26.305812] kasan_atomics+0x1dc/0x310 [ 26.305835] ? __pfx_kasan_atomics+0x10/0x10 [ 26.305870] ? __pfx_read_tsc+0x10/0x10 [ 26.305892] ? ktime_get_ts64+0x86/0x230 [ 26.305918] kunit_try_run_case+0x1a5/0x480 [ 26.305941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.305962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.305985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.306010] ? __kthread_parkme+0x82/0x180 [ 26.306040] ? preempt_count_sub+0x50/0x80 [ 26.306064] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.306086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.306121] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.306147] kthread+0x337/0x6f0 [ 26.306168] ? trace_preempt_on+0x20/0xc0 [ 26.306192] ? __pfx_kthread+0x10/0x10 [ 26.306213] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.306235] ? calculate_sigpending+0x7b/0xa0 [ 26.306260] ? __pfx_kthread+0x10/0x10 [ 26.306330] ret_from_fork+0x116/0x1d0 [ 26.306362] ? __pfx_kthread+0x10/0x10 [ 26.306384] ret_from_fork_asm+0x1a/0x30 [ 26.306425] </TASK> [ 26.306438] [ 26.315273] Allocated by task 315: [ 26.315471] kasan_save_stack+0x45/0x70 [ 26.315713] kasan_save_track+0x18/0x40 [ 26.315995] kasan_save_alloc_info+0x3b/0x50 [ 26.316255] __kasan_kmalloc+0xb7/0xc0 [ 26.316503] __kmalloc_cache_noprof+0x189/0x420 [ 26.316722] kasan_atomics+0x95/0x310 [ 26.316932] kunit_try_run_case+0x1a5/0x480 [ 26.317072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.317420] kthread+0x337/0x6f0 [ 26.317620] ret_from_fork+0x116/0x1d0 [ 26.317818] ret_from_fork_asm+0x1a/0x30 [ 26.318013] [ 26.318101] The buggy address belongs to the object at ffff88810613ea80 [ 26.318101] which belongs to the cache kmalloc-64 of size 64 [ 26.318790] The buggy address is located 0 bytes to the right of [ 26.318790] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.319490] [ 26.319603] The buggy address belongs to the physical page: [ 26.319844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.320142] flags: 0x200000000000000(node=0|zone=2) [ 26.320301] page_type: f5(slab) [ 26.320424] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.320798] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.321344] page dumped because: kasan: bad access detected [ 26.321506] [ 26.321569] Memory state around the buggy address: [ 26.321716] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.321996] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.322389] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.323146] ^ [ 26.323617] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.324002] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.324217] ================================================================== [ 26.480719] ================================================================== [ 26.480980] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 26.481325] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.482198] [ 26.482414] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.482551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.482570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.482596] Call Trace: [ 26.482621] <TASK> [ 26.482644] dump_stack_lvl+0x73/0xb0 [ 26.482679] print_report+0xd1/0x610 [ 26.482703] ? __virt_addr_valid+0x1db/0x2d0 [ 26.482747] ? kasan_atomics_helper+0x565/0x5450 [ 26.482771] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.482798] ? kasan_atomics_helper+0x565/0x5450 [ 26.482820] kasan_report+0x141/0x180 [ 26.482844] ? kasan_atomics_helper+0x565/0x5450 [ 26.482871] kasan_check_range+0x10c/0x1c0 [ 26.482896] __kasan_check_write+0x18/0x20 [ 26.482920] kasan_atomics_helper+0x565/0x5450 [ 26.482943] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.482970] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.482996] ? kasan_atomics+0x152/0x310 [ 26.483023] kasan_atomics+0x1dc/0x310 [ 26.483045] ? __pfx_kasan_atomics+0x10/0x10 [ 26.483071] ? __pfx_read_tsc+0x10/0x10 [ 26.483094] ? ktime_get_ts64+0x86/0x230 [ 26.483120] kunit_try_run_case+0x1a5/0x480 [ 26.483144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.483166] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.483192] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.483216] ? __kthread_parkme+0x82/0x180 [ 26.483239] ? preempt_count_sub+0x50/0x80 [ 26.483263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.483338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.483365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.483392] kthread+0x337/0x6f0 [ 26.483425] ? trace_preempt_on+0x20/0xc0 [ 26.483450] ? __pfx_kthread+0x10/0x10 [ 26.483473] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.483497] ? calculate_sigpending+0x7b/0xa0 [ 26.483525] ? __pfx_kthread+0x10/0x10 [ 26.483549] ret_from_fork+0x116/0x1d0 [ 26.483569] ? __pfx_kthread+0x10/0x10 [ 26.483592] ret_from_fork_asm+0x1a/0x30 [ 26.483625] </TASK> [ 26.483638] [ 26.494075] Allocated by task 315: [ 26.494255] kasan_save_stack+0x45/0x70 [ 26.494819] kasan_save_track+0x18/0x40 [ 26.495004] kasan_save_alloc_info+0x3b/0x50 [ 26.495398] __kasan_kmalloc+0xb7/0xc0 [ 26.495663] __kmalloc_cache_noprof+0x189/0x420 [ 26.495904] kasan_atomics+0x95/0x310 [ 26.496072] kunit_try_run_case+0x1a5/0x480 [ 26.496252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.496910] kthread+0x337/0x6f0 [ 26.497054] ret_from_fork+0x116/0x1d0 [ 26.497238] ret_from_fork_asm+0x1a/0x30 [ 26.497684] [ 26.497787] The buggy address belongs to the object at ffff88810613ea80 [ 26.497787] which belongs to the cache kmalloc-64 of size 64 [ 26.498268] The buggy address is located 0 bytes to the right of [ 26.498268] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.499069] [ 26.499347] The buggy address belongs to the physical page: [ 26.499650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.499994] flags: 0x200000000000000(node=0|zone=2) [ 26.500209] page_type: f5(slab) [ 26.500658] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.500959] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.501699] page dumped because: kasan: bad access detected [ 26.501958] [ 26.502034] Memory state around the buggy address: [ 26.502242] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.502886] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.503170] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.503674] ^ [ 26.503956] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.504359] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.504831] ================================================================== [ 27.059138] ================================================================== [ 27.059364] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 27.059691] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.060101] [ 27.060225] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.060281] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.060295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.060325] Call Trace: [ 27.060348] <TASK> [ 27.060369] dump_stack_lvl+0x73/0xb0 [ 27.060428] print_report+0xd1/0x610 [ 27.060452] ? __virt_addr_valid+0x1db/0x2d0 [ 27.060479] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.060501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.060528] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.060621] kasan_report+0x141/0x180 [ 27.060651] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.060679] __asan_report_load4_noabort+0x18/0x20 [ 27.060704] kasan_atomics_helper+0x49e8/0x5450 [ 27.060727] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.060765] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.060791] ? kasan_atomics+0x152/0x310 [ 27.060820] kasan_atomics+0x1dc/0x310 [ 27.060844] ? __pfx_kasan_atomics+0x10/0x10 [ 27.060868] ? __pfx_read_tsc+0x10/0x10 [ 27.060892] ? ktime_get_ts64+0x86/0x230 [ 27.060918] kunit_try_run_case+0x1a5/0x480 [ 27.060942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.060964] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.060992] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.061016] ? __kthread_parkme+0x82/0x180 [ 27.061039] ? preempt_count_sub+0x50/0x80 [ 27.061065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.061088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.061115] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.061141] kthread+0x337/0x6f0 [ 27.061165] ? trace_preempt_on+0x20/0xc0 [ 27.061190] ? __pfx_kthread+0x10/0x10 [ 27.061212] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.061236] ? calculate_sigpending+0x7b/0xa0 [ 27.062285] ? __pfx_kthread+0x10/0x10 [ 27.062322] ret_from_fork+0x116/0x1d0 [ 27.062344] ? __pfx_kthread+0x10/0x10 [ 27.062369] ret_from_fork_asm+0x1a/0x30 [ 27.062418] </TASK> [ 27.062433] [ 27.074829] Allocated by task 315: [ 27.075282] kasan_save_stack+0x45/0x70 [ 27.075687] kasan_save_track+0x18/0x40 [ 27.076179] kasan_save_alloc_info+0x3b/0x50 [ 27.076726] __kasan_kmalloc+0xb7/0xc0 [ 27.077176] __kmalloc_cache_noprof+0x189/0x420 [ 27.077740] kasan_atomics+0x95/0x310 [ 27.078181] kunit_try_run_case+0x1a5/0x480 [ 27.078823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.079485] kthread+0x337/0x6f0 [ 27.079923] ret_from_fork+0x116/0x1d0 [ 27.080368] ret_from_fork_asm+0x1a/0x30 [ 27.080876] [ 27.081058] The buggy address belongs to the object at ffff88810613ea80 [ 27.081058] which belongs to the cache kmalloc-64 of size 64 [ 27.082409] The buggy address is located 0 bytes to the right of [ 27.082409] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.083767] [ 27.084001] The buggy address belongs to the physical page: [ 27.084177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.084972] flags: 0x200000000000000(node=0|zone=2) [ 27.085704] page_type: f5(slab) [ 27.086135] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.086802] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.087031] page dumped because: kasan: bad access detected [ 27.087197] [ 27.087264] Memory state around the buggy address: [ 27.087432] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.087801] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.088480] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.088873] ^ [ 27.089114] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.089408] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.090077] ================================================================== [ 27.419464] ================================================================== [ 27.419699] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 27.420382] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.421024] [ 27.421200] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.421254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.421308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.421334] Call Trace: [ 27.421356] <TASK> [ 27.421374] dump_stack_lvl+0x73/0xb0 [ 27.421408] print_report+0xd1/0x610 [ 27.421433] ? __virt_addr_valid+0x1db/0x2d0 [ 27.421470] ? kasan_atomics_helper+0x194a/0x5450 [ 27.421492] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.421519] ? kasan_atomics_helper+0x194a/0x5450 [ 27.421541] kasan_report+0x141/0x180 [ 27.421564] ? kasan_atomics_helper+0x194a/0x5450 [ 27.421591] kasan_check_range+0x10c/0x1c0 [ 27.421615] __kasan_check_write+0x18/0x20 [ 27.421639] kasan_atomics_helper+0x194a/0x5450 [ 27.421662] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.421689] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.421715] ? kasan_atomics+0x152/0x310 [ 27.421754] kasan_atomics+0x1dc/0x310 [ 27.421777] ? __pfx_kasan_atomics+0x10/0x10 [ 27.421803] ? __pfx_read_tsc+0x10/0x10 [ 27.421826] ? ktime_get_ts64+0x86/0x230 [ 27.421852] kunit_try_run_case+0x1a5/0x480 [ 27.421875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.421898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.421922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.421946] ? __kthread_parkme+0x82/0x180 [ 27.421969] ? preempt_count_sub+0x50/0x80 [ 27.421994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.422017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.422044] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.422071] kthread+0x337/0x6f0 [ 27.422093] ? trace_preempt_on+0x20/0xc0 [ 27.422117] ? __pfx_kthread+0x10/0x10 [ 27.422141] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.422163] ? calculate_sigpending+0x7b/0xa0 [ 27.422190] ? __pfx_kthread+0x10/0x10 [ 27.422214] ret_from_fork+0x116/0x1d0 [ 27.422235] ? __pfx_kthread+0x10/0x10 [ 27.422258] ret_from_fork_asm+0x1a/0x30 [ 27.422325] </TASK> [ 27.422340] [ 27.435097] Allocated by task 315: [ 27.435227] kasan_save_stack+0x45/0x70 [ 27.435648] kasan_save_track+0x18/0x40 [ 27.436009] kasan_save_alloc_info+0x3b/0x50 [ 27.436469] __kasan_kmalloc+0xb7/0xc0 [ 27.436811] __kmalloc_cache_noprof+0x189/0x420 [ 27.437201] kasan_atomics+0x95/0x310 [ 27.437576] kunit_try_run_case+0x1a5/0x480 [ 27.437955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.438487] kthread+0x337/0x6f0 [ 27.438872] ret_from_fork+0x116/0x1d0 [ 27.439249] ret_from_fork_asm+0x1a/0x30 [ 27.439833] [ 27.440029] The buggy address belongs to the object at ffff88810613ea80 [ 27.440029] which belongs to the cache kmalloc-64 of size 64 [ 27.441215] The buggy address is located 0 bytes to the right of [ 27.441215] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.441923] [ 27.441997] The buggy address belongs to the physical page: [ 27.442164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.442548] flags: 0x200000000000000(node=0|zone=2) [ 27.442973] page_type: f5(slab) [ 27.443253] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.444022] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.444926] page dumped because: kasan: bad access detected [ 27.445512] [ 27.445880] Memory state around the buggy address: [ 27.446458] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.446895] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.447110] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.447376] ^ [ 27.447805] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.448478] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.449091] ================================================================== [ 27.474071] ================================================================== [ 27.474776] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 27.475510] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.476423] [ 27.476626] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.476679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.476716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.476752] Call Trace: [ 27.476774] <TASK> [ 27.476793] dump_stack_lvl+0x73/0xb0 [ 27.476829] print_report+0xd1/0x610 [ 27.476853] ? __virt_addr_valid+0x1db/0x2d0 [ 27.476878] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.476902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.476929] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.476952] kasan_report+0x141/0x180 [ 27.476975] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.477002] kasan_check_range+0x10c/0x1c0 [ 27.477027] __kasan_check_write+0x18/0x20 [ 27.477051] kasan_atomics_helper+0x1a7f/0x5450 [ 27.477074] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.477100] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.477126] ? kasan_atomics+0x152/0x310 [ 27.477153] kasan_atomics+0x1dc/0x310 [ 27.477176] ? __pfx_kasan_atomics+0x10/0x10 [ 27.477201] ? __pfx_read_tsc+0x10/0x10 [ 27.477224] ? ktime_get_ts64+0x86/0x230 [ 27.477250] kunit_try_run_case+0x1a5/0x480 [ 27.477290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.477311] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.477337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.477368] ? __kthread_parkme+0x82/0x180 [ 27.477391] ? preempt_count_sub+0x50/0x80 [ 27.477438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.477461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.477495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.477522] kthread+0x337/0x6f0 [ 27.477544] ? trace_preempt_on+0x20/0xc0 [ 27.477590] ? __pfx_kthread+0x10/0x10 [ 27.477614] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.477647] ? calculate_sigpending+0x7b/0xa0 [ 27.477673] ? __pfx_kthread+0x10/0x10 [ 27.477697] ret_from_fork+0x116/0x1d0 [ 27.477717] ? __pfx_kthread+0x10/0x10 [ 27.477750] ret_from_fork_asm+0x1a/0x30 [ 27.477781] </TASK> [ 27.477794] [ 27.493151] Allocated by task 315: [ 27.493589] kasan_save_stack+0x45/0x70 [ 27.493963] kasan_save_track+0x18/0x40 [ 27.494685] kasan_save_alloc_info+0x3b/0x50 [ 27.495184] __kasan_kmalloc+0xb7/0xc0 [ 27.495564] __kmalloc_cache_noprof+0x189/0x420 [ 27.495958] kasan_atomics+0x95/0x310 [ 27.496090] kunit_try_run_case+0x1a5/0x480 [ 27.496230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.496406] kthread+0x337/0x6f0 [ 27.496821] ret_from_fork+0x116/0x1d0 [ 27.497150] ret_from_fork_asm+0x1a/0x30 [ 27.497494] [ 27.497647] The buggy address belongs to the object at ffff88810613ea80 [ 27.497647] which belongs to the cache kmalloc-64 of size 64 [ 27.498634] The buggy address is located 0 bytes to the right of [ 27.498634] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.500079] [ 27.500652] The buggy address belongs to the physical page: [ 27.501077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.502054] flags: 0x200000000000000(node=0|zone=2) [ 27.502321] page_type: f5(slab) [ 27.502486] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.504065] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.505722] page dumped because: kasan: bad access detected [ 27.505983] [ 27.506073] Memory state around the buggy address: [ 27.507198] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.508139] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.508935] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.509723] ^ [ 27.510108] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.511257] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.511723] ================================================================== [ 26.934209] ================================================================== [ 26.934635] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 26.935316] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.935632] [ 26.935758] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.935813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.935828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.935853] Call Trace: [ 26.935876] <TASK> [ 26.935897] dump_stack_lvl+0x73/0xb0 [ 26.935930] print_report+0xd1/0x610 [ 26.935955] ? __virt_addr_valid+0x1db/0x2d0 [ 26.935981] ? kasan_atomics_helper+0x1079/0x5450 [ 26.936004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.936030] ? kasan_atomics_helper+0x1079/0x5450 [ 26.936055] kasan_report+0x141/0x180 [ 26.936078] ? kasan_atomics_helper+0x1079/0x5450 [ 26.936105] kasan_check_range+0x10c/0x1c0 [ 26.936129] __kasan_check_write+0x18/0x20 [ 26.936153] kasan_atomics_helper+0x1079/0x5450 [ 26.936176] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.936202] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.936230] ? kasan_atomics+0x152/0x310 [ 26.936256] kasan_atomics+0x1dc/0x310 [ 26.936443] ? __pfx_kasan_atomics+0x10/0x10 [ 26.936472] ? __pfx_read_tsc+0x10/0x10 [ 26.936505] ? ktime_get_ts64+0x86/0x230 [ 26.936532] kunit_try_run_case+0x1a5/0x480 [ 26.936556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.936617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.936643] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.936670] ? __kthread_parkme+0x82/0x180 [ 26.936692] ? preempt_count_sub+0x50/0x80 [ 26.936718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.936755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.936782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.936809] kthread+0x337/0x6f0 [ 26.936832] ? trace_preempt_on+0x20/0xc0 [ 26.936857] ? __pfx_kthread+0x10/0x10 [ 26.936881] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.936906] ? calculate_sigpending+0x7b/0xa0 [ 26.936932] ? __pfx_kthread+0x10/0x10 [ 26.936955] ret_from_fork+0x116/0x1d0 [ 26.936976] ? __pfx_kthread+0x10/0x10 [ 26.936999] ret_from_fork_asm+0x1a/0x30 [ 26.937032] </TASK> [ 26.937045] [ 26.949945] Allocated by task 315: [ 26.950128] kasan_save_stack+0x45/0x70 [ 26.950541] kasan_save_track+0x18/0x40 [ 26.950793] kasan_save_alloc_info+0x3b/0x50 [ 26.951104] __kasan_kmalloc+0xb7/0xc0 [ 26.951465] __kmalloc_cache_noprof+0x189/0x420 [ 26.951749] kasan_atomics+0x95/0x310 [ 26.951932] kunit_try_run_case+0x1a5/0x480 [ 26.952116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.952556] kthread+0x337/0x6f0 [ 26.952839] ret_from_fork+0x116/0x1d0 [ 26.953207] ret_from_fork_asm+0x1a/0x30 [ 26.953538] [ 26.953779] The buggy address belongs to the object at ffff88810613ea80 [ 26.953779] which belongs to the cache kmalloc-64 of size 64 [ 26.954469] The buggy address is located 0 bytes to the right of [ 26.954469] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.955236] [ 26.955511] The buggy address belongs to the physical page: [ 26.955762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.956086] flags: 0x200000000000000(node=0|zone=2) [ 26.956519] page_type: f5(slab) [ 26.956810] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.957480] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.957814] page dumped because: kasan: bad access detected [ 26.958041] [ 26.958127] Memory state around the buggy address: [ 26.958626] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.959130] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.959863] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.960425] ^ [ 26.960812] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.961108] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.961811] ================================================================== [ 27.289768] ================================================================== [ 27.290184] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 27.290796] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.291405] [ 27.291493] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.291596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.291612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.291637] Call Trace: [ 27.291659] <TASK> [ 27.291679] dump_stack_lvl+0x73/0xb0 [ 27.291712] print_report+0xd1/0x610 [ 27.291756] ? __virt_addr_valid+0x1db/0x2d0 [ 27.291782] ? kasan_atomics_helper+0x164f/0x5450 [ 27.291816] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.291843] ? kasan_atomics_helper+0x164f/0x5450 [ 27.291866] kasan_report+0x141/0x180 [ 27.291889] ? kasan_atomics_helper+0x164f/0x5450 [ 27.291924] kasan_check_range+0x10c/0x1c0 [ 27.291950] __kasan_check_write+0x18/0x20 [ 27.291975] kasan_atomics_helper+0x164f/0x5450 [ 27.292009] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.292038] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.292067] ? kasan_atomics+0x152/0x310 [ 27.292096] kasan_atomics+0x1dc/0x310 [ 27.292120] ? __pfx_kasan_atomics+0x10/0x10 [ 27.292147] ? __pfx_read_tsc+0x10/0x10 [ 27.292169] ? ktime_get_ts64+0x86/0x230 [ 27.292196] kunit_try_run_case+0x1a5/0x480 [ 27.292220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.292242] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.292268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.292293] ? __kthread_parkme+0x82/0x180 [ 27.292322] ? preempt_count_sub+0x50/0x80 [ 27.292347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.292370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.292406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.292433] kthread+0x337/0x6f0 [ 27.292466] ? trace_preempt_on+0x20/0xc0 [ 27.292492] ? __pfx_kthread+0x10/0x10 [ 27.292515] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.292539] ? calculate_sigpending+0x7b/0xa0 [ 27.292565] ? __pfx_kthread+0x10/0x10 [ 27.292589] ret_from_fork+0x116/0x1d0 [ 27.292610] ? __pfx_kthread+0x10/0x10 [ 27.292633] ret_from_fork_asm+0x1a/0x30 [ 27.292664] </TASK> [ 27.292678] [ 27.300908] Allocated by task 315: [ 27.301113] kasan_save_stack+0x45/0x70 [ 27.301405] kasan_save_track+0x18/0x40 [ 27.301572] kasan_save_alloc_info+0x3b/0x50 [ 27.301811] __kasan_kmalloc+0xb7/0xc0 [ 27.301989] __kmalloc_cache_noprof+0x189/0x420 [ 27.302203] kasan_atomics+0x95/0x310 [ 27.302465] kunit_try_run_case+0x1a5/0x480 [ 27.302667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.302898] kthread+0x337/0x6f0 [ 27.303017] ret_from_fork+0x116/0x1d0 [ 27.303218] ret_from_fork_asm+0x1a/0x30 [ 27.303408] [ 27.303498] The buggy address belongs to the object at ffff88810613ea80 [ 27.303498] which belongs to the cache kmalloc-64 of size 64 [ 27.304297] The buggy address is located 0 bytes to the right of [ 27.304297] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.304761] [ 27.305008] The buggy address belongs to the physical page: [ 27.305257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.305750] flags: 0x200000000000000(node=0|zone=2) [ 27.306002] page_type: f5(slab) [ 27.306122] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.306348] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.306566] page dumped because: kasan: bad access detected [ 27.306819] [ 27.306907] Memory state around the buggy address: [ 27.307124] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.307461] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.307727] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.307938] ^ [ 27.308085] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.308294] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.308860] ================================================================== [ 26.705406] ================================================================== [ 26.705681] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 26.705965] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.706381] [ 26.706634] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.706717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.706764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.706790] Call Trace: [ 26.706812] <TASK> [ 26.706842] dump_stack_lvl+0x73/0xb0 [ 26.706875] print_report+0xd1/0x610 [ 26.706899] ? __virt_addr_valid+0x1db/0x2d0 [ 26.706924] ? kasan_atomics_helper+0xac7/0x5450 [ 26.706947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.706975] ? kasan_atomics_helper+0xac7/0x5450 [ 26.706997] kasan_report+0x141/0x180 [ 26.707020] ? kasan_atomics_helper+0xac7/0x5450 [ 26.707047] kasan_check_range+0x10c/0x1c0 [ 26.707071] __kasan_check_write+0x18/0x20 [ 26.707095] kasan_atomics_helper+0xac7/0x5450 [ 26.707119] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.707146] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.707172] ? kasan_atomics+0x152/0x310 [ 26.707199] kasan_atomics+0x1dc/0x310 [ 26.707222] ? __pfx_kasan_atomics+0x10/0x10 [ 26.707247] ? __pfx_read_tsc+0x10/0x10 [ 26.707270] ? ktime_get_ts64+0x86/0x230 [ 26.707296] kunit_try_run_case+0x1a5/0x480 [ 26.707322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.707344] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.707369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.707394] ? __kthread_parkme+0x82/0x180 [ 26.707416] ? preempt_count_sub+0x50/0x80 [ 26.707441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.707466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.707513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.707554] kthread+0x337/0x6f0 [ 26.707609] ? trace_preempt_on+0x20/0xc0 [ 26.707637] ? __pfx_kthread+0x10/0x10 [ 26.707661] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.707748] ? calculate_sigpending+0x7b/0xa0 [ 26.707778] ? __pfx_kthread+0x10/0x10 [ 26.707802] ret_from_fork+0x116/0x1d0 [ 26.707823] ? __pfx_kthread+0x10/0x10 [ 26.707847] ret_from_fork_asm+0x1a/0x30 [ 26.707880] </TASK> [ 26.707893] [ 26.724112] Allocated by task 315: [ 26.724281] kasan_save_stack+0x45/0x70 [ 26.724803] kasan_save_track+0x18/0x40 [ 26.725066] kasan_save_alloc_info+0x3b/0x50 [ 26.725332] __kasan_kmalloc+0xb7/0xc0 [ 26.725529] __kmalloc_cache_noprof+0x189/0x420 [ 26.725705] kasan_atomics+0x95/0x310 [ 26.726031] kunit_try_run_case+0x1a5/0x480 [ 26.726407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.726638] kthread+0x337/0x6f0 [ 26.726855] ret_from_fork+0x116/0x1d0 [ 26.727126] ret_from_fork_asm+0x1a/0x30 [ 26.727337] [ 26.727451] The buggy address belongs to the object at ffff88810613ea80 [ 26.727451] which belongs to the cache kmalloc-64 of size 64 [ 26.728293] The buggy address is located 0 bytes to the right of [ 26.728293] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.728896] [ 26.729003] The buggy address belongs to the physical page: [ 26.729419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.730124] flags: 0x200000000000000(node=0|zone=2) [ 26.730550] page_type: f5(slab) [ 26.730754] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.731071] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.731477] page dumped because: kasan: bad access detected [ 26.731889] [ 26.731967] Memory state around the buggy address: [ 26.732242] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.732574] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.732912] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.733213] ^ [ 26.733526] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.733770] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.734063] ================================================================== [ 26.602229] ================================================================== [ 26.603238] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 26.603494] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.603716] [ 26.604082] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.604141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.604156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.604181] Call Trace: [ 26.604205] <TASK> [ 26.604224] dump_stack_lvl+0x73/0xb0 [ 26.604346] print_report+0xd1/0x610 [ 26.604377] ? __virt_addr_valid+0x1db/0x2d0 [ 26.604427] ? kasan_atomics_helper+0x860/0x5450 [ 26.604449] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.604476] ? kasan_atomics_helper+0x860/0x5450 [ 26.604499] kasan_report+0x141/0x180 [ 26.604551] ? kasan_atomics_helper+0x860/0x5450 [ 26.604579] kasan_check_range+0x10c/0x1c0 [ 26.604605] __kasan_check_write+0x18/0x20 [ 26.604640] kasan_atomics_helper+0x860/0x5450 [ 26.604663] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.604715] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.604757] ? kasan_atomics+0x152/0x310 [ 26.604784] kasan_atomics+0x1dc/0x310 [ 26.604807] ? __pfx_kasan_atomics+0x10/0x10 [ 26.604833] ? __pfx_read_tsc+0x10/0x10 [ 26.604857] ? ktime_get_ts64+0x86/0x230 [ 26.604883] kunit_try_run_case+0x1a5/0x480 [ 26.604907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.604929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.604955] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.604979] ? __kthread_parkme+0x82/0x180 [ 26.605001] ? preempt_count_sub+0x50/0x80 [ 26.605027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.605050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.605076] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.605103] kthread+0x337/0x6f0 [ 26.605126] ? trace_preempt_on+0x20/0xc0 [ 26.605150] ? __pfx_kthread+0x10/0x10 [ 26.605173] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.605196] ? calculate_sigpending+0x7b/0xa0 [ 26.605222] ? __pfx_kthread+0x10/0x10 [ 26.605246] ret_from_fork+0x116/0x1d0 [ 26.605323] ? __pfx_kthread+0x10/0x10 [ 26.605347] ret_from_fork_asm+0x1a/0x30 [ 26.605379] </TASK> [ 26.605392] [ 26.619876] Allocated by task 315: [ 26.620223] kasan_save_stack+0x45/0x70 [ 26.620703] kasan_save_track+0x18/0x40 [ 26.621097] kasan_save_alloc_info+0x3b/0x50 [ 26.621404] __kasan_kmalloc+0xb7/0xc0 [ 26.621839] __kmalloc_cache_noprof+0x189/0x420 [ 26.621994] kasan_atomics+0x95/0x310 [ 26.622121] kunit_try_run_case+0x1a5/0x480 [ 26.622260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.622950] kthread+0x337/0x6f0 [ 26.623336] ret_from_fork+0x116/0x1d0 [ 26.623841] ret_from_fork_asm+0x1a/0x30 [ 26.624322] [ 26.624484] The buggy address belongs to the object at ffff88810613ea80 [ 26.624484] which belongs to the cache kmalloc-64 of size 64 [ 26.625203] The buggy address is located 0 bytes to the right of [ 26.625203] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.626214] [ 26.626420] The buggy address belongs to the physical page: [ 26.627012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.627773] flags: 0x200000000000000(node=0|zone=2) [ 26.627951] page_type: f5(slab) [ 26.628072] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.628324] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.628846] page dumped because: kasan: bad access detected [ 26.629450] [ 26.629658] Memory state around the buggy address: [ 26.630119] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.630849] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.631601] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.631914] ^ [ 26.632071] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.632436] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.633275] ================================================================== [ 27.599787] ================================================================== [ 27.600100] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 27.600493] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.600977] [ 27.601074] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.601129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.601143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.601168] Call Trace: [ 27.601191] <TASK> [ 27.601211] dump_stack_lvl+0x73/0xb0 [ 27.601245] print_report+0xd1/0x610 [ 27.601272] ? __virt_addr_valid+0x1db/0x2d0 [ 27.601298] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.601346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.601373] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.601408] kasan_report+0x141/0x180 [ 27.601450] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.601478] kasan_check_range+0x10c/0x1c0 [ 27.601502] __kasan_check_write+0x18/0x20 [ 27.601526] kasan_atomics_helper+0x1ce1/0x5450 [ 27.601550] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.601576] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.601603] ? kasan_atomics+0x152/0x310 [ 27.601629] kasan_atomics+0x1dc/0x310 [ 27.601652] ? __pfx_kasan_atomics+0x10/0x10 [ 27.601677] ? __pfx_read_tsc+0x10/0x10 [ 27.601701] ? ktime_get_ts64+0x86/0x230 [ 27.601757] kunit_try_run_case+0x1a5/0x480 [ 27.601780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.601802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.601827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.601852] ? __kthread_parkme+0x82/0x180 [ 27.601875] ? preempt_count_sub+0x50/0x80 [ 27.601900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.601923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.601948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.601975] kthread+0x337/0x6f0 [ 27.601998] ? trace_preempt_on+0x20/0xc0 [ 27.602022] ? __pfx_kthread+0x10/0x10 [ 27.602045] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.602068] ? calculate_sigpending+0x7b/0xa0 [ 27.602094] ? __pfx_kthread+0x10/0x10 [ 27.602117] ret_from_fork+0x116/0x1d0 [ 27.602137] ? __pfx_kthread+0x10/0x10 [ 27.602160] ret_from_fork_asm+0x1a/0x30 [ 27.602193] </TASK> [ 27.602205] [ 27.611833] Allocated by task 315: [ 27.612018] kasan_save_stack+0x45/0x70 [ 27.612203] kasan_save_track+0x18/0x40 [ 27.612376] kasan_save_alloc_info+0x3b/0x50 [ 27.612816] __kasan_kmalloc+0xb7/0xc0 [ 27.613091] __kmalloc_cache_noprof+0x189/0x420 [ 27.613398] kasan_atomics+0x95/0x310 [ 27.613758] kunit_try_run_case+0x1a5/0x480 [ 27.614060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.614313] kthread+0x337/0x6f0 [ 27.614740] ret_from_fork+0x116/0x1d0 [ 27.614951] ret_from_fork_asm+0x1a/0x30 [ 27.615245] [ 27.615344] The buggy address belongs to the object at ffff88810613ea80 [ 27.615344] which belongs to the cache kmalloc-64 of size 64 [ 27.615962] The buggy address is located 0 bytes to the right of [ 27.615962] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.616813] [ 27.616927] The buggy address belongs to the physical page: [ 27.617296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.617784] flags: 0x200000000000000(node=0|zone=2) [ 27.618113] page_type: f5(slab) [ 27.618515] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.618863] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.619167] page dumped because: kasan: bad access detected [ 27.619388] [ 27.619664] Memory state around the buggy address: [ 27.619986] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.620629] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.621111] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.621693] ^ [ 27.621906] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.622127] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.622343] ================================================================== [ 27.772661] ================================================================== [ 27.772948] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 27.773348] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.773646] [ 27.773782] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.773836] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.773860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.773895] Call Trace: [ 27.773917] <TASK> [ 27.774234] dump_stack_lvl+0x73/0xb0 [ 27.774267] print_report+0xd1/0x610 [ 27.774291] ? __virt_addr_valid+0x1db/0x2d0 [ 27.774316] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.774339] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.774366] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.774388] kasan_report+0x141/0x180 [ 27.774411] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.774438] __asan_report_load8_noabort+0x18/0x20 [ 27.774463] kasan_atomics_helper+0x4f98/0x5450 [ 27.774486] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.774513] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.774540] ? kasan_atomics+0x152/0x310 [ 27.774568] kasan_atomics+0x1dc/0x310 [ 27.774592] ? __pfx_kasan_atomics+0x10/0x10 [ 27.774627] ? __pfx_read_tsc+0x10/0x10 [ 27.774651] ? ktime_get_ts64+0x86/0x230 [ 27.774677] kunit_try_run_case+0x1a5/0x480 [ 27.774701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.774723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.774775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.774801] ? __kthread_parkme+0x82/0x180 [ 27.774824] ? preempt_count_sub+0x50/0x80 [ 27.774849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.774873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.774899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.774926] kthread+0x337/0x6f0 [ 27.774948] ? trace_preempt_on+0x20/0xc0 [ 27.774972] ? __pfx_kthread+0x10/0x10 [ 27.774995] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.775018] ? calculate_sigpending+0x7b/0xa0 [ 27.775044] ? __pfx_kthread+0x10/0x10 [ 27.775068] ret_from_fork+0x116/0x1d0 [ 27.775088] ? __pfx_kthread+0x10/0x10 [ 27.775110] ret_from_fork_asm+0x1a/0x30 [ 27.775143] </TASK> [ 27.775155] [ 27.782677] Allocated by task 315: [ 27.782811] kasan_save_stack+0x45/0x70 [ 27.783025] kasan_save_track+0x18/0x40 [ 27.783226] kasan_save_alloc_info+0x3b/0x50 [ 27.783404] __kasan_kmalloc+0xb7/0xc0 [ 27.783590] __kmalloc_cache_noprof+0x189/0x420 [ 27.783807] kasan_atomics+0x95/0x310 [ 27.783999] kunit_try_run_case+0x1a5/0x480 [ 27.784200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.784467] kthread+0x337/0x6f0 [ 27.784634] ret_from_fork+0x116/0x1d0 [ 27.784794] ret_from_fork_asm+0x1a/0x30 [ 27.784964] [ 27.785068] The buggy address belongs to the object at ffff88810613ea80 [ 27.785068] which belongs to the cache kmalloc-64 of size 64 [ 27.785675] The buggy address is located 0 bytes to the right of [ 27.785675] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.786092] [ 27.786160] The buggy address belongs to the physical page: [ 27.786327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.786560] flags: 0x200000000000000(node=0|zone=2) [ 27.786944] page_type: f5(slab) [ 27.787273] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.787632] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.788134] page dumped because: kasan: bad access detected [ 27.788305] [ 27.788373] Memory state around the buggy address: [ 27.788986] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.789253] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.790128] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.790582] ^ [ 27.790818] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.791086] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.791315] ================================================================== [ 27.809507] ================================================================== [ 27.809877] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 27.810214] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.810911] [ 27.811021] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.811091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.811105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.811147] Call Trace: [ 27.811166] <TASK> [ 27.811184] dump_stack_lvl+0x73/0xb0 [ 27.811216] print_report+0xd1/0x610 [ 27.811239] ? __virt_addr_valid+0x1db/0x2d0 [ 27.811264] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.811287] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.811314] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.811337] kasan_report+0x141/0x180 [ 27.811359] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.811387] __asan_report_load8_noabort+0x18/0x20 [ 27.811413] kasan_atomics_helper+0x4fb2/0x5450 [ 27.811435] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.811462] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.811508] ? kasan_atomics+0x152/0x310 [ 27.811535] kasan_atomics+0x1dc/0x310 [ 27.811570] ? __pfx_kasan_atomics+0x10/0x10 [ 27.811595] ? __pfx_read_tsc+0x10/0x10 [ 27.811618] ? ktime_get_ts64+0x86/0x230 [ 27.811644] kunit_try_run_case+0x1a5/0x480 [ 27.811667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.811689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.811715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.811751] ? __kthread_parkme+0x82/0x180 [ 27.811774] ? preempt_count_sub+0x50/0x80 [ 27.811799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.811822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.811848] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.811875] kthread+0x337/0x6f0 [ 27.811897] ? trace_preempt_on+0x20/0xc0 [ 27.811922] ? __pfx_kthread+0x10/0x10 [ 27.811945] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.811968] ? calculate_sigpending+0x7b/0xa0 [ 27.812003] ? __pfx_kthread+0x10/0x10 [ 27.812027] ret_from_fork+0x116/0x1d0 [ 27.812048] ? __pfx_kthread+0x10/0x10 [ 27.812081] ret_from_fork_asm+0x1a/0x30 [ 27.812112] </TASK> [ 27.812125] [ 27.819777] Allocated by task 315: [ 27.819985] kasan_save_stack+0x45/0x70 [ 27.820171] kasan_save_track+0x18/0x40 [ 27.820369] kasan_save_alloc_info+0x3b/0x50 [ 27.820650] __kasan_kmalloc+0xb7/0xc0 [ 27.820822] __kmalloc_cache_noprof+0x189/0x420 [ 27.820972] kasan_atomics+0x95/0x310 [ 27.821100] kunit_try_run_case+0x1a5/0x480 [ 27.821239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.821410] kthread+0x337/0x6f0 [ 27.821526] ret_from_fork+0x116/0x1d0 [ 27.821654] ret_from_fork_asm+0x1a/0x30 [ 27.821798] [ 27.821863] The buggy address belongs to the object at ffff88810613ea80 [ 27.821863] which belongs to the cache kmalloc-64 of size 64 [ 27.822742] The buggy address is located 0 bytes to the right of [ 27.822742] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.823288] [ 27.823380] The buggy address belongs to the physical page: [ 27.823626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.823927] flags: 0x200000000000000(node=0|zone=2) [ 27.824086] page_type: f5(slab) [ 27.824202] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.824432] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.824651] page dumped because: kasan: bad access detected [ 27.824910] [ 27.825001] Memory state around the buggy address: [ 27.825226] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.825590] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.826081] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.826539] ^ [ 27.826885] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.827362] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.827708] ================================================================== [ 26.867040] ================================================================== [ 26.867605] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 26.868004] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.868404] [ 26.868542] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.868609] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.868624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.868648] Call Trace: [ 26.868673] <TASK> [ 26.868695] dump_stack_lvl+0x73/0xb0 [ 26.868756] print_report+0xd1/0x610 [ 26.868781] ? __virt_addr_valid+0x1db/0x2d0 [ 26.868807] ? kasan_atomics_helper+0xf10/0x5450 [ 26.868829] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.868857] ? kasan_atomics_helper+0xf10/0x5450 [ 26.868880] kasan_report+0x141/0x180 [ 26.868903] ? kasan_atomics_helper+0xf10/0x5450 [ 26.868930] kasan_check_range+0x10c/0x1c0 [ 26.868954] __kasan_check_write+0x18/0x20 [ 26.868979] kasan_atomics_helper+0xf10/0x5450 [ 26.869002] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.869029] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.869056] ? kasan_atomics+0x152/0x310 [ 26.869083] kasan_atomics+0x1dc/0x310 [ 26.869117] ? __pfx_kasan_atomics+0x10/0x10 [ 26.869142] ? __pfx_read_tsc+0x10/0x10 [ 26.869175] ? ktime_get_ts64+0x86/0x230 [ 26.869203] kunit_try_run_case+0x1a5/0x480 [ 26.869227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.869249] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.869275] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.869301] ? __kthread_parkme+0x82/0x180 [ 26.869324] ? preempt_count_sub+0x50/0x80 [ 26.869349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.869373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.869417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.869444] kthread+0x337/0x6f0 [ 26.869467] ? trace_preempt_on+0x20/0xc0 [ 26.869492] ? __pfx_kthread+0x10/0x10 [ 26.869516] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.869540] ? calculate_sigpending+0x7b/0xa0 [ 26.869567] ? __pfx_kthread+0x10/0x10 [ 26.869649] ret_from_fork+0x116/0x1d0 [ 26.869685] ? __pfx_kthread+0x10/0x10 [ 26.869710] ret_from_fork_asm+0x1a/0x30 [ 26.869752] </TASK> [ 26.869766] [ 26.878106] Allocated by task 315: [ 26.878339] kasan_save_stack+0x45/0x70 [ 26.878777] kasan_save_track+0x18/0x40 [ 26.878953] kasan_save_alloc_info+0x3b/0x50 [ 26.879099] __kasan_kmalloc+0xb7/0xc0 [ 26.879226] __kmalloc_cache_noprof+0x189/0x420 [ 26.879417] kasan_atomics+0x95/0x310 [ 26.879596] kunit_try_run_case+0x1a5/0x480 [ 26.879855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.880262] kthread+0x337/0x6f0 [ 26.880505] ret_from_fork+0x116/0x1d0 [ 26.880641] ret_from_fork_asm+0x1a/0x30 [ 26.880789] [ 26.880858] The buggy address belongs to the object at ffff88810613ea80 [ 26.880858] which belongs to the cache kmalloc-64 of size 64 [ 26.881309] The buggy address is located 0 bytes to the right of [ 26.881309] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.881950] [ 26.882047] The buggy address belongs to the physical page: [ 26.882455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.882921] flags: 0x200000000000000(node=0|zone=2) [ 26.883158] page_type: f5(slab) [ 26.883426] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.883750] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.884056] page dumped because: kasan: bad access detected [ 26.884373] [ 26.884500] Memory state around the buggy address: [ 26.884701] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.885007] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.885217] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.885821] ^ [ 26.886128] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.886543] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.886841] ================================================================== [ 27.882094] ================================================================== [ 27.882496] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 27.882862] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.883153] [ 27.883273] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.883337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.883351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.883375] Call Trace: [ 27.883393] <TASK> [ 27.883433] dump_stack_lvl+0x73/0xb0 [ 27.883474] print_report+0xd1/0x610 [ 27.883497] ? __virt_addr_valid+0x1db/0x2d0 [ 27.883523] ? kasan_atomics_helper+0x5115/0x5450 [ 27.883557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.883584] ? kasan_atomics_helper+0x5115/0x5450 [ 27.883607] kasan_report+0x141/0x180 [ 27.883639] ? kasan_atomics_helper+0x5115/0x5450 [ 27.883666] __asan_report_load8_noabort+0x18/0x20 [ 27.883691] kasan_atomics_helper+0x5115/0x5450 [ 27.883726] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.883761] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.883787] ? kasan_atomics+0x152/0x310 [ 27.883813] kasan_atomics+0x1dc/0x310 [ 27.883837] ? __pfx_kasan_atomics+0x10/0x10 [ 27.883863] ? __pfx_read_tsc+0x10/0x10 [ 27.883886] ? ktime_get_ts64+0x86/0x230 [ 27.883913] kunit_try_run_case+0x1a5/0x480 [ 27.883937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.883959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.883985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.884010] ? __kthread_parkme+0x82/0x180 [ 27.884033] ? preempt_count_sub+0x50/0x80 [ 27.884059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.884092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.884118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.884145] kthread+0x337/0x6f0 [ 27.884178] ? trace_preempt_on+0x20/0xc0 [ 27.884204] ? __pfx_kthread+0x10/0x10 [ 27.884227] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.884250] ? calculate_sigpending+0x7b/0xa0 [ 27.884277] ? __pfx_kthread+0x10/0x10 [ 27.884301] ret_from_fork+0x116/0x1d0 [ 27.884328] ? __pfx_kthread+0x10/0x10 [ 27.884351] ret_from_fork_asm+0x1a/0x30 [ 27.884383] </TASK> [ 27.884395] [ 27.891697] Allocated by task 315: [ 27.891836] kasan_save_stack+0x45/0x70 [ 27.891975] kasan_save_track+0x18/0x40 [ 27.892157] kasan_save_alloc_info+0x3b/0x50 [ 27.892376] __kasan_kmalloc+0xb7/0xc0 [ 27.892791] __kmalloc_cache_noprof+0x189/0x420 [ 27.893026] kasan_atomics+0x95/0x310 [ 27.893155] kunit_try_run_case+0x1a5/0x480 [ 27.893296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.893625] kthread+0x337/0x6f0 [ 27.893821] ret_from_fork+0x116/0x1d0 [ 27.893994] ret_from_fork_asm+0x1a/0x30 [ 27.894128] [ 27.894194] The buggy address belongs to the object at ffff88810613ea80 [ 27.894194] which belongs to the cache kmalloc-64 of size 64 [ 27.894898] The buggy address is located 0 bytes to the right of [ 27.894898] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.895515] [ 27.895590] The buggy address belongs to the physical page: [ 27.895832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.896158] flags: 0x200000000000000(node=0|zone=2) [ 27.896397] page_type: f5(slab) [ 27.896574] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.896910] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.897226] page dumped because: kasan: bad access detected [ 27.897490] [ 27.897582] Memory state around the buggy address: [ 27.897814] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.898113] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.898423] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.898715] ^ [ 27.898905] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.899116] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.899322] ================================================================== [ 26.554627] ================================================================== [ 26.554945] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 26.555286] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.555588] [ 26.555704] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.555813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.555829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.555856] Call Trace: [ 26.555877] <TASK> [ 26.555898] dump_stack_lvl+0x73/0xb0 [ 26.555931] print_report+0xd1/0x610 [ 26.555956] ? __virt_addr_valid+0x1db/0x2d0 [ 26.555993] ? kasan_atomics_helper+0x72f/0x5450 [ 26.556015] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.556042] ? kasan_atomics_helper+0x72f/0x5450 [ 26.556065] kasan_report+0x141/0x180 [ 26.556088] ? kasan_atomics_helper+0x72f/0x5450 [ 26.556114] kasan_check_range+0x10c/0x1c0 [ 26.556139] __kasan_check_write+0x18/0x20 [ 26.556163] kasan_atomics_helper+0x72f/0x5450 [ 26.556185] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.556212] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.556238] ? kasan_atomics+0x152/0x310 [ 26.556265] kasan_atomics+0x1dc/0x310 [ 26.556289] ? __pfx_kasan_atomics+0x10/0x10 [ 26.556319] ? __pfx_read_tsc+0x10/0x10 [ 26.556342] ? ktime_get_ts64+0x86/0x230 [ 26.556369] kunit_try_run_case+0x1a5/0x480 [ 26.556392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.556414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.556439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.556464] ? __kthread_parkme+0x82/0x180 [ 26.556486] ? preempt_count_sub+0x50/0x80 [ 26.556544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.556592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.556642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.556692] kthread+0x337/0x6f0 [ 26.556714] ? trace_preempt_on+0x20/0xc0 [ 26.556776] ? __pfx_kthread+0x10/0x10 [ 26.556832] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.556856] ? calculate_sigpending+0x7b/0xa0 [ 26.556882] ? __pfx_kthread+0x10/0x10 [ 26.556915] ret_from_fork+0x116/0x1d0 [ 26.556935] ? __pfx_kthread+0x10/0x10 [ 26.556958] ret_from_fork_asm+0x1a/0x30 [ 26.556990] </TASK> [ 26.557003] [ 26.566474] Allocated by task 315: [ 26.566677] kasan_save_stack+0x45/0x70 [ 26.566937] kasan_save_track+0x18/0x40 [ 26.567106] kasan_save_alloc_info+0x3b/0x50 [ 26.567256] __kasan_kmalloc+0xb7/0xc0 [ 26.567474] __kmalloc_cache_noprof+0x189/0x420 [ 26.567729] kasan_atomics+0x95/0x310 [ 26.568002] kunit_try_run_case+0x1a5/0x480 [ 26.568271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.568563] kthread+0x337/0x6f0 [ 26.568783] ret_from_fork+0x116/0x1d0 [ 26.569013] ret_from_fork_asm+0x1a/0x30 [ 26.569243] [ 26.569355] The buggy address belongs to the object at ffff88810613ea80 [ 26.569355] which belongs to the cache kmalloc-64 of size 64 [ 26.569998] The buggy address is located 0 bytes to the right of [ 26.569998] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.570555] [ 26.570625] The buggy address belongs to the physical page: [ 26.570804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.571255] flags: 0x200000000000000(node=0|zone=2) [ 26.571746] page_type: f5(slab) [ 26.571924] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.572165] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.572390] page dumped because: kasan: bad access detected [ 26.573005] [ 26.573097] Memory state around the buggy address: [ 26.573319] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.573712] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.573927] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.574129] ^ [ 26.574279] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.574484] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.575101] ================================================================== [ 26.908261] ================================================================== [ 26.908946] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 26.909261] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.910063] [ 26.910179] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.910234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.910248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.910536] Call Trace: [ 26.910580] <TASK> [ 26.910599] dump_stack_lvl+0x73/0xb0 [ 26.910639] print_report+0xd1/0x610 [ 26.910664] ? __virt_addr_valid+0x1db/0x2d0 [ 26.910691] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.910714] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.910751] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.910775] kasan_report+0x141/0x180 [ 26.910800] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.910829] __asan_report_load4_noabort+0x18/0x20 [ 26.910856] kasan_atomics_helper+0x4a36/0x5450 [ 26.910880] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.910907] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.910933] ? kasan_atomics+0x152/0x310 [ 26.910960] kasan_atomics+0x1dc/0x310 [ 26.910984] ? __pfx_kasan_atomics+0x10/0x10 [ 26.911010] ? __pfx_read_tsc+0x10/0x10 [ 26.911035] ? ktime_get_ts64+0x86/0x230 [ 26.911062] kunit_try_run_case+0x1a5/0x480 [ 26.911087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.911109] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.911135] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.911160] ? __kthread_parkme+0x82/0x180 [ 26.911183] ? preempt_count_sub+0x50/0x80 [ 26.911208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.911232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.911258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.911526] kthread+0x337/0x6f0 [ 26.911568] ? trace_preempt_on+0x20/0xc0 [ 26.911594] ? __pfx_kthread+0x10/0x10 [ 26.911617] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.911644] ? calculate_sigpending+0x7b/0xa0 [ 26.911670] ? __pfx_kthread+0x10/0x10 [ 26.911694] ret_from_fork+0x116/0x1d0 [ 26.911715] ? __pfx_kthread+0x10/0x10 [ 26.911749] ret_from_fork_asm+0x1a/0x30 [ 26.911782] </TASK> [ 26.911795] [ 26.922490] Allocated by task 315: [ 26.922664] kasan_save_stack+0x45/0x70 [ 26.922865] kasan_save_track+0x18/0x40 [ 26.923038] kasan_save_alloc_info+0x3b/0x50 [ 26.923218] __kasan_kmalloc+0xb7/0xc0 [ 26.923691] __kmalloc_cache_noprof+0x189/0x420 [ 26.923922] kasan_atomics+0x95/0x310 [ 26.924091] kunit_try_run_case+0x1a5/0x480 [ 26.924340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.924781] kthread+0x337/0x6f0 [ 26.924936] ret_from_fork+0x116/0x1d0 [ 26.925104] ret_from_fork_asm+0x1a/0x30 [ 26.925325] [ 26.925424] The buggy address belongs to the object at ffff88810613ea80 [ 26.925424] which belongs to the cache kmalloc-64 of size 64 [ 26.925905] The buggy address is located 0 bytes to the right of [ 26.925905] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.926491] [ 26.926583] The buggy address belongs to the physical page: [ 26.926818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.927141] flags: 0x200000000000000(node=0|zone=2) [ 26.928541] page_type: f5(slab) [ 26.928687] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.928935] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.929237] page dumped because: kasan: bad access detected [ 26.930217] [ 26.930518] Memory state around the buggy address: [ 26.930759] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.931046] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.931600] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.932024] ^ [ 26.932228] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.932772] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.933073] ================================================================== [ 26.426761] ================================================================== [ 26.427086] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 26.427415] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.428245] [ 26.428419] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.428474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.428575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.428600] Call Trace: [ 26.428682] <TASK> [ 26.428706] dump_stack_lvl+0x73/0xb0 [ 26.428755] print_report+0xd1/0x610 [ 26.428781] ? __virt_addr_valid+0x1db/0x2d0 [ 26.428806] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.428829] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.428857] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.428878] kasan_report+0x141/0x180 [ 26.428902] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.428928] kasan_check_range+0x10c/0x1c0 [ 26.428952] __kasan_check_write+0x18/0x20 [ 26.428976] kasan_atomics_helper+0x4a0/0x5450 [ 26.428999] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.429025] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.429052] ? kasan_atomics+0x152/0x310 [ 26.429079] kasan_atomics+0x1dc/0x310 [ 26.429102] ? __pfx_kasan_atomics+0x10/0x10 [ 26.429127] ? __pfx_read_tsc+0x10/0x10 [ 26.429151] ? ktime_get_ts64+0x86/0x230 [ 26.429177] kunit_try_run_case+0x1a5/0x480 [ 26.429202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.429224] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.429249] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.429329] ? __kthread_parkme+0x82/0x180 [ 26.429354] ? preempt_count_sub+0x50/0x80 [ 26.429380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.429402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.429429] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.429455] kthread+0x337/0x6f0 [ 26.429478] ? trace_preempt_on+0x20/0xc0 [ 26.429503] ? __pfx_kthread+0x10/0x10 [ 26.429526] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.429550] ? calculate_sigpending+0x7b/0xa0 [ 26.429576] ? __pfx_kthread+0x10/0x10 [ 26.429600] ret_from_fork+0x116/0x1d0 [ 26.429621] ? __pfx_kthread+0x10/0x10 [ 26.429644] ret_from_fork_asm+0x1a/0x30 [ 26.429676] </TASK> [ 26.429689] [ 26.440522] Allocated by task 315: [ 26.440711] kasan_save_stack+0x45/0x70 [ 26.440910] kasan_save_track+0x18/0x40 [ 26.441073] kasan_save_alloc_info+0x3b/0x50 [ 26.441696] __kasan_kmalloc+0xb7/0xc0 [ 26.441898] __kmalloc_cache_noprof+0x189/0x420 [ 26.442068] kasan_atomics+0x95/0x310 [ 26.442258] kunit_try_run_case+0x1a5/0x480 [ 26.442427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.442856] kthread+0x337/0x6f0 [ 26.443026] ret_from_fork+0x116/0x1d0 [ 26.443190] ret_from_fork_asm+0x1a/0x30 [ 26.443379] [ 26.443904] The buggy address belongs to the object at ffff88810613ea80 [ 26.443904] which belongs to the cache kmalloc-64 of size 64 [ 26.444361] The buggy address is located 0 bytes to the right of [ 26.444361] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.444953] [ 26.445044] The buggy address belongs to the physical page: [ 26.445636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.445976] flags: 0x200000000000000(node=0|zone=2) [ 26.446271] page_type: f5(slab) [ 26.446578] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.446888] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.447212] page dumped because: kasan: bad access detected [ 26.447872] [ 26.447961] Memory state around the buggy address: [ 26.448186] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.448673] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.449006] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.449563] ^ [ 26.449729] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.450986] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.451739] ================================================================== [ 27.114446] ================================================================== [ 27.114749] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 27.115008] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.115802] [ 27.115930] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.115986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.116069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.116096] Call Trace: [ 27.116120] <TASK> [ 27.116140] dump_stack_lvl+0x73/0xb0 [ 27.116298] print_report+0xd1/0x610 [ 27.116329] ? __virt_addr_valid+0x1db/0x2d0 [ 27.116356] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.116381] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.116416] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.116439] kasan_report+0x141/0x180 [ 27.116462] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.116490] __asan_report_load4_noabort+0x18/0x20 [ 27.116515] kasan_atomics_helper+0x49ce/0x5450 [ 27.116539] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.116565] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.116592] ? kasan_atomics+0x152/0x310 [ 27.116618] kasan_atomics+0x1dc/0x310 [ 27.116642] ? __pfx_kasan_atomics+0x10/0x10 [ 27.116667] ? __pfx_read_tsc+0x10/0x10 [ 27.116691] ? ktime_get_ts64+0x86/0x230 [ 27.116718] kunit_try_run_case+0x1a5/0x480 [ 27.116754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.116776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.116802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.116827] ? __kthread_parkme+0x82/0x180 [ 27.116849] ? preempt_count_sub+0x50/0x80 [ 27.116874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.116898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.116924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.116950] kthread+0x337/0x6f0 [ 27.116974] ? trace_preempt_on+0x20/0xc0 [ 27.116999] ? __pfx_kthread+0x10/0x10 [ 27.117022] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.117045] ? calculate_sigpending+0x7b/0xa0 [ 27.117072] ? __pfx_kthread+0x10/0x10 [ 27.117096] ret_from_fork+0x116/0x1d0 [ 27.117117] ? __pfx_kthread+0x10/0x10 [ 27.117140] ret_from_fork_asm+0x1a/0x30 [ 27.117173] </TASK> [ 27.117187] [ 27.127742] Allocated by task 315: [ 27.127930] kasan_save_stack+0x45/0x70 [ 27.128087] kasan_save_track+0x18/0x40 [ 27.128277] kasan_save_alloc_info+0x3b/0x50 [ 27.128704] __kasan_kmalloc+0xb7/0xc0 [ 27.128904] __kmalloc_cache_noprof+0x189/0x420 [ 27.129168] kasan_atomics+0x95/0x310 [ 27.129389] kunit_try_run_case+0x1a5/0x480 [ 27.129821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.130145] kthread+0x337/0x6f0 [ 27.130283] ret_from_fork+0x116/0x1d0 [ 27.130653] ret_from_fork_asm+0x1a/0x30 [ 27.131118] [ 27.131197] The buggy address belongs to the object at ffff88810613ea80 [ 27.131197] which belongs to the cache kmalloc-64 of size 64 [ 27.131949] The buggy address is located 0 bytes to the right of [ 27.131949] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.132713] [ 27.132921] The buggy address belongs to the physical page: [ 27.133252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.133681] flags: 0x200000000000000(node=0|zone=2) [ 27.133920] page_type: f5(slab) [ 27.134080] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.134688] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.134993] page dumped because: kasan: bad access detected [ 27.135659] [ 27.135775] Memory state around the buggy address: [ 27.135966] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.136586] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.136990] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.137401] ^ [ 27.137749] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.138117] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.138627] ================================================================== [ 27.164077] ================================================================== [ 27.164335] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 27.164942] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.165250] [ 27.165423] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.165546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.165617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.165642] Call Trace: [ 27.165665] <TASK> [ 27.165685] dump_stack_lvl+0x73/0xb0 [ 27.165719] print_report+0xd1/0x610 [ 27.165755] ? __virt_addr_valid+0x1db/0x2d0 [ 27.165780] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.165803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.165830] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.165956] kasan_report+0x141/0x180 [ 27.165980] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.166007] __asan_report_load8_noabort+0x18/0x20 [ 27.166032] kasan_atomics_helper+0x4eae/0x5450 [ 27.166054] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.166081] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.166107] ? kasan_atomics+0x152/0x310 [ 27.166135] kasan_atomics+0x1dc/0x310 [ 27.166158] ? __pfx_kasan_atomics+0x10/0x10 [ 27.166183] ? __pfx_read_tsc+0x10/0x10 [ 27.166206] ? ktime_get_ts64+0x86/0x230 [ 27.166232] kunit_try_run_case+0x1a5/0x480 [ 27.166257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.166292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.166319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.166343] ? __kthread_parkme+0x82/0x180 [ 27.166366] ? preempt_count_sub+0x50/0x80 [ 27.166392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.166421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.166448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.166475] kthread+0x337/0x6f0 [ 27.166497] ? trace_preempt_on+0x20/0xc0 [ 27.166522] ? __pfx_kthread+0x10/0x10 [ 27.166545] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.166568] ? calculate_sigpending+0x7b/0xa0 [ 27.166595] ? __pfx_kthread+0x10/0x10 [ 27.166618] ret_from_fork+0x116/0x1d0 [ 27.166639] ? __pfx_kthread+0x10/0x10 [ 27.166662] ret_from_fork_asm+0x1a/0x30 [ 27.166693] </TASK> [ 27.166706] [ 27.176550] Allocated by task 315: [ 27.176817] kasan_save_stack+0x45/0x70 [ 27.177321] kasan_save_track+0x18/0x40 [ 27.177539] kasan_save_alloc_info+0x3b/0x50 [ 27.177741] __kasan_kmalloc+0xb7/0xc0 [ 27.177908] __kmalloc_cache_noprof+0x189/0x420 [ 27.178111] kasan_atomics+0x95/0x310 [ 27.178587] kunit_try_run_case+0x1a5/0x480 [ 27.178795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.179008] kthread+0x337/0x6f0 [ 27.179239] ret_from_fork+0x116/0x1d0 [ 27.179498] ret_from_fork_asm+0x1a/0x30 [ 27.179821] [ 27.179924] The buggy address belongs to the object at ffff88810613ea80 [ 27.179924] which belongs to the cache kmalloc-64 of size 64 [ 27.180409] The buggy address is located 0 bytes to the right of [ 27.180409] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.181196] [ 27.181369] The buggy address belongs to the physical page: [ 27.181555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.181910] flags: 0x200000000000000(node=0|zone=2) [ 27.182385] page_type: f5(slab) [ 27.182585] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.183278] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.183663] page dumped because: kasan: bad access detected [ 27.183903] [ 27.183974] Memory state around the buggy address: [ 27.184175] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.184508] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.185101] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.185541] ^ [ 27.185844] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.186229] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.186705] ================================================================== [ 27.863877] ================================================================== [ 27.864107] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 27.864407] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.864978] [ 27.865091] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.865153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.865167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.865191] Call Trace: [ 27.865210] <TASK> [ 27.865238] dump_stack_lvl+0x73/0xb0 [ 27.865269] print_report+0xd1/0x610 [ 27.865292] ? __virt_addr_valid+0x1db/0x2d0 [ 27.865318] ? kasan_atomics_helper+0x224c/0x5450 [ 27.865340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.865368] ? kasan_atomics_helper+0x224c/0x5450 [ 27.865390] kasan_report+0x141/0x180 [ 27.865413] ? kasan_atomics_helper+0x224c/0x5450 [ 27.865440] kasan_check_range+0x10c/0x1c0 [ 27.865464] __kasan_check_write+0x18/0x20 [ 27.865488] kasan_atomics_helper+0x224c/0x5450 [ 27.865512] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.865539] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.865565] ? kasan_atomics+0x152/0x310 [ 27.865592] kasan_atomics+0x1dc/0x310 [ 27.865616] ? __pfx_kasan_atomics+0x10/0x10 [ 27.865641] ? __pfx_read_tsc+0x10/0x10 [ 27.865665] ? ktime_get_ts64+0x86/0x230 [ 27.865691] kunit_try_run_case+0x1a5/0x480 [ 27.865714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.865747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.865773] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.865798] ? __kthread_parkme+0x82/0x180 [ 27.865821] ? preempt_count_sub+0x50/0x80 [ 27.865847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.865870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.865896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.865924] kthread+0x337/0x6f0 [ 27.865947] ? trace_preempt_on+0x20/0xc0 [ 27.865972] ? __pfx_kthread+0x10/0x10 [ 27.865995] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.866018] ? calculate_sigpending+0x7b/0xa0 [ 27.866044] ? __pfx_kthread+0x10/0x10 [ 27.866068] ret_from_fork+0x116/0x1d0 [ 27.866089] ? __pfx_kthread+0x10/0x10 [ 27.866112] ret_from_fork_asm+0x1a/0x30 [ 27.866144] </TASK> [ 27.866156] [ 27.874187] Allocated by task 315: [ 27.874401] kasan_save_stack+0x45/0x70 [ 27.874636] kasan_save_track+0x18/0x40 [ 27.874855] kasan_save_alloc_info+0x3b/0x50 [ 27.875037] __kasan_kmalloc+0xb7/0xc0 [ 27.875213] __kmalloc_cache_noprof+0x189/0x420 [ 27.875476] kasan_atomics+0x95/0x310 [ 27.875638] kunit_try_run_case+0x1a5/0x480 [ 27.875788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.875959] kthread+0x337/0x6f0 [ 27.876076] ret_from_fork+0x116/0x1d0 [ 27.876204] ret_from_fork_asm+0x1a/0x30 [ 27.876346] [ 27.876413] The buggy address belongs to the object at ffff88810613ea80 [ 27.876413] which belongs to the cache kmalloc-64 of size 64 [ 27.876937] The buggy address is located 0 bytes to the right of [ 27.876937] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.877625] [ 27.877694] The buggy address belongs to the physical page: [ 27.877962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.878271] flags: 0x200000000000000(node=0|zone=2) [ 27.878482] page_type: f5(slab) [ 27.878646] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.878953] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.879174] page dumped because: kasan: bad access detected [ 27.879375] [ 27.879549] Memory state around the buggy address: [ 27.879802] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.880116] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.880421] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.880717] ^ [ 27.880948] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.881246] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.881595] ================================================================== [ 27.846171] ================================================================== [ 27.846614] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 27.846938] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.847234] [ 27.847362] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.847421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.847435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.847459] Call Trace: [ 27.847477] <TASK> [ 27.847504] dump_stack_lvl+0x73/0xb0 [ 27.847535] print_report+0xd1/0x610 [ 27.847558] ? __virt_addr_valid+0x1db/0x2d0 [ 27.847596] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.847618] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.847645] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.847675] kasan_report+0x141/0x180 [ 27.847699] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.847726] __asan_report_load8_noabort+0x18/0x20 [ 27.847767] kasan_atomics_helper+0x4fa5/0x5450 [ 27.847791] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.847818] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.847852] ? kasan_atomics+0x152/0x310 [ 27.847879] kasan_atomics+0x1dc/0x310 [ 27.847902] ? __pfx_kasan_atomics+0x10/0x10 [ 27.847938] ? __pfx_read_tsc+0x10/0x10 [ 27.847961] ? ktime_get_ts64+0x86/0x230 [ 27.847987] kunit_try_run_case+0x1a5/0x480 [ 27.848019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.848041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.848066] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.848102] ? __kthread_parkme+0x82/0x180 [ 27.848124] ? preempt_count_sub+0x50/0x80 [ 27.848150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.848182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.848208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.848245] kthread+0x337/0x6f0 [ 27.848268] ? trace_preempt_on+0x20/0xc0 [ 27.848293] ? __pfx_kthread+0x10/0x10 [ 27.848331] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.848355] ? calculate_sigpending+0x7b/0xa0 [ 27.848380] ? __pfx_kthread+0x10/0x10 [ 27.848426] ret_from_fork+0x116/0x1d0 [ 27.848447] ? __pfx_kthread+0x10/0x10 [ 27.848481] ret_from_fork_asm+0x1a/0x30 [ 27.848513] </TASK> [ 27.848525] [ 27.856229] Allocated by task 315: [ 27.856424] kasan_save_stack+0x45/0x70 [ 27.856596] kasan_save_track+0x18/0x40 [ 27.856798] kasan_save_alloc_info+0x3b/0x50 [ 27.856948] __kasan_kmalloc+0xb7/0xc0 [ 27.857144] __kmalloc_cache_noprof+0x189/0x420 [ 27.857360] kasan_atomics+0x95/0x310 [ 27.857583] kunit_try_run_case+0x1a5/0x480 [ 27.857766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.857972] kthread+0x337/0x6f0 [ 27.858135] ret_from_fork+0x116/0x1d0 [ 27.858290] ret_from_fork_asm+0x1a/0x30 [ 27.858524] [ 27.858602] The buggy address belongs to the object at ffff88810613ea80 [ 27.858602] which belongs to the cache kmalloc-64 of size 64 [ 27.859104] The buggy address is located 0 bytes to the right of [ 27.859104] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.859571] [ 27.859675] The buggy address belongs to the physical page: [ 27.859927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.860262] flags: 0x200000000000000(node=0|zone=2) [ 27.860556] page_type: f5(slab) [ 27.860718] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.861043] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.861342] page dumped because: kasan: bad access detected [ 27.861627] [ 27.861710] Memory state around the buggy address: [ 27.861915] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.862192] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.862547] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.862821] ^ [ 27.863041] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.863253] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.863458] ================================================================== [ 27.792002] ================================================================== [ 27.792444] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 27.792769] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.793057] [ 27.793167] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.793229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.793243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.793279] Call Trace: [ 27.793297] <TASK> [ 27.793315] dump_stack_lvl+0x73/0xb0 [ 27.793347] print_report+0xd1/0x610 [ 27.793371] ? __virt_addr_valid+0x1db/0x2d0 [ 27.793405] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.793439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.793476] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.793499] kasan_report+0x141/0x180 [ 27.793523] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.793551] kasan_check_range+0x10c/0x1c0 [ 27.793576] __kasan_check_write+0x18/0x20 [ 27.793608] kasan_atomics_helper+0x20c8/0x5450 [ 27.793633] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.793661] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.793697] ? kasan_atomics+0x152/0x310 [ 27.793724] kasan_atomics+0x1dc/0x310 [ 27.793757] ? __pfx_kasan_atomics+0x10/0x10 [ 27.793791] ? __pfx_read_tsc+0x10/0x10 [ 27.793814] ? ktime_get_ts64+0x86/0x230 [ 27.793840] kunit_try_run_case+0x1a5/0x480 [ 27.793874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.793897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.793923] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.793948] ? __kthread_parkme+0x82/0x180 [ 27.793970] ? preempt_count_sub+0x50/0x80 [ 27.793995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.794019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.794045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.794071] kthread+0x337/0x6f0 [ 27.794094] ? trace_preempt_on+0x20/0xc0 [ 27.794119] ? __pfx_kthread+0x10/0x10 [ 27.794143] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.794166] ? calculate_sigpending+0x7b/0xa0 [ 27.794191] ? __pfx_kthread+0x10/0x10 [ 27.794215] ret_from_fork+0x116/0x1d0 [ 27.794235] ? __pfx_kthread+0x10/0x10 [ 27.794257] ret_from_fork_asm+0x1a/0x30 [ 27.794290] </TASK> [ 27.794302] [ 27.801764] Allocated by task 315: [ 27.801968] kasan_save_stack+0x45/0x70 [ 27.802131] kasan_save_track+0x18/0x40 [ 27.802312] kasan_save_alloc_info+0x3b/0x50 [ 27.802563] __kasan_kmalloc+0xb7/0xc0 [ 27.802759] __kmalloc_cache_noprof+0x189/0x420 [ 27.802958] kasan_atomics+0x95/0x310 [ 27.803146] kunit_try_run_case+0x1a5/0x480 [ 27.803333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.803610] kthread+0x337/0x6f0 [ 27.803739] ret_from_fork+0x116/0x1d0 [ 27.803920] ret_from_fork_asm+0x1a/0x30 [ 27.804136] [ 27.804233] The buggy address belongs to the object at ffff88810613ea80 [ 27.804233] which belongs to the cache kmalloc-64 of size 64 [ 27.804761] The buggy address is located 0 bytes to the right of [ 27.804761] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.805305] [ 27.805424] The buggy address belongs to the physical page: [ 27.805655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.806147] flags: 0x200000000000000(node=0|zone=2) [ 27.806386] page_type: f5(slab) [ 27.806550] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.806814] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.807039] page dumped because: kasan: bad access detected [ 27.807208] [ 27.807279] Memory state around the buggy address: [ 27.807452] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.807773] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.808111] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.808432] ^ [ 27.808629] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.808848] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.809055] ================================================================== [ 26.845878] ================================================================== [ 26.846193] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 26.847856] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.848208] [ 26.848390] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.848455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.848471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.848497] Call Trace: [ 26.848518] <TASK> [ 26.848537] dump_stack_lvl+0x73/0xb0 [ 26.848572] print_report+0xd1/0x610 [ 26.848595] ? __virt_addr_valid+0x1db/0x2d0 [ 26.848622] ? kasan_atomics_helper+0xe78/0x5450 [ 26.848644] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.848672] ? kasan_atomics_helper+0xe78/0x5450 [ 26.848695] kasan_report+0x141/0x180 [ 26.848719] ? kasan_atomics_helper+0xe78/0x5450 [ 26.848757] kasan_check_range+0x10c/0x1c0 [ 26.848782] __kasan_check_write+0x18/0x20 [ 26.848806] kasan_atomics_helper+0xe78/0x5450 [ 26.848830] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.848858] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.848884] ? kasan_atomics+0x152/0x310 [ 26.848910] kasan_atomics+0x1dc/0x310 [ 26.848934] ? __pfx_kasan_atomics+0x10/0x10 [ 26.848959] ? __pfx_read_tsc+0x10/0x10 [ 26.848983] ? ktime_get_ts64+0x86/0x230 [ 26.849009] kunit_try_run_case+0x1a5/0x480 [ 26.849033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.849055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.849081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.849106] ? __kthread_parkme+0x82/0x180 [ 26.849128] ? preempt_count_sub+0x50/0x80 [ 26.849154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.849177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.849203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.849230] kthread+0x337/0x6f0 [ 26.849252] ? trace_preempt_on+0x20/0xc0 [ 26.849320] ? __pfx_kthread+0x10/0x10 [ 26.849345] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.849368] ? calculate_sigpending+0x7b/0xa0 [ 26.849395] ? __pfx_kthread+0x10/0x10 [ 26.849419] ret_from_fork+0x116/0x1d0 [ 26.849440] ? __pfx_kthread+0x10/0x10 [ 26.849463] ret_from_fork_asm+0x1a/0x30 [ 26.849496] </TASK> [ 26.849509] [ 26.858256] Allocated by task 315: [ 26.858402] kasan_save_stack+0x45/0x70 [ 26.858554] kasan_save_track+0x18/0x40 [ 26.858776] kasan_save_alloc_info+0x3b/0x50 [ 26.858984] __kasan_kmalloc+0xb7/0xc0 [ 26.859168] __kmalloc_cache_noprof+0x189/0x420 [ 26.859429] kasan_atomics+0x95/0x310 [ 26.859729] kunit_try_run_case+0x1a5/0x480 [ 26.859883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.860095] kthread+0x337/0x6f0 [ 26.860265] ret_from_fork+0x116/0x1d0 [ 26.860545] ret_from_fork_asm+0x1a/0x30 [ 26.860751] [ 26.860835] The buggy address belongs to the object at ffff88810613ea80 [ 26.860835] which belongs to the cache kmalloc-64 of size 64 [ 26.861185] The buggy address is located 0 bytes to the right of [ 26.861185] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.861589] [ 26.861778] The buggy address belongs to the physical page: [ 26.862026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.862372] flags: 0x200000000000000(node=0|zone=2) [ 26.862876] page_type: f5(slab) [ 26.863087] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.863518] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.863810] page dumped because: kasan: bad access detected [ 26.863979] [ 26.864067] Memory state around the buggy address: [ 26.864285] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.864813] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.865033] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.865237] ^ [ 26.865384] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.865982] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.866345] ================================================================== [ 27.705570] ================================================================== [ 27.705923] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 27.706679] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.707373] [ 27.707543] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.707595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.707609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.707633] Call Trace: [ 27.707652] <TASK> [ 27.707670] dump_stack_lvl+0x73/0xb0 [ 27.707703] print_report+0xd1/0x610 [ 27.707750] ? __virt_addr_valid+0x1db/0x2d0 [ 27.707777] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.707802] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.707829] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.707871] kasan_report+0x141/0x180 [ 27.707894] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.707922] kasan_check_range+0x10c/0x1c0 [ 27.707946] __kasan_check_write+0x18/0x20 [ 27.707970] kasan_atomics_helper+0x1f43/0x5450 [ 27.708004] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.708031] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.708056] ? kasan_atomics+0x152/0x310 [ 27.708103] kasan_atomics+0x1dc/0x310 [ 27.708127] ? __pfx_kasan_atomics+0x10/0x10 [ 27.708152] ? __pfx_read_tsc+0x10/0x10 [ 27.708184] ? ktime_get_ts64+0x86/0x230 [ 27.708211] kunit_try_run_case+0x1a5/0x480 [ 27.708234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.708255] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.708281] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.708306] ? __kthread_parkme+0x82/0x180 [ 27.708336] ? preempt_count_sub+0x50/0x80 [ 27.708361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.708385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.708420] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.708447] kthread+0x337/0x6f0 [ 27.708469] ? trace_preempt_on+0x20/0xc0 [ 27.708494] ? __pfx_kthread+0x10/0x10 [ 27.708518] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.708540] ? calculate_sigpending+0x7b/0xa0 [ 27.708566] ? __pfx_kthread+0x10/0x10 [ 27.708590] ret_from_fork+0x116/0x1d0 [ 27.708610] ? __pfx_kthread+0x10/0x10 [ 27.708633] ret_from_fork_asm+0x1a/0x30 [ 27.708665] </TASK> [ 27.708678] [ 27.721094] Allocated by task 315: [ 27.721226] kasan_save_stack+0x45/0x70 [ 27.721364] kasan_save_track+0x18/0x40 [ 27.721706] kasan_save_alloc_info+0x3b/0x50 [ 27.722116] __kasan_kmalloc+0xb7/0xc0 [ 27.722459] __kmalloc_cache_noprof+0x189/0x420 [ 27.722931] kasan_atomics+0x95/0x310 [ 27.723276] kunit_try_run_case+0x1a5/0x480 [ 27.723703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.724344] kthread+0x337/0x6f0 [ 27.724579] ret_from_fork+0x116/0x1d0 [ 27.724954] ret_from_fork_asm+0x1a/0x30 [ 27.725145] [ 27.725320] The buggy address belongs to the object at ffff88810613ea80 [ 27.725320] which belongs to the cache kmalloc-64 of size 64 [ 27.725912] The buggy address is located 0 bytes to the right of [ 27.725912] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.726263] [ 27.726329] The buggy address belongs to the physical page: [ 27.726505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.726941] flags: 0x200000000000000(node=0|zone=2) [ 27.727561] page_type: f5(slab) [ 27.727878] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.728199] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.728438] page dumped because: kasan: bad access detected [ 27.728956] [ 27.729110] Memory state around the buggy address: [ 27.729619] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.730290] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.730761] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.730962] ^ [ 27.731106] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.731307] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.731560] ================================================================== [ 27.677495] ================================================================== [ 27.678353] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 27.678720] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.678947] [ 27.679029] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.679081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.679095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.679120] Call Trace: [ 27.679139] <TASK> [ 27.679157] dump_stack_lvl+0x73/0xb0 [ 27.679188] print_report+0xd1/0x610 [ 27.679212] ? __virt_addr_valid+0x1db/0x2d0 [ 27.679238] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.679261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.679289] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.679312] kasan_report+0x141/0x180 [ 27.679335] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.679362] kasan_check_range+0x10c/0x1c0 [ 27.679387] __kasan_check_write+0x18/0x20 [ 27.679424] kasan_atomics_helper+0x1eaa/0x5450 [ 27.679448] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.679475] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.679501] ? kasan_atomics+0x152/0x310 [ 27.679528] kasan_atomics+0x1dc/0x310 [ 27.679551] ? __pfx_kasan_atomics+0x10/0x10 [ 27.679575] ? __pfx_read_tsc+0x10/0x10 [ 27.679599] ? ktime_get_ts64+0x86/0x230 [ 27.679635] kunit_try_run_case+0x1a5/0x480 [ 27.679659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.679680] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.679717] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.679750] ? __kthread_parkme+0x82/0x180 [ 27.679772] ? preempt_count_sub+0x50/0x80 [ 27.679798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.679820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.679848] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.679875] kthread+0x337/0x6f0 [ 27.679897] ? trace_preempt_on+0x20/0xc0 [ 27.679921] ? __pfx_kthread+0x10/0x10 [ 27.679945] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.679977] ? calculate_sigpending+0x7b/0xa0 [ 27.680002] ? __pfx_kthread+0x10/0x10 [ 27.680026] ret_from_fork+0x116/0x1d0 [ 27.680057] ? __pfx_kthread+0x10/0x10 [ 27.680087] ret_from_fork_asm+0x1a/0x30 [ 27.680120] </TASK> [ 27.680131] [ 27.693268] Allocated by task 315: [ 27.693693] kasan_save_stack+0x45/0x70 [ 27.694061] kasan_save_track+0x18/0x40 [ 27.694192] kasan_save_alloc_info+0x3b/0x50 [ 27.694330] __kasan_kmalloc+0xb7/0xc0 [ 27.694555] __kmalloc_cache_noprof+0x189/0x420 [ 27.694981] kasan_atomics+0x95/0x310 [ 27.695328] kunit_try_run_case+0x1a5/0x480 [ 27.695769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.696241] kthread+0x337/0x6f0 [ 27.696569] ret_from_fork+0x116/0x1d0 [ 27.696878] ret_from_fork_asm+0x1a/0x30 [ 27.697033] [ 27.697099] The buggy address belongs to the object at ffff88810613ea80 [ 27.697099] which belongs to the cache kmalloc-64 of size 64 [ 27.698155] The buggy address is located 0 bytes to the right of [ 27.698155] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.698661] [ 27.698846] The buggy address belongs to the physical page: [ 27.699337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.700058] flags: 0x200000000000000(node=0|zone=2) [ 27.700523] page_type: f5(slab) [ 27.700789] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.701009] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.701219] page dumped because: kasan: bad access detected [ 27.701379] [ 27.701523] Memory state around the buggy address: [ 27.701963] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.702620] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.703257] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.703953] ^ [ 27.704385] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.704883] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.705088] ================================================================== [ 27.732082] ================================================================== [ 27.732559] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 27.732899] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.733165] [ 27.733272] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.733335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.733350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.733373] Call Trace: [ 27.733404] <TASK> [ 27.733432] dump_stack_lvl+0x73/0xb0 [ 27.733473] print_report+0xd1/0x610 [ 27.733497] ? __virt_addr_valid+0x1db/0x2d0 [ 27.733534] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.733557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.733594] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.733617] kasan_report+0x141/0x180 [ 27.733652] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.733679] __asan_report_load8_noabort+0x18/0x20 [ 27.733704] kasan_atomics_helper+0x4f71/0x5450 [ 27.733728] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.733765] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.733791] ? kasan_atomics+0x152/0x310 [ 27.733818] kasan_atomics+0x1dc/0x310 [ 27.733841] ? __pfx_kasan_atomics+0x10/0x10 [ 27.733866] ? __pfx_read_tsc+0x10/0x10 [ 27.733889] ? ktime_get_ts64+0x86/0x230 [ 27.733915] kunit_try_run_case+0x1a5/0x480 [ 27.733939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.733961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.733987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.734012] ? __kthread_parkme+0x82/0x180 [ 27.734034] ? preempt_count_sub+0x50/0x80 [ 27.734058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.734082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.734108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.734134] kthread+0x337/0x6f0 [ 27.734165] ? trace_preempt_on+0x20/0xc0 [ 27.734190] ? __pfx_kthread+0x10/0x10 [ 27.734213] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.734247] ? calculate_sigpending+0x7b/0xa0 [ 27.734272] ? __pfx_kthread+0x10/0x10 [ 27.734296] ret_from_fork+0x116/0x1d0 [ 27.734316] ? __pfx_kthread+0x10/0x10 [ 27.734340] ret_from_fork_asm+0x1a/0x30 [ 27.734372] </TASK> [ 27.734384] [ 27.741801] Allocated by task 315: [ 27.741983] kasan_save_stack+0x45/0x70 [ 27.742121] kasan_save_track+0x18/0x40 [ 27.742298] kasan_save_alloc_info+0x3b/0x50 [ 27.742615] __kasan_kmalloc+0xb7/0xc0 [ 27.742815] __kmalloc_cache_noprof+0x189/0x420 [ 27.743030] kasan_atomics+0x95/0x310 [ 27.743209] kunit_try_run_case+0x1a5/0x480 [ 27.743432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.743699] kthread+0x337/0x6f0 [ 27.743892] ret_from_fork+0x116/0x1d0 [ 27.744039] ret_from_fork_asm+0x1a/0x30 [ 27.744227] [ 27.744323] The buggy address belongs to the object at ffff88810613ea80 [ 27.744323] which belongs to the cache kmalloc-64 of size 64 [ 27.744873] The buggy address is located 0 bytes to the right of [ 27.744873] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.745372] [ 27.745458] The buggy address belongs to the physical page: [ 27.745700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.745939] flags: 0x200000000000000(node=0|zone=2) [ 27.746093] page_type: f5(slab) [ 27.746206] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.746424] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.746867] page dumped because: kasan: bad access detected [ 27.747111] [ 27.747198] Memory state around the buggy address: [ 27.747410] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.747700] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.747980] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.748255] ^ [ 27.748407] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.748746] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.749078] ================================================================== [ 26.734899] ================================================================== [ 26.735191] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 26.735878] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.736230] [ 26.736380] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.736448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.736462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.736486] Call Trace: [ 26.736511] <TASK> [ 26.736533] dump_stack_lvl+0x73/0xb0 [ 26.736567] print_report+0xd1/0x610 [ 26.736590] ? __virt_addr_valid+0x1db/0x2d0 [ 26.736708] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.736784] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.736813] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.736859] kasan_report+0x141/0x180 [ 26.736882] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.736909] kasan_check_range+0x10c/0x1c0 [ 26.736933] __kasan_check_write+0x18/0x20 [ 26.736957] kasan_atomics_helper+0xb6a/0x5450 [ 26.736980] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.737006] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.737033] ? kasan_atomics+0x152/0x310 [ 26.737060] kasan_atomics+0x1dc/0x310 [ 26.737083] ? __pfx_kasan_atomics+0x10/0x10 [ 26.737107] ? __pfx_read_tsc+0x10/0x10 [ 26.737132] ? ktime_get_ts64+0x86/0x230 [ 26.737158] kunit_try_run_case+0x1a5/0x480 [ 26.737182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.737203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.737228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.737253] ? __kthread_parkme+0x82/0x180 [ 26.737319] ? preempt_count_sub+0x50/0x80 [ 26.737345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.737369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.737395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.737435] kthread+0x337/0x6f0 [ 26.737457] ? trace_preempt_on+0x20/0xc0 [ 26.737482] ? __pfx_kthread+0x10/0x10 [ 26.737505] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.737529] ? calculate_sigpending+0x7b/0xa0 [ 26.737555] ? __pfx_kthread+0x10/0x10 [ 26.737579] ret_from_fork+0x116/0x1d0 [ 26.737600] ? __pfx_kthread+0x10/0x10 [ 26.737623] ret_from_fork_asm+0x1a/0x30 [ 26.737655] </TASK> [ 26.737669] [ 26.746137] Allocated by task 315: [ 26.746333] kasan_save_stack+0x45/0x70 [ 26.746539] kasan_save_track+0x18/0x40 [ 26.746742] kasan_save_alloc_info+0x3b/0x50 [ 26.746930] __kasan_kmalloc+0xb7/0xc0 [ 26.747058] __kmalloc_cache_noprof+0x189/0x420 [ 26.747612] kasan_atomics+0x95/0x310 [ 26.747825] kunit_try_run_case+0x1a5/0x480 [ 26.748025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.748198] kthread+0x337/0x6f0 [ 26.748322] ret_from_fork+0x116/0x1d0 [ 26.748450] ret_from_fork_asm+0x1a/0x30 [ 26.748584] [ 26.748653] The buggy address belongs to the object at ffff88810613ea80 [ 26.748653] which belongs to the cache kmalloc-64 of size 64 [ 26.749320] The buggy address is located 0 bytes to the right of [ 26.749320] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.749890] [ 26.749985] The buggy address belongs to the physical page: [ 26.750241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.750716] flags: 0x200000000000000(node=0|zone=2) [ 26.750986] page_type: f5(slab) [ 26.751136] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.751607] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.752006] page dumped because: kasan: bad access detected [ 26.752178] [ 26.752243] Memory state around the buggy address: [ 26.752476] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.753033] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.753854] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.754168] ^ [ 26.754516] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.754883] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.755095] ================================================================== [ 26.993067] ================================================================== [ 26.993299] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 26.993526] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.993812] [ 26.994133] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.994190] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.994232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.994275] Call Trace: [ 26.994298] <TASK> [ 26.994319] dump_stack_lvl+0x73/0xb0 [ 26.994354] print_report+0xd1/0x610 [ 26.994379] ? __virt_addr_valid+0x1db/0x2d0 [ 26.994422] ? kasan_atomics_helper+0x1148/0x5450 [ 26.994445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.994473] ? kasan_atomics_helper+0x1148/0x5450 [ 26.994496] kasan_report+0x141/0x180 [ 26.994519] ? kasan_atomics_helper+0x1148/0x5450 [ 26.994547] kasan_check_range+0x10c/0x1c0 [ 26.994572] __kasan_check_write+0x18/0x20 [ 26.994596] kasan_atomics_helper+0x1148/0x5450 [ 26.994619] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.994646] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.994673] ? kasan_atomics+0x152/0x310 [ 26.994699] kasan_atomics+0x1dc/0x310 [ 26.994723] ? __pfx_kasan_atomics+0x10/0x10 [ 26.994757] ? __pfx_read_tsc+0x10/0x10 [ 26.994781] ? ktime_get_ts64+0x86/0x230 [ 26.994808] kunit_try_run_case+0x1a5/0x480 [ 26.994832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.994856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.994885] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.994911] ? __kthread_parkme+0x82/0x180 [ 26.994934] ? preempt_count_sub+0x50/0x80 [ 26.994960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.994983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.995010] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.995036] kthread+0x337/0x6f0 [ 26.995059] ? trace_preempt_on+0x20/0xc0 [ 26.995084] ? __pfx_kthread+0x10/0x10 [ 26.995108] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.995132] ? calculate_sigpending+0x7b/0xa0 [ 26.995160] ? __pfx_kthread+0x10/0x10 [ 26.995185] ret_from_fork+0x116/0x1d0 [ 26.995229] ? __pfx_kthread+0x10/0x10 [ 26.995272] ret_from_fork_asm+0x1a/0x30 [ 26.995306] </TASK> [ 26.995320] [ 27.009008] Allocated by task 315: [ 27.009194] kasan_save_stack+0x45/0x70 [ 27.009552] kasan_save_track+0x18/0x40 [ 27.009766] kasan_save_alloc_info+0x3b/0x50 [ 27.009913] __kasan_kmalloc+0xb7/0xc0 [ 27.010040] __kmalloc_cache_noprof+0x189/0x420 [ 27.010278] kasan_atomics+0x95/0x310 [ 27.010510] kunit_try_run_case+0x1a5/0x480 [ 27.010714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.010979] kthread+0x337/0x6f0 [ 27.011110] ret_from_fork+0x116/0x1d0 [ 27.011240] ret_from_fork_asm+0x1a/0x30 [ 27.011382] [ 27.011450] The buggy address belongs to the object at ffff88810613ea80 [ 27.011450] which belongs to the cache kmalloc-64 of size 64 [ 27.012023] The buggy address is located 0 bytes to the right of [ 27.012023] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.012648] [ 27.012718] The buggy address belongs to the physical page: [ 27.012898] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.013550] flags: 0x200000000000000(node=0|zone=2) [ 27.013804] page_type: f5(slab) [ 27.013927] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.014432] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.014768] page dumped because: kasan: bad access detected [ 27.014935] [ 27.015002] Memory state around the buggy address: [ 27.015204] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.015521] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.016176] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.016510] ^ [ 27.016717] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.016934] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.017205] ================================================================== [ 27.248112] ================================================================== [ 27.248545] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 27.248925] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.249223] [ 27.249319] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.249376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.249390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.249423] Call Trace: [ 27.249447] <TASK> [ 27.249467] dump_stack_lvl+0x73/0xb0 [ 27.249502] print_report+0xd1/0x610 [ 27.249536] ? __virt_addr_valid+0x1db/0x2d0 [ 27.249750] ? kasan_atomics_helper+0x151d/0x5450 [ 27.249774] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.249806] ? kasan_atomics_helper+0x151d/0x5450 [ 27.249830] kasan_report+0x141/0x180 [ 27.249854] ? kasan_atomics_helper+0x151d/0x5450 [ 27.249881] kasan_check_range+0x10c/0x1c0 [ 27.249905] __kasan_check_write+0x18/0x20 [ 27.249930] kasan_atomics_helper+0x151d/0x5450 [ 27.249954] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.249981] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.250008] ? kasan_atomics+0x152/0x310 [ 27.250035] kasan_atomics+0x1dc/0x310 [ 27.250059] ? __pfx_kasan_atomics+0x10/0x10 [ 27.250084] ? __pfx_read_tsc+0x10/0x10 [ 27.250108] ? ktime_get_ts64+0x86/0x230 [ 27.250135] kunit_try_run_case+0x1a5/0x480 [ 27.250159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.250181] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.250207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.250233] ? __kthread_parkme+0x82/0x180 [ 27.250256] ? preempt_count_sub+0x50/0x80 [ 27.250293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.250317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.250344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.250370] kthread+0x337/0x6f0 [ 27.250392] ? trace_preempt_on+0x20/0xc0 [ 27.250423] ? __pfx_kthread+0x10/0x10 [ 27.250446] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.250469] ? calculate_sigpending+0x7b/0xa0 [ 27.250495] ? __pfx_kthread+0x10/0x10 [ 27.250519] ret_from_fork+0x116/0x1d0 [ 27.250539] ? __pfx_kthread+0x10/0x10 [ 27.250562] ret_from_fork_asm+0x1a/0x30 [ 27.250594] </TASK> [ 27.250607] [ 27.261092] Allocated by task 315: [ 27.261377] kasan_save_stack+0x45/0x70 [ 27.261602] kasan_save_track+0x18/0x40 [ 27.261785] kasan_save_alloc_info+0x3b/0x50 [ 27.262038] __kasan_kmalloc+0xb7/0xc0 [ 27.262235] __kmalloc_cache_noprof+0x189/0x420 [ 27.262509] kasan_atomics+0x95/0x310 [ 27.262646] kunit_try_run_case+0x1a5/0x480 [ 27.262854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.263132] kthread+0x337/0x6f0 [ 27.263378] ret_from_fork+0x116/0x1d0 [ 27.263532] ret_from_fork_asm+0x1a/0x30 [ 27.263697] [ 27.263803] The buggy address belongs to the object at ffff88810613ea80 [ 27.263803] which belongs to the cache kmalloc-64 of size 64 [ 27.264362] The buggy address is located 0 bytes to the right of [ 27.264362] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.264973] [ 27.265068] The buggy address belongs to the physical page: [ 27.265321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.265906] flags: 0x200000000000000(node=0|zone=2) [ 27.266182] page_type: f5(slab) [ 27.266379] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.266634] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.266902] page dumped because: kasan: bad access detected [ 27.267268] [ 27.267417] Memory state around the buggy address: [ 27.267679] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.267906] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.268226] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.268617] ^ [ 27.268822] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.269138] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.269554] ================================================================== [ 27.572685] ================================================================== [ 27.572999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 27.573247] Read of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.573498] [ 27.573589] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.573643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.573657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.573682] Call Trace: [ 27.573704] <TASK> [ 27.573724] dump_stack_lvl+0x73/0xb0 [ 27.573769] print_report+0xd1/0x610 [ 27.573792] ? __virt_addr_valid+0x1db/0x2d0 [ 27.573817] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.573840] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.573866] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.574096] kasan_report+0x141/0x180 [ 27.574122] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.574149] __asan_report_load8_noabort+0x18/0x20 [ 27.574173] kasan_atomics_helper+0x4f30/0x5450 [ 27.574200] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.575182] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.575245] ? kasan_atomics+0x152/0x310 [ 27.575275] kasan_atomics+0x1dc/0x310 [ 27.575299] ? __pfx_kasan_atomics+0x10/0x10 [ 27.575326] ? __pfx_read_tsc+0x10/0x10 [ 27.575349] ? ktime_get_ts64+0x86/0x230 [ 27.575378] kunit_try_run_case+0x1a5/0x480 [ 27.575402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.576262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.576301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.576335] ? __kthread_parkme+0x82/0x180 [ 27.576360] ? preempt_count_sub+0x50/0x80 [ 27.576385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.576422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.576450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.576479] kthread+0x337/0x6f0 [ 27.576502] ? trace_preempt_on+0x20/0xc0 [ 27.576527] ? __pfx_kthread+0x10/0x10 [ 27.576551] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.576575] ? calculate_sigpending+0x7b/0xa0 [ 27.576601] ? __pfx_kthread+0x10/0x10 [ 27.576625] ret_from_fork+0x116/0x1d0 [ 27.576646] ? __pfx_kthread+0x10/0x10 [ 27.576669] ret_from_fork_asm+0x1a/0x30 [ 27.576702] </TASK> [ 27.576715] [ 27.588670] Allocated by task 315: [ 27.589037] kasan_save_stack+0x45/0x70 [ 27.589239] kasan_save_track+0x18/0x40 [ 27.589636] kasan_save_alloc_info+0x3b/0x50 [ 27.589869] __kasan_kmalloc+0xb7/0xc0 [ 27.590049] __kmalloc_cache_noprof+0x189/0x420 [ 27.590253] kasan_atomics+0x95/0x310 [ 27.590681] kunit_try_run_case+0x1a5/0x480 [ 27.590933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.591302] kthread+0x337/0x6f0 [ 27.591450] ret_from_fork+0x116/0x1d0 [ 27.591679] ret_from_fork_asm+0x1a/0x30 [ 27.591883] [ 27.591953] The buggy address belongs to the object at ffff88810613ea80 [ 27.591953] which belongs to the cache kmalloc-64 of size 64 [ 27.592489] The buggy address is located 0 bytes to the right of [ 27.592489] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.593001] [ 27.593100] The buggy address belongs to the physical page: [ 27.593327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.593718] flags: 0x200000000000000(node=0|zone=2) [ 27.593887] page_type: f5(slab) [ 27.594143] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.595216] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.595793] page dumped because: kasan: bad access detected [ 27.596114] [ 27.596215] Memory state around the buggy address: [ 27.596602] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.597584] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.597978] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.598289] ^ [ 27.598538] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.598847] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.599143] ================================================================== [ 27.017882] ================================================================== [ 27.018356] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 27.018706] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.019075] [ 27.019231] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.019284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.019297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.019331] Call Trace: [ 27.019353] <TASK> [ 27.019371] dump_stack_lvl+0x73/0xb0 [ 27.019444] print_report+0xd1/0x610 [ 27.019469] ? __virt_addr_valid+0x1db/0x2d0 [ 27.019494] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.019518] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.019544] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.019567] kasan_report+0x141/0x180 [ 27.019590] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.019643] __asan_report_load4_noabort+0x18/0x20 [ 27.019669] kasan_atomics_helper+0x4a02/0x5450 [ 27.019692] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.019718] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.019756] ? kasan_atomics+0x152/0x310 [ 27.019782] kasan_atomics+0x1dc/0x310 [ 27.019805] ? __pfx_kasan_atomics+0x10/0x10 [ 27.019830] ? __pfx_read_tsc+0x10/0x10 [ 27.019854] ? ktime_get_ts64+0x86/0x230 [ 27.019881] kunit_try_run_case+0x1a5/0x480 [ 27.019905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.019928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.019955] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.019980] ? __kthread_parkme+0x82/0x180 [ 27.020002] ? preempt_count_sub+0x50/0x80 [ 27.020028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.020641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.020668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.020695] kthread+0x337/0x6f0 [ 27.020718] ? trace_preempt_on+0x20/0xc0 [ 27.020752] ? __pfx_kthread+0x10/0x10 [ 27.020796] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.020819] ? calculate_sigpending+0x7b/0xa0 [ 27.020845] ? __pfx_kthread+0x10/0x10 [ 27.020869] ret_from_fork+0x116/0x1d0 [ 27.020890] ? __pfx_kthread+0x10/0x10 [ 27.020912] ret_from_fork_asm+0x1a/0x30 [ 27.020964] </TASK> [ 27.020977] [ 27.029226] Allocated by task 315: [ 27.029350] kasan_save_stack+0x45/0x70 [ 27.029707] kasan_save_track+0x18/0x40 [ 27.030133] kasan_save_alloc_info+0x3b/0x50 [ 27.030383] __kasan_kmalloc+0xb7/0xc0 [ 27.030549] __kmalloc_cache_noprof+0x189/0x420 [ 27.030698] kasan_atomics+0x95/0x310 [ 27.030833] kunit_try_run_case+0x1a5/0x480 [ 27.031000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.031277] kthread+0x337/0x6f0 [ 27.031582] ret_from_fork+0x116/0x1d0 [ 27.031762] ret_from_fork_asm+0x1a/0x30 [ 27.031934] [ 27.032001] The buggy address belongs to the object at ffff88810613ea80 [ 27.032001] which belongs to the cache kmalloc-64 of size 64 [ 27.032347] The buggy address is located 0 bytes to the right of [ 27.032347] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.033021] [ 27.033113] The buggy address belongs to the physical page: [ 27.033360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.033706] flags: 0x200000000000000(node=0|zone=2) [ 27.034036] page_type: f5(slab) [ 27.034155] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.034382] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.035109] page dumped because: kasan: bad access detected [ 27.035330] [ 27.035395] Memory state around the buggy address: [ 27.035760] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.036063] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.036628] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.037116] ^ [ 27.037492] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.037780] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.038071] ================================================================== [ 26.280217] ================================================================== [ 26.282054] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 26.283113] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.283949] [ 26.284289] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.284359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.284373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.284399] Call Trace: [ 26.284416] <TASK> [ 26.284437] dump_stack_lvl+0x73/0xb0 [ 26.284475] print_report+0xd1/0x610 [ 26.284500] ? __virt_addr_valid+0x1db/0x2d0 [ 26.284527] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.284549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.284574] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.284596] kasan_report+0x141/0x180 [ 26.284618] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.284642] __asan_report_load4_noabort+0x18/0x20 [ 26.284667] kasan_atomics_helper+0x4bbc/0x5450 [ 26.284689] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.284714] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.284750] ? kasan_atomics+0x152/0x310 [ 26.284777] kasan_atomics+0x1dc/0x310 [ 26.284798] ? __pfx_kasan_atomics+0x10/0x10 [ 26.284822] ? __pfx_read_tsc+0x10/0x10 [ 26.284845] ? ktime_get_ts64+0x86/0x230 [ 26.284874] kunit_try_run_case+0x1a5/0x480 [ 26.284899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.284920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.284945] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.284969] ? __kthread_parkme+0x82/0x180 [ 26.284990] ? preempt_count_sub+0x50/0x80 [ 26.285068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.285102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.285128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.285153] kthread+0x337/0x6f0 [ 26.285175] ? trace_preempt_on+0x20/0xc0 [ 26.285200] ? __pfx_kthread+0x10/0x10 [ 26.285222] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.285244] ? calculate_sigpending+0x7b/0xa0 [ 26.285527] ? __pfx_kthread+0x10/0x10 [ 26.285558] ret_from_fork+0x116/0x1d0 [ 26.285580] ? __pfx_kthread+0x10/0x10 [ 26.285602] ret_from_fork_asm+0x1a/0x30 [ 26.285635] </TASK> [ 26.285648] [ 26.294461] Allocated by task 315: [ 26.294685] kasan_save_stack+0x45/0x70 [ 26.294899] kasan_save_track+0x18/0x40 [ 26.295178] kasan_save_alloc_info+0x3b/0x50 [ 26.295410] __kasan_kmalloc+0xb7/0xc0 [ 26.295619] __kmalloc_cache_noprof+0x189/0x420 [ 26.295780] kasan_atomics+0x95/0x310 [ 26.296227] kunit_try_run_case+0x1a5/0x480 [ 26.296588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.296868] kthread+0x337/0x6f0 [ 26.297029] ret_from_fork+0x116/0x1d0 [ 26.297227] ret_from_fork_asm+0x1a/0x30 [ 26.297544] [ 26.297662] The buggy address belongs to the object at ffff88810613ea80 [ 26.297662] which belongs to the cache kmalloc-64 of size 64 [ 26.298145] The buggy address is located 0 bytes to the right of [ 26.298145] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.298502] [ 26.298571] The buggy address belongs to the physical page: [ 26.298770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.299216] flags: 0x200000000000000(node=0|zone=2) [ 26.299696] page_type: f5(slab) [ 26.299848] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.300074] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.300311] page dumped because: kasan: bad access detected [ 26.300568] [ 26.300657] Memory state around the buggy address: [ 26.300892] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.301265] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.301710] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.301958] ^ [ 26.302425] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.302743] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.302952] ================================================================== [ 27.211896] ================================================================== [ 27.212236] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 27.212886] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.213123] [ 27.213240] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.213295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.213309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.213334] Call Trace: [ 27.213350] <TASK> [ 27.213369] dump_stack_lvl+0x73/0xb0 [ 27.213402] print_report+0xd1/0x610 [ 27.213660] ? __virt_addr_valid+0x1db/0x2d0 [ 27.213688] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.213711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.213751] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.213774] kasan_report+0x141/0x180 [ 27.213798] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.213825] __asan_report_store8_noabort+0x1b/0x30 [ 27.213850] kasan_atomics_helper+0x50d4/0x5450 [ 27.213874] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.213902] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.213927] ? kasan_atomics+0x152/0x310 [ 27.213955] kasan_atomics+0x1dc/0x310 [ 27.213979] ? __pfx_kasan_atomics+0x10/0x10 [ 27.214004] ? __pfx_read_tsc+0x10/0x10 [ 27.214027] ? ktime_get_ts64+0x86/0x230 [ 27.214054] kunit_try_run_case+0x1a5/0x480 [ 27.214078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.214100] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.214126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.214152] ? __kthread_parkme+0x82/0x180 [ 27.214176] ? preempt_count_sub+0x50/0x80 [ 27.214202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.214226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.214252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.214292] kthread+0x337/0x6f0 [ 27.214315] ? trace_preempt_on+0x20/0xc0 [ 27.214341] ? __pfx_kthread+0x10/0x10 [ 27.214363] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.214387] ? calculate_sigpending+0x7b/0xa0 [ 27.214413] ? __pfx_kthread+0x10/0x10 [ 27.214437] ret_from_fork+0x116/0x1d0 [ 27.214457] ? __pfx_kthread+0x10/0x10 [ 27.214480] ret_from_fork_asm+0x1a/0x30 [ 27.214512] </TASK> [ 27.214525] [ 27.229983] Allocated by task 315: [ 27.230610] kasan_save_stack+0x45/0x70 [ 27.231108] kasan_save_track+0x18/0x40 [ 27.231494] kasan_save_alloc_info+0x3b/0x50 [ 27.231839] __kasan_kmalloc+0xb7/0xc0 [ 27.231981] __kmalloc_cache_noprof+0x189/0x420 [ 27.232134] kasan_atomics+0x95/0x310 [ 27.232261] kunit_try_run_case+0x1a5/0x480 [ 27.232999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.235374] kthread+0x337/0x6f0 [ 27.235695] ret_from_fork+0x116/0x1d0 [ 27.236212] ret_from_fork_asm+0x1a/0x30 [ 27.236465] [ 27.236544] The buggy address belongs to the object at ffff88810613ea80 [ 27.236544] which belongs to the cache kmalloc-64 of size 64 [ 27.237867] The buggy address is located 0 bytes to the right of [ 27.237867] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.239212] [ 27.239328] The buggy address belongs to the physical page: [ 27.239592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.239968] flags: 0x200000000000000(node=0|zone=2) [ 27.240204] page_type: f5(slab) [ 27.240377] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.240661] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.242438] page dumped because: kasan: bad access detected [ 27.243759] [ 27.244042] Memory state around the buggy address: [ 27.244497] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.245135] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.245791] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.246450] ^ [ 27.246977] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.247239] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.247654] ================================================================== [ 26.755938] ================================================================== [ 26.756467] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 26.756881] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.757187] [ 26.757344] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.757436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.757451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.757475] Call Trace: [ 26.757509] <TASK> [ 26.757530] dump_stack_lvl+0x73/0xb0 [ 26.757592] print_report+0xd1/0x610 [ 26.757616] ? __virt_addr_valid+0x1db/0x2d0 [ 26.757653] ? kasan_atomics_helper+0xc70/0x5450 [ 26.757675] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.757702] ? kasan_atomics_helper+0xc70/0x5450 [ 26.757724] kasan_report+0x141/0x180 [ 26.757758] ? kasan_atomics_helper+0xc70/0x5450 [ 26.757785] kasan_check_range+0x10c/0x1c0 [ 26.757810] __kasan_check_write+0x18/0x20 [ 26.757834] kasan_atomics_helper+0xc70/0x5450 [ 26.757857] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.757884] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.757911] ? kasan_atomics+0x152/0x310 [ 26.757968] kasan_atomics+0x1dc/0x310 [ 26.758015] ? __pfx_kasan_atomics+0x10/0x10 [ 26.758040] ? __pfx_read_tsc+0x10/0x10 [ 26.758064] ? ktime_get_ts64+0x86/0x230 [ 26.758091] kunit_try_run_case+0x1a5/0x480 [ 26.758114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.758136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.758161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.758187] ? __kthread_parkme+0x82/0x180 [ 26.758208] ? preempt_count_sub+0x50/0x80 [ 26.758234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.758256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.758337] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.758365] kthread+0x337/0x6f0 [ 26.758388] ? trace_preempt_on+0x20/0xc0 [ 26.758424] ? __pfx_kthread+0x10/0x10 [ 26.758447] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.758472] ? calculate_sigpending+0x7b/0xa0 [ 26.758497] ? __pfx_kthread+0x10/0x10 [ 26.758520] ret_from_fork+0x116/0x1d0 [ 26.758541] ? __pfx_kthread+0x10/0x10 [ 26.758564] ret_from_fork_asm+0x1a/0x30 [ 26.758597] </TASK> [ 26.758609] [ 26.767512] Allocated by task 315: [ 26.767710] kasan_save_stack+0x45/0x70 [ 26.767861] kasan_save_track+0x18/0x40 [ 26.767987] kasan_save_alloc_info+0x3b/0x50 [ 26.768180] __kasan_kmalloc+0xb7/0xc0 [ 26.768529] __kmalloc_cache_noprof+0x189/0x420 [ 26.768785] kasan_atomics+0x95/0x310 [ 26.769066] kunit_try_run_case+0x1a5/0x480 [ 26.769325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.769613] kthread+0x337/0x6f0 [ 26.769752] ret_from_fork+0x116/0x1d0 [ 26.769898] ret_from_fork_asm+0x1a/0x30 [ 26.770092] [ 26.770183] The buggy address belongs to the object at ffff88810613ea80 [ 26.770183] which belongs to the cache kmalloc-64 of size 64 [ 26.770986] The buggy address is located 0 bytes to the right of [ 26.770986] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.771703] [ 26.771824] The buggy address belongs to the physical page: [ 26.772158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.772623] flags: 0x200000000000000(node=0|zone=2) [ 26.772807] page_type: f5(slab) [ 26.772928] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.773207] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.773598] page dumped because: kasan: bad access detected [ 26.773862] [ 26.773954] Memory state around the buggy address: [ 26.774331] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.774825] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.775047] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.775346] ^ [ 26.775805] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.776176] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.776516] ================================================================== [ 26.505843] ================================================================== [ 26.506473] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 26.506804] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.507112] [ 26.507226] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.507283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.507297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.507593] Call Trace: [ 26.507628] <TASK> [ 26.507651] dump_stack_lvl+0x73/0xb0 [ 26.507688] print_report+0xd1/0x610 [ 26.507713] ? __virt_addr_valid+0x1db/0x2d0 [ 26.507756] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.507780] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.507808] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.507830] kasan_report+0x141/0x180 [ 26.507853] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.507880] kasan_check_range+0x10c/0x1c0 [ 26.507904] __kasan_check_write+0x18/0x20 [ 26.507929] kasan_atomics_helper+0x5fe/0x5450 [ 26.507952] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.507978] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.508004] ? kasan_atomics+0x152/0x310 [ 26.508031] kasan_atomics+0x1dc/0x310 [ 26.508054] ? __pfx_kasan_atomics+0x10/0x10 [ 26.508079] ? __pfx_read_tsc+0x10/0x10 [ 26.508102] ? ktime_get_ts64+0x86/0x230 [ 26.508129] kunit_try_run_case+0x1a5/0x480 [ 26.508153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.508175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.508202] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.508226] ? __kthread_parkme+0x82/0x180 [ 26.508249] ? preempt_count_sub+0x50/0x80 [ 26.508402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.508430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.508458] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.508484] kthread+0x337/0x6f0 [ 26.508508] ? trace_preempt_on+0x20/0xc0 [ 26.508533] ? __pfx_kthread+0x10/0x10 [ 26.508557] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.508581] ? calculate_sigpending+0x7b/0xa0 [ 26.508607] ? __pfx_kthread+0x10/0x10 [ 26.508631] ret_from_fork+0x116/0x1d0 [ 26.508652] ? __pfx_kthread+0x10/0x10 [ 26.508674] ret_from_fork_asm+0x1a/0x30 [ 26.508707] </TASK> [ 26.508720] [ 26.519187] Allocated by task 315: [ 26.519691] kasan_save_stack+0x45/0x70 [ 26.519913] kasan_save_track+0x18/0x40 [ 26.520052] kasan_save_alloc_info+0x3b/0x50 [ 26.520262] __kasan_kmalloc+0xb7/0xc0 [ 26.520840] __kmalloc_cache_noprof+0x189/0x420 [ 26.521021] kasan_atomics+0x95/0x310 [ 26.521212] kunit_try_run_case+0x1a5/0x480 [ 26.521436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.522003] kthread+0x337/0x6f0 [ 26.522183] ret_from_fork+0x116/0x1d0 [ 26.522340] ret_from_fork_asm+0x1a/0x30 [ 26.522566] [ 26.522647] The buggy address belongs to the object at ffff88810613ea80 [ 26.522647] which belongs to the cache kmalloc-64 of size 64 [ 26.523159] The buggy address is located 0 bytes to the right of [ 26.523159] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.524014] [ 26.524121] The buggy address belongs to the physical page: [ 26.524627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.525047] flags: 0x200000000000000(node=0|zone=2) [ 26.525386] page_type: f5(slab) [ 26.525649] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.525999] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.526716] page dumped because: kasan: bad access detected [ 26.526969] [ 26.527044] Memory state around the buggy address: [ 26.527462] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.527875] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.528173] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.528693] ^ [ 26.528883] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.529346] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.529637] ================================================================== [ 26.634235] ================================================================== [ 26.635106] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 26.635765] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.636486] [ 26.636634] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.636722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.636750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.636775] Call Trace: [ 26.636833] <TASK> [ 26.636854] dump_stack_lvl+0x73/0xb0 [ 26.636894] print_report+0xd1/0x610 [ 26.636917] ? __virt_addr_valid+0x1db/0x2d0 [ 26.636943] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.636966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.636993] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.637016] kasan_report+0x141/0x180 [ 26.637039] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.637066] kasan_check_range+0x10c/0x1c0 [ 26.637090] __kasan_check_write+0x18/0x20 [ 26.637114] kasan_atomics_helper+0x8f9/0x5450 [ 26.637138] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.637165] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.637192] ? kasan_atomics+0x152/0x310 [ 26.637219] kasan_atomics+0x1dc/0x310 [ 26.637242] ? __pfx_kasan_atomics+0x10/0x10 [ 26.637312] ? __pfx_read_tsc+0x10/0x10 [ 26.637339] ? ktime_get_ts64+0x86/0x230 [ 26.637367] kunit_try_run_case+0x1a5/0x480 [ 26.637391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.637426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.637453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.637477] ? __kthread_parkme+0x82/0x180 [ 26.637500] ? preempt_count_sub+0x50/0x80 [ 26.637525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.637548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.637575] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.637601] kthread+0x337/0x6f0 [ 26.637623] ? trace_preempt_on+0x20/0xc0 [ 26.637648] ? __pfx_kthread+0x10/0x10 [ 26.637670] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.637694] ? calculate_sigpending+0x7b/0xa0 [ 26.637720] ? __pfx_kthread+0x10/0x10 [ 26.637755] ret_from_fork+0x116/0x1d0 [ 26.637775] ? __pfx_kthread+0x10/0x10 [ 26.637798] ret_from_fork_asm+0x1a/0x30 [ 26.637830] </TASK> [ 26.637844] [ 26.650830] Allocated by task 315: [ 26.651097] kasan_save_stack+0x45/0x70 [ 26.651431] kasan_save_track+0x18/0x40 [ 26.651610] kasan_save_alloc_info+0x3b/0x50 [ 26.651869] __kasan_kmalloc+0xb7/0xc0 [ 26.652062] __kmalloc_cache_noprof+0x189/0x420 [ 26.652257] kasan_atomics+0x95/0x310 [ 26.652393] kunit_try_run_case+0x1a5/0x480 [ 26.652588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.652953] kthread+0x337/0x6f0 [ 26.653101] ret_from_fork+0x116/0x1d0 [ 26.653245] ret_from_fork_asm+0x1a/0x30 [ 26.653588] [ 26.653726] The buggy address belongs to the object at ffff88810613ea80 [ 26.653726] which belongs to the cache kmalloc-64 of size 64 [ 26.654241] The buggy address is located 0 bytes to the right of [ 26.654241] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.655063] [ 26.655170] The buggy address belongs to the physical page: [ 26.655584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.655978] flags: 0x200000000000000(node=0|zone=2) [ 26.656221] page_type: f5(slab) [ 26.656456] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.656837] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.657189] page dumped because: kasan: bad access detected [ 26.657526] [ 26.657634] Memory state around the buggy address: [ 26.657897] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.658240] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.658674] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.659115] ^ [ 26.659371] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.659725] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.660443] ================================================================== [ 26.530196] ================================================================== [ 26.530447] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 26.531367] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.531832] [ 26.532025] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.532083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.532192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.532220] Call Trace: [ 26.532243] <TASK> [ 26.532277] dump_stack_lvl+0x73/0xb0 [ 26.532312] print_report+0xd1/0x610 [ 26.532342] ? __virt_addr_valid+0x1db/0x2d0 [ 26.532368] ? kasan_atomics_helper+0x697/0x5450 [ 26.532390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.532469] ? kasan_atomics_helper+0x697/0x5450 [ 26.532494] kasan_report+0x141/0x180 [ 26.532517] ? kasan_atomics_helper+0x697/0x5450 [ 26.532545] kasan_check_range+0x10c/0x1c0 [ 26.532571] __kasan_check_write+0x18/0x20 [ 26.532595] kasan_atomics_helper+0x697/0x5450 [ 26.532618] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.532645] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.532671] ? kasan_atomics+0x152/0x310 [ 26.532697] kasan_atomics+0x1dc/0x310 [ 26.532721] ? __pfx_kasan_atomics+0x10/0x10 [ 26.532758] ? __pfx_read_tsc+0x10/0x10 [ 26.532783] ? ktime_get_ts64+0x86/0x230 [ 26.532810] kunit_try_run_case+0x1a5/0x480 [ 26.532835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.532856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.532882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.532907] ? __kthread_parkme+0x82/0x180 [ 26.532929] ? preempt_count_sub+0x50/0x80 [ 26.532955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.532979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.533006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.533031] kthread+0x337/0x6f0 [ 26.533055] ? trace_preempt_on+0x20/0xc0 [ 26.533079] ? __pfx_kthread+0x10/0x10 [ 26.533103] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.533126] ? calculate_sigpending+0x7b/0xa0 [ 26.533151] ? __pfx_kthread+0x10/0x10 [ 26.533175] ret_from_fork+0x116/0x1d0 [ 26.533196] ? __pfx_kthread+0x10/0x10 [ 26.533219] ret_from_fork_asm+0x1a/0x30 [ 26.533251] </TASK> [ 26.533263] [ 26.544023] Allocated by task 315: [ 26.544340] kasan_save_stack+0x45/0x70 [ 26.544633] kasan_save_track+0x18/0x40 [ 26.544824] kasan_save_alloc_info+0x3b/0x50 [ 26.545014] __kasan_kmalloc+0xb7/0xc0 [ 26.545181] __kmalloc_cache_noprof+0x189/0x420 [ 26.545834] kasan_atomics+0x95/0x310 [ 26.545994] kunit_try_run_case+0x1a5/0x480 [ 26.546419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.546765] kthread+0x337/0x6f0 [ 26.546934] ret_from_fork+0x116/0x1d0 [ 26.547095] ret_from_fork_asm+0x1a/0x30 [ 26.547278] [ 26.547616] The buggy address belongs to the object at ffff88810613ea80 [ 26.547616] which belongs to the cache kmalloc-64 of size 64 [ 26.548119] The buggy address is located 0 bytes to the right of [ 26.548119] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.548897] [ 26.549014] The buggy address belongs to the physical page: [ 26.549524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.549903] flags: 0x200000000000000(node=0|zone=2) [ 26.550128] page_type: f5(slab) [ 26.550273] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.550975] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.551217] page dumped because: kasan: bad access detected [ 26.551397] [ 26.551465] Memory state around the buggy address: [ 26.551618] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.552029] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.552457] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.553128] ^ [ 26.553563] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.553984] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.554202] ================================================================== [ 26.345144] ================================================================== [ 26.346004] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 26.346781] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.347515] [ 26.347843] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.347900] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.347914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.347940] Call Trace: [ 26.347962] <TASK> [ 26.347981] dump_stack_lvl+0x73/0xb0 [ 26.348109] print_report+0xd1/0x610 [ 26.348133] ? __virt_addr_valid+0x1db/0x2d0 [ 26.348160] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.348183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.348210] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.348234] kasan_report+0x141/0x180 [ 26.348257] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.348350] __asan_report_store4_noabort+0x1b/0x30 [ 26.348379] kasan_atomics_helper+0x4b6e/0x5450 [ 26.348402] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.348443] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.348470] ? kasan_atomics+0x152/0x310 [ 26.348498] kasan_atomics+0x1dc/0x310 [ 26.348521] ? __pfx_kasan_atomics+0x10/0x10 [ 26.348546] ? __pfx_read_tsc+0x10/0x10 [ 26.348570] ? ktime_get_ts64+0x86/0x230 [ 26.348596] kunit_try_run_case+0x1a5/0x480 [ 26.348620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.348642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.348668] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.348694] ? __kthread_parkme+0x82/0x180 [ 26.348716] ? preempt_count_sub+0x50/0x80 [ 26.348755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.348778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.348804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.348831] kthread+0x337/0x6f0 [ 26.348854] ? trace_preempt_on+0x20/0xc0 [ 26.348879] ? __pfx_kthread+0x10/0x10 [ 26.348902] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.348925] ? calculate_sigpending+0x7b/0xa0 [ 26.348951] ? __pfx_kthread+0x10/0x10 [ 26.348976] ret_from_fork+0x116/0x1d0 [ 26.348996] ? __pfx_kthread+0x10/0x10 [ 26.349019] ret_from_fork_asm+0x1a/0x30 [ 26.349052] </TASK> [ 26.349064] [ 26.360662] Allocated by task 315: [ 26.360813] kasan_save_stack+0x45/0x70 [ 26.361177] kasan_save_track+0x18/0x40 [ 26.361640] kasan_save_alloc_info+0x3b/0x50 [ 26.361828] __kasan_kmalloc+0xb7/0xc0 [ 26.362120] __kmalloc_cache_noprof+0x189/0x420 [ 26.362284] kasan_atomics+0x95/0x310 [ 26.362767] kunit_try_run_case+0x1a5/0x480 [ 26.362986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.363416] kthread+0x337/0x6f0 [ 26.363771] ret_from_fork+0x116/0x1d0 [ 26.363919] ret_from_fork_asm+0x1a/0x30 [ 26.364229] [ 26.364404] The buggy address belongs to the object at ffff88810613ea80 [ 26.364404] which belongs to the cache kmalloc-64 of size 64 [ 26.365109] The buggy address is located 0 bytes to the right of [ 26.365109] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.365803] [ 26.365999] The buggy address belongs to the physical page: [ 26.366187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.366994] flags: 0x200000000000000(node=0|zone=2) [ 26.367180] page_type: f5(slab) [ 26.367638] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.368036] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.368330] page dumped because: kasan: bad access detected [ 26.368753] [ 26.368853] Memory state around the buggy address: [ 26.369075] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.369646] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.370048] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.370468] ^ [ 26.370818] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.371213] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.371838] ================================================================== [ 26.682756] ================================================================== [ 26.683113] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 26.683519] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.683951] [ 26.684104] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.684159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.684184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.684210] Call Trace: [ 26.684256] <TASK> [ 26.684275] dump_stack_lvl+0x73/0xb0 [ 26.684308] print_report+0xd1/0x610 [ 26.684396] ? __virt_addr_valid+0x1db/0x2d0 [ 26.684467] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.684489] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.684518] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.684551] kasan_report+0x141/0x180 [ 26.684574] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.684601] kasan_check_range+0x10c/0x1c0 [ 26.684627] __kasan_check_write+0x18/0x20 [ 26.684676] kasan_atomics_helper+0xa2b/0x5450 [ 26.684700] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.684727] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.684772] ? kasan_atomics+0x152/0x310 [ 26.684799] kasan_atomics+0x1dc/0x310 [ 26.684850] ? __pfx_kasan_atomics+0x10/0x10 [ 26.684875] ? __pfx_read_tsc+0x10/0x10 [ 26.684899] ? ktime_get_ts64+0x86/0x230 [ 26.684936] kunit_try_run_case+0x1a5/0x480 [ 26.684961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.685008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.685052] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.685088] ? __kthread_parkme+0x82/0x180 [ 26.685110] ? preempt_count_sub+0x50/0x80 [ 26.685136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.685159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.685186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.685213] kthread+0x337/0x6f0 [ 26.685237] ? trace_preempt_on+0x20/0xc0 [ 26.685261] ? __pfx_kthread+0x10/0x10 [ 26.685345] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.685383] ? calculate_sigpending+0x7b/0xa0 [ 26.685419] ? __pfx_kthread+0x10/0x10 [ 26.685453] ret_from_fork+0x116/0x1d0 [ 26.685475] ? __pfx_kthread+0x10/0x10 [ 26.685509] ret_from_fork_asm+0x1a/0x30 [ 26.685543] </TASK> [ 26.685556] [ 26.695147] Allocated by task 315: [ 26.695338] kasan_save_stack+0x45/0x70 [ 26.695639] kasan_save_track+0x18/0x40 [ 26.695869] kasan_save_alloc_info+0x3b/0x50 [ 26.696032] __kasan_kmalloc+0xb7/0xc0 [ 26.696260] __kmalloc_cache_noprof+0x189/0x420 [ 26.696677] kasan_atomics+0x95/0x310 [ 26.696875] kunit_try_run_case+0x1a5/0x480 [ 26.697088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.697455] kthread+0x337/0x6f0 [ 26.697651] ret_from_fork+0x116/0x1d0 [ 26.697867] ret_from_fork_asm+0x1a/0x30 [ 26.698079] [ 26.698203] The buggy address belongs to the object at ffff88810613ea80 [ 26.698203] which belongs to the cache kmalloc-64 of size 64 [ 26.699090] The buggy address is located 0 bytes to the right of [ 26.699090] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.699707] [ 26.699814] The buggy address belongs to the physical page: [ 26.700057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.700293] flags: 0x200000000000000(node=0|zone=2) [ 26.700828] page_type: f5(slab) [ 26.701063] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.701522] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.701935] page dumped because: kasan: bad access detected [ 26.702230] [ 26.702362] Memory state around the buggy address: [ 26.702654] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.702985] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.703343] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.703722] ^ [ 26.703985] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.704383] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.704899] ================================================================== [ 26.798004] ================================================================== [ 26.798256] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 26.798662] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.799286] [ 26.799451] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.799520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.799535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.799561] Call Trace: [ 26.799596] <TASK> [ 26.799618] dump_stack_lvl+0x73/0xb0 [ 26.799664] print_report+0xd1/0x610 [ 26.799689] ? __virt_addr_valid+0x1db/0x2d0 [ 26.799715] ? kasan_atomics_helper+0xd47/0x5450 [ 26.799755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.799783] ? kasan_atomics_helper+0xd47/0x5450 [ 26.799805] kasan_report+0x141/0x180 [ 26.799841] ? kasan_atomics_helper+0xd47/0x5450 [ 26.799868] kasan_check_range+0x10c/0x1c0 [ 26.799998] __kasan_check_write+0x18/0x20 [ 26.800030] kasan_atomics_helper+0xd47/0x5450 [ 26.800065] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.800092] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.800119] ? kasan_atomics+0x152/0x310 [ 26.800146] kasan_atomics+0x1dc/0x310 [ 26.800170] ? __pfx_kasan_atomics+0x10/0x10 [ 26.800195] ? __pfx_read_tsc+0x10/0x10 [ 26.800218] ? ktime_get_ts64+0x86/0x230 [ 26.800246] kunit_try_run_case+0x1a5/0x480 [ 26.800312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.800344] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.800370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.800394] ? __kthread_parkme+0x82/0x180 [ 26.800426] ? preempt_count_sub+0x50/0x80 [ 26.800451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.800476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.800504] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.800532] kthread+0x337/0x6f0 [ 26.800556] ? trace_preempt_on+0x20/0xc0 [ 26.800581] ? __pfx_kthread+0x10/0x10 [ 26.800606] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.800629] ? calculate_sigpending+0x7b/0xa0 [ 26.800656] ? __pfx_kthread+0x10/0x10 [ 26.800679] ret_from_fork+0x116/0x1d0 [ 26.800701] ? __pfx_kthread+0x10/0x10 [ 26.800725] ret_from_fork_asm+0x1a/0x30 [ 26.800770] </TASK> [ 26.800783] [ 26.809690] Allocated by task 315: [ 26.809938] kasan_save_stack+0x45/0x70 [ 26.810172] kasan_save_track+0x18/0x40 [ 26.810307] kasan_save_alloc_info+0x3b/0x50 [ 26.810452] __kasan_kmalloc+0xb7/0xc0 [ 26.810633] __kmalloc_cache_noprof+0x189/0x420 [ 26.810933] kasan_atomics+0x95/0x310 [ 26.811128] kunit_try_run_case+0x1a5/0x480 [ 26.811333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.811588] kthread+0x337/0x6f0 [ 26.811752] ret_from_fork+0x116/0x1d0 [ 26.812023] ret_from_fork_asm+0x1a/0x30 [ 26.812335] [ 26.812451] The buggy address belongs to the object at ffff88810613ea80 [ 26.812451] which belongs to the cache kmalloc-64 of size 64 [ 26.813549] The buggy address is located 0 bytes to the right of [ 26.813549] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.814650] [ 26.814846] The buggy address belongs to the physical page: [ 26.815390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.816188] flags: 0x200000000000000(node=0|zone=2) [ 26.816806] page_type: f5(slab) [ 26.817172] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.817988] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.819405] page dumped because: kasan: bad access detected [ 26.819746] [ 26.820057] Memory state around the buggy address: [ 26.820709] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.821039] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.821654] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.822098] ^ [ 26.822758] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.823333] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.823982] ================================================================== [ 27.450037] ================================================================== [ 27.450709] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 27.451039] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.451260] [ 27.451473] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.451537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.451551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.451577] Call Trace: [ 27.451596] <TASK> [ 27.451613] dump_stack_lvl+0x73/0xb0 [ 27.451645] print_report+0xd1/0x610 [ 27.451668] ? __virt_addr_valid+0x1db/0x2d0 [ 27.451694] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.451715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.451756] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.451779] kasan_report+0x141/0x180 [ 27.451802] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.451828] kasan_check_range+0x10c/0x1c0 [ 27.451853] __kasan_check_write+0x18/0x20 [ 27.451876] kasan_atomics_helper+0x19e3/0x5450 [ 27.451900] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.451926] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.451952] ? kasan_atomics+0x152/0x310 [ 27.451979] kasan_atomics+0x1dc/0x310 [ 27.452002] ? __pfx_kasan_atomics+0x10/0x10 [ 27.452027] ? __pfx_read_tsc+0x10/0x10 [ 27.452050] ? ktime_get_ts64+0x86/0x230 [ 27.452077] kunit_try_run_case+0x1a5/0x480 [ 27.452100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.452122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.452146] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.452172] ? __kthread_parkme+0x82/0x180 [ 27.452194] ? preempt_count_sub+0x50/0x80 [ 27.452219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.452243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.452269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.452344] kthread+0x337/0x6f0 [ 27.452369] ? trace_preempt_on+0x20/0xc0 [ 27.452394] ? __pfx_kthread+0x10/0x10 [ 27.452429] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.452453] ? calculate_sigpending+0x7b/0xa0 [ 27.452479] ? __pfx_kthread+0x10/0x10 [ 27.452503] ret_from_fork+0x116/0x1d0 [ 27.452523] ? __pfx_kthread+0x10/0x10 [ 27.452546] ret_from_fork_asm+0x1a/0x30 [ 27.452578] </TASK> [ 27.452591] [ 27.464141] Allocated by task 315: [ 27.464460] kasan_save_stack+0x45/0x70 [ 27.464697] kasan_save_track+0x18/0x40 [ 27.464888] kasan_save_alloc_info+0x3b/0x50 [ 27.465036] __kasan_kmalloc+0xb7/0xc0 [ 27.465211] __kmalloc_cache_noprof+0x189/0x420 [ 27.465509] kasan_atomics+0x95/0x310 [ 27.465817] kunit_try_run_case+0x1a5/0x480 [ 27.466071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.466445] kthread+0x337/0x6f0 [ 27.466762] ret_from_fork+0x116/0x1d0 [ 27.466906] ret_from_fork_asm+0x1a/0x30 [ 27.467045] [ 27.467114] The buggy address belongs to the object at ffff88810613ea80 [ 27.467114] which belongs to the cache kmalloc-64 of size 64 [ 27.467649] The buggy address is located 0 bytes to the right of [ 27.467649] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.468192] [ 27.468292] The buggy address belongs to the physical page: [ 27.469304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.469815] flags: 0x200000000000000(node=0|zone=2) [ 27.469991] page_type: f5(slab) [ 27.470111] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.470347] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.470571] page dumped because: kasan: bad access detected [ 27.470745] [ 27.470811] Memory state around the buggy address: [ 27.470965] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.471178] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.471389] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.471598] ^ [ 27.471821] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.472433] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.473027] ================================================================== [ 27.361405] ================================================================== [ 27.362225] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 27.362916] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.363748] [ 27.364099] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.364166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.364181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.364205] Call Trace: [ 27.364227] <TASK> [ 27.364246] dump_stack_lvl+0x73/0xb0 [ 27.364401] print_report+0xd1/0x610 [ 27.364435] ? __virt_addr_valid+0x1db/0x2d0 [ 27.364480] ? kasan_atomics_helper+0x1818/0x5450 [ 27.364503] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.364530] ? kasan_atomics_helper+0x1818/0x5450 [ 27.364552] kasan_report+0x141/0x180 [ 27.364575] ? kasan_atomics_helper+0x1818/0x5450 [ 27.364601] kasan_check_range+0x10c/0x1c0 [ 27.364626] __kasan_check_write+0x18/0x20 [ 27.364650] kasan_atomics_helper+0x1818/0x5450 [ 27.364673] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.364700] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.364726] ? kasan_atomics+0x152/0x310 [ 27.364780] kasan_atomics+0x1dc/0x310 [ 27.364805] ? __pfx_kasan_atomics+0x10/0x10 [ 27.364830] ? __pfx_read_tsc+0x10/0x10 [ 27.364853] ? ktime_get_ts64+0x86/0x230 [ 27.364880] kunit_try_run_case+0x1a5/0x480 [ 27.364904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.364926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.364971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.364997] ? __kthread_parkme+0x82/0x180 [ 27.365022] ? preempt_count_sub+0x50/0x80 [ 27.365048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.365072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.365099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.365126] kthread+0x337/0x6f0 [ 27.365149] ? trace_preempt_on+0x20/0xc0 [ 27.365174] ? __pfx_kthread+0x10/0x10 [ 27.365197] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.365221] ? calculate_sigpending+0x7b/0xa0 [ 27.365248] ? __pfx_kthread+0x10/0x10 [ 27.365289] ret_from_fork+0x116/0x1d0 [ 27.365317] ? __pfx_kthread+0x10/0x10 [ 27.365341] ret_from_fork_asm+0x1a/0x30 [ 27.365373] </TASK> [ 27.365386] [ 27.377954] Allocated by task 315: [ 27.378170] kasan_save_stack+0x45/0x70 [ 27.378326] kasan_save_track+0x18/0x40 [ 27.378458] kasan_save_alloc_info+0x3b/0x50 [ 27.378773] __kasan_kmalloc+0xb7/0xc0 [ 27.379135] __kmalloc_cache_noprof+0x189/0x420 [ 27.379289] kasan_atomics+0x95/0x310 [ 27.379417] kunit_try_run_case+0x1a5/0x480 [ 27.379556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.380051] kthread+0x337/0x6f0 [ 27.380282] ret_from_fork+0x116/0x1d0 [ 27.380441] ret_from_fork_asm+0x1a/0x30 [ 27.380628] [ 27.380695] The buggy address belongs to the object at ffff88810613ea80 [ 27.380695] which belongs to the cache kmalloc-64 of size 64 [ 27.381144] The buggy address is located 0 bytes to the right of [ 27.381144] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.381902] [ 27.382100] The buggy address belongs to the physical page: [ 27.382314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.382810] flags: 0x200000000000000(node=0|zone=2) [ 27.383200] page_type: f5(slab) [ 27.383340] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.383565] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.383911] page dumped because: kasan: bad access detected [ 27.384352] [ 27.384448] Memory state around the buggy address: [ 27.384695] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.384945] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.385291] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.385639] ^ [ 27.385936] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.386149] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.386416] ================================================================== [ 26.399562] ================================================================== [ 26.399888] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 26.400208] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.401396] [ 26.401631] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.401779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.401797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.401821] Call Trace: [ 26.401838] <TASK> [ 26.401859] dump_stack_lvl+0x73/0xb0 [ 26.401894] print_report+0xd1/0x610 [ 26.401919] ? __virt_addr_valid+0x1db/0x2d0 [ 26.401945] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.401968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.401995] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.402017] kasan_report+0x141/0x180 [ 26.402041] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.402067] __asan_report_load4_noabort+0x18/0x20 [ 26.402092] kasan_atomics_helper+0x4b54/0x5450 [ 26.402115] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.402142] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.402169] ? kasan_atomics+0x152/0x310 [ 26.402196] kasan_atomics+0x1dc/0x310 [ 26.402218] ? __pfx_kasan_atomics+0x10/0x10 [ 26.402243] ? __pfx_read_tsc+0x10/0x10 [ 26.402285] ? ktime_get_ts64+0x86/0x230 [ 26.402324] kunit_try_run_case+0x1a5/0x480 [ 26.402348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.402369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.402396] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.402429] ? __kthread_parkme+0x82/0x180 [ 26.402452] ? preempt_count_sub+0x50/0x80 [ 26.402478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.402501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.402528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.402555] kthread+0x337/0x6f0 [ 26.402577] ? trace_preempt_on+0x20/0xc0 [ 26.402602] ? __pfx_kthread+0x10/0x10 [ 26.402625] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.402648] ? calculate_sigpending+0x7b/0xa0 [ 26.402675] ? __pfx_kthread+0x10/0x10 [ 26.402698] ret_from_fork+0x116/0x1d0 [ 26.402719] ? __pfx_kthread+0x10/0x10 [ 26.402753] ret_from_fork_asm+0x1a/0x30 [ 26.402785] </TASK> [ 26.402798] [ 26.414145] Allocated by task 315: [ 26.414467] kasan_save_stack+0x45/0x70 [ 26.414844] kasan_save_track+0x18/0x40 [ 26.415028] kasan_save_alloc_info+0x3b/0x50 [ 26.415393] __kasan_kmalloc+0xb7/0xc0 [ 26.415557] __kmalloc_cache_noprof+0x189/0x420 [ 26.415915] kasan_atomics+0x95/0x310 [ 26.416488] kunit_try_run_case+0x1a5/0x480 [ 26.416708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.416982] kthread+0x337/0x6f0 [ 26.417147] ret_from_fork+0x116/0x1d0 [ 26.417717] ret_from_fork_asm+0x1a/0x30 [ 26.417926] [ 26.418006] The buggy address belongs to the object at ffff88810613ea80 [ 26.418006] which belongs to the cache kmalloc-64 of size 64 [ 26.419018] The buggy address is located 0 bytes to the right of [ 26.419018] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.419742] [ 26.419826] The buggy address belongs to the physical page: [ 26.420245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.420864] flags: 0x200000000000000(node=0|zone=2) [ 26.421325] page_type: f5(slab) [ 26.421515] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.422021] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.422505] page dumped because: kasan: bad access detected [ 26.422855] [ 26.422931] Memory state around the buggy address: [ 26.423166] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.423690] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.424130] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.424624] ^ [ 26.424945] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.425511] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.425935] ================================================================== [ 27.749599] ================================================================== [ 27.750172] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 27.750583] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.750821] [ 27.750901] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.750951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.750964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.750988] Call Trace: [ 27.751005] <TASK> [ 27.751021] dump_stack_lvl+0x73/0xb0 [ 27.751052] print_report+0xd1/0x610 [ 27.751075] ? __virt_addr_valid+0x1db/0x2d0 [ 27.751099] ? kasan_atomics_helper+0x2006/0x5450 [ 27.751122] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.751149] ? kasan_atomics_helper+0x2006/0x5450 [ 27.751172] kasan_report+0x141/0x180 [ 27.751195] ? kasan_atomics_helper+0x2006/0x5450 [ 27.751222] kasan_check_range+0x10c/0x1c0 [ 27.751247] __kasan_check_write+0x18/0x20 [ 27.751284] kasan_atomics_helper+0x2006/0x5450 [ 27.751308] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.751348] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.751374] ? kasan_atomics+0x152/0x310 [ 27.751401] kasan_atomics+0x1dc/0x310 [ 27.751425] ? __pfx_kasan_atomics+0x10/0x10 [ 27.751450] ? __pfx_read_tsc+0x10/0x10 [ 27.751475] ? ktime_get_ts64+0x86/0x230 [ 27.751502] kunit_try_run_case+0x1a5/0x480 [ 27.751525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.751547] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.751582] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.751607] ? __kthread_parkme+0x82/0x180 [ 27.751630] ? preempt_count_sub+0x50/0x80 [ 27.751673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.751697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.751722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.751759] kthread+0x337/0x6f0 [ 27.751790] ? trace_preempt_on+0x20/0xc0 [ 27.751815] ? __pfx_kthread+0x10/0x10 [ 27.751838] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.751872] ? calculate_sigpending+0x7b/0xa0 [ 27.751897] ? __pfx_kthread+0x10/0x10 [ 27.751922] ret_from_fork+0x116/0x1d0 [ 27.751941] ? __pfx_kthread+0x10/0x10 [ 27.751974] ret_from_fork_asm+0x1a/0x30 [ 27.752007] </TASK> [ 27.752019] [ 27.761530] Allocated by task 315: [ 27.762525] kasan_save_stack+0x45/0x70 [ 27.763877] kasan_save_track+0x18/0x40 [ 27.764030] kasan_save_alloc_info+0x3b/0x50 [ 27.764178] __kasan_kmalloc+0xb7/0xc0 [ 27.764578] __kmalloc_cache_noprof+0x189/0x420 [ 27.764811] kasan_atomics+0x95/0x310 [ 27.765085] kunit_try_run_case+0x1a5/0x480 [ 27.765621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.765908] kthread+0x337/0x6f0 [ 27.766063] ret_from_fork+0x116/0x1d0 [ 27.766236] ret_from_fork_asm+0x1a/0x30 [ 27.766370] [ 27.766437] The buggy address belongs to the object at ffff88810613ea80 [ 27.766437] which belongs to the cache kmalloc-64 of size 64 [ 27.766833] The buggy address is located 0 bytes to the right of [ 27.766833] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.767372] [ 27.767529] The buggy address belongs to the physical page: [ 27.767697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.767970] flags: 0x200000000000000(node=0|zone=2) [ 27.768127] page_type: f5(slab) [ 27.768240] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.768564] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.768789] page dumped because: kasan: bad access detected [ 27.769547] [ 27.769623] Memory state around the buggy address: [ 27.769883] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.770212] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.770802] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.771137] ^ [ 27.771361] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.771718] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.772057] ================================================================== [ 26.452140] ================================================================== [ 26.452380] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 26.453575] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.454430] [ 26.454796] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.454857] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.454880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.454908] Call Trace: [ 26.454933] <TASK> [ 26.454953] dump_stack_lvl+0x73/0xb0 [ 26.454988] print_report+0xd1/0x610 [ 26.455011] ? __virt_addr_valid+0x1db/0x2d0 [ 26.455037] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.455059] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.455092] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.455117] kasan_report+0x141/0x180 [ 26.455140] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.455167] __asan_report_store4_noabort+0x1b/0x30 [ 26.455368] kasan_atomics_helper+0x4b3a/0x5450 [ 26.455453] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.455485] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.455513] ? kasan_atomics+0x152/0x310 [ 26.455541] kasan_atomics+0x1dc/0x310 [ 26.455564] ? __pfx_kasan_atomics+0x10/0x10 [ 26.455590] ? __pfx_read_tsc+0x10/0x10 [ 26.455615] ? ktime_get_ts64+0x86/0x230 [ 26.455641] kunit_try_run_case+0x1a5/0x480 [ 26.455665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.455686] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.455713] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.455750] ? __kthread_parkme+0x82/0x180 [ 26.455788] ? preempt_count_sub+0x50/0x80 [ 26.455833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.455857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.455884] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.455910] kthread+0x337/0x6f0 [ 26.455933] ? trace_preempt_on+0x20/0xc0 [ 26.455958] ? __pfx_kthread+0x10/0x10 [ 26.455981] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.456004] ? calculate_sigpending+0x7b/0xa0 [ 26.456030] ? __pfx_kthread+0x10/0x10 [ 26.456055] ret_from_fork+0x116/0x1d0 [ 26.456075] ? __pfx_kthread+0x10/0x10 [ 26.456097] ret_from_fork_asm+0x1a/0x30 [ 26.456131] </TASK> [ 26.456143] [ 26.469629] Allocated by task 315: [ 26.469815] kasan_save_stack+0x45/0x70 [ 26.470032] kasan_save_track+0x18/0x40 [ 26.470212] kasan_save_alloc_info+0x3b/0x50 [ 26.470828] __kasan_kmalloc+0xb7/0xc0 [ 26.471020] __kmalloc_cache_noprof+0x189/0x420 [ 26.471193] kasan_atomics+0x95/0x310 [ 26.471408] kunit_try_run_case+0x1a5/0x480 [ 26.471672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.471921] kthread+0x337/0x6f0 [ 26.472080] ret_from_fork+0x116/0x1d0 [ 26.472249] ret_from_fork_asm+0x1a/0x30 [ 26.472977] [ 26.473056] The buggy address belongs to the object at ffff88810613ea80 [ 26.473056] which belongs to the cache kmalloc-64 of size 64 [ 26.473719] The buggy address is located 0 bytes to the right of [ 26.473719] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.474249] [ 26.474343] The buggy address belongs to the physical page: [ 26.474567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.475261] flags: 0x200000000000000(node=0|zone=2) [ 26.475655] page_type: f5(slab) [ 26.475829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.476257] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.476840] page dumped because: kasan: bad access detected [ 26.477162] [ 26.477246] Memory state around the buggy address: [ 26.477447] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.477977] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.478598] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.478908] ^ [ 26.479123] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.479714] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.480022] ================================================================== [ 26.962569] ================================================================== [ 26.963368] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 26.963938] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.964169] [ 26.964270] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.964329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.964344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.964369] Call Trace: [ 26.964392] <TASK> [ 26.964417] dump_stack_lvl+0x73/0xb0 [ 26.964452] print_report+0xd1/0x610 [ 26.964474] ? __virt_addr_valid+0x1db/0x2d0 [ 26.964501] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.964525] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.964552] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.964575] kasan_report+0x141/0x180 [ 26.964597] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.964625] __asan_report_load4_noabort+0x18/0x20 [ 26.964650] kasan_atomics_helper+0x4a1c/0x5450 [ 26.964672] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.964699] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.964725] ? kasan_atomics+0x152/0x310 [ 26.965499] kasan_atomics+0x1dc/0x310 [ 26.965530] ? __pfx_kasan_atomics+0x10/0x10 [ 26.965557] ? __pfx_read_tsc+0x10/0x10 [ 26.965585] ? ktime_get_ts64+0x86/0x230 [ 26.965613] kunit_try_run_case+0x1a5/0x480 [ 26.965638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.965661] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.965687] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.965712] ? __kthread_parkme+0x82/0x180 [ 26.965747] ? preempt_count_sub+0x50/0x80 [ 26.965772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.965795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.965822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.965849] kthread+0x337/0x6f0 [ 26.965872] ? trace_preempt_on+0x20/0xc0 [ 26.965897] ? __pfx_kthread+0x10/0x10 [ 26.965920] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.965944] ? calculate_sigpending+0x7b/0xa0 [ 26.965971] ? __pfx_kthread+0x10/0x10 [ 26.965995] ret_from_fork+0x116/0x1d0 [ 26.966015] ? __pfx_kthread+0x10/0x10 [ 26.966038] ret_from_fork_asm+0x1a/0x30 [ 26.966072] </TASK> [ 26.966088] [ 26.980849] Allocated by task 315: [ 26.981505] kasan_save_stack+0x45/0x70 [ 26.981917] kasan_save_track+0x18/0x40 [ 26.982277] kasan_save_alloc_info+0x3b/0x50 [ 26.983020] __kasan_kmalloc+0xb7/0xc0 [ 26.983498] __kmalloc_cache_noprof+0x189/0x420 [ 26.983873] kasan_atomics+0x95/0x310 [ 26.984017] kunit_try_run_case+0x1a5/0x480 [ 26.984159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.984346] kthread+0x337/0x6f0 [ 26.984466] ret_from_fork+0x116/0x1d0 [ 26.984596] ret_from_fork_asm+0x1a/0x30 [ 26.984742] [ 26.984813] The buggy address belongs to the object at ffff88810613ea80 [ 26.984813] which belongs to the cache kmalloc-64 of size 64 [ 26.985247] The buggy address is located 0 bytes to the right of [ 26.985247] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.985939] [ 26.986049] The buggy address belongs to the physical page: [ 26.986255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.987010] flags: 0x200000000000000(node=0|zone=2) [ 26.987560] page_type: f5(slab) [ 26.987972] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.988700] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.989657] page dumped because: kasan: bad access detected [ 26.990077] [ 26.990147] Memory state around the buggy address: [ 26.990498] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.991340] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.991841] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.992055] ^ [ 26.992205] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.992421] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.992628] ================================================================== [ 26.661017] ================================================================== [ 26.661462] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 26.661828] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.662166] [ 26.662316] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.662382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.662396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.662466] Call Trace: [ 26.662510] <TASK> [ 26.662539] dump_stack_lvl+0x73/0xb0 [ 26.662573] print_report+0xd1/0x610 [ 26.662607] ? __virt_addr_valid+0x1db/0x2d0 [ 26.662634] ? kasan_atomics_helper+0x992/0x5450 [ 26.662656] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.662707] ? kasan_atomics_helper+0x992/0x5450 [ 26.662745] kasan_report+0x141/0x180 [ 26.662768] ? kasan_atomics_helper+0x992/0x5450 [ 26.662795] kasan_check_range+0x10c/0x1c0 [ 26.662820] __kasan_check_write+0x18/0x20 [ 26.662843] kasan_atomics_helper+0x992/0x5450 [ 26.662867] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.662894] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.662920] ? kasan_atomics+0x152/0x310 [ 26.662947] kasan_atomics+0x1dc/0x310 [ 26.662999] ? __pfx_kasan_atomics+0x10/0x10 [ 26.663024] ? __pfx_read_tsc+0x10/0x10 [ 26.663073] ? ktime_get_ts64+0x86/0x230 [ 26.663114] kunit_try_run_case+0x1a5/0x480 [ 26.663151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.663173] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.663199] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.663238] ? __kthread_parkme+0x82/0x180 [ 26.663275] ? preempt_count_sub+0x50/0x80 [ 26.663300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.663323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.663350] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.663377] kthread+0x337/0x6f0 [ 26.663480] ? trace_preempt_on+0x20/0xc0 [ 26.663517] ? __pfx_kthread+0x10/0x10 [ 26.663540] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.663565] ? calculate_sigpending+0x7b/0xa0 [ 26.663591] ? __pfx_kthread+0x10/0x10 [ 26.663616] ret_from_fork+0x116/0x1d0 [ 26.663636] ? __pfx_kthread+0x10/0x10 [ 26.663659] ret_from_fork_asm+0x1a/0x30 [ 26.663692] </TASK> [ 26.663705] [ 26.672857] Allocated by task 315: [ 26.672996] kasan_save_stack+0x45/0x70 [ 26.673141] kasan_save_track+0x18/0x40 [ 26.673271] kasan_save_alloc_info+0x3b/0x50 [ 26.673495] __kasan_kmalloc+0xb7/0xc0 [ 26.673681] __kmalloc_cache_noprof+0x189/0x420 [ 26.674033] kasan_atomics+0x95/0x310 [ 26.674269] kunit_try_run_case+0x1a5/0x480 [ 26.674538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.675035] kthread+0x337/0x6f0 [ 26.675224] ret_from_fork+0x116/0x1d0 [ 26.675526] ret_from_fork_asm+0x1a/0x30 [ 26.675782] [ 26.675873] The buggy address belongs to the object at ffff88810613ea80 [ 26.675873] which belongs to the cache kmalloc-64 of size 64 [ 26.676301] The buggy address is located 0 bytes to the right of [ 26.676301] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.676878] [ 26.677016] The buggy address belongs to the physical page: [ 26.677601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.677993] flags: 0x200000000000000(node=0|zone=2) [ 26.678258] page_type: f5(slab) [ 26.678498] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.678727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.679115] page dumped because: kasan: bad access detected [ 26.679518] [ 26.679625] Memory state around the buggy address: [ 26.679873] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.680212] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.680604] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.680868] ^ [ 26.681073] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.681691] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.681942] ================================================================== [ 26.887607] ================================================================== [ 26.887919] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 26.888148] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.888777] [ 26.888872] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.888925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.888940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.888964] Call Trace: [ 26.888986] <TASK> [ 26.889006] dump_stack_lvl+0x73/0xb0 [ 26.889038] print_report+0xd1/0x610 [ 26.889062] ? __virt_addr_valid+0x1db/0x2d0 [ 26.889088] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.889123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.889161] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.889184] kasan_report+0x141/0x180 [ 26.889207] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.889245] kasan_check_range+0x10c/0x1c0 [ 26.889313] __kasan_check_write+0x18/0x20 [ 26.889342] kasan_atomics_helper+0xfa9/0x5450 [ 26.889366] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.889403] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.889438] ? kasan_atomics+0x152/0x310 [ 26.889476] kasan_atomics+0x1dc/0x310 [ 26.889501] ? __pfx_kasan_atomics+0x10/0x10 [ 26.889529] ? __pfx_read_tsc+0x10/0x10 [ 26.889555] ? ktime_get_ts64+0x86/0x230 [ 26.889583] kunit_try_run_case+0x1a5/0x480 [ 26.889610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.889632] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.889659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.889684] ? __kthread_parkme+0x82/0x180 [ 26.889708] ? preempt_count_sub+0x50/0x80 [ 26.889745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.889769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.889797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.889824] kthread+0x337/0x6f0 [ 26.889847] ? trace_preempt_on+0x20/0xc0 [ 26.889872] ? __pfx_kthread+0x10/0x10 [ 26.889895] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.889919] ? calculate_sigpending+0x7b/0xa0 [ 26.889945] ? __pfx_kthread+0x10/0x10 [ 26.889969] ret_from_fork+0x116/0x1d0 [ 26.889991] ? __pfx_kthread+0x10/0x10 [ 26.890015] ret_from_fork_asm+0x1a/0x30 [ 26.890049] </TASK> [ 26.890062] [ 26.898818] Allocated by task 315: [ 26.899006] kasan_save_stack+0x45/0x70 [ 26.899210] kasan_save_track+0x18/0x40 [ 26.899489] kasan_save_alloc_info+0x3b/0x50 [ 26.899641] __kasan_kmalloc+0xb7/0xc0 [ 26.899783] __kmalloc_cache_noprof+0x189/0x420 [ 26.900013] kasan_atomics+0x95/0x310 [ 26.900212] kunit_try_run_case+0x1a5/0x480 [ 26.900641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.900911] kthread+0x337/0x6f0 [ 26.901067] ret_from_fork+0x116/0x1d0 [ 26.901200] ret_from_fork_asm+0x1a/0x30 [ 26.901412] [ 26.901561] The buggy address belongs to the object at ffff88810613ea80 [ 26.901561] which belongs to the cache kmalloc-64 of size 64 [ 26.902083] The buggy address is located 0 bytes to the right of [ 26.902083] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.902779] [ 26.902884] The buggy address belongs to the physical page: [ 26.903207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.903651] flags: 0x200000000000000(node=0|zone=2) [ 26.903879] page_type: f5(slab) [ 26.904059] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.904298] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.904524] page dumped because: kasan: bad access detected [ 26.904689] [ 26.904789] Memory state around the buggy address: [ 26.905008] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.905540] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.905792] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.905997] ^ [ 26.906143] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.906918] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.907331] ================================================================== [ 27.309662] ================================================================== [ 27.310022] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 27.310523] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.310815] [ 27.310930] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.310994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.311009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.311043] Call Trace: [ 27.311063] <TASK> [ 27.311082] dump_stack_lvl+0x73/0xb0 [ 27.311114] print_report+0xd1/0x610 [ 27.311148] ? __virt_addr_valid+0x1db/0x2d0 [ 27.311173] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.311196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.311235] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.311258] kasan_report+0x141/0x180 [ 27.311343] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.311371] kasan_check_range+0x10c/0x1c0 [ 27.311396] __kasan_check_write+0x18/0x20 [ 27.311442] kasan_atomics_helper+0x16e7/0x5450 [ 27.311465] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.311492] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.311527] ? kasan_atomics+0x152/0x310 [ 27.311554] kasan_atomics+0x1dc/0x310 [ 27.311578] ? __pfx_kasan_atomics+0x10/0x10 [ 27.311613] ? __pfx_read_tsc+0x10/0x10 [ 27.311637] ? ktime_get_ts64+0x86/0x230 [ 27.311664] kunit_try_run_case+0x1a5/0x480 [ 27.311694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.311717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.311760] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.311785] ? __kthread_parkme+0x82/0x180 [ 27.311808] ? preempt_count_sub+0x50/0x80 [ 27.311833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.311866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.311892] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.311919] kthread+0x337/0x6f0 [ 27.311952] ? trace_preempt_on+0x20/0xc0 [ 27.311977] ? __pfx_kthread+0x10/0x10 [ 27.312001] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.312033] ? calculate_sigpending+0x7b/0xa0 [ 27.312059] ? __pfx_kthread+0x10/0x10 [ 27.312083] ret_from_fork+0x116/0x1d0 [ 27.312114] ? __pfx_kthread+0x10/0x10 [ 27.312137] ret_from_fork_asm+0x1a/0x30 [ 27.312178] </TASK> [ 27.312191] [ 27.320756] Allocated by task 315: [ 27.320897] kasan_save_stack+0x45/0x70 [ 27.321042] kasan_save_track+0x18/0x40 [ 27.321174] kasan_save_alloc_info+0x3b/0x50 [ 27.321349] __kasan_kmalloc+0xb7/0xc0 [ 27.321810] __kmalloc_cache_noprof+0x189/0x420 [ 27.322313] kasan_atomics+0x95/0x310 [ 27.322532] kunit_try_run_case+0x1a5/0x480 [ 27.322762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.322935] kthread+0x337/0x6f0 [ 27.323052] ret_from_fork+0x116/0x1d0 [ 27.323180] ret_from_fork_asm+0x1a/0x30 [ 27.323548] [ 27.323673] The buggy address belongs to the object at ffff88810613ea80 [ 27.323673] which belongs to the cache kmalloc-64 of size 64 [ 27.324334] The buggy address is located 0 bytes to the right of [ 27.324334] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.324690] [ 27.324878] The buggy address belongs to the physical page: [ 27.325328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.326101] flags: 0x200000000000000(node=0|zone=2) [ 27.326458] page_type: f5(slab) [ 27.326586] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.326825] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.327161] page dumped because: kasan: bad access detected [ 27.327533] [ 27.327644] Memory state around the buggy address: [ 27.327890] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.328173] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.328549] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.328870] ^ [ 27.329086] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.329592] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.330009] ================================================================== [ 27.622804] ================================================================== [ 27.623036] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 27.623263] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.624536] [ 27.624822] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.624977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.624996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.625022] Call Trace: [ 27.625042] <TASK> [ 27.625062] dump_stack_lvl+0x73/0xb0 [ 27.625132] print_report+0xd1/0x610 [ 27.625157] ? __virt_addr_valid+0x1db/0x2d0 [ 27.625185] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.625208] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.625235] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.625257] kasan_report+0x141/0x180 [ 27.625280] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.625306] kasan_check_range+0x10c/0x1c0 [ 27.625330] __kasan_check_write+0x18/0x20 [ 27.625354] kasan_atomics_helper+0x1d7a/0x5450 [ 27.625378] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.625412] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.625438] ? kasan_atomics+0x152/0x310 [ 27.625465] kasan_atomics+0x1dc/0x310 [ 27.625489] ? __pfx_kasan_atomics+0x10/0x10 [ 27.625513] ? __pfx_read_tsc+0x10/0x10 [ 27.625537] ? ktime_get_ts64+0x86/0x230 [ 27.625562] kunit_try_run_case+0x1a5/0x480 [ 27.625586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.625607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.625633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.625658] ? __kthread_parkme+0x82/0x180 [ 27.625681] ? preempt_count_sub+0x50/0x80 [ 27.625706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.625729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.625768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.625794] kthread+0x337/0x6f0 [ 27.625817] ? trace_preempt_on+0x20/0xc0 [ 27.625841] ? __pfx_kthread+0x10/0x10 [ 27.625864] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.625887] ? calculate_sigpending+0x7b/0xa0 [ 27.625914] ? __pfx_kthread+0x10/0x10 [ 27.625937] ret_from_fork+0x116/0x1d0 [ 27.625957] ? __pfx_kthread+0x10/0x10 [ 27.625979] ret_from_fork_asm+0x1a/0x30 [ 27.626012] </TASK> [ 27.626024] [ 27.637449] Allocated by task 315: [ 27.637748] kasan_save_stack+0x45/0x70 [ 27.638036] kasan_save_track+0x18/0x40 [ 27.638237] kasan_save_alloc_info+0x3b/0x50 [ 27.638584] __kasan_kmalloc+0xb7/0xc0 [ 27.638883] __kmalloc_cache_noprof+0x189/0x420 [ 27.639193] kasan_atomics+0x95/0x310 [ 27.639390] kunit_try_run_case+0x1a5/0x480 [ 27.639728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.639979] kthread+0x337/0x6f0 [ 27.640138] ret_from_fork+0x116/0x1d0 [ 27.640311] ret_from_fork_asm+0x1a/0x30 [ 27.640715] [ 27.640946] The buggy address belongs to the object at ffff88810613ea80 [ 27.640946] which belongs to the cache kmalloc-64 of size 64 [ 27.641804] The buggy address is located 0 bytes to the right of [ 27.641804] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.642578] [ 27.642682] The buggy address belongs to the physical page: [ 27.643091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.643593] flags: 0x200000000000000(node=0|zone=2) [ 27.643883] page_type: f5(slab) [ 27.644155] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.644614] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.645118] page dumped because: kasan: bad access detected [ 27.645310] [ 27.645379] Memory state around the buggy address: [ 27.645543] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.645769] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.645981] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.646190] ^ [ 27.646344] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.646556] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.646861] ================================================================== [ 27.038466] ================================================================== [ 27.039028] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 27.039427] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.039725] [ 27.039850] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.039903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.039918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.039941] Call Trace: [ 27.039963] <TASK> [ 27.039980] dump_stack_lvl+0x73/0xb0 [ 27.040011] print_report+0xd1/0x610 [ 27.040033] ? __virt_addr_valid+0x1db/0x2d0 [ 27.040059] ? kasan_atomics_helper+0x1217/0x5450 [ 27.040103] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.040130] ? kasan_atomics_helper+0x1217/0x5450 [ 27.040153] kasan_report+0x141/0x180 [ 27.040177] ? kasan_atomics_helper+0x1217/0x5450 [ 27.040203] kasan_check_range+0x10c/0x1c0 [ 27.040228] __kasan_check_write+0x18/0x20 [ 27.040251] kasan_atomics_helper+0x1217/0x5450 [ 27.040275] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.040303] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.040336] ? kasan_atomics+0x152/0x310 [ 27.040362] kasan_atomics+0x1dc/0x310 [ 27.040389] ? __pfx_kasan_atomics+0x10/0x10 [ 27.040416] ? __pfx_read_tsc+0x10/0x10 [ 27.040442] ? ktime_get_ts64+0x86/0x230 [ 27.040467] kunit_try_run_case+0x1a5/0x480 [ 27.040492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.040514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.040540] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.040565] ? __kthread_parkme+0x82/0x180 [ 27.040587] ? preempt_count_sub+0x50/0x80 [ 27.040613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.040637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.040677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.040705] kthread+0x337/0x6f0 [ 27.040762] ? trace_preempt_on+0x20/0xc0 [ 27.040806] ? __pfx_kthread+0x10/0x10 [ 27.040831] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.040854] ? calculate_sigpending+0x7b/0xa0 [ 27.040879] ? __pfx_kthread+0x10/0x10 [ 27.040904] ret_from_fork+0x116/0x1d0 [ 27.040925] ? __pfx_kthread+0x10/0x10 [ 27.040948] ret_from_fork_asm+0x1a/0x30 [ 27.040980] </TASK> [ 27.040993] [ 27.049102] Allocated by task 315: [ 27.049275] kasan_save_stack+0x45/0x70 [ 27.049494] kasan_save_track+0x18/0x40 [ 27.049706] kasan_save_alloc_info+0x3b/0x50 [ 27.049920] __kasan_kmalloc+0xb7/0xc0 [ 27.050102] __kmalloc_cache_noprof+0x189/0x420 [ 27.050265] kasan_atomics+0x95/0x310 [ 27.050388] kunit_try_run_case+0x1a5/0x480 [ 27.050825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.050999] kthread+0x337/0x6f0 [ 27.051116] ret_from_fork+0x116/0x1d0 [ 27.051513] ret_from_fork_asm+0x1a/0x30 [ 27.051692] [ 27.051766] The buggy address belongs to the object at ffff88810613ea80 [ 27.051766] which belongs to the cache kmalloc-64 of size 64 [ 27.052425] The buggy address is located 0 bytes to the right of [ 27.052425] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.053081] [ 27.053259] The buggy address belongs to the physical page: [ 27.053504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.053750] flags: 0x200000000000000(node=0|zone=2) [ 27.053989] page_type: f5(slab) [ 27.054160] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.054566] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.054937] page dumped because: kasan: bad access detected [ 27.055163] [ 27.055229] Memory state around the buggy address: [ 27.055382] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.055627] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.056784] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.057667] ^ [ 27.058087] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.058430] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.058720] ================================================================== [ 26.777011] ================================================================== [ 26.777627] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 26.777900] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.778250] [ 26.778490] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.778597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.778612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.778637] Call Trace: [ 26.778679] <TASK> [ 26.778701] dump_stack_lvl+0x73/0xb0 [ 26.778752] print_report+0xd1/0x610 [ 26.778777] ? __virt_addr_valid+0x1db/0x2d0 [ 26.778802] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.778825] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.778852] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.778875] kasan_report+0x141/0x180 [ 26.778898] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.778924] __asan_report_load4_noabort+0x18/0x20 [ 26.778949] kasan_atomics_helper+0x4a84/0x5450 [ 26.778973] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.779002] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.779029] ? kasan_atomics+0x152/0x310 [ 26.779056] kasan_atomics+0x1dc/0x310 [ 26.779080] ? __pfx_kasan_atomics+0x10/0x10 [ 26.779105] ? __pfx_read_tsc+0x10/0x10 [ 26.779129] ? ktime_get_ts64+0x86/0x230 [ 26.779156] kunit_try_run_case+0x1a5/0x480 [ 26.779179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.779200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.779226] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.779250] ? __kthread_parkme+0x82/0x180 [ 26.779315] ? preempt_count_sub+0x50/0x80 [ 26.779378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.779403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.779440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.779493] kthread+0x337/0x6f0 [ 26.779517] ? trace_preempt_on+0x20/0xc0 [ 26.779553] ? __pfx_kthread+0x10/0x10 [ 26.779575] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.779599] ? calculate_sigpending+0x7b/0xa0 [ 26.779626] ? __pfx_kthread+0x10/0x10 [ 26.779649] ret_from_fork+0x116/0x1d0 [ 26.779670] ? __pfx_kthread+0x10/0x10 [ 26.779693] ret_from_fork_asm+0x1a/0x30 [ 26.779726] </TASK> [ 26.779749] [ 26.788221] Allocated by task 315: [ 26.788657] kasan_save_stack+0x45/0x70 [ 26.788907] kasan_save_track+0x18/0x40 [ 26.789119] kasan_save_alloc_info+0x3b/0x50 [ 26.789267] __kasan_kmalloc+0xb7/0xc0 [ 26.789413] __kmalloc_cache_noprof+0x189/0x420 [ 26.789680] kasan_atomics+0x95/0x310 [ 26.790095] kunit_try_run_case+0x1a5/0x480 [ 26.790589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.790791] kthread+0x337/0x6f0 [ 26.790914] ret_from_fork+0x116/0x1d0 [ 26.791091] ret_from_fork_asm+0x1a/0x30 [ 26.791342] [ 26.791460] The buggy address belongs to the object at ffff88810613ea80 [ 26.791460] which belongs to the cache kmalloc-64 of size 64 [ 26.792077] The buggy address is located 0 bytes to the right of [ 26.792077] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.792511] [ 26.792639] The buggy address belongs to the physical page: [ 26.792916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.793633] flags: 0x200000000000000(node=0|zone=2) [ 26.793864] page_type: f5(slab) [ 26.794032] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.794410] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.794764] page dumped because: kasan: bad access detected [ 26.794982] [ 26.795070] Memory state around the buggy address: [ 26.795263] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.795701] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.795987] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.796221] ^ [ 26.796469] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.796869] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.797147] ================================================================== [ 27.187514] ================================================================== [ 27.187889] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 27.188221] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.188591] [ 27.188685] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.188752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.188767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.188791] Call Trace: [ 27.188809] <TASK> [ 27.188829] dump_stack_lvl+0x73/0xb0 [ 27.188866] print_report+0xd1/0x610 [ 27.188889] ? __virt_addr_valid+0x1db/0x2d0 [ 27.188915] ? kasan_atomics_helper+0x1467/0x5450 [ 27.188942] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.188970] ? kasan_atomics_helper+0x1467/0x5450 [ 27.188992] kasan_report+0x141/0x180 [ 27.189016] ? kasan_atomics_helper+0x1467/0x5450 [ 27.189043] kasan_check_range+0x10c/0x1c0 [ 27.189068] __kasan_check_write+0x18/0x20 [ 27.189093] kasan_atomics_helper+0x1467/0x5450 [ 27.189116] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.189143] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.189169] ? kasan_atomics+0x152/0x310 [ 27.189197] kasan_atomics+0x1dc/0x310 [ 27.189220] ? __pfx_kasan_atomics+0x10/0x10 [ 27.189245] ? __pfx_read_tsc+0x10/0x10 [ 27.189670] ? ktime_get_ts64+0x86/0x230 [ 27.189707] kunit_try_run_case+0x1a5/0x480 [ 27.189744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.189766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.189793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.189818] ? __kthread_parkme+0x82/0x180 [ 27.189842] ? preempt_count_sub+0x50/0x80 [ 27.189868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.189891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.189917] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.189944] kthread+0x337/0x6f0 [ 27.189969] ? trace_preempt_on+0x20/0xc0 [ 27.189994] ? __pfx_kthread+0x10/0x10 [ 27.190017] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.190041] ? calculate_sigpending+0x7b/0xa0 [ 27.190066] ? __pfx_kthread+0x10/0x10 [ 27.190091] ret_from_fork+0x116/0x1d0 [ 27.190111] ? __pfx_kthread+0x10/0x10 [ 27.190134] ret_from_fork_asm+0x1a/0x30 [ 27.190167] </TASK> [ 27.190181] [ 27.201034] Allocated by task 315: [ 27.201213] kasan_save_stack+0x45/0x70 [ 27.201408] kasan_save_track+0x18/0x40 [ 27.201904] kasan_save_alloc_info+0x3b/0x50 [ 27.202150] __kasan_kmalloc+0xb7/0xc0 [ 27.202349] __kmalloc_cache_noprof+0x189/0x420 [ 27.202756] kasan_atomics+0x95/0x310 [ 27.202939] kunit_try_run_case+0x1a5/0x480 [ 27.203127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.203350] kthread+0x337/0x6f0 [ 27.203656] ret_from_fork+0x116/0x1d0 [ 27.203848] ret_from_fork_asm+0x1a/0x30 [ 27.204164] [ 27.204263] The buggy address belongs to the object at ffff88810613ea80 [ 27.204263] which belongs to the cache kmalloc-64 of size 64 [ 27.205025] The buggy address is located 0 bytes to the right of [ 27.205025] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.205536] [ 27.205853] The buggy address belongs to the physical page: [ 27.206053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.206634] flags: 0x200000000000000(node=0|zone=2) [ 27.206839] page_type: f5(slab) [ 27.207129] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.207661] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.208093] page dumped because: kasan: bad access detected [ 27.208288] [ 27.208424] Memory state around the buggy address: [ 27.208725] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.209084] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.209566] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.210014] ^ [ 27.210202] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.210652] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.211112] ================================================================== [ 26.825165] ================================================================== [ 26.825775] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 26.826087] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.826706] [ 26.827017] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.827151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.827170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.827207] Call Trace: [ 26.827231] <TASK> [ 26.827253] dump_stack_lvl+0x73/0xb0 [ 26.827376] print_report+0xd1/0x610 [ 26.827402] ? __virt_addr_valid+0x1db/0x2d0 [ 26.827440] ? kasan_atomics_helper+0xde0/0x5450 [ 26.827463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.827490] ? kasan_atomics_helper+0xde0/0x5450 [ 26.827515] kasan_report+0x141/0x180 [ 26.827539] ? kasan_atomics_helper+0xde0/0x5450 [ 26.827566] kasan_check_range+0x10c/0x1c0 [ 26.827591] __kasan_check_write+0x18/0x20 [ 26.827615] kasan_atomics_helper+0xde0/0x5450 [ 26.827638] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.827666] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.827693] ? kasan_atomics+0x152/0x310 [ 26.827720] kasan_atomics+0x1dc/0x310 [ 26.827758] ? __pfx_kasan_atomics+0x10/0x10 [ 26.827783] ? __pfx_read_tsc+0x10/0x10 [ 26.827807] ? ktime_get_ts64+0x86/0x230 [ 26.827833] kunit_try_run_case+0x1a5/0x480 [ 26.827857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.827880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.827905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.827931] ? __kthread_parkme+0x82/0x180 [ 26.827954] ? preempt_count_sub+0x50/0x80 [ 26.827979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.828003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.828029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.828056] kthread+0x337/0x6f0 [ 26.828079] ? trace_preempt_on+0x20/0xc0 [ 26.828103] ? __pfx_kthread+0x10/0x10 [ 26.828127] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.828150] ? calculate_sigpending+0x7b/0xa0 [ 26.828176] ? __pfx_kthread+0x10/0x10 [ 26.828200] ret_from_fork+0x116/0x1d0 [ 26.828220] ? __pfx_kthread+0x10/0x10 [ 26.828244] ret_from_fork_asm+0x1a/0x30 [ 26.828328] </TASK> [ 26.828344] [ 26.837149] Allocated by task 315: [ 26.837327] kasan_save_stack+0x45/0x70 [ 26.837524] kasan_save_track+0x18/0x40 [ 26.837700] kasan_save_alloc_info+0x3b/0x50 [ 26.837853] __kasan_kmalloc+0xb7/0xc0 [ 26.837979] __kmalloc_cache_noprof+0x189/0x420 [ 26.838255] kasan_atomics+0x95/0x310 [ 26.838498] kunit_try_run_case+0x1a5/0x480 [ 26.838840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.839113] kthread+0x337/0x6f0 [ 26.839232] ret_from_fork+0x116/0x1d0 [ 26.839468] ret_from_fork_asm+0x1a/0x30 [ 26.839700] [ 26.839808] The buggy address belongs to the object at ffff88810613ea80 [ 26.839808] which belongs to the cache kmalloc-64 of size 64 [ 26.840589] The buggy address is located 0 bytes to the right of [ 26.840589] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.841086] [ 26.841184] The buggy address belongs to the physical page: [ 26.841553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.841817] flags: 0x200000000000000(node=0|zone=2) [ 26.841980] page_type: f5(slab) [ 26.842143] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.842471] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.842976] page dumped because: kasan: bad access detected [ 26.843171] [ 26.843237] Memory state around the buggy address: [ 26.843386] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.843845] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.844139] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.844550] ^ [ 26.844772] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.845063] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.845395] ================================================================== [ 27.648665] ================================================================== [ 27.649657] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 27.650607] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.651365] [ 27.651614] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.651672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.651687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.651712] Call Trace: [ 27.651775] <TASK> [ 27.651796] dump_stack_lvl+0x73/0xb0 [ 27.651831] print_report+0xd1/0x610 [ 27.651867] ? __virt_addr_valid+0x1db/0x2d0 [ 27.651894] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.651917] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.651944] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.651967] kasan_report+0x141/0x180 [ 27.651992] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.652020] kasan_check_range+0x10c/0x1c0 [ 27.652044] __kasan_check_write+0x18/0x20 [ 27.652067] kasan_atomics_helper+0x1e12/0x5450 [ 27.652091] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.652117] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.652145] ? kasan_atomics+0x152/0x310 [ 27.652171] kasan_atomics+0x1dc/0x310 [ 27.652195] ? __pfx_kasan_atomics+0x10/0x10 [ 27.652220] ? __pfx_read_tsc+0x10/0x10 [ 27.652244] ? ktime_get_ts64+0x86/0x230 [ 27.652271] kunit_try_run_case+0x1a5/0x480 [ 27.652294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.652319] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.652345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.652370] ? __kthread_parkme+0x82/0x180 [ 27.652393] ? preempt_count_sub+0x50/0x80 [ 27.652430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.652454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.652480] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.652506] kthread+0x337/0x6f0 [ 27.652529] ? trace_preempt_on+0x20/0xc0 [ 27.652556] ? __pfx_kthread+0x10/0x10 [ 27.652579] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.652602] ? calculate_sigpending+0x7b/0xa0 [ 27.652628] ? __pfx_kthread+0x10/0x10 [ 27.652651] ret_from_fork+0x116/0x1d0 [ 27.652672] ? __pfx_kthread+0x10/0x10 [ 27.652695] ret_from_fork_asm+0x1a/0x30 [ 27.652728] </TASK> [ 27.652751] [ 27.665282] Allocated by task 315: [ 27.665455] kasan_save_stack+0x45/0x70 [ 27.665885] kasan_save_track+0x18/0x40 [ 27.666206] kasan_save_alloc_info+0x3b/0x50 [ 27.666588] __kasan_kmalloc+0xb7/0xc0 [ 27.666763] __kmalloc_cache_noprof+0x189/0x420 [ 27.667158] kasan_atomics+0x95/0x310 [ 27.667554] kunit_try_run_case+0x1a5/0x480 [ 27.667779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.667954] kthread+0x337/0x6f0 [ 27.668072] ret_from_fork+0x116/0x1d0 [ 27.668203] ret_from_fork_asm+0x1a/0x30 [ 27.668344] [ 27.668448] The buggy address belongs to the object at ffff88810613ea80 [ 27.668448] which belongs to the cache kmalloc-64 of size 64 [ 27.669661] The buggy address is located 0 bytes to the right of [ 27.669661] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.670860] [ 27.671017] The buggy address belongs to the physical page: [ 27.671603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.672051] flags: 0x200000000000000(node=0|zone=2) [ 27.672210] page_type: f5(slab) [ 27.672333] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.672860] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.673146] page dumped because: kasan: bad access detected [ 27.673407] [ 27.673482] Memory state around the buggy address: [ 27.673851] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.674267] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.674534] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.675212] ^ [ 27.675715] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.676195] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.676402] ================================================================== [ 26.325227] ================================================================== [ 26.325576] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 26.326029] Read of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 26.326550] [ 26.326675] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.326750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.326764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.326788] Call Trace: [ 26.326805] <TASK> [ 26.326824] dump_stack_lvl+0x73/0xb0 [ 26.326867] print_report+0xd1/0x610 [ 26.326890] ? __virt_addr_valid+0x1db/0x2d0 [ 26.326916] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.326949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.326976] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.326999] kasan_report+0x141/0x180 [ 26.327031] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.327059] __asan_report_load4_noabort+0x18/0x20 [ 26.327084] kasan_atomics_helper+0x4b88/0x5450 [ 26.327118] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.327144] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.327181] ? kasan_atomics+0x152/0x310 [ 26.327208] kasan_atomics+0x1dc/0x310 [ 26.327232] ? __pfx_kasan_atomics+0x10/0x10 [ 26.327267] ? __pfx_read_tsc+0x10/0x10 [ 26.327351] ? ktime_get_ts64+0x86/0x230 [ 26.327389] kunit_try_run_case+0x1a5/0x480 [ 26.327414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.327447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.327475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.327499] ? __kthread_parkme+0x82/0x180 [ 26.327522] ? preempt_count_sub+0x50/0x80 [ 26.327547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.327570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.327597] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.327624] kthread+0x337/0x6f0 [ 26.327646] ? trace_preempt_on+0x20/0xc0 [ 26.327670] ? __pfx_kthread+0x10/0x10 [ 26.327694] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.327717] ? calculate_sigpending+0x7b/0xa0 [ 26.327752] ? __pfx_kthread+0x10/0x10 [ 26.327777] ret_from_fork+0x116/0x1d0 [ 26.327797] ? __pfx_kthread+0x10/0x10 [ 26.327829] ret_from_fork_asm+0x1a/0x30 [ 26.327861] </TASK> [ 26.327886] [ 26.335672] Allocated by task 315: [ 26.335922] kasan_save_stack+0x45/0x70 [ 26.336125] kasan_save_track+0x18/0x40 [ 26.336309] kasan_save_alloc_info+0x3b/0x50 [ 26.336515] __kasan_kmalloc+0xb7/0xc0 [ 26.336700] __kmalloc_cache_noprof+0x189/0x420 [ 26.336874] kasan_atomics+0x95/0x310 [ 26.337002] kunit_try_run_case+0x1a5/0x480 [ 26.337597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.337897] kthread+0x337/0x6f0 [ 26.338054] ret_from_fork+0x116/0x1d0 [ 26.338184] ret_from_fork_asm+0x1a/0x30 [ 26.338348] [ 26.338441] The buggy address belongs to the object at ffff88810613ea80 [ 26.338441] which belongs to the cache kmalloc-64 of size 64 [ 26.339043] The buggy address is located 0 bytes to the right of [ 26.339043] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 26.339637] [ 26.339769] The buggy address belongs to the physical page: [ 26.340079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 26.340329] flags: 0x200000000000000(node=0|zone=2) [ 26.340489] page_type: f5(slab) [ 26.340728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.341070] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.341708] page dumped because: kasan: bad access detected [ 26.341993] [ 26.342062] Memory state around the buggy address: [ 26.342214] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.342616] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.342983] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.343239] ^ [ 26.343636] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.343995] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.344446] ================================================================== [ 27.090802] ================================================================== [ 27.091125] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 27.091754] Write of size 4 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.092115] [ 27.092417] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.092475] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.092546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.092571] Call Trace: [ 27.092594] <TASK> [ 27.092614] dump_stack_lvl+0x73/0xb0 [ 27.092648] print_report+0xd1/0x610 [ 27.092672] ? __virt_addr_valid+0x1db/0x2d0 [ 27.092697] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.092720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.092761] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.092784] kasan_report+0x141/0x180 [ 27.092807] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.092834] kasan_check_range+0x10c/0x1c0 [ 27.092858] __kasan_check_write+0x18/0x20 [ 27.092883] kasan_atomics_helper+0x12e6/0x5450 [ 27.092907] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.092934] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.092960] ? kasan_atomics+0x152/0x310 [ 27.092987] kasan_atomics+0x1dc/0x310 [ 27.093011] ? __pfx_kasan_atomics+0x10/0x10 [ 27.093036] ? __pfx_read_tsc+0x10/0x10 [ 27.093060] ? ktime_get_ts64+0x86/0x230 [ 27.093086] kunit_try_run_case+0x1a5/0x480 [ 27.093109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.093157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.093181] ? __kthread_parkme+0x82/0x180 [ 27.093204] ? preempt_count_sub+0x50/0x80 [ 27.093230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.093254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.093298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.093325] kthread+0x337/0x6f0 [ 27.093348] ? trace_preempt_on+0x20/0xc0 [ 27.093373] ? __pfx_kthread+0x10/0x10 [ 27.093396] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.093426] ? calculate_sigpending+0x7b/0xa0 [ 27.093452] ? __pfx_kthread+0x10/0x10 [ 27.093476] ret_from_fork+0x116/0x1d0 [ 27.093497] ? __pfx_kthread+0x10/0x10 [ 27.093520] ret_from_fork_asm+0x1a/0x30 [ 27.093552] </TASK> [ 27.093565] [ 27.103533] Allocated by task 315: [ 27.103670] kasan_save_stack+0x45/0x70 [ 27.103888] kasan_save_track+0x18/0x40 [ 27.104069] kasan_save_alloc_info+0x3b/0x50 [ 27.104602] __kasan_kmalloc+0xb7/0xc0 [ 27.104901] __kmalloc_cache_noprof+0x189/0x420 [ 27.105193] kasan_atomics+0x95/0x310 [ 27.105477] kunit_try_run_case+0x1a5/0x480 [ 27.105657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.105989] kthread+0x337/0x6f0 [ 27.106155] ret_from_fork+0x116/0x1d0 [ 27.106324] ret_from_fork_asm+0x1a/0x30 [ 27.106714] [ 27.106809] The buggy address belongs to the object at ffff88810613ea80 [ 27.106809] which belongs to the cache kmalloc-64 of size 64 [ 27.107395] The buggy address is located 0 bytes to the right of [ 27.107395] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.108309] [ 27.108480] The buggy address belongs to the physical page: [ 27.108709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.109176] flags: 0x200000000000000(node=0|zone=2) [ 27.109389] page_type: f5(slab) [ 27.109786] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.110152] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.110613] page dumped because: kasan: bad access detected [ 27.111055] [ 27.111162] Memory state around the buggy address: [ 27.111438] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.111922] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.112242] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.112753] ^ [ 27.112986] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.113313] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.113870] ================================================================== [ 27.386994] ================================================================== [ 27.387450] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 27.387781] Write of size 8 at addr ffff88810613eab0 by task kunit_try_catch/315 [ 27.388034] [ 27.388212] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 27.388264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.388278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.388302] Call Trace: [ 27.388330] <TASK> [ 27.388356] dump_stack_lvl+0x73/0xb0 [ 27.388390] print_report+0xd1/0x610 [ 27.388413] ? __virt_addr_valid+0x1db/0x2d0 [ 27.389036] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.389064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.389193] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.389219] kasan_report+0x141/0x180 [ 27.389244] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.389279] kasan_check_range+0x10c/0x1c0 [ 27.389303] __kasan_check_write+0x18/0x20 [ 27.389328] kasan_atomics_helper+0x18b1/0x5450 [ 27.389351] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.389378] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.389405] ? kasan_atomics+0x152/0x310 [ 27.389432] kasan_atomics+0x1dc/0x310 [ 27.389456] ? __pfx_kasan_atomics+0x10/0x10 [ 27.389481] ? __pfx_read_tsc+0x10/0x10 [ 27.389505] ? ktime_get_ts64+0x86/0x230 [ 27.389532] kunit_try_run_case+0x1a5/0x480 [ 27.389554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.389576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.389602] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.389626] ? __kthread_parkme+0x82/0x180 [ 27.389651] ? preempt_count_sub+0x50/0x80 [ 27.389677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.389700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.389726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.389764] kthread+0x337/0x6f0 [ 27.389787] ? trace_preempt_on+0x20/0xc0 [ 27.389812] ? __pfx_kthread+0x10/0x10 [ 27.389834] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.389858] ? calculate_sigpending+0x7b/0xa0 [ 27.389884] ? __pfx_kthread+0x10/0x10 [ 27.389908] ret_from_fork+0x116/0x1d0 [ 27.389928] ? __pfx_kthread+0x10/0x10 [ 27.389951] ret_from_fork_asm+0x1a/0x30 [ 27.389983] </TASK> [ 27.389997] [ 27.405102] Allocated by task 315: [ 27.405245] kasan_save_stack+0x45/0x70 [ 27.405681] kasan_save_track+0x18/0x40 [ 27.406054] kasan_save_alloc_info+0x3b/0x50 [ 27.406499] __kasan_kmalloc+0xb7/0xc0 [ 27.406857] __kmalloc_cache_noprof+0x189/0x420 [ 27.407271] kasan_atomics+0x95/0x310 [ 27.407622] kunit_try_run_case+0x1a5/0x480 [ 27.407929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.408102] kthread+0x337/0x6f0 [ 27.408220] ret_from_fork+0x116/0x1d0 [ 27.408420] ret_from_fork_asm+0x1a/0x30 [ 27.408862] [ 27.409018] The buggy address belongs to the object at ffff88810613ea80 [ 27.409018] which belongs to the cache kmalloc-64 of size 64 [ 27.410364] The buggy address is located 0 bytes to the right of [ 27.410364] allocated 48-byte region [ffff88810613ea80, ffff88810613eab0) [ 27.411542] [ 27.411787] The buggy address belongs to the physical page: [ 27.412201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613e [ 27.412810] flags: 0x200000000000000(node=0|zone=2) [ 27.413254] page_type: f5(slab) [ 27.413615] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.413904] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.414125] page dumped because: kasan: bad access detected [ 27.414458] [ 27.414636] Memory state around the buggy address: [ 27.415182] ffff88810613e980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.415886] ffff88810613ea00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.416635] >ffff88810613ea80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.417306] ^ [ 27.417845] ffff88810613eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.418534] ffff88810613eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.419015] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 26.193750] ================================================================== [ 26.193988] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.194248] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.194509] [ 26.194593] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.194644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.194656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.194680] Call Trace: [ 26.194700] <TASK> [ 26.194718] dump_stack_lvl+0x73/0xb0 [ 26.194759] print_report+0xd1/0x610 [ 26.194782] ? __virt_addr_valid+0x1db/0x2d0 [ 26.194808] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.195625] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.195662] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.195707] kasan_report+0x141/0x180 [ 26.195748] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.195780] kasan_check_range+0x10c/0x1c0 [ 26.195804] __kasan_check_write+0x18/0x20 [ 26.195838] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.195865] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.195892] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.195917] ? trace_hardirqs_on+0x37/0xe0 [ 26.195941] ? kasan_bitops_generic+0x92/0x1c0 [ 26.195977] kasan_bitops_generic+0x121/0x1c0 [ 26.196001] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.196025] ? __pfx_read_tsc+0x10/0x10 [ 26.196483] ? ktime_get_ts64+0x86/0x230 [ 26.196523] kunit_try_run_case+0x1a5/0x480 [ 26.196561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.196581] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.196606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.196641] ? __kthread_parkme+0x82/0x180 [ 26.196662] ? preempt_count_sub+0x50/0x80 [ 26.196686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.196718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.196763] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.196787] kthread+0x337/0x6f0 [ 26.196807] ? trace_preempt_on+0x20/0xc0 [ 26.196842] ? __pfx_kthread+0x10/0x10 [ 26.196863] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.196885] ? calculate_sigpending+0x7b/0xa0 [ 26.196910] ? __pfx_kthread+0x10/0x10 [ 26.196932] ret_from_fork+0x116/0x1d0 [ 26.196950] ? __pfx_kthread+0x10/0x10 [ 26.196971] ret_from_fork_asm+0x1a/0x30 [ 26.197002] </TASK> [ 26.197014] [ 26.208601] Allocated by task 311: [ 26.208980] kasan_save_stack+0x45/0x70 [ 26.209167] kasan_save_track+0x18/0x40 [ 26.209458] kasan_save_alloc_info+0x3b/0x50 [ 26.209641] __kasan_kmalloc+0xb7/0xc0 [ 26.209946] __kmalloc_cache_noprof+0x189/0x420 [ 26.210268] kasan_bitops_generic+0x92/0x1c0 [ 26.210467] kunit_try_run_case+0x1a5/0x480 [ 26.210801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.211131] kthread+0x337/0x6f0 [ 26.211415] ret_from_fork+0x116/0x1d0 [ 26.211592] ret_from_fork_asm+0x1a/0x30 [ 26.211896] [ 26.211997] The buggy address belongs to the object at ffff888104c83b80 [ 26.211997] which belongs to the cache kmalloc-16 of size 16 [ 26.212699] The buggy address is located 8 bytes inside of [ 26.212699] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.213210] [ 26.213287] The buggy address belongs to the physical page: [ 26.213587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.213942] flags: 0x200000000000000(node=0|zone=2) [ 26.214145] page_type: f5(slab) [ 26.214333] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.214650] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.215053] page dumped because: kasan: bad access detected [ 26.215300] [ 26.215436] Memory state around the buggy address: [ 26.215607] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.215933] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.216211] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.216561] ^ [ 26.216682] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.216986] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.217281] ================================================================== [ 26.175231] ================================================================== [ 26.175595] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.175912] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.176238] [ 26.176355] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.176427] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.176440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.176462] Call Trace: [ 26.176483] <TASK> [ 26.176501] dump_stack_lvl+0x73/0xb0 [ 26.176530] print_report+0xd1/0x610 [ 26.176551] ? __virt_addr_valid+0x1db/0x2d0 [ 26.176576] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.176603] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.176629] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.176656] kasan_report+0x141/0x180 [ 26.176676] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.176707] kasan_check_range+0x10c/0x1c0 [ 26.176740] __kasan_check_write+0x18/0x20 [ 26.176762] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.176948] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.176977] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.177015] ? trace_hardirqs_on+0x37/0xe0 [ 26.177037] ? kasan_bitops_generic+0x92/0x1c0 [ 26.177076] kasan_bitops_generic+0x121/0x1c0 [ 26.177100] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.177125] ? __pfx_read_tsc+0x10/0x10 [ 26.177147] ? ktime_get_ts64+0x86/0x230 [ 26.177182] kunit_try_run_case+0x1a5/0x480 [ 26.177203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.177224] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.177258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.177282] ? __kthread_parkme+0x82/0x180 [ 26.177303] ? preempt_count_sub+0x50/0x80 [ 26.177334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.177355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.177381] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.177433] kthread+0x337/0x6f0 [ 26.177453] ? trace_preempt_on+0x20/0xc0 [ 26.177476] ? __pfx_kthread+0x10/0x10 [ 26.177506] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.177528] ? calculate_sigpending+0x7b/0xa0 [ 26.177553] ? __pfx_kthread+0x10/0x10 [ 26.177585] ret_from_fork+0x116/0x1d0 [ 26.177606] ? __pfx_kthread+0x10/0x10 [ 26.177626] ret_from_fork_asm+0x1a/0x30 [ 26.177657] </TASK> [ 26.177669] [ 26.185280] Allocated by task 311: [ 26.185498] kasan_save_stack+0x45/0x70 [ 26.185715] kasan_save_track+0x18/0x40 [ 26.185894] kasan_save_alloc_info+0x3b/0x50 [ 26.186036] __kasan_kmalloc+0xb7/0xc0 [ 26.186161] __kmalloc_cache_noprof+0x189/0x420 [ 26.186308] kasan_bitops_generic+0x92/0x1c0 [ 26.186474] kunit_try_run_case+0x1a5/0x480 [ 26.186628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.186908] kthread+0x337/0x6f0 [ 26.187100] ret_from_fork+0x116/0x1d0 [ 26.187317] ret_from_fork_asm+0x1a/0x30 [ 26.187576] [ 26.187680] The buggy address belongs to the object at ffff888104c83b80 [ 26.187680] which belongs to the cache kmalloc-16 of size 16 [ 26.188204] The buggy address is located 8 bytes inside of [ 26.188204] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.188776] [ 26.188852] The buggy address belongs to the physical page: [ 26.189020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.189298] flags: 0x200000000000000(node=0|zone=2) [ 26.189962] page_type: f5(slab) [ 26.190155] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.190525] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.190889] page dumped because: kasan: bad access detected [ 26.191131] [ 26.191216] Memory state around the buggy address: [ 26.191416] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.191620] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.191846] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.192102] ^ [ 26.192275] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.192665] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.192917] ================================================================== [ 26.132643] ================================================================== [ 26.133038] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.133510] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.133864] [ 26.133973] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.134023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.134035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.134058] Call Trace: [ 26.134078] <TASK> [ 26.134095] dump_stack_lvl+0x73/0xb0 [ 26.134123] print_report+0xd1/0x610 [ 26.134144] ? __virt_addr_valid+0x1db/0x2d0 [ 26.134169] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.134195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.134220] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.134248] kasan_report+0x141/0x180 [ 26.134280] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.134311] kasan_check_range+0x10c/0x1c0 [ 26.134345] __kasan_check_write+0x18/0x20 [ 26.134368] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.134412] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.134448] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.134472] ? trace_hardirqs_on+0x37/0xe0 [ 26.134495] ? kasan_bitops_generic+0x92/0x1c0 [ 26.134532] kasan_bitops_generic+0x121/0x1c0 [ 26.134558] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.134584] ? __pfx_read_tsc+0x10/0x10 [ 26.134615] ? ktime_get_ts64+0x86/0x230 [ 26.134640] kunit_try_run_case+0x1a5/0x480 [ 26.134661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.134693] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.134718] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.134750] ? __kthread_parkme+0x82/0x180 [ 26.134781] ? preempt_count_sub+0x50/0x80 [ 26.134806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.134829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.134866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.134891] kthread+0x337/0x6f0 [ 26.134911] ? trace_preempt_on+0x20/0xc0 [ 26.134942] ? __pfx_kthread+0x10/0x10 [ 26.134963] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.134985] ? calculate_sigpending+0x7b/0xa0 [ 26.135019] ? __pfx_kthread+0x10/0x10 [ 26.135041] ret_from_fork+0x116/0x1d0 [ 26.135060] ? __pfx_kthread+0x10/0x10 [ 26.135090] ret_from_fork_asm+0x1a/0x30 [ 26.135121] </TASK> [ 26.135131] [ 26.146369] Allocated by task 311: [ 26.146757] kasan_save_stack+0x45/0x70 [ 26.146943] kasan_save_track+0x18/0x40 [ 26.147109] kasan_save_alloc_info+0x3b/0x50 [ 26.147297] __kasan_kmalloc+0xb7/0xc0 [ 26.147708] __kmalloc_cache_noprof+0x189/0x420 [ 26.148114] kasan_bitops_generic+0x92/0x1c0 [ 26.148518] kunit_try_run_case+0x1a5/0x480 [ 26.148921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.149416] kthread+0x337/0x6f0 [ 26.149653] ret_from_fork+0x116/0x1d0 [ 26.149961] ret_from_fork_asm+0x1a/0x30 [ 26.150145] [ 26.150231] The buggy address belongs to the object at ffff888104c83b80 [ 26.150231] which belongs to the cache kmalloc-16 of size 16 [ 26.151039] The buggy address is located 8 bytes inside of [ 26.151039] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.151707] [ 26.151804] The buggy address belongs to the physical page: [ 26.152038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.152364] flags: 0x200000000000000(node=0|zone=2) [ 26.152651] page_type: f5(slab) [ 26.152828] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.153130] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.153493] page dumped because: kasan: bad access detected [ 26.153712] [ 26.153828] Memory state around the buggy address: [ 26.154023] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.154276] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.154647] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.154968] ^ [ 26.155086] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.155413] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.155700] ================================================================== [ 26.218724] ================================================================== [ 26.219040] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.219402] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.219707] [ 26.219988] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.220044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.220057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.220080] Call Trace: [ 26.220102] <TASK> [ 26.220132] dump_stack_lvl+0x73/0xb0 [ 26.220162] print_report+0xd1/0x610 [ 26.220185] ? __virt_addr_valid+0x1db/0x2d0 [ 26.220221] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.220247] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.220272] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.220299] kasan_report+0x141/0x180 [ 26.220325] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.220356] kasan_check_range+0x10c/0x1c0 [ 26.220378] __kasan_check_write+0x18/0x20 [ 26.220420] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.220447] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.220474] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.220508] ? trace_hardirqs_on+0x37/0xe0 [ 26.220530] ? kasan_bitops_generic+0x92/0x1c0 [ 26.220557] kasan_bitops_generic+0x121/0x1c0 [ 26.220590] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.220614] ? __pfx_read_tsc+0x10/0x10 [ 26.220636] ? ktime_get_ts64+0x86/0x230 [ 26.220660] kunit_try_run_case+0x1a5/0x480 [ 26.220682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.220702] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.220726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.220759] ? __kthread_parkme+0x82/0x180 [ 26.220780] ? preempt_count_sub+0x50/0x80 [ 26.220805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.220827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.220852] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.220877] kthread+0x337/0x6f0 [ 26.220897] ? trace_preempt_on+0x20/0xc0 [ 26.220919] ? __pfx_kthread+0x10/0x10 [ 26.220939] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.220961] ? calculate_sigpending+0x7b/0xa0 [ 26.220985] ? __pfx_kthread+0x10/0x10 [ 26.221007] ret_from_fork+0x116/0x1d0 [ 26.221026] ? __pfx_kthread+0x10/0x10 [ 26.221047] ret_from_fork_asm+0x1a/0x30 [ 26.221078] </TASK> [ 26.221089] [ 26.228908] Allocated by task 311: [ 26.229097] kasan_save_stack+0x45/0x70 [ 26.229300] kasan_save_track+0x18/0x40 [ 26.229509] kasan_save_alloc_info+0x3b/0x50 [ 26.229654] __kasan_kmalloc+0xb7/0xc0 [ 26.229835] __kmalloc_cache_noprof+0x189/0x420 [ 26.230054] kasan_bitops_generic+0x92/0x1c0 [ 26.230284] kunit_try_run_case+0x1a5/0x480 [ 26.230522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.230761] kthread+0x337/0x6f0 [ 26.230929] ret_from_fork+0x116/0x1d0 [ 26.231108] ret_from_fork_asm+0x1a/0x30 [ 26.231294] [ 26.231385] The buggy address belongs to the object at ffff888104c83b80 [ 26.231385] which belongs to the cache kmalloc-16 of size 16 [ 26.231902] The buggy address is located 8 bytes inside of [ 26.231902] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.232414] [ 26.232526] The buggy address belongs to the physical page: [ 26.232705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.232948] flags: 0x200000000000000(node=0|zone=2) [ 26.233109] page_type: f5(slab) [ 26.233226] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.233618] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.234015] page dumped because: kasan: bad access detected [ 26.234283] [ 26.234370] Memory state around the buggy address: [ 26.234544] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.234762] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.235031] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.235355] ^ [ 26.235552] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.235873] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.236194] ================================================================== [ 26.156908] ================================================================== [ 26.157241] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.157638] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.157943] [ 26.158060] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.158113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.158124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.158147] Call Trace: [ 26.158170] <TASK> [ 26.158189] dump_stack_lvl+0x73/0xb0 [ 26.158218] print_report+0xd1/0x610 [ 26.158240] ? __virt_addr_valid+0x1db/0x2d0 [ 26.158264] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.158290] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.158315] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.158341] kasan_report+0x141/0x180 [ 26.158362] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.158392] kasan_check_range+0x10c/0x1c0 [ 26.158415] __kasan_check_write+0x18/0x20 [ 26.158437] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.158464] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.158491] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.158515] ? trace_hardirqs_on+0x37/0xe0 [ 26.158537] ? kasan_bitops_generic+0x92/0x1c0 [ 26.158562] kasan_bitops_generic+0x121/0x1c0 [ 26.158584] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.158608] ? __pfx_read_tsc+0x10/0x10 [ 26.158630] ? ktime_get_ts64+0x86/0x230 [ 26.158654] kunit_try_run_case+0x1a5/0x480 [ 26.158675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.158694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.158718] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.159117] ? __kthread_parkme+0x82/0x180 [ 26.159146] ? preempt_count_sub+0x50/0x80 [ 26.159171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.159192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.159219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.159243] kthread+0x337/0x6f0 [ 26.159263] ? trace_preempt_on+0x20/0xc0 [ 26.159286] ? __pfx_kthread+0x10/0x10 [ 26.159307] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.159329] ? calculate_sigpending+0x7b/0xa0 [ 26.159354] ? __pfx_kthread+0x10/0x10 [ 26.159377] ret_from_fork+0x116/0x1d0 [ 26.159415] ? __pfx_kthread+0x10/0x10 [ 26.159437] ret_from_fork_asm+0x1a/0x30 [ 26.159468] </TASK> [ 26.159479] [ 26.167313] Allocated by task 311: [ 26.167507] kasan_save_stack+0x45/0x70 [ 26.167707] kasan_save_track+0x18/0x40 [ 26.167875] kasan_save_alloc_info+0x3b/0x50 [ 26.168089] __kasan_kmalloc+0xb7/0xc0 [ 26.168258] __kmalloc_cache_noprof+0x189/0x420 [ 26.168504] kasan_bitops_generic+0x92/0x1c0 [ 26.168704] kunit_try_run_case+0x1a5/0x480 [ 26.168890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.169066] kthread+0x337/0x6f0 [ 26.169253] ret_from_fork+0x116/0x1d0 [ 26.169458] ret_from_fork_asm+0x1a/0x30 [ 26.169645] [ 26.169710] The buggy address belongs to the object at ffff888104c83b80 [ 26.169710] which belongs to the cache kmalloc-16 of size 16 [ 26.170203] The buggy address is located 8 bytes inside of [ 26.170203] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.170633] [ 26.170701] The buggy address belongs to the physical page: [ 26.170876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.171197] flags: 0x200000000000000(node=0|zone=2) [ 26.171455] page_type: f5(slab) [ 26.171636] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.171976] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.172194] page dumped because: kasan: bad access detected [ 26.172362] [ 26.172448] Memory state around the buggy address: [ 26.172607] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.172934] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.173275] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.173655] ^ [ 26.173835] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.174179] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.174466] ================================================================== [ 26.096819] ================================================================== [ 26.097161] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.097606] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.097940] [ 26.098047] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.098111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.098125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.098159] Call Trace: [ 26.098176] <TASK> [ 26.098193] dump_stack_lvl+0x73/0xb0 [ 26.098224] print_report+0xd1/0x610 [ 26.098245] ? __virt_addr_valid+0x1db/0x2d0 [ 26.098270] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.098297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.098323] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.098351] kasan_report+0x141/0x180 [ 26.098372] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.098422] kasan_check_range+0x10c/0x1c0 [ 26.098446] __kasan_check_write+0x18/0x20 [ 26.098468] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.098494] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.098522] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.098555] ? trace_hardirqs_on+0x37/0xe0 [ 26.098579] ? kasan_bitops_generic+0x92/0x1c0 [ 26.098607] kasan_bitops_generic+0x121/0x1c0 [ 26.098640] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.098664] ? __pfx_read_tsc+0x10/0x10 [ 26.098686] ? ktime_get_ts64+0x86/0x230 [ 26.098712] kunit_try_run_case+0x1a5/0x480 [ 26.098743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.098763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.098787] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.098811] ? __kthread_parkme+0x82/0x180 [ 26.098832] ? preempt_count_sub+0x50/0x80 [ 26.098855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.098877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.098902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.098927] kthread+0x337/0x6f0 [ 26.098947] ? trace_preempt_on+0x20/0xc0 [ 26.098970] ? __pfx_kthread+0x10/0x10 [ 26.098991] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.099012] ? calculate_sigpending+0x7b/0xa0 [ 26.099037] ? __pfx_kthread+0x10/0x10 [ 26.099059] ret_from_fork+0x116/0x1d0 [ 26.099079] ? __pfx_kthread+0x10/0x10 [ 26.099099] ret_from_fork_asm+0x1a/0x30 [ 26.099130] </TASK> [ 26.099141] [ 26.106949] Allocated by task 311: [ 26.107123] kasan_save_stack+0x45/0x70 [ 26.107316] kasan_save_track+0x18/0x40 [ 26.107518] kasan_save_alloc_info+0x3b/0x50 [ 26.107724] __kasan_kmalloc+0xb7/0xc0 [ 26.107904] __kmalloc_cache_noprof+0x189/0x420 [ 26.108055] kasan_bitops_generic+0x92/0x1c0 [ 26.108196] kunit_try_run_case+0x1a5/0x480 [ 26.108414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.108691] kthread+0x337/0x6f0 [ 26.108889] ret_from_fork+0x116/0x1d0 [ 26.109056] ret_from_fork_asm+0x1a/0x30 [ 26.109201] [ 26.109265] The buggy address belongs to the object at ffff888104c83b80 [ 26.109265] which belongs to the cache kmalloc-16 of size 16 [ 26.109646] The buggy address is located 8 bytes inside of [ 26.109646] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.110132] [ 26.110221] The buggy address belongs to the physical page: [ 26.110513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.110861] flags: 0x200000000000000(node=0|zone=2) [ 26.111092] page_type: f5(slab) [ 26.111213] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.111462] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.111687] page dumped because: kasan: bad access detected [ 26.111947] [ 26.112042] Memory state around the buggy address: [ 26.112280] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.112638] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.112970] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.113286] ^ [ 26.113469] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.113762] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.114058] ================================================================== [ 26.114697] ================================================================== [ 26.115026] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.115430] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.115749] [ 26.115832] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.115881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.115894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.115915] Call Trace: [ 26.115934] <TASK> [ 26.115949] dump_stack_lvl+0x73/0xb0 [ 26.115977] print_report+0xd1/0x610 [ 26.115998] ? __virt_addr_valid+0x1db/0x2d0 [ 26.116021] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.116047] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.116073] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.116111] kasan_report+0x141/0x180 [ 26.116132] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.116174] kasan_check_range+0x10c/0x1c0 [ 26.116198] __kasan_check_write+0x18/0x20 [ 26.116221] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.116247] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.116275] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.116299] ? trace_hardirqs_on+0x37/0xe0 [ 26.116325] ? kasan_bitops_generic+0x92/0x1c0 [ 26.116352] kasan_bitops_generic+0x121/0x1c0 [ 26.116375] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.116418] ? __pfx_read_tsc+0x10/0x10 [ 26.116439] ? ktime_get_ts64+0x86/0x230 [ 26.116464] kunit_try_run_case+0x1a5/0x480 [ 26.116495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.116516] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.116541] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.116575] ? __kthread_parkme+0x82/0x180 [ 26.116596] ? preempt_count_sub+0x50/0x80 [ 26.116621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.116642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.116667] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.116693] kthread+0x337/0x6f0 [ 26.116712] ? trace_preempt_on+0x20/0xc0 [ 26.116742] ? __pfx_kthread+0x10/0x10 [ 26.116763] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.116785] ? calculate_sigpending+0x7b/0xa0 [ 26.116809] ? __pfx_kthread+0x10/0x10 [ 26.116831] ret_from_fork+0x116/0x1d0 [ 26.116849] ? __pfx_kthread+0x10/0x10 [ 26.116870] ret_from_fork_asm+0x1a/0x30 [ 26.116901] </TASK> [ 26.116913] [ 26.124487] Allocated by task 311: [ 26.124654] kasan_save_stack+0x45/0x70 [ 26.124870] kasan_save_track+0x18/0x40 [ 26.125072] kasan_save_alloc_info+0x3b/0x50 [ 26.125318] __kasan_kmalloc+0xb7/0xc0 [ 26.125558] __kmalloc_cache_noprof+0x189/0x420 [ 26.125799] kasan_bitops_generic+0x92/0x1c0 [ 26.125943] kunit_try_run_case+0x1a5/0x480 [ 26.126143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.126451] kthread+0x337/0x6f0 [ 26.126605] ret_from_fork+0x116/0x1d0 [ 26.126769] ret_from_fork_asm+0x1a/0x30 [ 26.126962] [ 26.127064] The buggy address belongs to the object at ffff888104c83b80 [ 26.127064] which belongs to the cache kmalloc-16 of size 16 [ 26.127573] The buggy address is located 8 bytes inside of [ 26.127573] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.128084] [ 26.128167] The buggy address belongs to the physical page: [ 26.128423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.128781] flags: 0x200000000000000(node=0|zone=2) [ 26.128974] page_type: f5(slab) [ 26.129091] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.129315] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.129561] page dumped because: kasan: bad access detected [ 26.129745] [ 26.129846] Memory state around the buggy address: [ 26.130069] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.130376] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.130701] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.131018] ^ [ 26.131186] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.131524] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.131829] ================================================================== [ 26.254840] ================================================================== [ 26.255356] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.255803] Read of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.256032] [ 26.256162] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.256224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.256237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.256258] Call Trace: [ 26.256290] <TASK> [ 26.256307] dump_stack_lvl+0x73/0xb0 [ 26.256342] print_report+0xd1/0x610 [ 26.256373] ? __virt_addr_valid+0x1db/0x2d0 [ 26.256420] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.256449] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.256474] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.256500] kasan_report+0x141/0x180 [ 26.256522] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.256552] __asan_report_load8_noabort+0x18/0x20 [ 26.256585] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.256611] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.256649] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.256672] ? trace_hardirqs_on+0x37/0xe0 [ 26.256694] ? kasan_bitops_generic+0x92/0x1c0 [ 26.256721] kasan_bitops_generic+0x121/0x1c0 [ 26.256753] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.256777] ? __pfx_read_tsc+0x10/0x10 [ 26.256799] ? ktime_get_ts64+0x86/0x230 [ 26.256824] kunit_try_run_case+0x1a5/0x480 [ 26.256846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.256866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.256890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.256913] ? __kthread_parkme+0x82/0x180 [ 26.256936] ? preempt_count_sub+0x50/0x80 [ 26.256960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.256990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.257016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.257041] kthread+0x337/0x6f0 [ 26.257070] ? trace_preempt_on+0x20/0xc0 [ 26.257092] ? __pfx_kthread+0x10/0x10 [ 26.257113] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.257135] ? calculate_sigpending+0x7b/0xa0 [ 26.257159] ? __pfx_kthread+0x10/0x10 [ 26.257181] ret_from_fork+0x116/0x1d0 [ 26.257199] ? __pfx_kthread+0x10/0x10 [ 26.257220] ret_from_fork_asm+0x1a/0x30 [ 26.257250] </TASK> [ 26.257261] [ 26.264667] Allocated by task 311: [ 26.264797] kasan_save_stack+0x45/0x70 [ 26.264933] kasan_save_track+0x18/0x40 [ 26.265118] kasan_save_alloc_info+0x3b/0x50 [ 26.265351] __kasan_kmalloc+0xb7/0xc0 [ 26.265578] __kmalloc_cache_noprof+0x189/0x420 [ 26.265801] kasan_bitops_generic+0x92/0x1c0 [ 26.266027] kunit_try_run_case+0x1a5/0x480 [ 26.266230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.266497] kthread+0x337/0x6f0 [ 26.266658] ret_from_fork+0x116/0x1d0 [ 26.266853] ret_from_fork_asm+0x1a/0x30 [ 26.267022] [ 26.267123] The buggy address belongs to the object at ffff888104c83b80 [ 26.267123] which belongs to the cache kmalloc-16 of size 16 [ 26.267621] The buggy address is located 8 bytes inside of [ 26.267621] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.268112] [ 26.268208] The buggy address belongs to the physical page: [ 26.268466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.268724] flags: 0x200000000000000(node=0|zone=2) [ 26.268891] page_type: f5(slab) [ 26.269006] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.269227] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.269560] page dumped because: kasan: bad access detected [ 26.269808] [ 26.269893] Memory state around the buggy address: [ 26.270105] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.270426] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.270687] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.270967] ^ [ 26.271083] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.271287] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.271514] ================================================================== [ 26.237058] ================================================================== [ 26.237460] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.237852] Read of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.238141] [ 26.238251] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.238303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.238315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.238338] Call Trace: [ 26.238360] <TASK> [ 26.238378] dump_stack_lvl+0x73/0xb0 [ 26.238429] print_report+0xd1/0x610 [ 26.238450] ? __virt_addr_valid+0x1db/0x2d0 [ 26.238477] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.238504] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.238530] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.238556] kasan_report+0x141/0x180 [ 26.238577] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.238608] kasan_check_range+0x10c/0x1c0 [ 26.238631] __kasan_check_read+0x15/0x20 [ 26.238663] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.238689] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.238717] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.238766] ? trace_hardirqs_on+0x37/0xe0 [ 26.238788] ? kasan_bitops_generic+0x92/0x1c0 [ 26.238814] kasan_bitops_generic+0x121/0x1c0 [ 26.238848] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.238872] ? __pfx_read_tsc+0x10/0x10 [ 26.238894] ? ktime_get_ts64+0x86/0x230 [ 26.238919] kunit_try_run_case+0x1a5/0x480 [ 26.238942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.238963] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.238987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.239010] ? __kthread_parkme+0x82/0x180 [ 26.239031] ? preempt_count_sub+0x50/0x80 [ 26.239054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.239076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.239102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.239127] kthread+0x337/0x6f0 [ 26.239148] ? trace_preempt_on+0x20/0xc0 [ 26.239170] ? __pfx_kthread+0x10/0x10 [ 26.239191] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.239212] ? calculate_sigpending+0x7b/0xa0 [ 26.239236] ? __pfx_kthread+0x10/0x10 [ 26.239258] ret_from_fork+0x116/0x1d0 [ 26.239277] ? __pfx_kthread+0x10/0x10 [ 26.239298] ret_from_fork_asm+0x1a/0x30 [ 26.239329] </TASK> [ 26.239340] [ 26.247026] Allocated by task 311: [ 26.247225] kasan_save_stack+0x45/0x70 [ 26.247448] kasan_save_track+0x18/0x40 [ 26.247638] kasan_save_alloc_info+0x3b/0x50 [ 26.247837] __kasan_kmalloc+0xb7/0xc0 [ 26.248033] __kmalloc_cache_noprof+0x189/0x420 [ 26.248217] kasan_bitops_generic+0x92/0x1c0 [ 26.248453] kunit_try_run_case+0x1a5/0x480 [ 26.248655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.248898] kthread+0x337/0x6f0 [ 26.249066] ret_from_fork+0x116/0x1d0 [ 26.249217] ret_from_fork_asm+0x1a/0x30 [ 26.249355] [ 26.249447] The buggy address belongs to the object at ffff888104c83b80 [ 26.249447] which belongs to the cache kmalloc-16 of size 16 [ 26.249803] The buggy address is located 8 bytes inside of [ 26.249803] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.250337] [ 26.250442] The buggy address belongs to the physical page: [ 26.250686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.251035] flags: 0x200000000000000(node=0|zone=2) [ 26.251258] page_type: f5(slab) [ 26.251406] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.251627] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.251853] page dumped because: kasan: bad access detected [ 26.252094] [ 26.252181] Memory state around the buggy address: [ 26.252472] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.252823] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.253134] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.253494] ^ [ 26.253666] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.253972] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.254254] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 26.078588] ================================================================== [ 26.078942] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.079545] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.079945] [ 26.080071] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.080134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.080147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.080170] Call Trace: [ 26.080184] <TASK> [ 26.080213] dump_stack_lvl+0x73/0xb0 [ 26.080245] print_report+0xd1/0x610 [ 26.080285] ? __virt_addr_valid+0x1db/0x2d0 [ 26.080311] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.080343] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.080368] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.080393] kasan_report+0x141/0x180 [ 26.080433] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.080462] kasan_check_range+0x10c/0x1c0 [ 26.080493] __kasan_check_write+0x18/0x20 [ 26.080516] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.080542] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.080579] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.080603] ? trace_hardirqs_on+0x37/0xe0 [ 26.080626] ? kasan_bitops_generic+0x92/0x1c0 [ 26.080664] kasan_bitops_generic+0x116/0x1c0 [ 26.080687] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.080721] ? __pfx_read_tsc+0x10/0x10 [ 26.080751] ? ktime_get_ts64+0x86/0x230 [ 26.080777] kunit_try_run_case+0x1a5/0x480 [ 26.080811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.080832] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.080856] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.080890] ? __kthread_parkme+0x82/0x180 [ 26.080912] ? preempt_count_sub+0x50/0x80 [ 26.080936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.080957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.080991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.081016] kthread+0x337/0x6f0 [ 26.081036] ? trace_preempt_on+0x20/0xc0 [ 26.081069] ? __pfx_kthread+0x10/0x10 [ 26.081091] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.081113] ? calculate_sigpending+0x7b/0xa0 [ 26.081139] ? __pfx_kthread+0x10/0x10 [ 26.081160] ret_from_fork+0x116/0x1d0 [ 26.081179] ? __pfx_kthread+0x10/0x10 [ 26.081200] ret_from_fork_asm+0x1a/0x30 [ 26.081231] </TASK> [ 26.081243] [ 26.088974] Allocated by task 311: [ 26.089159] kasan_save_stack+0x45/0x70 [ 26.089344] kasan_save_track+0x18/0x40 [ 26.089568] kasan_save_alloc_info+0x3b/0x50 [ 26.089792] __kasan_kmalloc+0xb7/0xc0 [ 26.089971] __kmalloc_cache_noprof+0x189/0x420 [ 26.090175] kasan_bitops_generic+0x92/0x1c0 [ 26.090389] kunit_try_run_case+0x1a5/0x480 [ 26.090602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.090847] kthread+0x337/0x6f0 [ 26.091024] ret_from_fork+0x116/0x1d0 [ 26.091188] ret_from_fork_asm+0x1a/0x30 [ 26.091385] [ 26.091487] The buggy address belongs to the object at ffff888104c83b80 [ 26.091487] which belongs to the cache kmalloc-16 of size 16 [ 26.091851] The buggy address is located 8 bytes inside of [ 26.091851] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.092191] [ 26.092259] The buggy address belongs to the physical page: [ 26.092516] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.092868] flags: 0x200000000000000(node=0|zone=2) [ 26.093107] page_type: f5(slab) [ 26.093272] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.093654] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.093994] page dumped because: kasan: bad access detected [ 26.094223] [ 26.094331] Memory state around the buggy address: [ 26.094573] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.094805] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.095012] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.095216] ^ [ 26.095331] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.095623] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.095964] ================================================================== [ 25.880532] ================================================================== [ 25.880980] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.881390] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 25.881795] [ 25.881920] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.881979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.881993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.882016] Call Trace: [ 25.882030] <TASK> [ 25.882051] dump_stack_lvl+0x73/0xb0 [ 25.882084] print_report+0xd1/0x610 [ 25.882107] ? __virt_addr_valid+0x1db/0x2d0 [ 25.882132] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.882158] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.882184] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.882210] kasan_report+0x141/0x180 [ 25.882232] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.882262] kasan_check_range+0x10c/0x1c0 [ 25.882331] __kasan_check_write+0x18/0x20 [ 25.882355] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.882380] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.882406] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.882433] ? trace_hardirqs_on+0x37/0xe0 [ 25.882456] ? kasan_bitops_generic+0x92/0x1c0 [ 25.882483] kasan_bitops_generic+0x116/0x1c0 [ 25.882507] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.882532] ? __pfx_read_tsc+0x10/0x10 [ 25.882554] ? ktime_get_ts64+0x86/0x230 [ 25.882581] kunit_try_run_case+0x1a5/0x480 [ 25.882603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.882623] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.882648] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.882670] ? __kthread_parkme+0x82/0x180 [ 25.882692] ? preempt_count_sub+0x50/0x80 [ 25.882716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.882749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.882774] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.882798] kthread+0x337/0x6f0 [ 25.882818] ? trace_preempt_on+0x20/0xc0 [ 25.882843] ? __pfx_kthread+0x10/0x10 [ 25.882865] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.882887] ? calculate_sigpending+0x7b/0xa0 [ 25.882912] ? __pfx_kthread+0x10/0x10 [ 25.882933] ret_from_fork+0x116/0x1d0 [ 25.882952] ? __pfx_kthread+0x10/0x10 [ 25.882973] ret_from_fork_asm+0x1a/0x30 [ 25.883004] </TASK> [ 25.883017] [ 25.891299] Allocated by task 311: [ 25.891440] kasan_save_stack+0x45/0x70 [ 25.891703] kasan_save_track+0x18/0x40 [ 25.891908] kasan_save_alloc_info+0x3b/0x50 [ 25.892072] __kasan_kmalloc+0xb7/0xc0 [ 25.892198] __kmalloc_cache_noprof+0x189/0x420 [ 25.892405] kasan_bitops_generic+0x92/0x1c0 [ 25.892693] kunit_try_run_case+0x1a5/0x480 [ 25.892922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.893156] kthread+0x337/0x6f0 [ 25.893381] ret_from_fork+0x116/0x1d0 [ 25.893568] ret_from_fork_asm+0x1a/0x30 [ 25.893747] [ 25.893824] The buggy address belongs to the object at ffff888104c83b80 [ 25.893824] which belongs to the cache kmalloc-16 of size 16 [ 25.894201] The buggy address is located 8 bytes inside of [ 25.894201] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 25.894912] [ 25.894984] The buggy address belongs to the physical page: [ 25.895152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 25.895623] flags: 0x200000000000000(node=0|zone=2) [ 25.895872] page_type: f5(slab) [ 25.896038] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.896581] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.896864] page dumped because: kasan: bad access detected [ 25.897030] [ 25.897093] Memory state around the buggy address: [ 25.897268] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.897894] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.898218] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.898623] ^ [ 25.898768] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.899002] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.899306] ================================================================== [ 25.930671] ================================================================== [ 25.931179] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.932709] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 25.933247] [ 25.933629] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.933691] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.933704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.933728] Call Trace: [ 25.933864] <TASK> [ 25.933885] dump_stack_lvl+0x73/0xb0 [ 25.933924] print_report+0xd1/0x610 [ 25.933951] ? __virt_addr_valid+0x1db/0x2d0 [ 25.933977] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.934003] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.934029] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.934054] kasan_report+0x141/0x180 [ 25.934076] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.934105] kasan_check_range+0x10c/0x1c0 [ 25.934128] __kasan_check_write+0x18/0x20 [ 25.934151] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.934176] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.934201] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.934226] ? trace_hardirqs_on+0x37/0xe0 [ 25.934250] ? kasan_bitops_generic+0x92/0x1c0 [ 25.934340] kasan_bitops_generic+0x116/0x1c0 [ 25.934366] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.934391] ? __pfx_read_tsc+0x10/0x10 [ 25.934413] ? ktime_get_ts64+0x86/0x230 [ 25.934440] kunit_try_run_case+0x1a5/0x480 [ 25.934464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.934485] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.934509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.934532] ? __kthread_parkme+0x82/0x180 [ 25.934554] ? preempt_count_sub+0x50/0x80 [ 25.934578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.934600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.934626] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.934651] kthread+0x337/0x6f0 [ 25.934671] ? trace_preempt_on+0x20/0xc0 [ 25.934694] ? __pfx_kthread+0x10/0x10 [ 25.934715] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.934751] ? calculate_sigpending+0x7b/0xa0 [ 25.934775] ? __pfx_kthread+0x10/0x10 [ 25.934796] ret_from_fork+0x116/0x1d0 [ 25.934815] ? __pfx_kthread+0x10/0x10 [ 25.934835] ret_from_fork_asm+0x1a/0x30 [ 25.934865] </TASK> [ 25.934877] [ 25.951674] Allocated by task 311: [ 25.951829] kasan_save_stack+0x45/0x70 [ 25.951984] kasan_save_track+0x18/0x40 [ 25.952112] kasan_save_alloc_info+0x3b/0x50 [ 25.952256] __kasan_kmalloc+0xb7/0xc0 [ 25.952386] __kmalloc_cache_noprof+0x189/0x420 [ 25.953383] kasan_bitops_generic+0x92/0x1c0 [ 25.953894] kunit_try_run_case+0x1a5/0x480 [ 25.954351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.954953] kthread+0x337/0x6f0 [ 25.955256] ret_from_fork+0x116/0x1d0 [ 25.955687] ret_from_fork_asm+0x1a/0x30 [ 25.956080] [ 25.956260] The buggy address belongs to the object at ffff888104c83b80 [ 25.956260] which belongs to the cache kmalloc-16 of size 16 [ 25.957486] The buggy address is located 8 bytes inside of [ 25.957486] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 25.958133] [ 25.958209] The buggy address belongs to the physical page: [ 25.958715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 25.959685] flags: 0x200000000000000(node=0|zone=2) [ 25.960196] page_type: f5(slab) [ 25.960711] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.961082] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.961453] page dumped because: kasan: bad access detected [ 25.961986] [ 25.962159] Memory state around the buggy address: [ 25.962701] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.963433] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.963907] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.964234] ^ [ 25.964359] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.965197] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.966071] ================================================================== [ 25.996174] ================================================================== [ 25.996405] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.996648] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 25.997222] [ 25.997393] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.997454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.997467] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.997491] Call Trace: [ 25.997511] <TASK> [ 25.997527] dump_stack_lvl+0x73/0xb0 [ 25.997557] print_report+0xd1/0x610 [ 25.997582] ? __virt_addr_valid+0x1db/0x2d0 [ 25.997609] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.997636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.997662] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.997687] kasan_report+0x141/0x180 [ 25.997709] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.997748] kasan_check_range+0x10c/0x1c0 [ 25.997772] __kasan_check_write+0x18/0x20 [ 25.997795] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.997821] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.997848] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.997874] ? trace_hardirqs_on+0x37/0xe0 [ 25.997896] ? kasan_bitops_generic+0x92/0x1c0 [ 25.997922] kasan_bitops_generic+0x116/0x1c0 [ 25.997947] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.997971] ? __pfx_read_tsc+0x10/0x10 [ 25.997994] ? ktime_get_ts64+0x86/0x230 [ 25.998019] kunit_try_run_case+0x1a5/0x480 [ 25.998041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.998060] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.998084] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.998108] ? __kthread_parkme+0x82/0x180 [ 25.998129] ? preempt_count_sub+0x50/0x80 [ 25.998153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.998174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.998199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.998224] kthread+0x337/0x6f0 [ 25.998243] ? trace_preempt_on+0x20/0xc0 [ 25.998265] ? __pfx_kthread+0x10/0x10 [ 25.998285] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.998307] ? calculate_sigpending+0x7b/0xa0 [ 25.998331] ? __pfx_kthread+0x10/0x10 [ 25.998353] ret_from_fork+0x116/0x1d0 [ 25.998371] ? __pfx_kthread+0x10/0x10 [ 25.998392] ret_from_fork_asm+0x1a/0x30 [ 25.998422] </TASK> [ 25.998433] [ 26.016445] Allocated by task 311: [ 26.016765] kasan_save_stack+0x45/0x70 [ 26.017139] kasan_save_track+0x18/0x40 [ 26.017540] kasan_save_alloc_info+0x3b/0x50 [ 26.017944] __kasan_kmalloc+0xb7/0xc0 [ 26.018147] __kmalloc_cache_noprof+0x189/0x420 [ 26.018599] kasan_bitops_generic+0x92/0x1c0 [ 26.019003] kunit_try_run_case+0x1a5/0x480 [ 26.019156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.019327] kthread+0x337/0x6f0 [ 26.019441] ret_from_fork+0x116/0x1d0 [ 26.019566] ret_from_fork_asm+0x1a/0x30 [ 26.019698] [ 26.019807] The buggy address belongs to the object at ffff888104c83b80 [ 26.019807] which belongs to the cache kmalloc-16 of size 16 [ 26.020446] The buggy address is located 8 bytes inside of [ 26.020446] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.021591] [ 26.021666] The buggy address belongs to the physical page: [ 26.021845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.022080] flags: 0x200000000000000(node=0|zone=2) [ 26.022239] page_type: f5(slab) [ 26.022691] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.023315] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.023980] page dumped because: kasan: bad access detected [ 26.024404] [ 26.024566] Memory state around the buggy address: [ 26.024801] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.025414] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.025629] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.025847] ^ [ 26.025964] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.026172] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.026635] ================================================================== [ 25.966980] ================================================================== [ 25.967469] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.967927] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 25.968228] [ 25.968411] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.968643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.968660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.968685] Call Trace: [ 25.968707] <TASK> [ 25.968749] dump_stack_lvl+0x73/0xb0 [ 25.968784] print_report+0xd1/0x610 [ 25.968813] ? __virt_addr_valid+0x1db/0x2d0 [ 25.968839] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.968864] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.968890] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.968915] kasan_report+0x141/0x180 [ 25.968936] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.968965] kasan_check_range+0x10c/0x1c0 [ 25.968989] __kasan_check_write+0x18/0x20 [ 25.969013] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.969038] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.969063] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.969087] ? trace_hardirqs_on+0x37/0xe0 [ 25.969110] ? kasan_bitops_generic+0x92/0x1c0 [ 25.969137] kasan_bitops_generic+0x116/0x1c0 [ 25.969160] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.969184] ? __pfx_read_tsc+0x10/0x10 [ 25.969206] ? ktime_get_ts64+0x86/0x230 [ 25.969231] kunit_try_run_case+0x1a5/0x480 [ 25.969253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.969323] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.969351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.969375] ? __kthread_parkme+0x82/0x180 [ 25.969396] ? preempt_count_sub+0x50/0x80 [ 25.969427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.969449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.969475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.969501] kthread+0x337/0x6f0 [ 25.969522] ? trace_preempt_on+0x20/0xc0 [ 25.969543] ? __pfx_kthread+0x10/0x10 [ 25.969564] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.969585] ? calculate_sigpending+0x7b/0xa0 [ 25.969611] ? __pfx_kthread+0x10/0x10 [ 25.969632] ret_from_fork+0x116/0x1d0 [ 25.969652] ? __pfx_kthread+0x10/0x10 [ 25.969672] ret_from_fork_asm+0x1a/0x30 [ 25.969702] </TASK> [ 25.969714] [ 25.983694] Allocated by task 311: [ 25.983836] kasan_save_stack+0x45/0x70 [ 25.983980] kasan_save_track+0x18/0x40 [ 25.984106] kasan_save_alloc_info+0x3b/0x50 [ 25.984246] __kasan_kmalloc+0xb7/0xc0 [ 25.984653] __kmalloc_cache_noprof+0x189/0x420 [ 25.985076] kasan_bitops_generic+0x92/0x1c0 [ 25.985532] kunit_try_run_case+0x1a5/0x480 [ 25.986098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.986630] kthread+0x337/0x6f0 [ 25.987089] ret_from_fork+0x116/0x1d0 [ 25.987532] ret_from_fork_asm+0x1a/0x30 [ 25.987928] [ 25.988098] The buggy address belongs to the object at ffff888104c83b80 [ 25.988098] which belongs to the cache kmalloc-16 of size 16 [ 25.989507] The buggy address is located 8 bytes inside of [ 25.989507] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 25.990187] [ 25.990333] The buggy address belongs to the physical page: [ 25.990829] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 25.991509] flags: 0x200000000000000(node=0|zone=2) [ 25.991962] page_type: f5(slab) [ 25.992211] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.992939] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.993338] page dumped because: kasan: bad access detected [ 25.994017] [ 25.994171] Memory state around the buggy address: [ 25.994616] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.994841] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.995046] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.995248] ^ [ 25.995362] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.995567] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.995782] ================================================================== [ 25.899761] ================================================================== [ 25.900100] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.900597] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 25.901267] [ 25.901632] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.901690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.901703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.901726] Call Trace: [ 25.901761] <TASK> [ 25.901779] dump_stack_lvl+0x73/0xb0 [ 25.901810] print_report+0xd1/0x610 [ 25.901832] ? __virt_addr_valid+0x1db/0x2d0 [ 25.901857] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.901882] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.901907] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.901932] kasan_report+0x141/0x180 [ 25.901954] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.901984] kasan_check_range+0x10c/0x1c0 [ 25.902007] __kasan_check_write+0x18/0x20 [ 25.902030] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.902055] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.902082] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.902106] ? trace_hardirqs_on+0x37/0xe0 [ 25.902130] ? kasan_bitops_generic+0x92/0x1c0 [ 25.902156] kasan_bitops_generic+0x116/0x1c0 [ 25.902180] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.902204] ? __pfx_read_tsc+0x10/0x10 [ 25.902227] ? ktime_get_ts64+0x86/0x230 [ 25.902252] kunit_try_run_case+0x1a5/0x480 [ 25.902275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.902296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.902321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.902344] ? __kthread_parkme+0x82/0x180 [ 25.902366] ? preempt_count_sub+0x50/0x80 [ 25.902390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.902412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.902585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.902611] kthread+0x337/0x6f0 [ 25.902630] ? trace_preempt_on+0x20/0xc0 [ 25.902654] ? __pfx_kthread+0x10/0x10 [ 25.902675] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.902697] ? calculate_sigpending+0x7b/0xa0 [ 25.902722] ? __pfx_kthread+0x10/0x10 [ 25.902754] ret_from_fork+0x116/0x1d0 [ 25.902772] ? __pfx_kthread+0x10/0x10 [ 25.902794] ret_from_fork_asm+0x1a/0x30 [ 25.902824] </TASK> [ 25.902836] [ 25.911097] Allocated by task 311: [ 25.911329] kasan_save_stack+0x45/0x70 [ 25.911556] kasan_save_track+0x18/0x40 [ 25.911749] kasan_save_alloc_info+0x3b/0x50 [ 25.911890] __kasan_kmalloc+0xb7/0xc0 [ 25.912015] __kmalloc_cache_noprof+0x189/0x420 [ 25.912199] kasan_bitops_generic+0x92/0x1c0 [ 25.912600] kunit_try_run_case+0x1a5/0x480 [ 25.912964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.913176] kthread+0x337/0x6f0 [ 25.913421] ret_from_fork+0x116/0x1d0 [ 25.913588] ret_from_fork_asm+0x1a/0x30 [ 25.913782] [ 25.913854] The buggy address belongs to the object at ffff888104c83b80 [ 25.913854] which belongs to the cache kmalloc-16 of size 16 [ 25.914351] The buggy address is located 8 bytes inside of [ 25.914351] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 25.914946] [ 25.915016] The buggy address belongs to the physical page: [ 25.915182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 25.915415] flags: 0x200000000000000(node=0|zone=2) [ 25.915618] page_type: f5(slab) [ 25.915792] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.920518] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.921810] page dumped because: kasan: bad access detected [ 25.923364] [ 25.924349] Memory state around the buggy address: [ 25.925168] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.926229] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.926457] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.926658] ^ [ 25.926878] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.927849] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.928960] ================================================================== [ 26.027590] ================================================================== [ 26.027991] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.028744] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.029175] [ 26.029279] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.029332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.029344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.029411] Call Trace: [ 26.029435] <TASK> [ 26.029469] dump_stack_lvl+0x73/0xb0 [ 26.029509] print_report+0xd1/0x610 [ 26.029532] ? __virt_addr_valid+0x1db/0x2d0 [ 26.029557] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.029592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.029618] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.029643] kasan_report+0x141/0x180 [ 26.029676] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.029706] kasan_check_range+0x10c/0x1c0 [ 26.029740] __kasan_check_write+0x18/0x20 [ 26.029762] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.029789] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.029815] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.029838] ? trace_hardirqs_on+0x37/0xe0 [ 26.029862] ? kasan_bitops_generic+0x92/0x1c0 [ 26.029889] kasan_bitops_generic+0x116/0x1c0 [ 26.029912] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.029946] ? __pfx_read_tsc+0x10/0x10 [ 26.029968] ? ktime_get_ts64+0x86/0x230 [ 26.029993] kunit_try_run_case+0x1a5/0x480 [ 26.030025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.030046] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.030069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.030093] ? __kthread_parkme+0x82/0x180 [ 26.030113] ? preempt_count_sub+0x50/0x80 [ 26.030137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.030168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.030193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.030219] kthread+0x337/0x6f0 [ 26.030248] ? trace_preempt_on+0x20/0xc0 [ 26.030471] ? __pfx_kthread+0x10/0x10 [ 26.030507] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.030531] ? calculate_sigpending+0x7b/0xa0 [ 26.030555] ? __pfx_kthread+0x10/0x10 [ 26.030577] ret_from_fork+0x116/0x1d0 [ 26.030596] ? __pfx_kthread+0x10/0x10 [ 26.030618] ret_from_fork_asm+0x1a/0x30 [ 26.030649] </TASK> [ 26.030661] [ 26.045001] Allocated by task 311: [ 26.045324] kasan_save_stack+0x45/0x70 [ 26.045824] kasan_save_track+0x18/0x40 [ 26.046201] kasan_save_alloc_info+0x3b/0x50 [ 26.046854] __kasan_kmalloc+0xb7/0xc0 [ 26.047236] __kmalloc_cache_noprof+0x189/0x420 [ 26.048285] kasan_bitops_generic+0x92/0x1c0 [ 26.048707] kunit_try_run_case+0x1a5/0x480 [ 26.049386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.049847] kthread+0x337/0x6f0 [ 26.049968] ret_from_fork+0x116/0x1d0 [ 26.050094] ret_from_fork_asm+0x1a/0x30 [ 26.050226] [ 26.050473] The buggy address belongs to the object at ffff888104c83b80 [ 26.050473] which belongs to the cache kmalloc-16 of size 16 [ 26.051751] The buggy address is located 8 bytes inside of [ 26.051751] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.052989] [ 26.053216] The buggy address belongs to the physical page: [ 26.053703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.053955] flags: 0x200000000000000(node=0|zone=2) [ 26.054115] page_type: f5(slab) [ 26.054232] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.054470] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.055058] page dumped because: kasan: bad access detected [ 26.055389] [ 26.055476] Memory state around the buggy address: [ 26.055713] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.056005] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.056338] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.056680] ^ [ 26.056867] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.057170] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.057446] ================================================================== [ 26.058043] ================================================================== [ 26.058402] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.058811] Write of size 8 at addr ffff888104c83b88 by task kunit_try_catch/311 [ 26.059112] [ 26.059222] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 26.059274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.059287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.059311] Call Trace: [ 26.059332] <TASK> [ 26.059353] dump_stack_lvl+0x73/0xb0 [ 26.059381] print_report+0xd1/0x610 [ 26.059403] ? __virt_addr_valid+0x1db/0x2d0 [ 26.059631] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.059667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.059708] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.059744] kasan_report+0x141/0x180 [ 26.059767] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.059819] kasan_check_range+0x10c/0x1c0 [ 26.059842] __kasan_check_write+0x18/0x20 [ 26.059864] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.059900] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.059926] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.059950] ? trace_hardirqs_on+0x37/0xe0 [ 26.059973] ? kasan_bitops_generic+0x92/0x1c0 [ 26.059999] kasan_bitops_generic+0x116/0x1c0 [ 26.060022] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.060048] ? __pfx_read_tsc+0x10/0x10 [ 26.060070] ? ktime_get_ts64+0x86/0x230 [ 26.060095] kunit_try_run_case+0x1a5/0x480 [ 26.060118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.060137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.060162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.060186] ? __kthread_parkme+0x82/0x180 [ 26.060209] ? preempt_count_sub+0x50/0x80 [ 26.060233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.060264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.060350] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.060375] kthread+0x337/0x6f0 [ 26.060395] ? trace_preempt_on+0x20/0xc0 [ 26.060417] ? __pfx_kthread+0x10/0x10 [ 26.060439] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.060492] ? calculate_sigpending+0x7b/0xa0 [ 26.060519] ? __pfx_kthread+0x10/0x10 [ 26.060553] ret_from_fork+0x116/0x1d0 [ 26.060573] ? __pfx_kthread+0x10/0x10 [ 26.060593] ret_from_fork_asm+0x1a/0x30 [ 26.060624] </TASK> [ 26.060636] [ 26.069439] Allocated by task 311: [ 26.069672] kasan_save_stack+0x45/0x70 [ 26.069878] kasan_save_track+0x18/0x40 [ 26.070080] kasan_save_alloc_info+0x3b/0x50 [ 26.070323] __kasan_kmalloc+0xb7/0xc0 [ 26.070548] __kmalloc_cache_noprof+0x189/0x420 [ 26.070775] kasan_bitops_generic+0x92/0x1c0 [ 26.070956] kunit_try_run_case+0x1a5/0x480 [ 26.071136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.071471] kthread+0x337/0x6f0 [ 26.071681] ret_from_fork+0x116/0x1d0 [ 26.071827] ret_from_fork_asm+0x1a/0x30 [ 26.071965] [ 26.072035] The buggy address belongs to the object at ffff888104c83b80 [ 26.072035] which belongs to the cache kmalloc-16 of size 16 [ 26.072476] The buggy address is located 8 bytes inside of [ 26.072476] allocated 9-byte region [ffff888104c83b80, ffff888104c83b89) [ 26.073384] [ 26.073509] The buggy address belongs to the physical page: [ 26.073755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 26.074062] flags: 0x200000000000000(node=0|zone=2) [ 26.074230] page_type: f5(slab) [ 26.074354] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.074581] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.074933] page dumped because: kasan: bad access detected [ 26.075227] [ 26.075322] Memory state around the buggy address: [ 26.075720] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.076089] ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.076525] >ffff888104c83b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.076868] ^ [ 26.076987] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.077193] ffff888104c83c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.077763] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 25.846351] ================================================================== [ 25.847811] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 25.848654] Read of size 1 at addr ffff88810613f2d0 by task kunit_try_catch/309 [ 25.849495] [ 25.849612] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.849667] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.849681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.849704] Call Trace: [ 25.849725] <TASK> [ 25.849752] dump_stack_lvl+0x73/0xb0 [ 25.849785] print_report+0xd1/0x610 [ 25.849808] ? __virt_addr_valid+0x1db/0x2d0 [ 25.849833] ? strnlen+0x73/0x80 [ 25.849852] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.849878] ? strnlen+0x73/0x80 [ 25.849898] kasan_report+0x141/0x180 [ 25.849920] ? strnlen+0x73/0x80 [ 25.849944] __asan_report_load1_noabort+0x18/0x20 [ 25.849969] strnlen+0x73/0x80 [ 25.849988] kasan_strings+0x615/0xe80 [ 25.850009] ? trace_hardirqs_on+0x37/0xe0 [ 25.850032] ? __pfx_kasan_strings+0x10/0x10 [ 25.850052] ? finish_task_switch.isra.0+0x153/0x700 [ 25.850075] ? __switch_to+0x47/0xf80 [ 25.850101] ? __schedule+0x10cc/0x2b60 [ 25.850125] ? __pfx_read_tsc+0x10/0x10 [ 25.850148] ? ktime_get_ts64+0x86/0x230 [ 25.850173] kunit_try_run_case+0x1a5/0x480 [ 25.850195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.850216] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.850240] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.850263] ? __kthread_parkme+0x82/0x180 [ 25.850284] ? preempt_count_sub+0x50/0x80 [ 25.850306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.850327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.850355] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.850379] kthread+0x337/0x6f0 [ 25.850401] ? trace_preempt_on+0x20/0xc0 [ 25.850422] ? __pfx_kthread+0x10/0x10 [ 25.850444] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.850465] ? calculate_sigpending+0x7b/0xa0 [ 25.850489] ? __pfx_kthread+0x10/0x10 [ 25.850511] ret_from_fork+0x116/0x1d0 [ 25.850530] ? __pfx_kthread+0x10/0x10 [ 25.850552] ret_from_fork_asm+0x1a/0x30 [ 25.850583] </TASK> [ 25.850595] [ 25.860457] Allocated by task 309: [ 25.860832] kasan_save_stack+0x45/0x70 [ 25.861043] kasan_save_track+0x18/0x40 [ 25.861230] kasan_save_alloc_info+0x3b/0x50 [ 25.861434] __kasan_kmalloc+0xb7/0xc0 [ 25.861862] __kmalloc_cache_noprof+0x189/0x420 [ 25.862135] kasan_strings+0xc0/0xe80 [ 25.862280] kunit_try_run_case+0x1a5/0x480 [ 25.862742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.863085] kthread+0x337/0x6f0 [ 25.863227] ret_from_fork+0x116/0x1d0 [ 25.863403] ret_from_fork_asm+0x1a/0x30 [ 25.863787] [ 25.863889] Freed by task 309: [ 25.864198] kasan_save_stack+0x45/0x70 [ 25.864544] kasan_save_track+0x18/0x40 [ 25.864721] kasan_save_free_info+0x3f/0x60 [ 25.865075] __kasan_slab_free+0x56/0x70 [ 25.865342] kfree+0x222/0x3f0 [ 25.865479] kasan_strings+0x2aa/0xe80 [ 25.865727] kunit_try_run_case+0x1a5/0x480 [ 25.865940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.866176] kthread+0x337/0x6f0 [ 25.866323] ret_from_fork+0x116/0x1d0 [ 25.866814] ret_from_fork_asm+0x1a/0x30 [ 25.867000] [ 25.867069] The buggy address belongs to the object at ffff88810613f2c0 [ 25.867069] which belongs to the cache kmalloc-32 of size 32 [ 25.867923] The buggy address is located 16 bytes inside of [ 25.867923] freed 32-byte region [ffff88810613f2c0, ffff88810613f2e0) [ 25.868615] [ 25.868857] The buggy address belongs to the physical page: [ 25.869097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613f [ 25.869514] flags: 0x200000000000000(node=0|zone=2) [ 25.869760] page_type: f5(slab) [ 25.869916] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.870233] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.870801] page dumped because: kasan: bad access detected [ 25.871108] [ 25.871207] Memory state around the buggy address: [ 25.871555] ffff88810613f180: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.871959] ffff88810613f200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.872313] >ffff88810613f280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.872765] ^ [ 25.873044] ffff88810613f300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.873330] ffff88810613f380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.873822] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 25.819600] ================================================================== [ 25.819983] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 25.820266] Read of size 1 at addr ffff88810613f2d0 by task kunit_try_catch/309 [ 25.820501] [ 25.821037] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.821096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.821109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.821133] Call Trace: [ 25.821154] <TASK> [ 25.821170] dump_stack_lvl+0x73/0xb0 [ 25.821202] print_report+0xd1/0x610 [ 25.821224] ? __virt_addr_valid+0x1db/0x2d0 [ 25.821249] ? strlen+0x8f/0xb0 [ 25.821281] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.821308] ? strlen+0x8f/0xb0 [ 25.821326] kasan_report+0x141/0x180 [ 25.821348] ? strlen+0x8f/0xb0 [ 25.821371] __asan_report_load1_noabort+0x18/0x20 [ 25.821396] strlen+0x8f/0xb0 [ 25.821415] kasan_strings+0x57b/0xe80 [ 25.821435] ? trace_hardirqs_on+0x37/0xe0 [ 25.821459] ? __pfx_kasan_strings+0x10/0x10 [ 25.821480] ? finish_task_switch.isra.0+0x153/0x700 [ 25.821503] ? __switch_to+0x47/0xf80 [ 25.821529] ? __schedule+0x10cc/0x2b60 [ 25.821554] ? __pfx_read_tsc+0x10/0x10 [ 25.821576] ? ktime_get_ts64+0x86/0x230 [ 25.821602] kunit_try_run_case+0x1a5/0x480 [ 25.821625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.821645] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.821669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.821694] ? __kthread_parkme+0x82/0x180 [ 25.821715] ? preempt_count_sub+0x50/0x80 [ 25.821751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.821782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.821806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.821832] kthread+0x337/0x6f0 [ 25.821852] ? trace_preempt_on+0x20/0xc0 [ 25.821875] ? __pfx_kthread+0x10/0x10 [ 25.821896] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.821918] ? calculate_sigpending+0x7b/0xa0 [ 25.821942] ? __pfx_kthread+0x10/0x10 [ 25.821964] ret_from_fork+0x116/0x1d0 [ 25.821984] ? __pfx_kthread+0x10/0x10 [ 25.822005] ret_from_fork_asm+0x1a/0x30 [ 25.822036] </TASK> [ 25.822046] [ 25.829077] Allocated by task 309: [ 25.829253] kasan_save_stack+0x45/0x70 [ 25.829506] kasan_save_track+0x18/0x40 [ 25.829693] kasan_save_alloc_info+0x3b/0x50 [ 25.829852] __kasan_kmalloc+0xb7/0xc0 [ 25.829986] __kmalloc_cache_noprof+0x189/0x420 [ 25.830203] kasan_strings+0xc0/0xe80 [ 25.830382] kunit_try_run_case+0x1a5/0x480 [ 25.830578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.830831] kthread+0x337/0x6f0 [ 25.830947] ret_from_fork+0x116/0x1d0 [ 25.831074] ret_from_fork_asm+0x1a/0x30 [ 25.831261] [ 25.831351] Freed by task 309: [ 25.831610] kasan_save_stack+0x45/0x70 [ 25.831809] kasan_save_track+0x18/0x40 [ 25.831998] kasan_save_free_info+0x3f/0x60 [ 25.832164] __kasan_slab_free+0x56/0x70 [ 25.832334] kfree+0x222/0x3f0 [ 25.832446] kasan_strings+0x2aa/0xe80 [ 25.832641] kunit_try_run_case+0x1a5/0x480 [ 25.832851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.833051] kthread+0x337/0x6f0 [ 25.833165] ret_from_fork+0x116/0x1d0 [ 25.833290] ret_from_fork_asm+0x1a/0x30 [ 25.833422] [ 25.833486] The buggy address belongs to the object at ffff88810613f2c0 [ 25.833486] which belongs to the cache kmalloc-32 of size 32 [ 25.835520] The buggy address is located 16 bytes inside of [ 25.835520] freed 32-byte region [ffff88810613f2c0, ffff88810613f2e0) [ 25.837003] [ 25.837333] The buggy address belongs to the physical page: [ 25.838153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613f [ 25.838899] flags: 0x200000000000000(node=0|zone=2) [ 25.839073] page_type: f5(slab) [ 25.839193] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.839704] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.840601] page dumped because: kasan: bad access detected [ 25.841271] [ 25.841632] Memory state around the buggy address: [ 25.842233] ffff88810613f180: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.843103] ffff88810613f200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.843628] >ffff88810613f280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.843858] ^ [ 25.844037] ffff88810613f300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.844238] ffff88810613f380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.844901] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 25.799662] ================================================================== [ 25.800126] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 25.800497] Read of size 1 at addr ffff88810613f2d0 by task kunit_try_catch/309 [ 25.800763] [ 25.800865] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.800919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.800931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.800955] Call Trace: [ 25.800968] <TASK> [ 25.800987] dump_stack_lvl+0x73/0xb0 [ 25.801019] print_report+0xd1/0x610 [ 25.801041] ? __virt_addr_valid+0x1db/0x2d0 [ 25.801067] ? kasan_strings+0xcbc/0xe80 [ 25.801089] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.801115] ? kasan_strings+0xcbc/0xe80 [ 25.801136] kasan_report+0x141/0x180 [ 25.801158] ? kasan_strings+0xcbc/0xe80 [ 25.801183] __asan_report_load1_noabort+0x18/0x20 [ 25.801207] kasan_strings+0xcbc/0xe80 [ 25.801227] ? trace_hardirqs_on+0x37/0xe0 [ 25.801250] ? __pfx_kasan_strings+0x10/0x10 [ 25.801271] ? finish_task_switch.isra.0+0x153/0x700 [ 25.801294] ? __switch_to+0x47/0xf80 [ 25.801322] ? __schedule+0x10cc/0x2b60 [ 25.801347] ? __pfx_read_tsc+0x10/0x10 [ 25.801370] ? ktime_get_ts64+0x86/0x230 [ 25.801394] kunit_try_run_case+0x1a5/0x480 [ 25.801430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.801450] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.801475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.801497] ? __kthread_parkme+0x82/0x180 [ 25.801518] ? preempt_count_sub+0x50/0x80 [ 25.801541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.801562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.801588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.801613] kthread+0x337/0x6f0 [ 25.801633] ? trace_preempt_on+0x20/0xc0 [ 25.801655] ? __pfx_kthread+0x10/0x10 [ 25.801676] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.801698] ? calculate_sigpending+0x7b/0xa0 [ 25.801723] ? __pfx_kthread+0x10/0x10 [ 25.801759] ret_from_fork+0x116/0x1d0 [ 25.801778] ? __pfx_kthread+0x10/0x10 [ 25.801799] ret_from_fork_asm+0x1a/0x30 [ 25.801830] </TASK> [ 25.801842] [ 25.808856] Allocated by task 309: [ 25.809021] kasan_save_stack+0x45/0x70 [ 25.809157] kasan_save_track+0x18/0x40 [ 25.809284] kasan_save_alloc_info+0x3b/0x50 [ 25.809424] __kasan_kmalloc+0xb7/0xc0 [ 25.809598] __kmalloc_cache_noprof+0x189/0x420 [ 25.809822] kasan_strings+0xc0/0xe80 [ 25.810001] kunit_try_run_case+0x1a5/0x480 [ 25.810271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.810497] kthread+0x337/0x6f0 [ 25.810613] ret_from_fork+0x116/0x1d0 [ 25.810749] ret_from_fork_asm+0x1a/0x30 [ 25.810882] [ 25.811049] Freed by task 309: [ 25.811202] kasan_save_stack+0x45/0x70 [ 25.811388] kasan_save_track+0x18/0x40 [ 25.811587] kasan_save_free_info+0x3f/0x60 [ 25.811800] __kasan_slab_free+0x56/0x70 [ 25.811989] kfree+0x222/0x3f0 [ 25.812147] kasan_strings+0x2aa/0xe80 [ 25.812301] kunit_try_run_case+0x1a5/0x480 [ 25.812440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.812607] kthread+0x337/0x6f0 [ 25.812721] ret_from_fork+0x116/0x1d0 [ 25.812854] ret_from_fork_asm+0x1a/0x30 [ 25.813009] [ 25.813104] The buggy address belongs to the object at ffff88810613f2c0 [ 25.813104] which belongs to the cache kmalloc-32 of size 32 [ 25.813613] The buggy address is located 16 bytes inside of [ 25.813613] freed 32-byte region [ffff88810613f2c0, ffff88810613f2e0) [ 25.814208] [ 25.814343] The buggy address belongs to the physical page: [ 25.814605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613f [ 25.814926] flags: 0x200000000000000(node=0|zone=2) [ 25.815121] page_type: f5(slab) [ 25.815285] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.815610] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.815839] page dumped because: kasan: bad access detected [ 25.816004] [ 25.816066] Memory state around the buggy address: [ 25.816213] ffff88810613f180: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.816608] ffff88810613f200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.816940] >ffff88810613f280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.817257] ^ [ 25.817630] ffff88810613f300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.817871] ffff88810613f380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.818074] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 25.772200] ================================================================== [ 25.773263] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 25.773768] Read of size 1 at addr ffff88810613f2d0 by task kunit_try_catch/309 [ 25.774329] [ 25.774503] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.774572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.774585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.774609] Call Trace: [ 25.774624] <TASK> [ 25.774643] dump_stack_lvl+0x73/0xb0 [ 25.774676] print_report+0xd1/0x610 [ 25.774701] ? __virt_addr_valid+0x1db/0x2d0 [ 25.774728] ? strcmp+0xb0/0xc0 [ 25.774771] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.774797] ? strcmp+0xb0/0xc0 [ 25.774819] kasan_report+0x141/0x180 [ 25.775393] ? strcmp+0xb0/0xc0 [ 25.775435] __asan_report_load1_noabort+0x18/0x20 [ 25.775464] strcmp+0xb0/0xc0 [ 25.775490] kasan_strings+0x431/0xe80 [ 25.775511] ? trace_hardirqs_on+0x37/0xe0 [ 25.775536] ? __pfx_kasan_strings+0x10/0x10 [ 25.775557] ? finish_task_switch.isra.0+0x153/0x700 [ 25.775582] ? __switch_to+0x47/0xf80 [ 25.775609] ? __schedule+0x10cc/0x2b60 [ 25.775633] ? __pfx_read_tsc+0x10/0x10 [ 25.775656] ? ktime_get_ts64+0x86/0x230 [ 25.775682] kunit_try_run_case+0x1a5/0x480 [ 25.775706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.775727] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.775762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.775786] ? __kthread_parkme+0x82/0x180 [ 25.775806] ? preempt_count_sub+0x50/0x80 [ 25.775829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.775851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.775876] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.775901] kthread+0x337/0x6f0 [ 25.775922] ? trace_preempt_on+0x20/0xc0 [ 25.775943] ? __pfx_kthread+0x10/0x10 [ 25.775965] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.775987] ? calculate_sigpending+0x7b/0xa0 [ 25.776013] ? __pfx_kthread+0x10/0x10 [ 25.776035] ret_from_fork+0x116/0x1d0 [ 25.776055] ? __pfx_kthread+0x10/0x10 [ 25.776079] ret_from_fork_asm+0x1a/0x30 [ 25.776112] </TASK> [ 25.776125] [ 25.786455] Allocated by task 309: [ 25.786798] kasan_save_stack+0x45/0x70 [ 25.787152] kasan_save_track+0x18/0x40 [ 25.787523] kasan_save_alloc_info+0x3b/0x50 [ 25.787920] __kasan_kmalloc+0xb7/0xc0 [ 25.788254] __kmalloc_cache_noprof+0x189/0x420 [ 25.788687] kasan_strings+0xc0/0xe80 [ 25.789035] kunit_try_run_case+0x1a5/0x480 [ 25.789396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.789668] kthread+0x337/0x6f0 [ 25.789797] ret_from_fork+0x116/0x1d0 [ 25.789923] ret_from_fork_asm+0x1a/0x30 [ 25.790055] [ 25.790118] Freed by task 309: [ 25.790221] kasan_save_stack+0x45/0x70 [ 25.790348] kasan_save_track+0x18/0x40 [ 25.790480] kasan_save_free_info+0x3f/0x60 [ 25.790623] __kasan_slab_free+0x56/0x70 [ 25.790866] kfree+0x222/0x3f0 [ 25.790978] kasan_strings+0x2aa/0xe80 [ 25.791103] kunit_try_run_case+0x1a5/0x480 [ 25.791239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.791407] kthread+0x337/0x6f0 [ 25.791713] ret_from_fork+0x116/0x1d0 [ 25.792051] ret_from_fork_asm+0x1a/0x30 [ 25.792392] [ 25.792552] The buggy address belongs to the object at ffff88810613f2c0 [ 25.792552] which belongs to the cache kmalloc-32 of size 32 [ 25.793587] The buggy address is located 16 bytes inside of [ 25.793587] freed 32-byte region [ffff88810613f2c0, ffff88810613f2e0) [ 25.794564] [ 25.794643] The buggy address belongs to the physical page: [ 25.794821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613f [ 25.795056] flags: 0x200000000000000(node=0|zone=2) [ 25.795215] page_type: f5(slab) [ 25.795334] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.795606] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.795973] page dumped because: kasan: bad access detected [ 25.796229] [ 25.796322] Memory state around the buggy address: [ 25.796555] ffff88810613f180: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.796831] ffff88810613f200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.797040] >ffff88810613f280: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.797357] ^ [ 25.797742] ffff88810613f300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.797957] ffff88810613f380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.798248] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 25.739546] ================================================================== [ 25.740820] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 25.741098] Read of size 1 at addr ffff88810613f218 by task kunit_try_catch/307 [ 25.741855] [ 25.742189] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.742250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.742263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.742357] Call Trace: [ 25.742373] <TASK> [ 25.742392] dump_stack_lvl+0x73/0xb0 [ 25.742438] print_report+0xd1/0x610 [ 25.742464] ? __virt_addr_valid+0x1db/0x2d0 [ 25.742489] ? memcmp+0x1b4/0x1d0 [ 25.742508] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.742534] ? memcmp+0x1b4/0x1d0 [ 25.742553] kasan_report+0x141/0x180 [ 25.742575] ? memcmp+0x1b4/0x1d0 [ 25.742598] __asan_report_load1_noabort+0x18/0x20 [ 25.742622] memcmp+0x1b4/0x1d0 [ 25.742643] kasan_memcmp+0x18f/0x390 [ 25.742665] ? __pfx_kasan_memcmp+0x10/0x10 [ 25.742685] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.742715] ? __pfx_kasan_memcmp+0x10/0x10 [ 25.742752] kunit_try_run_case+0x1a5/0x480 [ 25.742776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.742797] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.742820] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.742844] ? __kthread_parkme+0x82/0x180 [ 25.742866] ? preempt_count_sub+0x50/0x80 [ 25.742890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.742911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.742937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.742964] kthread+0x337/0x6f0 [ 25.742984] ? trace_preempt_on+0x20/0xc0 [ 25.743009] ? __pfx_kthread+0x10/0x10 [ 25.743031] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.743054] ? calculate_sigpending+0x7b/0xa0 [ 25.743079] ? __pfx_kthread+0x10/0x10 [ 25.743102] ret_from_fork+0x116/0x1d0 [ 25.743124] ? __pfx_kthread+0x10/0x10 [ 25.743146] ret_from_fork_asm+0x1a/0x30 [ 25.743179] </TASK> [ 25.743191] [ 25.752213] Allocated by task 307: [ 25.752533] kasan_save_stack+0x45/0x70 [ 25.752685] kasan_save_track+0x18/0x40 [ 25.752827] kasan_save_alloc_info+0x3b/0x50 [ 25.753029] __kasan_kmalloc+0xb7/0xc0 [ 25.753613] __kmalloc_cache_noprof+0x189/0x420 [ 25.753864] kasan_memcmp+0xb7/0x390 [ 25.754015] kunit_try_run_case+0x1a5/0x480 [ 25.754156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.754327] kthread+0x337/0x6f0 [ 25.754443] ret_from_fork+0x116/0x1d0 [ 25.754571] ret_from_fork_asm+0x1a/0x30 [ 25.754704] [ 25.754782] The buggy address belongs to the object at ffff88810613f200 [ 25.754782] which belongs to the cache kmalloc-32 of size 32 [ 25.755128] The buggy address is located 0 bytes to the right of [ 25.755128] allocated 24-byte region [ffff88810613f200, ffff88810613f218) [ 25.755487] [ 25.755554] The buggy address belongs to the physical page: [ 25.755720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613f [ 25.757058] flags: 0x200000000000000(node=0|zone=2) [ 25.757754] page_type: f5(slab) [ 25.757927] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.758213] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.758798] page dumped because: kasan: bad access detected [ 25.759202] [ 25.759509] Memory state around the buggy address: [ 25.759747] ffff88810613f100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.760034] ffff88810613f180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.760578] >ffff88810613f200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.760993] ^ [ 25.761178] ffff88810613f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.761822] ffff88810613f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.762209] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 25.715439] ================================================================== [ 25.715906] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 25.716213] Read of size 1 at addr ffff888106247c4a by task kunit_try_catch/303 [ 25.716511] [ 25.716644] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.716700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.716713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.716748] Call Trace: [ 25.716764] <TASK> [ 25.716783] dump_stack_lvl+0x73/0xb0 [ 25.716818] print_report+0xd1/0x610 [ 25.716852] ? __virt_addr_valid+0x1db/0x2d0 [ 25.716879] ? kasan_alloca_oob_right+0x329/0x390 [ 25.716912] ? kasan_addr_to_slab+0x11/0xa0 [ 25.716933] ? kasan_alloca_oob_right+0x329/0x390 [ 25.716957] kasan_report+0x141/0x180 [ 25.716979] ? kasan_alloca_oob_right+0x329/0x390 [ 25.717006] __asan_report_load1_noabort+0x18/0x20 [ 25.717030] kasan_alloca_oob_right+0x329/0x390 [ 25.717050] ? __kasan_check_write+0x18/0x20 [ 25.717074] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.717105] ? irqentry_exit+0x2a/0x60 [ 25.717129] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.717155] ? trace_hardirqs_on+0x37/0xe0 [ 25.717181] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.717208] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.717235] kunit_try_run_case+0x1a5/0x480 [ 25.717260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.717289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.717314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.717338] ? __kthread_parkme+0x82/0x180 [ 25.717360] ? preempt_count_sub+0x50/0x80 [ 25.717384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.717406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.717440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.717467] kthread+0x337/0x6f0 [ 25.717488] ? trace_preempt_on+0x20/0xc0 [ 25.717511] ? __pfx_kthread+0x10/0x10 [ 25.717532] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.717554] ? calculate_sigpending+0x7b/0xa0 [ 25.717578] ? __pfx_kthread+0x10/0x10 [ 25.717601] ret_from_fork+0x116/0x1d0 [ 25.717621] ? __pfx_kthread+0x10/0x10 [ 25.717643] ret_from_fork_asm+0x1a/0x30 [ 25.717676] </TASK> [ 25.717687] [ 25.724488] The buggy address belongs to stack of task kunit_try_catch/303 [ 25.725044] [ 25.725150] The buggy address belongs to the physical page: [ 25.725398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106247 [ 25.725819] flags: 0x200000000000000(node=0|zone=2) [ 25.725998] raw: 0200000000000000 ffffea00041891c8 ffffea00041891c8 0000000000000000 [ 25.726224] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.726524] page dumped because: kasan: bad access detected [ 25.726922] [ 25.727021] Memory state around the buggy address: [ 25.727240] ffff888106247b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.727832] ffff888106247b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.728236] >ffff888106247c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.728814] ^ [ 25.729042] ffff888106247c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.729253] ffff888106247d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.729618] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 25.685506] ================================================================== [ 25.686024] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 25.686766] Read of size 1 at addr ffff888102bcfc3f by task kunit_try_catch/301 [ 25.687537] [ 25.687749] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.687807] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.687820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.687843] Call Trace: [ 25.687857] <TASK> [ 25.687875] dump_stack_lvl+0x73/0xb0 [ 25.687909] print_report+0xd1/0x610 [ 25.687933] ? __virt_addr_valid+0x1db/0x2d0 [ 25.687973] ? kasan_alloca_oob_left+0x320/0x380 [ 25.687997] ? kasan_addr_to_slab+0x11/0xa0 [ 25.688017] ? kasan_alloca_oob_left+0x320/0x380 [ 25.688081] kasan_report+0x141/0x180 [ 25.688105] ? kasan_alloca_oob_left+0x320/0x380 [ 25.688157] __asan_report_load1_noabort+0x18/0x20 [ 25.688182] kasan_alloca_oob_left+0x320/0x380 [ 25.688205] ? irqentry_exit+0x2a/0x60 [ 25.688228] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.688253] ? trace_hardirqs_on+0x37/0xe0 [ 25.688280] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.688307] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.688426] kunit_try_run_case+0x1a5/0x480 [ 25.688452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.688474] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.688498] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.688522] ? __kthread_parkme+0x82/0x180 [ 25.688545] ? preempt_count_sub+0x50/0x80 [ 25.688570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.688592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.688617] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.688642] kthread+0x337/0x6f0 [ 25.688663] ? trace_preempt_on+0x20/0xc0 [ 25.688686] ? __pfx_kthread+0x10/0x10 [ 25.688708] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.688741] ? calculate_sigpending+0x7b/0xa0 [ 25.688821] ? __pfx_kthread+0x10/0x10 [ 25.688844] ret_from_fork+0x116/0x1d0 [ 25.688865] ? __pfx_kthread+0x10/0x10 [ 25.688887] ret_from_fork_asm+0x1a/0x30 [ 25.688919] </TASK> [ 25.688932] [ 25.703080] The buggy address belongs to stack of task kunit_try_catch/301 [ 25.703843] [ 25.704043] The buggy address belongs to the physical page: [ 25.704619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bcf [ 25.704981] flags: 0x200000000000000(node=0|zone=2) [ 25.705160] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.705893] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.706633] page dumped because: kasan: bad access detected [ 25.707112] [ 25.707262] Memory state around the buggy address: [ 25.707659] ffff888102bcfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.707919] ffff888102bcfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.708825] >ffff888102bcfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.709632] ^ [ 25.709897] ffff888102bcfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.710117] ffff888102bcfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.711394] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 25.657051] ================================================================== [ 25.657968] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 25.658249] Read of size 1 at addr ffff888106247d02 by task kunit_try_catch/299 [ 25.658595] [ 25.658683] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.659343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.659367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.659476] Call Trace: [ 25.659494] <TASK> [ 25.659512] dump_stack_lvl+0x73/0xb0 [ 25.659549] print_report+0xd1/0x610 [ 25.659573] ? __virt_addr_valid+0x1db/0x2d0 [ 25.659598] ? kasan_stack_oob+0x2b5/0x300 [ 25.659622] ? kasan_addr_to_slab+0x11/0xa0 [ 25.659642] ? kasan_stack_oob+0x2b5/0x300 [ 25.659667] kasan_report+0x141/0x180 [ 25.659688] ? kasan_stack_oob+0x2b5/0x300 [ 25.659716] __asan_report_load1_noabort+0x18/0x20 [ 25.659755] kasan_stack_oob+0x2b5/0x300 [ 25.659778] ? __pfx_kasan_stack_oob+0x10/0x10 [ 25.659802] ? finish_task_switch.isra.0+0x153/0x700 [ 25.659826] ? __switch_to+0x47/0xf80 [ 25.659854] ? __schedule+0x10cc/0x2b60 [ 25.659877] ? __pfx_read_tsc+0x10/0x10 [ 25.659900] ? ktime_get_ts64+0x86/0x230 [ 25.659925] kunit_try_run_case+0x1a5/0x480 [ 25.659948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.659969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.659992] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.660016] ? __kthread_parkme+0x82/0x180 [ 25.660037] ? preempt_count_sub+0x50/0x80 [ 25.660060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.660082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.660107] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.660132] kthread+0x337/0x6f0 [ 25.660152] ? trace_preempt_on+0x20/0xc0 [ 25.660175] ? __pfx_kthread+0x10/0x10 [ 25.660196] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.660218] ? calculate_sigpending+0x7b/0xa0 [ 25.660243] ? __pfx_kthread+0x10/0x10 [ 25.660264] ret_from_fork+0x116/0x1d0 [ 25.660283] ? __pfx_kthread+0x10/0x10 [ 25.661478] ret_from_fork_asm+0x1a/0x30 [ 25.661514] </TASK> [ 25.661528] [ 25.672900] The buggy address belongs to stack of task kunit_try_catch/299 [ 25.673494] and is located at offset 138 in frame: [ 25.673791] kasan_stack_oob+0x0/0x300 [ 25.674107] [ 25.674212] This frame has 4 objects: [ 25.674628] [48, 49) '__assertion' [ 25.674656] [64, 72) 'array' [ 25.674828] [96, 112) '__assertion' [ 25.674951] [128, 138) 'stack_array' [ 25.675153] [ 25.675545] The buggy address belongs to the physical page: [ 25.675757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106247 [ 25.676090] flags: 0x200000000000000(node=0|zone=2) [ 25.676358] raw: 0200000000000000 ffffea00041891c8 ffffea00041891c8 0000000000000000 [ 25.676659] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.677151] page dumped because: kasan: bad access detected [ 25.677418] [ 25.677750] Memory state around the buggy address: [ 25.677932] ffff888106247c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.678229] ffff888106247c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 25.678662] >ffff888106247d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.678955] ^ [ 25.679170] ffff888106247d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.679619] ffff888106247e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.679971] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 25.633198] ================================================================== [ 25.634012] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 25.634296] Read of size 1 at addr ffffffffbd8baf4d by task kunit_try_catch/295 [ 25.634810] [ 25.634943] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.634998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.635010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.635034] Call Trace: [ 25.635048] <TASK> [ 25.635066] dump_stack_lvl+0x73/0xb0 [ 25.635097] print_report+0xd1/0x610 [ 25.635119] ? __virt_addr_valid+0x1db/0x2d0 [ 25.635144] ? kasan_global_oob_right+0x286/0x2d0 [ 25.635170] ? kasan_addr_to_slab+0x11/0xa0 [ 25.635191] ? kasan_global_oob_right+0x286/0x2d0 [ 25.635216] kasan_report+0x141/0x180 [ 25.635238] ? kasan_global_oob_right+0x286/0x2d0 [ 25.635287] __asan_report_load1_noabort+0x18/0x20 [ 25.635312] kasan_global_oob_right+0x286/0x2d0 [ 25.635338] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.635365] ? __schedule+0x10cc/0x2b60 [ 25.635390] ? __pfx_read_tsc+0x10/0x10 [ 25.635554] ? ktime_get_ts64+0x86/0x230 [ 25.635588] kunit_try_run_case+0x1a5/0x480 [ 25.635612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.635634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.635657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.635681] ? __kthread_parkme+0x82/0x180 [ 25.635702] ? preempt_count_sub+0x50/0x80 [ 25.635726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.635761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.635787] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.635813] kthread+0x337/0x6f0 [ 25.635832] ? trace_preempt_on+0x20/0xc0 [ 25.635855] ? __pfx_kthread+0x10/0x10 [ 25.635876] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.635897] ? calculate_sigpending+0x7b/0xa0 [ 25.635921] ? __pfx_kthread+0x10/0x10 [ 25.635943] ret_from_fork+0x116/0x1d0 [ 25.635962] ? __pfx_kthread+0x10/0x10 [ 25.635983] ret_from_fork_asm+0x1a/0x30 [ 25.636013] </TASK> [ 25.636025] [ 25.643004] The buggy address belongs to the variable: [ 25.643208] global_array+0xd/0x40 [ 25.643500] [ 25.643717] The buggy address belongs to the physical page: [ 25.643998] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1302ba [ 25.644422] flags: 0x200000000002000(reserved|node=0|zone=2) [ 25.644680] raw: 0200000000002000 ffffea0004c0ae88 ffffea0004c0ae88 0000000000000000 [ 25.644983] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.645221] page dumped because: kasan: bad access detected [ 25.645872] [ 25.645991] Memory state around the buggy address: [ 25.646145] ffffffffbd8bae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.646355] ffffffffbd8bae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.646664] >ffffffffbd8baf00: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 25.647126] ^ [ 25.647552] ffffffffbd8baf80: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 25.647791] ffffffffbd8bb000: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 25.647999] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 25.581569] ================================================================== [ 25.582077] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.582585] Free of addr ffff888104cacf01 by task kunit_try_catch/291 [ 25.582873] [ 25.582990] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.583045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.583056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.583080] Call Trace: [ 25.583095] <TASK> [ 25.583113] dump_stack_lvl+0x73/0xb0 [ 25.583146] print_report+0xd1/0x610 [ 25.583168] ? __virt_addr_valid+0x1db/0x2d0 [ 25.583193] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.583219] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.583245] kasan_report_invalid_free+0x10a/0x130 [ 25.583278] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.583304] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.583328] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.583351] check_slab_allocation+0x11f/0x130 [ 25.583373] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.583397] mempool_free+0x2ec/0x380 [ 25.583423] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.583447] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.583473] ? __kasan_check_write+0x18/0x20 [ 25.583496] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.583518] ? finish_task_switch.isra.0+0x153/0x700 [ 25.583544] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.583568] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.583594] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.583616] ? __pfx_mempool_kfree+0x10/0x10 [ 25.583640] ? __pfx_read_tsc+0x10/0x10 [ 25.583663] ? ktime_get_ts64+0x86/0x230 [ 25.583689] kunit_try_run_case+0x1a5/0x480 [ 25.583713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.583743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.583767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.583791] ? __kthread_parkme+0x82/0x180 [ 25.583812] ? preempt_count_sub+0x50/0x80 [ 25.583835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.583856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.583881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.583907] kthread+0x337/0x6f0 [ 25.583927] ? trace_preempt_on+0x20/0xc0 [ 25.583951] ? __pfx_kthread+0x10/0x10 [ 25.583971] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.583992] ? calculate_sigpending+0x7b/0xa0 [ 25.584017] ? __pfx_kthread+0x10/0x10 [ 25.584038] ret_from_fork+0x116/0x1d0 [ 25.584057] ? __pfx_kthread+0x10/0x10 [ 25.584078] ret_from_fork_asm+0x1a/0x30 [ 25.584108] </TASK> [ 25.584120] [ 25.593510] Allocated by task 291: [ 25.593643] kasan_save_stack+0x45/0x70 [ 25.593992] kasan_save_track+0x18/0x40 [ 25.594155] kasan_save_alloc_info+0x3b/0x50 [ 25.594420] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.594636] remove_element+0x11e/0x190 [ 25.594817] mempool_alloc_preallocated+0x4d/0x90 [ 25.595016] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.595242] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.595510] kunit_try_run_case+0x1a5/0x480 [ 25.595708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.595942] kthread+0x337/0x6f0 [ 25.596060] ret_from_fork+0x116/0x1d0 [ 25.596185] ret_from_fork_asm+0x1a/0x30 [ 25.596426] [ 25.596522] The buggy address belongs to the object at ffff888104cacf00 [ 25.596522] which belongs to the cache kmalloc-128 of size 128 [ 25.597057] The buggy address is located 1 bytes inside of [ 25.597057] 128-byte region [ffff888104cacf00, ffff888104cacf80) [ 25.597667] [ 25.597784] The buggy address belongs to the physical page: [ 25.598009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 25.598400] flags: 0x200000000000000(node=0|zone=2) [ 25.598620] page_type: f5(slab) [ 25.598778] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.599075] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 25.599296] page dumped because: kasan: bad access detected [ 25.599460] [ 25.599523] Memory state around the buggy address: [ 25.599778] ffff888104cace00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.600085] ffff888104cace80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.600527] >ffff888104cacf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.600808] ^ [ 25.600973] ffff888104cacf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.601248] ffff888104cad000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.601674] ================================================================== [ 25.605546] ================================================================== [ 25.606048] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.606365] Free of addr ffff888102bac001 by task kunit_try_catch/293 [ 25.606688] [ 25.606805] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.606861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.606874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.606898] Call Trace: [ 25.606912] <TASK> [ 25.606930] dump_stack_lvl+0x73/0xb0 [ 25.606965] print_report+0xd1/0x610 [ 25.606988] ? __virt_addr_valid+0x1db/0x2d0 [ 25.607015] ? kasan_addr_to_slab+0x11/0xa0 [ 25.607036] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.607061] kasan_report_invalid_free+0x10a/0x130 [ 25.607086] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.607114] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.607138] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.607162] mempool_free+0x2ec/0x380 [ 25.607190] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.607215] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.607242] ? __kasan_check_write+0x18/0x20 [ 25.607266] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.607290] ? finish_task_switch.isra.0+0x153/0x700 [ 25.607317] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.607342] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.607369] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.607449] ? __pfx_mempool_kfree+0x10/0x10 [ 25.607480] ? __pfx_read_tsc+0x10/0x10 [ 25.607504] ? ktime_get_ts64+0x86/0x230 [ 25.607530] kunit_try_run_case+0x1a5/0x480 [ 25.607556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.607578] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.607605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.607630] ? __kthread_parkme+0x82/0x180 [ 25.607651] ? preempt_count_sub+0x50/0x80 [ 25.607674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.607696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.607721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.607758] kthread+0x337/0x6f0 [ 25.607779] ? trace_preempt_on+0x20/0xc0 [ 25.607804] ? __pfx_kthread+0x10/0x10 [ 25.607827] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.607848] ? calculate_sigpending+0x7b/0xa0 [ 25.607874] ? __pfx_kthread+0x10/0x10 [ 25.607896] ret_from_fork+0x116/0x1d0 [ 25.607916] ? __pfx_kthread+0x10/0x10 [ 25.607938] ret_from_fork_asm+0x1a/0x30 [ 25.607970] </TASK> [ 25.607981] [ 25.619828] The buggy address belongs to the physical page: [ 25.620070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bac [ 25.620406] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.621371] flags: 0x200000000000040(head|node=0|zone=2) [ 25.621807] page_type: f8(unknown) [ 25.622112] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.622758] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.623086] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.623395] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.623697] head: 0200000000000002 ffffea00040aeb01 00000000ffffffff 00000000ffffffff [ 25.624551] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.625127] page dumped because: kasan: bad access detected [ 25.625643] [ 25.625915] Memory state around the buggy address: [ 25.626181] ffff888102babf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.626794] ffff888102babf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.627105] >ffff888102bac000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.627687] ^ [ 25.627852] ffff888102bac080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.628139] ffff888102bac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.628771] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 25.555438] ================================================================== [ 25.556208] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.556642] Free of addr ffff888102bac000 by task kunit_try_catch/289 [ 25.557299] [ 25.557621] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.557899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.557915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.557940] Call Trace: [ 25.557954] <TASK> [ 25.557973] dump_stack_lvl+0x73/0xb0 [ 25.558010] print_report+0xd1/0x610 [ 25.558034] ? __virt_addr_valid+0x1db/0x2d0 [ 25.558061] ? kasan_addr_to_slab+0x11/0xa0 [ 25.558081] ? mempool_double_free_helper+0x184/0x370 [ 25.558107] kasan_report_invalid_free+0x10a/0x130 [ 25.558131] ? mempool_double_free_helper+0x184/0x370 [ 25.558158] ? mempool_double_free_helper+0x184/0x370 [ 25.558181] __kasan_mempool_poison_pages+0x115/0x130 [ 25.558205] mempool_free+0x290/0x380 [ 25.558234] mempool_double_free_helper+0x184/0x370 [ 25.558257] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.558434] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.558460] ? finish_task_switch.isra.0+0x153/0x700 [ 25.558487] mempool_page_alloc_double_free+0xe8/0x140 [ 25.558513] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.558539] ? __kasan_check_write+0x18/0x20 [ 25.558564] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.558587] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.558613] ? __pfx_read_tsc+0x10/0x10 [ 25.558636] ? ktime_get_ts64+0x86/0x230 [ 25.558658] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.558687] kunit_try_run_case+0x1a5/0x480 [ 25.558710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.558758] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.558783] ? __kthread_parkme+0x82/0x180 [ 25.558804] ? preempt_count_sub+0x50/0x80 [ 25.558827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.558850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.558875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.558900] kthread+0x337/0x6f0 [ 25.558920] ? trace_preempt_on+0x20/0xc0 [ 25.558944] ? __pfx_kthread+0x10/0x10 [ 25.558965] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.558987] ? calculate_sigpending+0x7b/0xa0 [ 25.559012] ? __pfx_kthread+0x10/0x10 [ 25.559035] ret_from_fork+0x116/0x1d0 [ 25.559053] ? __pfx_kthread+0x10/0x10 [ 25.559075] ret_from_fork_asm+0x1a/0x30 [ 25.559105] </TASK> [ 25.559118] [ 25.572213] The buggy address belongs to the physical page: [ 25.572675] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bac [ 25.573183] flags: 0x200000000000000(node=0|zone=2) [ 25.573518] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.573855] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.574173] page dumped because: kasan: bad access detected [ 25.574848] [ 25.574937] Memory state around the buggy address: [ 25.575175] ffff888102babf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.575717] ffff888102babf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.576342] >ffff888102bac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.576889] ^ [ 25.577156] ffff888102bac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.577756] ffff888102bac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.578043] ================================================================== [ 25.521849] ================================================================== [ 25.522384] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.523269] Free of addr ffff888102bac000 by task kunit_try_catch/287 [ 25.523634] [ 25.523929] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.524141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.524158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.524183] Call Trace: [ 25.524200] <TASK> [ 25.524221] dump_stack_lvl+0x73/0xb0 [ 25.524259] print_report+0xd1/0x610 [ 25.524375] ? __virt_addr_valid+0x1db/0x2d0 [ 25.524407] ? kasan_addr_to_slab+0x11/0xa0 [ 25.524438] ? mempool_double_free_helper+0x184/0x370 [ 25.524464] kasan_report_invalid_free+0x10a/0x130 [ 25.524490] ? mempool_double_free_helper+0x184/0x370 [ 25.524518] ? mempool_double_free_helper+0x184/0x370 [ 25.524541] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 25.524566] mempool_free+0x2ec/0x380 [ 25.524595] mempool_double_free_helper+0x184/0x370 [ 25.524619] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.524643] ? update_load_avg+0x1be/0x21b0 [ 25.524669] ? dequeue_entities+0x27e/0x1740 [ 25.524696] ? finish_task_switch.isra.0+0x153/0x700 [ 25.524724] mempool_kmalloc_large_double_free+0xed/0x140 [ 25.524764] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 25.524792] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.524814] ? __pfx_mempool_kfree+0x10/0x10 [ 25.524839] ? __pfx_read_tsc+0x10/0x10 [ 25.524862] ? ktime_get_ts64+0x86/0x230 [ 25.524888] kunit_try_run_case+0x1a5/0x480 [ 25.524913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.524933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.524958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.524983] ? __kthread_parkme+0x82/0x180 [ 25.525005] ? preempt_count_sub+0x50/0x80 [ 25.525029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.525050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.525075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.525101] kthread+0x337/0x6f0 [ 25.525122] ? trace_preempt_on+0x20/0xc0 [ 25.525147] ? __pfx_kthread+0x10/0x10 [ 25.525169] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.525191] ? calculate_sigpending+0x7b/0xa0 [ 25.525217] ? __pfx_kthread+0x10/0x10 [ 25.525239] ret_from_fork+0x116/0x1d0 [ 25.525259] ? __pfx_kthread+0x10/0x10 [ 25.525302] ret_from_fork_asm+0x1a/0x30 [ 25.525336] </TASK> [ 25.525348] [ 25.539057] The buggy address belongs to the physical page: [ 25.539306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bac [ 25.539951] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.540598] flags: 0x200000000000040(head|node=0|zone=2) [ 25.540882] page_type: f8(unknown) [ 25.541170] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.541724] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.542183] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.542771] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.543229] head: 0200000000000002 ffffea00040aeb01 00000000ffffffff 00000000ffffffff [ 25.543703] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.544021] page dumped because: kasan: bad access detected [ 25.544270] [ 25.544351] Memory state around the buggy address: [ 25.545057] ffff888102babf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.545519] ffff888102babf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.545960] >ffff888102bac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.546445] ^ [ 25.546719] ffff888102bac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.547144] ffff888102bac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.547593] ================================================================== [ 25.484118] ================================================================== [ 25.484654] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.484988] Free of addr ffff888104cacb00 by task kunit_try_catch/285 [ 25.485255] [ 25.485364] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.485416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.485429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.485453] Call Trace: [ 25.485468] <TASK> [ 25.485487] dump_stack_lvl+0x73/0xb0 [ 25.485523] print_report+0xd1/0x610 [ 25.485545] ? __virt_addr_valid+0x1db/0x2d0 [ 25.485573] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.485600] ? mempool_double_free_helper+0x184/0x370 [ 25.485624] kasan_report_invalid_free+0x10a/0x130 [ 25.485648] ? mempool_double_free_helper+0x184/0x370 [ 25.485673] ? mempool_double_free_helper+0x184/0x370 [ 25.485694] ? mempool_double_free_helper+0x184/0x370 [ 25.485717] check_slab_allocation+0x101/0x130 [ 25.485779] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.485804] mempool_free+0x2ec/0x380 [ 25.485833] mempool_double_free_helper+0x184/0x370 [ 25.485856] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.485932] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.485976] ? finish_task_switch.isra.0+0x153/0x700 [ 25.486004] mempool_kmalloc_double_free+0xed/0x140 [ 25.486028] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 25.486054] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.486077] ? __pfx_mempool_kfree+0x10/0x10 [ 25.486102] ? __pfx_read_tsc+0x10/0x10 [ 25.486125] ? ktime_get_ts64+0x86/0x230 [ 25.486150] kunit_try_run_case+0x1a5/0x480 [ 25.486175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.486195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.486218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.486243] ? __kthread_parkme+0x82/0x180 [ 25.486609] ? preempt_count_sub+0x50/0x80 [ 25.486636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.486660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.486686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.486713] kthread+0x337/0x6f0 [ 25.486746] ? trace_preempt_on+0x20/0xc0 [ 25.486773] ? __pfx_kthread+0x10/0x10 [ 25.486795] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.486817] ? calculate_sigpending+0x7b/0xa0 [ 25.486843] ? __pfx_kthread+0x10/0x10 [ 25.486866] ret_from_fork+0x116/0x1d0 [ 25.486887] ? __pfx_kthread+0x10/0x10 [ 25.486911] ret_from_fork_asm+0x1a/0x30 [ 25.486943] </TASK> [ 25.486956] [ 25.500676] Allocated by task 285: [ 25.500879] kasan_save_stack+0x45/0x70 [ 25.501192] kasan_save_track+0x18/0x40 [ 25.501377] kasan_save_alloc_info+0x3b/0x50 [ 25.501581] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.501824] remove_element+0x11e/0x190 [ 25.502001] mempool_alloc_preallocated+0x4d/0x90 [ 25.502206] mempool_double_free_helper+0x8a/0x370 [ 25.502414] mempool_kmalloc_double_free+0xed/0x140 [ 25.502622] kunit_try_run_case+0x1a5/0x480 [ 25.503292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.503550] kthread+0x337/0x6f0 [ 25.503780] ret_from_fork+0x116/0x1d0 [ 25.504223] ret_from_fork_asm+0x1a/0x30 [ 25.504669] [ 25.504770] Freed by task 285: [ 25.504916] kasan_save_stack+0x45/0x70 [ 25.505297] kasan_save_track+0x18/0x40 [ 25.505593] kasan_save_free_info+0x3f/0x60 [ 25.505878] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.506210] mempool_free+0x2ec/0x380 [ 25.506614] mempool_double_free_helper+0x109/0x370 [ 25.506863] mempool_kmalloc_double_free+0xed/0x140 [ 25.507261] kunit_try_run_case+0x1a5/0x480 [ 25.507605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.508002] kthread+0x337/0x6f0 [ 25.508234] ret_from_fork+0x116/0x1d0 [ 25.508497] ret_from_fork_asm+0x1a/0x30 [ 25.508879] [ 25.508957] The buggy address belongs to the object at ffff888104cacb00 [ 25.508957] which belongs to the cache kmalloc-128 of size 128 [ 25.509721] The buggy address is located 0 bytes inside of [ 25.509721] 128-byte region [ffff888104cacb00, ffff888104cacb80) [ 25.510263] [ 25.510362] The buggy address belongs to the physical page: [ 25.510609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 25.510905] flags: 0x200000000000000(node=0|zone=2) [ 25.511133] page_type: f5(slab) [ 25.511288] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.511602] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.512533] page dumped because: kasan: bad access detected [ 25.512907] [ 25.512997] Memory state around the buggy address: [ 25.513337] ffff888104caca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.513883] ffff888104caca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.514193] >ffff888104cacb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.514678] ^ [ 25.514868] ffff888104cacb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.515161] ffff888104cacc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.515802] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 25.370368] ================================================================== [ 25.370969] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.371504] Read of size 1 at addr ffff888102ba8000 by task kunit_try_catch/279 [ 25.372045] [ 25.372165] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.372223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.372236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.372263] Call Trace: [ 25.372523] <TASK> [ 25.372547] dump_stack_lvl+0x73/0xb0 [ 25.372586] print_report+0xd1/0x610 [ 25.372609] ? __virt_addr_valid+0x1db/0x2d0 [ 25.372635] ? mempool_uaf_helper+0x392/0x400 [ 25.372657] ? kasan_addr_to_slab+0x11/0xa0 [ 25.372678] ? mempool_uaf_helper+0x392/0x400 [ 25.372700] kasan_report+0x141/0x180 [ 25.372722] ? mempool_uaf_helper+0x392/0x400 [ 25.372763] __asan_report_load1_noabort+0x18/0x20 [ 25.372787] mempool_uaf_helper+0x392/0x400 [ 25.372810] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.372833] ? __kasan_check_write+0x18/0x20 [ 25.372858] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.372882] ? finish_task_switch.isra.0+0x153/0x700 [ 25.372910] mempool_kmalloc_large_uaf+0xef/0x140 [ 25.372934] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 25.372959] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.372983] ? __pfx_mempool_kfree+0x10/0x10 [ 25.373008] ? __pfx_read_tsc+0x10/0x10 [ 25.373031] ? ktime_get_ts64+0x86/0x230 [ 25.373057] kunit_try_run_case+0x1a5/0x480 [ 25.373083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.373103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.373129] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.373152] ? __kthread_parkme+0x82/0x180 [ 25.373174] ? preempt_count_sub+0x50/0x80 [ 25.373198] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.373220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.373246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.373307] kthread+0x337/0x6f0 [ 25.373331] ? trace_preempt_on+0x20/0xc0 [ 25.373356] ? __pfx_kthread+0x10/0x10 [ 25.373378] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.373400] ? calculate_sigpending+0x7b/0xa0 [ 25.373439] ? __pfx_kthread+0x10/0x10 [ 25.373462] ret_from_fork+0x116/0x1d0 [ 25.373483] ? __pfx_kthread+0x10/0x10 [ 25.373504] ret_from_fork_asm+0x1a/0x30 [ 25.373535] </TASK> [ 25.373547] [ 25.385716] The buggy address belongs to the physical page: [ 25.386200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba8 [ 25.386873] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.387296] flags: 0x200000000000040(head|node=0|zone=2) [ 25.387750] page_type: f8(unknown) [ 25.388020] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.388536] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.388937] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.389270] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.389866] head: 0200000000000002 ffffea00040aea01 00000000ffffffff 00000000ffffffff [ 25.390352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.390796] page dumped because: kasan: bad access detected [ 25.391029] [ 25.391104] Memory state around the buggy address: [ 25.391572] ffff888102ba7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.391982] ffff888102ba7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.392478] >ffff888102ba8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.392771] ^ [ 25.392928] ffff888102ba8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.393218] ffff888102ba8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.393833] ================================================================== [ 25.450758] ================================================================== [ 25.451182] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.451420] Read of size 1 at addr ffff888102ba8000 by task kunit_try_catch/283 [ 25.451636] [ 25.451727] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.451795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.451808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.451833] Call Trace: [ 25.451847] <TASK> [ 25.451867] dump_stack_lvl+0x73/0xb0 [ 25.451899] print_report+0xd1/0x610 [ 25.451922] ? __virt_addr_valid+0x1db/0x2d0 [ 25.451947] ? mempool_uaf_helper+0x392/0x400 [ 25.451968] ? kasan_addr_to_slab+0x11/0xa0 [ 25.451988] ? mempool_uaf_helper+0x392/0x400 [ 25.452010] kasan_report+0x141/0x180 [ 25.452031] ? mempool_uaf_helper+0x392/0x400 [ 25.452057] __asan_report_load1_noabort+0x18/0x20 [ 25.452086] mempool_uaf_helper+0x392/0x400 [ 25.452110] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.452132] ? __kasan_check_write+0x18/0x20 [ 25.452156] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.452178] ? finish_task_switch.isra.0+0x153/0x700 [ 25.452204] mempool_page_alloc_uaf+0xed/0x140 [ 25.452227] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 25.452252] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.452276] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.452302] ? __pfx_read_tsc+0x10/0x10 [ 25.452329] ? ktime_get_ts64+0x86/0x230 [ 25.452355] kunit_try_run_case+0x1a5/0x480 [ 25.452378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.452398] ? irqentry_exit+0x2a/0x60 [ 25.452424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.452453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.452475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.452499] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.452523] kthread+0x337/0x6f0 [ 25.452544] ? trace_preempt_on+0x20/0xc0 [ 25.452567] ? __pfx_kthread+0x10/0x10 [ 25.452589] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.452610] ? calculate_sigpending+0x7b/0xa0 [ 25.452635] ? __pfx_kthread+0x10/0x10 [ 25.452657] ret_from_fork+0x116/0x1d0 [ 25.452675] ? __pfx_kthread+0x10/0x10 [ 25.452696] ret_from_fork_asm+0x1a/0x30 [ 25.452727] </TASK> [ 25.453116] [ 25.473325] The buggy address belongs to the physical page: [ 25.473944] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba8 [ 25.474550] flags: 0x200000000000000(node=0|zone=2) [ 25.474799] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.475607] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.476338] page dumped because: kasan: bad access detected [ 25.476836] [ 25.477026] Memory state around the buggy address: [ 25.477554] ffff888102ba7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.477820] ffff888102ba7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.478492] >ffff888102ba8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.479073] ^ [ 25.479414] ffff888102ba8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.480004] ffff888102ba8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.480441] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 25.405095] ================================================================== [ 25.406192] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.406639] Read of size 1 at addr ffff888104cc8240 by task kunit_try_catch/281 [ 25.407210] [ 25.407530] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.407705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.407720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.407766] Call Trace: [ 25.407782] <TASK> [ 25.407802] dump_stack_lvl+0x73/0xb0 [ 25.407837] print_report+0xd1/0x610 [ 25.407861] ? __virt_addr_valid+0x1db/0x2d0 [ 25.407885] ? mempool_uaf_helper+0x392/0x400 [ 25.407908] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.407935] ? mempool_uaf_helper+0x392/0x400 [ 25.407957] kasan_report+0x141/0x180 [ 25.407978] ? mempool_uaf_helper+0x392/0x400 [ 25.408004] __asan_report_load1_noabort+0x18/0x20 [ 25.408028] mempool_uaf_helper+0x392/0x400 [ 25.408052] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.408076] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.408099] ? finish_task_switch.isra.0+0x153/0x700 [ 25.408126] mempool_slab_uaf+0xea/0x140 [ 25.408149] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 25.408172] ? __kasan_check_write+0x18/0x20 [ 25.408196] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.408222] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.408248] ? __pfx_read_tsc+0x10/0x10 [ 25.408282] ? ktime_get_ts64+0x86/0x230 [ 25.408305] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.408340] kunit_try_run_case+0x1a5/0x480 [ 25.408364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.408386] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.408589] ? __kthread_parkme+0x82/0x180 [ 25.408621] ? preempt_count_sub+0x50/0x80 [ 25.408645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.408669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.408695] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.408720] kthread+0x337/0x6f0 [ 25.408755] ? trace_preempt_on+0x20/0xc0 [ 25.408778] ? __pfx_kthread+0x10/0x10 [ 25.408799] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.408822] ? calculate_sigpending+0x7b/0xa0 [ 25.408846] ? __pfx_kthread+0x10/0x10 [ 25.408869] ret_from_fork+0x116/0x1d0 [ 25.408888] ? __pfx_kthread+0x10/0x10 [ 25.408909] ret_from_fork_asm+0x1a/0x30 [ 25.408940] </TASK> [ 25.408953] [ 25.421810] Allocated by task 281: [ 25.421995] kasan_save_stack+0x45/0x70 [ 25.422178] kasan_save_track+0x18/0x40 [ 25.422353] kasan_save_alloc_info+0x3b/0x50 [ 25.423096] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.423683] remove_element+0x11e/0x190 [ 25.423916] mempool_alloc_preallocated+0x4d/0x90 [ 25.424218] mempool_uaf_helper+0x96/0x400 [ 25.424571] mempool_slab_uaf+0xea/0x140 [ 25.424931] kunit_try_run_case+0x1a5/0x480 [ 25.425255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.425662] kthread+0x337/0x6f0 [ 25.425850] ret_from_fork+0x116/0x1d0 [ 25.426029] ret_from_fork_asm+0x1a/0x30 [ 25.426221] [ 25.426722] Freed by task 281: [ 25.426894] kasan_save_stack+0x45/0x70 [ 25.427056] kasan_save_track+0x18/0x40 [ 25.427569] kasan_save_free_info+0x3f/0x60 [ 25.427927] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.428240] mempool_free+0x2ec/0x380 [ 25.428711] mempool_uaf_helper+0x11a/0x400 [ 25.428934] mempool_slab_uaf+0xea/0x140 [ 25.429196] kunit_try_run_case+0x1a5/0x480 [ 25.429555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.429932] kthread+0x337/0x6f0 [ 25.430102] ret_from_fork+0x116/0x1d0 [ 25.430619] ret_from_fork_asm+0x1a/0x30 [ 25.430843] [ 25.430915] The buggy address belongs to the object at ffff888104cc8240 [ 25.430915] which belongs to the cache test_cache of size 123 [ 25.431696] The buggy address is located 0 bytes inside of [ 25.431696] freed 123-byte region [ffff888104cc8240, ffff888104cc82bb) [ 25.432229] [ 25.432672] The buggy address belongs to the physical page: [ 25.432929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cc8 [ 25.433356] flags: 0x200000000000000(node=0|zone=2) [ 25.433761] page_type: f5(slab) [ 25.434048] raw: 0200000000000000 ffff888101b22b40 dead000000000122 0000000000000000 [ 25.434691] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.435031] page dumped because: kasan: bad access detected [ 25.435268] [ 25.435700] Memory state around the buggy address: [ 25.435899] ffff888104cc8100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.436574] ffff888104cc8180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.436901] >ffff888104cc8200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.437451] ^ [ 25.437686] ffff888104cc8280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.438100] ffff888104cc8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.438636] ================================================================== [ 25.330808] ================================================================== [ 25.332509] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.333622] Read of size 1 at addr ffff888104cac700 by task kunit_try_catch/277 [ 25.334452] [ 25.334824] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.334886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.335164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.335199] Call Trace: [ 25.335215] <TASK> [ 25.335237] dump_stack_lvl+0x73/0xb0 [ 25.335290] print_report+0xd1/0x610 [ 25.335316] ? __virt_addr_valid+0x1db/0x2d0 [ 25.335343] ? mempool_uaf_helper+0x392/0x400 [ 25.335366] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.335392] ? mempool_uaf_helper+0x392/0x400 [ 25.335475] kasan_report+0x141/0x180 [ 25.335500] ? mempool_uaf_helper+0x392/0x400 [ 25.335527] __asan_report_load1_noabort+0x18/0x20 [ 25.335550] mempool_uaf_helper+0x392/0x400 [ 25.335573] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.335594] ? update_load_avg+0x1be/0x21b0 [ 25.335620] ? dequeue_entities+0x27e/0x1740 [ 25.335646] ? finish_task_switch.isra.0+0x153/0x700 [ 25.335672] mempool_kmalloc_uaf+0xef/0x140 [ 25.335694] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 25.335717] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.335755] ? __pfx_mempool_kfree+0x10/0x10 [ 25.335779] ? __pfx_read_tsc+0x10/0x10 [ 25.335802] ? ktime_get_ts64+0x86/0x230 [ 25.335829] kunit_try_run_case+0x1a5/0x480 [ 25.335853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.335874] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.335900] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.335922] ? __kthread_parkme+0x82/0x180 [ 25.335944] ? preempt_count_sub+0x50/0x80 [ 25.335967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.335989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.336016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.336041] kthread+0x337/0x6f0 [ 25.336062] ? trace_preempt_on+0x20/0xc0 [ 25.336086] ? __pfx_kthread+0x10/0x10 [ 25.336107] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.336129] ? calculate_sigpending+0x7b/0xa0 [ 25.336155] ? __pfx_kthread+0x10/0x10 [ 25.336176] ret_from_fork+0x116/0x1d0 [ 25.336196] ? __pfx_kthread+0x10/0x10 [ 25.336218] ret_from_fork_asm+0x1a/0x30 [ 25.336250] </TASK> [ 25.336262] [ 25.349491] Allocated by task 277: [ 25.349631] kasan_save_stack+0x45/0x70 [ 25.349852] kasan_save_track+0x18/0x40 [ 25.350041] kasan_save_alloc_info+0x3b/0x50 [ 25.350236] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.351009] remove_element+0x11e/0x190 [ 25.351507] mempool_alloc_preallocated+0x4d/0x90 [ 25.351747] mempool_uaf_helper+0x96/0x400 [ 25.352033] mempool_kmalloc_uaf+0xef/0x140 [ 25.352401] kunit_try_run_case+0x1a5/0x480 [ 25.352784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.353138] kthread+0x337/0x6f0 [ 25.353530] ret_from_fork+0x116/0x1d0 [ 25.353721] ret_from_fork_asm+0x1a/0x30 [ 25.354005] [ 25.354081] Freed by task 277: [ 25.354601] kasan_save_stack+0x45/0x70 [ 25.354788] kasan_save_track+0x18/0x40 [ 25.354974] kasan_save_free_info+0x3f/0x60 [ 25.355167] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.355713] mempool_free+0x2ec/0x380 [ 25.355892] mempool_uaf_helper+0x11a/0x400 [ 25.356260] mempool_kmalloc_uaf+0xef/0x140 [ 25.356642] kunit_try_run_case+0x1a5/0x480 [ 25.356958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.357291] kthread+0x337/0x6f0 [ 25.357619] ret_from_fork+0x116/0x1d0 [ 25.357822] ret_from_fork_asm+0x1a/0x30 [ 25.357991] [ 25.358085] The buggy address belongs to the object at ffff888104cac700 [ 25.358085] which belongs to the cache kmalloc-128 of size 128 [ 25.359111] The buggy address is located 0 bytes inside of [ 25.359111] freed 128-byte region [ffff888104cac700, ffff888104cac780) [ 25.360024] [ 25.360133] The buggy address belongs to the physical page: [ 25.360629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 25.361103] flags: 0x200000000000000(node=0|zone=2) [ 25.361537] page_type: f5(slab) [ 25.361680] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.362228] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.362825] page dumped because: kasan: bad access detected [ 25.363186] [ 25.363511] Memory state around the buggy address: [ 25.363839] ffff888104cac600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.364142] ffff888104cac680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.364761] >ffff888104cac700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.365174] ^ [ 25.365518] ffff888104cac780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.365941] ffff888104cac800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.366593] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 25.290149] ================================================================== [ 25.291013] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.291545] Read of size 1 at addr ffff88810613c2bb by task kunit_try_catch/275 [ 25.292025] [ 25.292147] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.292204] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.292217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.292241] Call Trace: [ 25.292256] <TASK> [ 25.292275] dump_stack_lvl+0x73/0xb0 [ 25.292308] print_report+0xd1/0x610 [ 25.292338] ? __virt_addr_valid+0x1db/0x2d0 [ 25.292364] ? mempool_oob_right_helper+0x318/0x380 [ 25.292387] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.292757] ? mempool_oob_right_helper+0x318/0x380 [ 25.292789] kasan_report+0x141/0x180 [ 25.292813] ? mempool_oob_right_helper+0x318/0x380 [ 25.292840] __asan_report_load1_noabort+0x18/0x20 [ 25.292865] mempool_oob_right_helper+0x318/0x380 [ 25.292890] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.292916] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.292940] ? finish_task_switch.isra.0+0x153/0x700 [ 25.292965] mempool_slab_oob_right+0xed/0x140 [ 25.292989] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 25.293015] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.293040] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.293065] ? __pfx_read_tsc+0x10/0x10 [ 25.293088] ? ktime_get_ts64+0x86/0x230 [ 25.293113] kunit_try_run_case+0x1a5/0x480 [ 25.293137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293157] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.293182] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.293205] ? __kthread_parkme+0x82/0x180 [ 25.293226] ? preempt_count_sub+0x50/0x80 [ 25.293249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.293315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.293340] kthread+0x337/0x6f0 [ 25.293360] ? trace_preempt_on+0x20/0xc0 [ 25.293385] ? __pfx_kthread+0x10/0x10 [ 25.293406] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.293435] ? calculate_sigpending+0x7b/0xa0 [ 25.293461] ? __pfx_kthread+0x10/0x10 [ 25.293483] ret_from_fork+0x116/0x1d0 [ 25.293502] ? __pfx_kthread+0x10/0x10 [ 25.293525] ret_from_fork_asm+0x1a/0x30 [ 25.293556] </TASK> [ 25.293568] [ 25.306128] Allocated by task 275: [ 25.306461] kasan_save_stack+0x45/0x70 [ 25.306783] kasan_save_track+0x18/0x40 [ 25.307062] kasan_save_alloc_info+0x3b/0x50 [ 25.307441] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.307813] remove_element+0x11e/0x190 [ 25.308087] mempool_alloc_preallocated+0x4d/0x90 [ 25.308313] mempool_oob_right_helper+0x8a/0x380 [ 25.308788] mempool_slab_oob_right+0xed/0x140 [ 25.309096] kunit_try_run_case+0x1a5/0x480 [ 25.309575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.310023] kthread+0x337/0x6f0 [ 25.310173] ret_from_fork+0x116/0x1d0 [ 25.310318] ret_from_fork_asm+0x1a/0x30 [ 25.310455] [ 25.310523] The buggy address belongs to the object at ffff88810613c240 [ 25.310523] which belongs to the cache test_cache of size 123 [ 25.310961] The buggy address is located 0 bytes to the right of [ 25.310961] allocated 123-byte region [ffff88810613c240, ffff88810613c2bb) [ 25.311590] [ 25.311796] The buggy address belongs to the physical page: [ 25.312390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613c [ 25.312949] flags: 0x200000000000000(node=0|zone=2) [ 25.313116] page_type: f5(slab) [ 25.313236] raw: 0200000000000000 ffff888101590780 dead000000000122 0000000000000000 [ 25.314000] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.314757] page dumped because: kasan: bad access detected [ 25.315236] [ 25.315316] Memory state around the buggy address: [ 25.315492] ffff88810613c180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.316229] ffff88810613c200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 25.316836] >ffff88810613c280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 25.317312] ^ [ 25.317751] ffff88810613c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.318450] ffff88810613c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.319110] ================================================================== [ 25.232991] ================================================================== [ 25.233410] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.234008] Read of size 1 at addr ffff888105745573 by task kunit_try_catch/271 [ 25.234234] [ 25.234327] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.234385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.234623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.234854] Call Trace: [ 25.234872] <TASK> [ 25.234927] dump_stack_lvl+0x73/0xb0 [ 25.234967] print_report+0xd1/0x610 [ 25.234990] ? __virt_addr_valid+0x1db/0x2d0 [ 25.235017] ? mempool_oob_right_helper+0x318/0x380 [ 25.235044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.235072] ? mempool_oob_right_helper+0x318/0x380 [ 25.235096] kasan_report+0x141/0x180 [ 25.235118] ? mempool_oob_right_helper+0x318/0x380 [ 25.235146] __asan_report_load1_noabort+0x18/0x20 [ 25.235170] mempool_oob_right_helper+0x318/0x380 [ 25.235194] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.235220] ? __kasan_check_write+0x18/0x20 [ 25.235245] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.235446] ? finish_task_switch.isra.0+0x153/0x700 [ 25.235484] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.235510] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 25.235536] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.235562] ? __pfx_mempool_kfree+0x10/0x10 [ 25.235586] ? __pfx_read_tsc+0x10/0x10 [ 25.235610] ? ktime_get_ts64+0x86/0x230 [ 25.235633] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.235662] kunit_try_run_case+0x1a5/0x480 [ 25.235687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.235707] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.235742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.235765] ? __kthread_parkme+0x82/0x180 [ 25.235786] ? preempt_count_sub+0x50/0x80 [ 25.235809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.235830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.235855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.235881] kthread+0x337/0x6f0 [ 25.235901] ? trace_preempt_on+0x20/0xc0 [ 25.235925] ? __pfx_kthread+0x10/0x10 [ 25.235946] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.235968] ? calculate_sigpending+0x7b/0xa0 [ 25.235993] ? __pfx_kthread+0x10/0x10 [ 25.236015] ret_from_fork+0x116/0x1d0 [ 25.236034] ? __pfx_kthread+0x10/0x10 [ 25.236055] ret_from_fork_asm+0x1a/0x30 [ 25.236087] </TASK> [ 25.236100] [ 25.248842] Allocated by task 271: [ 25.249022] kasan_save_stack+0x45/0x70 [ 25.249224] kasan_save_track+0x18/0x40 [ 25.249758] kasan_save_alloc_info+0x3b/0x50 [ 25.249998] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.250423] remove_element+0x11e/0x190 [ 25.250745] mempool_alloc_preallocated+0x4d/0x90 [ 25.250986] mempool_oob_right_helper+0x8a/0x380 [ 25.251345] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.251720] kunit_try_run_case+0x1a5/0x480 [ 25.251949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.252188] kthread+0x337/0x6f0 [ 25.252380] ret_from_fork+0x116/0x1d0 [ 25.252606] ret_from_fork_asm+0x1a/0x30 [ 25.252847] [ 25.253084] The buggy address belongs to the object at ffff888105745500 [ 25.253084] which belongs to the cache kmalloc-128 of size 128 [ 25.253754] The buggy address is located 0 bytes to the right of [ 25.253754] allocated 115-byte region [ffff888105745500, ffff888105745573) [ 25.254397] [ 25.254532] The buggy address belongs to the physical page: [ 25.254803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 25.255150] flags: 0x200000000000000(node=0|zone=2) [ 25.255459] page_type: f5(slab) [ 25.255685] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.256040] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.256442] page dumped because: kasan: bad access detected [ 25.256753] [ 25.256818] Memory state around the buggy address: [ 25.257075] ffff888105745400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.257692] ffff888105745480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.258005] >ffff888105745500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.258319] ^ [ 25.258709] ffff888105745580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.258986] ffff888105745600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.259404] ================================================================== [ 25.264070] ================================================================== [ 25.264645] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.265259] Read of size 1 at addr ffff888102baa001 by task kunit_try_catch/273 [ 25.265661] [ 25.265788] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 25.265845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.265857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.265881] Call Trace: [ 25.265896] <TASK> [ 25.265915] dump_stack_lvl+0x73/0xb0 [ 25.265951] print_report+0xd1/0x610 [ 25.265975] ? __virt_addr_valid+0x1db/0x2d0 [ 25.266000] ? mempool_oob_right_helper+0x318/0x380 [ 25.266028] ? kasan_addr_to_slab+0x11/0xa0 [ 25.266050] ? mempool_oob_right_helper+0x318/0x380 [ 25.266074] kasan_report+0x141/0x180 [ 25.266096] ? mempool_oob_right_helper+0x318/0x380 [ 25.266124] __asan_report_load1_noabort+0x18/0x20 [ 25.266148] mempool_oob_right_helper+0x318/0x380 [ 25.266172] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.266197] ? __kasan_check_write+0x18/0x20 [ 25.266220] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.266244] ? finish_task_switch.isra.0+0x153/0x700 [ 25.266620] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 25.266657] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 25.266684] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.266710] ? __pfx_mempool_kfree+0x10/0x10 [ 25.266748] ? __pfx_read_tsc+0x10/0x10 [ 25.266772] ? ktime_get_ts64+0x86/0x230 [ 25.266798] kunit_try_run_case+0x1a5/0x480 [ 25.266823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.266843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.266869] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.266893] ? __kthread_parkme+0x82/0x180 [ 25.266914] ? preempt_count_sub+0x50/0x80 [ 25.266938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.266961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.266987] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.267011] kthread+0x337/0x6f0 [ 25.267032] ? trace_preempt_on+0x20/0xc0 [ 25.267057] ? __pfx_kthread+0x10/0x10 [ 25.267077] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.267100] ? calculate_sigpending+0x7b/0xa0 [ 25.267125] ? __pfx_kthread+0x10/0x10 [ 25.267147] ret_from_fork+0x116/0x1d0 [ 25.267167] ? __pfx_kthread+0x10/0x10 [ 25.267188] ret_from_fork_asm+0x1a/0x30 [ 25.267220] </TASK> [ 25.267234] [ 25.278454] The buggy address belongs to the physical page: [ 25.278753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ba8 [ 25.279066] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.279352] flags: 0x200000000000040(head|node=0|zone=2) [ 25.279677] page_type: f8(unknown) [ 25.279856] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.280114] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.280661] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.281022] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.281284] head: 0200000000000002 ffffea00040aea01 00000000ffffffff 00000000ffffffff [ 25.281902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.282360] page dumped because: kasan: bad access detected [ 25.282610] [ 25.282675] Memory state around the buggy address: [ 25.283090] ffff888102ba9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.283530] ffff888102ba9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.283780] >ffff888102baa000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.284340] ^ [ 25.284598] ffff888102baa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.284885] ffff888102baa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.285140] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 24.634014] ================================================================== [ 24.635537] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 24.636569] Read of size 1 at addr ffff888101b228c0 by task kunit_try_catch/265 [ 24.636820] [ 24.636916] CPU: 0 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.636974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.636987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.637012] Call Trace: [ 24.637027] <TASK> [ 24.637049] dump_stack_lvl+0x73/0xb0 [ 24.637088] print_report+0xd1/0x610 [ 24.637112] ? __virt_addr_valid+0x1db/0x2d0 [ 24.637139] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.637163] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.637189] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.637213] kasan_report+0x141/0x180 [ 24.637235] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.637261] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.637500] __kasan_check_byte+0x3d/0x50 [ 24.637525] kmem_cache_destroy+0x25/0x1d0 [ 24.637569] kmem_cache_double_destroy+0x1bf/0x380 [ 24.637593] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 24.637895] ? finish_task_switch.isra.0+0x153/0x700 [ 24.637923] ? __switch_to+0x47/0xf80 [ 24.637970] ? __pfx_read_tsc+0x10/0x10 [ 24.637993] ? ktime_get_ts64+0x86/0x230 [ 24.638019] kunit_try_run_case+0x1a5/0x480 [ 24.638045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.638066] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.638090] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.638115] ? __kthread_parkme+0x82/0x180 [ 24.638136] ? preempt_count_sub+0x50/0x80 [ 24.638160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.638182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.638207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.638231] kthread+0x337/0x6f0 [ 24.638252] ? trace_preempt_on+0x20/0xc0 [ 24.638294] ? __pfx_kthread+0x10/0x10 [ 24.638315] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.638336] ? calculate_sigpending+0x7b/0xa0 [ 24.638362] ? __pfx_kthread+0x10/0x10 [ 24.638384] ret_from_fork+0x116/0x1d0 [ 24.638403] ? __pfx_kthread+0x10/0x10 [ 24.638424] ret_from_fork_asm+0x1a/0x30 [ 24.638456] </TASK> [ 24.638469] [ 24.655748] Allocated by task 265: [ 24.656343] kasan_save_stack+0x45/0x70 [ 24.656916] kasan_save_track+0x18/0x40 [ 24.657490] kasan_save_alloc_info+0x3b/0x50 [ 24.658104] __kasan_slab_alloc+0x91/0xa0 [ 24.658686] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.659091] __kmem_cache_create_args+0x169/0x240 [ 24.659256] kmem_cache_double_destroy+0xd5/0x380 [ 24.660095] kunit_try_run_case+0x1a5/0x480 [ 24.660672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.661168] kthread+0x337/0x6f0 [ 24.661649] ret_from_fork+0x116/0x1d0 [ 24.662093] ret_from_fork_asm+0x1a/0x30 [ 24.662591] [ 24.662914] Freed by task 265: [ 24.663033] kasan_save_stack+0x45/0x70 [ 24.663167] kasan_save_track+0x18/0x40 [ 24.663541] kasan_save_free_info+0x3f/0x60 [ 24.664102] __kasan_slab_free+0x56/0x70 [ 24.664704] kmem_cache_free+0x249/0x420 [ 24.665302] slab_kmem_cache_release+0x2e/0x40 [ 24.665690] kmem_cache_release+0x16/0x20 [ 24.666208] kobject_put+0x181/0x450 [ 24.666608] sysfs_slab_release+0x16/0x20 [ 24.667141] kmem_cache_destroy+0xf0/0x1d0 [ 24.667483] kmem_cache_double_destroy+0x14e/0x380 [ 24.668059] kunit_try_run_case+0x1a5/0x480 [ 24.668568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.669064] kthread+0x337/0x6f0 [ 24.669192] ret_from_fork+0x116/0x1d0 [ 24.669636] ret_from_fork_asm+0x1a/0x30 [ 24.670217] [ 24.670424] The buggy address belongs to the object at ffff888101b228c0 [ 24.670424] which belongs to the cache kmem_cache of size 208 [ 24.671191] The buggy address is located 0 bytes inside of [ 24.671191] freed 208-byte region [ffff888101b228c0, ffff888101b22990) [ 24.672868] [ 24.673200] The buggy address belongs to the physical page: [ 24.673764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b22 [ 24.674418] flags: 0x200000000000000(node=0|zone=2) [ 24.675018] page_type: f5(slab) [ 24.675436] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 24.675993] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 24.676222] page dumped because: kasan: bad access detected [ 24.676401] [ 24.676578] Memory state around the buggy address: [ 24.677095] ffff888101b22780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.677853] ffff888101b22800: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 24.678634] >ffff888101b22880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.679344] ^ [ 24.679831] ffff888101b22900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.680245] ffff888101b22980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.680744] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 24.569601] ================================================================== [ 24.570162] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.570508] Read of size 1 at addr ffff888104cbf000 by task kunit_try_catch/263 [ 24.570822] [ 24.570917] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.570974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.570987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.571011] Call Trace: [ 24.571026] <TASK> [ 24.571047] dump_stack_lvl+0x73/0xb0 [ 24.571082] print_report+0xd1/0x610 [ 24.571104] ? __virt_addr_valid+0x1db/0x2d0 [ 24.571131] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.571154] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.571180] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.571203] kasan_report+0x141/0x180 [ 24.571226] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.571253] __asan_report_load1_noabort+0x18/0x20 [ 24.571276] kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.571299] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 24.571322] ? finish_task_switch.isra.0+0x153/0x700 [ 24.571345] ? __switch_to+0x47/0xf80 [ 24.571375] ? __pfx_read_tsc+0x10/0x10 [ 24.571399] ? ktime_get_ts64+0x86/0x230 [ 24.571427] kunit_try_run_case+0x1a5/0x480 [ 24.571453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.571474] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.571521] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.571548] ? __kthread_parkme+0x82/0x180 [ 24.571569] ? preempt_count_sub+0x50/0x80 [ 24.571592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.571614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.571639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.571666] kthread+0x337/0x6f0 [ 24.571686] ? trace_preempt_on+0x20/0xc0 [ 24.571711] ? __pfx_kthread+0x10/0x10 [ 24.571743] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.571764] ? calculate_sigpending+0x7b/0xa0 [ 24.571790] ? __pfx_kthread+0x10/0x10 [ 24.571811] ret_from_fork+0x116/0x1d0 [ 24.571831] ? __pfx_kthread+0x10/0x10 [ 24.571853] ret_from_fork_asm+0x1a/0x30 [ 24.571884] </TASK> [ 24.571897] [ 24.579333] Allocated by task 263: [ 24.579509] kasan_save_stack+0x45/0x70 [ 24.579718] kasan_save_track+0x18/0x40 [ 24.579881] kasan_save_alloc_info+0x3b/0x50 [ 24.580158] __kasan_slab_alloc+0x91/0xa0 [ 24.580294] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.580538] kmem_cache_rcu_uaf+0x155/0x510 [ 24.580765] kunit_try_run_case+0x1a5/0x480 [ 24.580962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.581199] kthread+0x337/0x6f0 [ 24.581604] ret_from_fork+0x116/0x1d0 [ 24.581765] ret_from_fork_asm+0x1a/0x30 [ 24.581904] [ 24.581969] Freed by task 0: [ 24.582113] kasan_save_stack+0x45/0x70 [ 24.582396] kasan_save_track+0x18/0x40 [ 24.582808] kasan_save_free_info+0x3f/0x60 [ 24.583081] __kasan_slab_free+0x56/0x70 [ 24.583261] slab_free_after_rcu_debug+0xe4/0x310 [ 24.583497] rcu_core+0x66f/0x1c40 [ 24.583830] rcu_core_si+0x12/0x20 [ 24.584001] handle_softirqs+0x209/0x730 [ 24.584136] __irq_exit_rcu+0xc9/0x110 [ 24.584273] irq_exit_rcu+0x12/0x20 [ 24.584478] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.584707] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.584887] [ 24.584954] Last potentially related work creation: [ 24.585555] kasan_save_stack+0x45/0x70 [ 24.585761] kasan_record_aux_stack+0xb2/0xc0 [ 24.585962] kmem_cache_free+0x131/0x420 [ 24.586145] kmem_cache_rcu_uaf+0x194/0x510 [ 24.586330] kunit_try_run_case+0x1a5/0x480 [ 24.587226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.587432] kthread+0x337/0x6f0 [ 24.587554] ret_from_fork+0x116/0x1d0 [ 24.587680] ret_from_fork_asm+0x1a/0x30 [ 24.587979] [ 24.588076] The buggy address belongs to the object at ffff888104cbf000 [ 24.588076] which belongs to the cache test_cache of size 200 [ 24.588663] The buggy address is located 0 bytes inside of [ 24.588663] freed 200-byte region [ffff888104cbf000, ffff888104cbf0c8) [ 24.589251] [ 24.589325] The buggy address belongs to the physical page: [ 24.590500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cbf [ 24.590812] flags: 0x200000000000000(node=0|zone=2) [ 24.591509] page_type: f5(slab) [ 24.592067] raw: 0200000000000000 ffff888101b22780 dead000000000122 0000000000000000 [ 24.592461] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.592921] page dumped because: kasan: bad access detected [ 24.593229] [ 24.593352] Memory state around the buggy address: [ 24.593837] ffff888104cbef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.594205] ffff888104cbef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.594661] >ffff888104cbf000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.594996] ^ [ 24.595139] ffff888104cbf080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.595418] ffff888104cbf100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.596131] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 24.502807] ================================================================== [ 24.503235] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 24.503828] Free of addr ffff888106116001 by task kunit_try_catch/261 [ 24.504188] [ 24.504319] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.504375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.504387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.504411] Call Trace: [ 24.504426] <TASK> [ 24.504446] dump_stack_lvl+0x73/0xb0 [ 24.504704] print_report+0xd1/0x610 [ 24.504747] ? __virt_addr_valid+0x1db/0x2d0 [ 24.504774] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.504800] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.504824] kasan_report_invalid_free+0x10a/0x130 [ 24.504847] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.504872] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.504896] check_slab_allocation+0x11f/0x130 [ 24.504916] __kasan_slab_pre_free+0x28/0x40 [ 24.504936] kmem_cache_free+0xed/0x420 [ 24.504960] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.504984] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.505010] kmem_cache_invalid_free+0x1d8/0x460 [ 24.505034] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 24.505056] ? finish_task_switch.isra.0+0x153/0x700 [ 24.505079] ? __switch_to+0x47/0xf80 [ 24.505109] ? __pfx_read_tsc+0x10/0x10 [ 24.505131] ? ktime_get_ts64+0x86/0x230 [ 24.505157] kunit_try_run_case+0x1a5/0x480 [ 24.505180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.505200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.505225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.505247] ? __kthread_parkme+0x82/0x180 [ 24.505348] ? preempt_count_sub+0x50/0x80 [ 24.505373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.505394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.505433] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.505457] kthread+0x337/0x6f0 [ 24.505478] ? trace_preempt_on+0x20/0xc0 [ 24.505503] ? __pfx_kthread+0x10/0x10 [ 24.505524] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.505550] ? calculate_sigpending+0x7b/0xa0 [ 24.505575] ? __pfx_kthread+0x10/0x10 [ 24.505597] ret_from_fork+0x116/0x1d0 [ 24.505617] ? __pfx_kthread+0x10/0x10 [ 24.505639] ret_from_fork_asm+0x1a/0x30 [ 24.505669] </TASK> [ 24.505681] [ 24.517774] Allocated by task 261: [ 24.517959] kasan_save_stack+0x45/0x70 [ 24.518121] kasan_save_track+0x18/0x40 [ 24.518497] kasan_save_alloc_info+0x3b/0x50 [ 24.518719] __kasan_slab_alloc+0x91/0xa0 [ 24.518918] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.519122] kmem_cache_invalid_free+0x157/0x460 [ 24.519326] kunit_try_run_case+0x1a5/0x480 [ 24.519955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.520164] kthread+0x337/0x6f0 [ 24.520467] ret_from_fork+0x116/0x1d0 [ 24.520647] ret_from_fork_asm+0x1a/0x30 [ 24.520834] [ 24.520908] The buggy address belongs to the object at ffff888106116000 [ 24.520908] which belongs to the cache test_cache of size 200 [ 24.521763] The buggy address is located 1 bytes inside of [ 24.521763] 200-byte region [ffff888106116000, ffff8881061160c8) [ 24.522286] [ 24.522467] The buggy address belongs to the physical page: [ 24.523094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106116 [ 24.523706] flags: 0x200000000000000(node=0|zone=2) [ 24.523967] page_type: f5(slab) [ 24.524190] raw: 0200000000000000 ffff888101590500 dead000000000122 0000000000000000 [ 24.524714] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.525105] page dumped because: kasan: bad access detected [ 24.525456] [ 24.525620] Memory state around the buggy address: [ 24.525863] ffff888106115f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.526147] ffff888106115f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.526799] >ffff888106116000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.527159] ^ [ 24.527341] ffff888106116080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.527850] ffff888106116100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.528159] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 24.459201] ================================================================== [ 24.459697] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.460546] Free of addr ffff888106115000 by task kunit_try_catch/259 [ 24.460818] [ 24.461241] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.461464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.461479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.461502] Call Trace: [ 24.461517] <TASK> [ 24.461538] dump_stack_lvl+0x73/0xb0 [ 24.461575] print_report+0xd1/0x610 [ 24.461599] ? __virt_addr_valid+0x1db/0x2d0 [ 24.461625] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.461655] ? kmem_cache_double_free+0x1e5/0x480 [ 24.461680] kasan_report_invalid_free+0x10a/0x130 [ 24.461704] ? kmem_cache_double_free+0x1e5/0x480 [ 24.461746] ? kmem_cache_double_free+0x1e5/0x480 [ 24.461772] check_slab_allocation+0x101/0x130 [ 24.461794] __kasan_slab_pre_free+0x28/0x40 [ 24.461814] kmem_cache_free+0xed/0x420 [ 24.461839] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.461863] ? kmem_cache_double_free+0x1e5/0x480 [ 24.461889] kmem_cache_double_free+0x1e5/0x480 [ 24.461912] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.461935] ? finish_task_switch.isra.0+0x153/0x700 [ 24.461959] ? __switch_to+0x47/0xf80 [ 24.461989] ? __pfx_read_tsc+0x10/0x10 [ 24.462012] ? ktime_get_ts64+0x86/0x230 [ 24.462038] kunit_try_run_case+0x1a5/0x480 [ 24.462063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.462083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.462108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.462131] ? __kthread_parkme+0x82/0x180 [ 24.462152] ? preempt_count_sub+0x50/0x80 [ 24.462174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.462196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.462221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.462246] kthread+0x337/0x6f0 [ 24.462285] ? trace_preempt_on+0x20/0xc0 [ 24.462310] ? __pfx_kthread+0x10/0x10 [ 24.462331] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.462353] ? calculate_sigpending+0x7b/0xa0 [ 24.462378] ? __pfx_kthread+0x10/0x10 [ 24.462400] ret_from_fork+0x116/0x1d0 [ 24.462428] ? __pfx_kthread+0x10/0x10 [ 24.462450] ret_from_fork_asm+0x1a/0x30 [ 24.462481] </TASK> [ 24.462494] [ 24.474671] Allocated by task 259: [ 24.474873] kasan_save_stack+0x45/0x70 [ 24.475039] kasan_save_track+0x18/0x40 [ 24.475443] kasan_save_alloc_info+0x3b/0x50 [ 24.475743] __kasan_slab_alloc+0x91/0xa0 [ 24.475923] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.476136] kmem_cache_double_free+0x14f/0x480 [ 24.476343] kunit_try_run_case+0x1a5/0x480 [ 24.476899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.477110] kthread+0x337/0x6f0 [ 24.477569] ret_from_fork+0x116/0x1d0 [ 24.477712] ret_from_fork_asm+0x1a/0x30 [ 24.478077] [ 24.478172] Freed by task 259: [ 24.478592] kasan_save_stack+0x45/0x70 [ 24.478878] kasan_save_track+0x18/0x40 [ 24.479077] kasan_save_free_info+0x3f/0x60 [ 24.479627] __kasan_slab_free+0x56/0x70 [ 24.479945] kmem_cache_free+0x249/0x420 [ 24.480103] kmem_cache_double_free+0x16a/0x480 [ 24.480657] kunit_try_run_case+0x1a5/0x480 [ 24.480909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.481225] kthread+0x337/0x6f0 [ 24.481431] ret_from_fork+0x116/0x1d0 [ 24.481950] ret_from_fork_asm+0x1a/0x30 [ 24.482091] [ 24.482409] The buggy address belongs to the object at ffff888106115000 [ 24.482409] which belongs to the cache test_cache of size 200 [ 24.482931] The buggy address is located 0 bytes inside of [ 24.482931] 200-byte region [ffff888106115000, ffff8881061150c8) [ 24.483391] [ 24.483488] The buggy address belongs to the physical page: [ 24.483716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106115 [ 24.484048] flags: 0x200000000000000(node=0|zone=2) [ 24.484279] page_type: f5(slab) [ 24.484924] raw: 0200000000000000 ffff8881015903c0 dead000000000122 0000000000000000 [ 24.485212] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.485756] page dumped because: kasan: bad access detected [ 24.486220] [ 24.486321] Memory state around the buggy address: [ 24.486702] ffff888106114f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.487163] ffff888106114f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.487676] >ffff888106115000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.488111] ^ [ 24.488516] ffff888106115080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.488822] ffff888106115100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.489218] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 24.417373] ================================================================== [ 24.417832] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 24.418125] Read of size 1 at addr ffff888104cbe0c8 by task kunit_try_catch/257 [ 24.418375] [ 24.418535] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.418586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.418598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.418620] Call Trace: [ 24.418633] <TASK> [ 24.418653] dump_stack_lvl+0x73/0xb0 [ 24.418698] print_report+0xd1/0x610 [ 24.418743] ? __virt_addr_valid+0x1db/0x2d0 [ 24.418774] ? kmem_cache_oob+0x402/0x530 [ 24.418796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.418822] ? kmem_cache_oob+0x402/0x530 [ 24.418844] kasan_report+0x141/0x180 [ 24.418866] ? kmem_cache_oob+0x402/0x530 [ 24.418893] __asan_report_load1_noabort+0x18/0x20 [ 24.418916] kmem_cache_oob+0x402/0x530 [ 24.418937] ? trace_hardirqs_on+0x37/0xe0 [ 24.418960] ? __pfx_kmem_cache_oob+0x10/0x10 [ 24.418983] ? __kasan_check_write+0x18/0x20 [ 24.419006] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.419030] ? irqentry_exit+0x2a/0x60 [ 24.419054] ? trace_hardirqs_on+0x37/0xe0 [ 24.419084] ? __pfx_read_tsc+0x10/0x10 [ 24.419106] ? ktime_get_ts64+0x86/0x230 [ 24.419131] kunit_try_run_case+0x1a5/0x480 [ 24.419154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.419176] ? queued_spin_lock_slowpath+0x116/0xb40 [ 24.419198] ? __kthread_parkme+0x82/0x180 [ 24.419220] ? preempt_count_sub+0x50/0x80 [ 24.419243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.419264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.419288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.419313] kthread+0x337/0x6f0 [ 24.419333] ? trace_preempt_on+0x20/0xc0 [ 24.419364] ? __pfx_kthread+0x10/0x10 [ 24.419384] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.419406] ? calculate_sigpending+0x7b/0xa0 [ 24.419432] ? __pfx_kthread+0x10/0x10 [ 24.419454] ret_from_fork+0x116/0x1d0 [ 24.419473] ? __pfx_kthread+0x10/0x10 [ 24.419494] ret_from_fork_asm+0x1a/0x30 [ 24.419524] </TASK> [ 24.419536] [ 24.427032] Allocated by task 257: [ 24.427215] kasan_save_stack+0x45/0x70 [ 24.427463] kasan_save_track+0x18/0x40 [ 24.427660] kasan_save_alloc_info+0x3b/0x50 [ 24.427882] __kasan_slab_alloc+0x91/0xa0 [ 24.428061] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.428246] kmem_cache_oob+0x157/0x530 [ 24.428485] kunit_try_run_case+0x1a5/0x480 [ 24.428650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.428914] kthread+0x337/0x6f0 [ 24.429065] ret_from_fork+0x116/0x1d0 [ 24.429202] ret_from_fork_asm+0x1a/0x30 [ 24.429583] [ 24.429671] The buggy address belongs to the object at ffff888104cbe000 [ 24.429671] which belongs to the cache test_cache of size 200 [ 24.430158] The buggy address is located 0 bytes to the right of [ 24.430158] allocated 200-byte region [ffff888104cbe000, ffff888104cbe0c8) [ 24.430752] [ 24.430845] The buggy address belongs to the physical page: [ 24.431044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cbe [ 24.431441] flags: 0x200000000000000(node=0|zone=2) [ 24.431720] page_type: f5(slab) [ 24.431859] raw: 0200000000000000 ffff88815a88c000 dead000000000122 0000000000000000 [ 24.432136] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.432360] page dumped because: kasan: bad access detected [ 24.432524] [ 24.432587] Memory state around the buggy address: [ 24.432744] ffff888104cbdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.433018] ffff888104cbe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.433611] >ffff888104cbe080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.434102] ^ [ 24.434364] ffff888104cbe100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.434891] ffff888104cbe180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.435096] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 24.368919] ================================================================== [ 24.369515] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 24.370102] Read of size 8 at addr ffff888104cb8780 by task kunit_try_catch/250 [ 24.371058] [ 24.371389] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.371457] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.371469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.371492] Call Trace: [ 24.371505] <TASK> [ 24.371524] dump_stack_lvl+0x73/0xb0 [ 24.371971] print_report+0xd1/0x610 [ 24.371997] ? __virt_addr_valid+0x1db/0x2d0 [ 24.372021] ? workqueue_uaf+0x4d6/0x560 [ 24.372046] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.372083] ? workqueue_uaf+0x4d6/0x560 [ 24.372104] kasan_report+0x141/0x180 [ 24.372125] ? workqueue_uaf+0x4d6/0x560 [ 24.372151] __asan_report_load8_noabort+0x18/0x20 [ 24.372174] workqueue_uaf+0x4d6/0x560 [ 24.372195] ? __pfx_workqueue_uaf+0x10/0x10 [ 24.372216] ? __schedule+0x10cc/0x2b60 [ 24.372240] ? __pfx_read_tsc+0x10/0x10 [ 24.372262] ? ktime_get_ts64+0x86/0x230 [ 24.372287] kunit_try_run_case+0x1a5/0x480 [ 24.372310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.372336] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.372360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.372383] ? __kthread_parkme+0x82/0x180 [ 24.372405] ? preempt_count_sub+0x50/0x80 [ 24.372428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.372449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.372474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.372498] kthread+0x337/0x6f0 [ 24.372517] ? trace_preempt_on+0x20/0xc0 [ 24.372540] ? __pfx_kthread+0x10/0x10 [ 24.372560] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.372581] ? calculate_sigpending+0x7b/0xa0 [ 24.372606] ? __pfx_kthread+0x10/0x10 [ 24.372627] ret_from_fork+0x116/0x1d0 [ 24.372646] ? __pfx_kthread+0x10/0x10 [ 24.372666] ret_from_fork_asm+0x1a/0x30 [ 24.372696] </TASK> [ 24.372708] [ 24.385381] Allocated by task 250: [ 24.385602] kasan_save_stack+0x45/0x70 [ 24.385821] kasan_save_track+0x18/0x40 [ 24.385991] kasan_save_alloc_info+0x3b/0x50 [ 24.386178] __kasan_kmalloc+0xb7/0xc0 [ 24.386668] __kmalloc_cache_noprof+0x189/0x420 [ 24.387013] workqueue_uaf+0x152/0x560 [ 24.387595] kunit_try_run_case+0x1a5/0x480 [ 24.387823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.388050] kthread+0x337/0x6f0 [ 24.388207] ret_from_fork+0x116/0x1d0 [ 24.388840] ret_from_fork_asm+0x1a/0x30 [ 24.389124] [ 24.389534] Freed by task 9: [ 24.389707] kasan_save_stack+0x45/0x70 [ 24.389898] kasan_save_track+0x18/0x40 [ 24.390070] kasan_save_free_info+0x3f/0x60 [ 24.390255] __kasan_slab_free+0x56/0x70 [ 24.390816] kfree+0x222/0x3f0 [ 24.390979] workqueue_uaf_work+0x12/0x20 [ 24.391157] process_one_work+0x5ee/0xf60 [ 24.391878] worker_thread+0x758/0x1220 [ 24.392127] kthread+0x337/0x6f0 [ 24.392391] ret_from_fork+0x116/0x1d0 [ 24.392589] ret_from_fork_asm+0x1a/0x30 [ 24.392776] [ 24.392859] Last potentially related work creation: [ 24.393054] kasan_save_stack+0x45/0x70 [ 24.393223] kasan_record_aux_stack+0xb2/0xc0 [ 24.394011] __queue_work+0x61a/0xe70 [ 24.394173] queue_work_on+0xb6/0xc0 [ 24.394528] workqueue_uaf+0x26d/0x560 [ 24.394715] kunit_try_run_case+0x1a5/0x480 [ 24.394913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.395136] kthread+0x337/0x6f0 [ 24.395506] ret_from_fork+0x116/0x1d0 [ 24.395689] ret_from_fork_asm+0x1a/0x30 [ 24.395881] [ 24.395965] The buggy address belongs to the object at ffff888104cb8780 [ 24.395965] which belongs to the cache kmalloc-32 of size 32 [ 24.396994] The buggy address is located 0 bytes inside of [ 24.396994] freed 32-byte region [ffff888104cb8780, ffff888104cb87a0) [ 24.397482] [ 24.397577] The buggy address belongs to the physical page: [ 24.397825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cb8 [ 24.398153] flags: 0x200000000000000(node=0|zone=2) [ 24.398436] page_type: f5(slab) [ 24.398595] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.398918] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.399217] page dumped because: kasan: bad access detected [ 24.400308] [ 24.400492] Memory state around the buggy address: [ 24.400649] ffff888104cb8680: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.400914] ffff888104cb8700: 00 00 05 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.401194] >ffff888104cb8780: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 24.402043] ^ [ 24.402215] ffff888104cb8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.402809] ffff888104cb8880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.403098] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 24.323430] ================================================================== [ 24.323868] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 24.324099] Read of size 4 at addr ffff8881057449c0 by task swapper/1/0 [ 24.324326] [ 24.324419] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.324537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.324550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.324785] Call Trace: [ 24.324823] <IRQ> [ 24.324852] dump_stack_lvl+0x73/0xb0 [ 24.324890] print_report+0xd1/0x610 [ 24.324913] ? __virt_addr_valid+0x1db/0x2d0 [ 24.324938] ? rcu_uaf_reclaim+0x50/0x60 [ 24.324959] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.324988] ? rcu_uaf_reclaim+0x50/0x60 [ 24.325009] kasan_report+0x141/0x180 [ 24.325031] ? rcu_uaf_reclaim+0x50/0x60 [ 24.325055] __asan_report_load4_noabort+0x18/0x20 [ 24.325078] rcu_uaf_reclaim+0x50/0x60 [ 24.325098] rcu_core+0x66f/0x1c40 [ 24.325128] ? __pfx_rcu_core+0x10/0x10 [ 24.325150] ? ktime_get+0x6b/0x150 [ 24.325173] ? handle_softirqs+0x18e/0x730 [ 24.325199] rcu_core_si+0x12/0x20 [ 24.325219] handle_softirqs+0x209/0x730 [ 24.325239] ? hrtimer_interrupt+0x2fe/0x780 [ 24.325262] ? __pfx_handle_softirqs+0x10/0x10 [ 24.325287] __irq_exit_rcu+0xc9/0x110 [ 24.325307] irq_exit_rcu+0x12/0x20 [ 24.325327] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.325352] </IRQ> [ 24.325378] <TASK> [ 24.325390] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.325537] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 24.325761] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d c3 ff 17 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 24.325847] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010216 [ 24.325936] RAX: ffff88819d91d000 RBX: ffff88810085b000 RCX: ffffffffbb30ba25 [ 24.325982] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001ba3c [ 24.326031] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 24.326073] R10: ffff88815b130c93 R11: 000000000001bc00 R12: 0000000000000001 [ 24.326115] R13: ffffed102010b600 R14: ffffffffbcff4ad0 R15: 0000000000000000 [ 24.326172] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 24.326225] ? default_idle+0xd/0x20 [ 24.326247] arch_cpu_idle+0xd/0x20 [ 24.326270] default_idle_call+0x48/0x80 [ 24.326289] do_idle+0x379/0x4f0 [ 24.326315] ? __pfx_do_idle+0x10/0x10 [ 24.326338] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 24.326363] ? complete+0x15b/0x1d0 [ 24.326388] cpu_startup_entry+0x5c/0x70 [ 24.326438] start_secondary+0x211/0x290 [ 24.326461] ? __pfx_start_secondary+0x10/0x10 [ 24.326486] common_startup_64+0x13e/0x148 [ 24.326518] </TASK> [ 24.326530] [ 24.343437] Allocated by task 248: [ 24.343816] kasan_save_stack+0x45/0x70 [ 24.344210] kasan_save_track+0x18/0x40 [ 24.344464] kasan_save_alloc_info+0x3b/0x50 [ 24.344605] __kasan_kmalloc+0xb7/0xc0 [ 24.344725] __kmalloc_cache_noprof+0x189/0x420 [ 24.344881] rcu_uaf+0xb0/0x330 [ 24.344990] kunit_try_run_case+0x1a5/0x480 [ 24.345125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.345289] kthread+0x337/0x6f0 [ 24.345402] ret_from_fork+0x116/0x1d0 [ 24.345585] ret_from_fork_asm+0x1a/0x30 [ 24.345747] [ 24.345811] Freed by task 0: [ 24.345907] kasan_save_stack+0x45/0x70 [ 24.346073] kasan_save_track+0x18/0x40 [ 24.346260] kasan_save_free_info+0x3f/0x60 [ 24.346452] __kasan_slab_free+0x56/0x70 [ 24.346686] kfree+0x222/0x3f0 [ 24.346859] rcu_uaf_reclaim+0x1f/0x60 [ 24.347008] rcu_core+0x66f/0x1c40 [ 24.347150] rcu_core_si+0x12/0x20 [ 24.347278] handle_softirqs+0x209/0x730 [ 24.347610] __irq_exit_rcu+0xc9/0x110 [ 24.347806] irq_exit_rcu+0x12/0x20 [ 24.348040] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.348314] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.348723] [ 24.348954] Last potentially related work creation: [ 24.349696] kasan_save_stack+0x45/0x70 [ 24.349870] kasan_record_aux_stack+0xb2/0xc0 [ 24.350126] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 24.350366] call_rcu+0x12/0x20 [ 24.350589] rcu_uaf+0x168/0x330 [ 24.351039] kunit_try_run_case+0x1a5/0x480 [ 24.351256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.351598] kthread+0x337/0x6f0 [ 24.351894] ret_from_fork+0x116/0x1d0 [ 24.352085] ret_from_fork_asm+0x1a/0x30 [ 24.352499] [ 24.352792] The buggy address belongs to the object at ffff8881057449c0 [ 24.352792] which belongs to the cache kmalloc-32 of size 32 [ 24.353438] The buggy address is located 0 bytes inside of [ 24.353438] freed 32-byte region [ffff8881057449c0, ffff8881057449e0) [ 24.353966] [ 24.354192] The buggy address belongs to the physical page: [ 24.354636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105744 [ 24.354990] flags: 0x200000000000000(node=0|zone=2) [ 24.355325] page_type: f5(slab) [ 24.355651] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.356092] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.356534] page dumped because: kasan: bad access detected [ 24.356868] [ 24.356967] Memory state around the buggy address: [ 24.357272] ffff888105744880: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.357786] ffff888105744900: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.358214] >ffff888105744980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.358651] ^ [ 24.358865] ffff888105744a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.359304] ffff888105744a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.359761] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 24.222017] ================================================================== [ 24.223311] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 24.223762] Read of size 1 at addr ffff888104cac400 by task kunit_try_catch/246 [ 24.225144] [ 24.225664] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.225940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.225957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.225980] Call Trace: [ 24.225994] <TASK> [ 24.226014] dump_stack_lvl+0x73/0xb0 [ 24.226051] print_report+0xd1/0x610 [ 24.226076] ? __virt_addr_valid+0x1db/0x2d0 [ 24.226103] ? ksize_uaf+0x19d/0x6c0 [ 24.226124] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.226149] ? ksize_uaf+0x19d/0x6c0 [ 24.226170] kasan_report+0x141/0x180 [ 24.226191] ? ksize_uaf+0x19d/0x6c0 [ 24.226213] ? ksize_uaf+0x19d/0x6c0 [ 24.226233] __kasan_check_byte+0x3d/0x50 [ 24.226254] ksize+0x20/0x60 [ 24.226292] ksize_uaf+0x19d/0x6c0 [ 24.226312] ? __pfx_ksize_uaf+0x10/0x10 [ 24.226335] ? __pfx_ksize_uaf+0x10/0x10 [ 24.226359] kunit_try_run_case+0x1a5/0x480 [ 24.226381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.226401] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.226433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.226458] ? __kthread_parkme+0x82/0x180 [ 24.226480] ? preempt_count_sub+0x50/0x80 [ 24.226503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.226525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.226550] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.226575] kthread+0x337/0x6f0 [ 24.226595] ? trace_preempt_on+0x20/0xc0 [ 24.226618] ? __pfx_kthread+0x10/0x10 [ 24.226639] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.226660] ? calculate_sigpending+0x7b/0xa0 [ 24.226685] ? __pfx_kthread+0x10/0x10 [ 24.226707] ret_from_fork+0x116/0x1d0 [ 24.226727] ? __pfx_kthread+0x10/0x10 [ 24.226757] ret_from_fork_asm+0x1a/0x30 [ 24.226788] </TASK> [ 24.226800] [ 24.237522] Allocated by task 246: [ 24.237691] kasan_save_stack+0x45/0x70 [ 24.237886] kasan_save_track+0x18/0x40 [ 24.238053] kasan_save_alloc_info+0x3b/0x50 [ 24.238239] __kasan_kmalloc+0xb7/0xc0 [ 24.238827] __kmalloc_cache_noprof+0x189/0x420 [ 24.239256] ksize_uaf+0xaa/0x6c0 [ 24.239554] kunit_try_run_case+0x1a5/0x480 [ 24.239754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.239979] kthread+0x337/0x6f0 [ 24.240130] ret_from_fork+0x116/0x1d0 [ 24.240344] ret_from_fork_asm+0x1a/0x30 [ 24.240535] [ 24.240619] Freed by task 246: [ 24.240768] kasan_save_stack+0x45/0x70 [ 24.240935] kasan_save_track+0x18/0x40 [ 24.241103] kasan_save_free_info+0x3f/0x60 [ 24.241431] __kasan_slab_free+0x56/0x70 [ 24.241627] kfree+0x222/0x3f0 [ 24.241782] ksize_uaf+0x12c/0x6c0 [ 24.241935] kunit_try_run_case+0x1a5/0x480 [ 24.242111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.242402] kthread+0x337/0x6f0 [ 24.242553] ret_from_fork+0x116/0x1d0 [ 24.242713] ret_from_fork_asm+0x1a/0x30 [ 24.242857] [ 24.242923] The buggy address belongs to the object at ffff888104cac400 [ 24.242923] which belongs to the cache kmalloc-128 of size 128 [ 24.243275] The buggy address is located 0 bytes inside of [ 24.243275] freed 128-byte region [ffff888104cac400, ffff888104cac480) [ 24.243608] [ 24.243680] The buggy address belongs to the physical page: [ 24.244041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 24.244551] flags: 0x200000000000000(node=0|zone=2) [ 24.244793] page_type: f5(slab) [ 24.244960] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.245278] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.245865] page dumped because: kasan: bad access detected [ 24.246066] [ 24.246132] Memory state around the buggy address: [ 24.246282] ffff888104cac300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.246489] ffff888104cac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.246694] >ffff888104cac400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.246909] ^ [ 24.247265] ffff888104cac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.247644] ffff888104cac500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.248210] ================================================================== [ 24.280914] ================================================================== [ 24.281238] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 24.281765] Read of size 1 at addr ffff888104cac478 by task kunit_try_catch/246 [ 24.282069] [ 24.282175] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.282226] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.282238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.282259] Call Trace: [ 24.282613] <TASK> [ 24.282635] dump_stack_lvl+0x73/0xb0 [ 24.282670] print_report+0xd1/0x610 [ 24.282701] ? __virt_addr_valid+0x1db/0x2d0 [ 24.282724] ? ksize_uaf+0x5e4/0x6c0 [ 24.282754] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.282779] ? ksize_uaf+0x5e4/0x6c0 [ 24.282799] kasan_report+0x141/0x180 [ 24.282820] ? ksize_uaf+0x5e4/0x6c0 [ 24.282845] __asan_report_load1_noabort+0x18/0x20 [ 24.282868] ksize_uaf+0x5e4/0x6c0 [ 24.282888] ? __pfx_ksize_uaf+0x10/0x10 [ 24.282912] ? __pfx_ksize_uaf+0x10/0x10 [ 24.282936] kunit_try_run_case+0x1a5/0x480 [ 24.282957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.282979] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.283003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.283025] ? __kthread_parkme+0x82/0x180 [ 24.283046] ? preempt_count_sub+0x50/0x80 [ 24.283070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.283091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.283116] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.283140] kthread+0x337/0x6f0 [ 24.283160] ? trace_preempt_on+0x20/0xc0 [ 24.283183] ? __pfx_kthread+0x10/0x10 [ 24.283203] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.283224] ? calculate_sigpending+0x7b/0xa0 [ 24.283248] ? __pfx_kthread+0x10/0x10 [ 24.283339] ret_from_fork+0x116/0x1d0 [ 24.283362] ? __pfx_kthread+0x10/0x10 [ 24.283382] ret_from_fork_asm+0x1a/0x30 [ 24.283413] </TASK> [ 24.283424] [ 24.291937] Allocated by task 246: [ 24.292345] kasan_save_stack+0x45/0x70 [ 24.292649] kasan_save_track+0x18/0x40 [ 24.292988] kasan_save_alloc_info+0x3b/0x50 [ 24.293397] __kasan_kmalloc+0xb7/0xc0 [ 24.293704] __kmalloc_cache_noprof+0x189/0x420 [ 24.293925] ksize_uaf+0xaa/0x6c0 [ 24.294086] kunit_try_run_case+0x1a5/0x480 [ 24.294508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.294792] kthread+0x337/0x6f0 [ 24.295049] ret_from_fork+0x116/0x1d0 [ 24.295456] ret_from_fork_asm+0x1a/0x30 [ 24.295826] [ 24.295927] Freed by task 246: [ 24.296065] kasan_save_stack+0x45/0x70 [ 24.296239] kasan_save_track+0x18/0x40 [ 24.296619] kasan_save_free_info+0x3f/0x60 [ 24.297019] __kasan_slab_free+0x56/0x70 [ 24.297206] kfree+0x222/0x3f0 [ 24.297517] ksize_uaf+0x12c/0x6c0 [ 24.297802] kunit_try_run_case+0x1a5/0x480 [ 24.298008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.298237] kthread+0x337/0x6f0 [ 24.298665] ret_from_fork+0x116/0x1d0 [ 24.298969] ret_from_fork_asm+0x1a/0x30 [ 24.299258] [ 24.299372] The buggy address belongs to the object at ffff888104cac400 [ 24.299372] which belongs to the cache kmalloc-128 of size 128 [ 24.300086] The buggy address is located 120 bytes inside of [ 24.300086] freed 128-byte region [ffff888104cac400, ffff888104cac480) [ 24.301260] [ 24.301538] The buggy address belongs to the physical page: [ 24.301950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 24.302637] flags: 0x200000000000000(node=0|zone=2) [ 24.302874] page_type: f5(slab) [ 24.303026] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.303592] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.304088] page dumped because: kasan: bad access detected [ 24.304543] [ 24.304637] Memory state around the buggy address: [ 24.304854] ffff888104cac300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.305144] ffff888104cac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.306013] >ffff888104cac400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.306573] ^ [ 24.306968] ffff888104cac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.307259] ffff888104cac500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.307981] ================================================================== [ 24.250056] ================================================================== [ 24.250986] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 24.251265] Read of size 1 at addr ffff888104cac400 by task kunit_try_catch/246 [ 24.251817] [ 24.252086] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.252140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.252152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.252173] Call Trace: [ 24.252191] <TASK> [ 24.252208] dump_stack_lvl+0x73/0xb0 [ 24.252240] print_report+0xd1/0x610 [ 24.252261] ? __virt_addr_valid+0x1db/0x2d0 [ 24.252285] ? ksize_uaf+0x5fe/0x6c0 [ 24.252305] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.252335] ? ksize_uaf+0x5fe/0x6c0 [ 24.252368] kasan_report+0x141/0x180 [ 24.252390] ? ksize_uaf+0x5fe/0x6c0 [ 24.252584] __asan_report_load1_noabort+0x18/0x20 [ 24.252614] ksize_uaf+0x5fe/0x6c0 [ 24.252635] ? __pfx_ksize_uaf+0x10/0x10 [ 24.252658] ? __pfx_ksize_uaf+0x10/0x10 [ 24.252682] kunit_try_run_case+0x1a5/0x480 [ 24.252704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.252724] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.252772] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.252808] ? __kthread_parkme+0x82/0x180 [ 24.252841] ? preempt_count_sub+0x50/0x80 [ 24.252864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.252886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.252910] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.252934] kthread+0x337/0x6f0 [ 24.252954] ? trace_preempt_on+0x20/0xc0 [ 24.252977] ? __pfx_kthread+0x10/0x10 [ 24.252998] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.253019] ? calculate_sigpending+0x7b/0xa0 [ 24.253044] ? __pfx_kthread+0x10/0x10 [ 24.253067] ret_from_fork+0x116/0x1d0 [ 24.253086] ? __pfx_kthread+0x10/0x10 [ 24.253107] ret_from_fork_asm+0x1a/0x30 [ 24.253137] </TASK> [ 24.253148] [ 24.263246] Allocated by task 246: [ 24.263414] kasan_save_stack+0x45/0x70 [ 24.263604] kasan_save_track+0x18/0x40 [ 24.264168] kasan_save_alloc_info+0x3b/0x50 [ 24.264380] __kasan_kmalloc+0xb7/0xc0 [ 24.264717] __kmalloc_cache_noprof+0x189/0x420 [ 24.265330] ksize_uaf+0xaa/0x6c0 [ 24.265844] kunit_try_run_case+0x1a5/0x480 [ 24.266057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.266297] kthread+0x337/0x6f0 [ 24.266697] ret_from_fork+0x116/0x1d0 [ 24.266938] ret_from_fork_asm+0x1a/0x30 [ 24.267291] [ 24.267547] Freed by task 246: [ 24.267843] kasan_save_stack+0x45/0x70 [ 24.268031] kasan_save_track+0x18/0x40 [ 24.268204] kasan_save_free_info+0x3f/0x60 [ 24.268723] __kasan_slab_free+0x56/0x70 [ 24.269040] kfree+0x222/0x3f0 [ 24.269549] ksize_uaf+0x12c/0x6c0 [ 24.269923] kunit_try_run_case+0x1a5/0x480 [ 24.270111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.270535] kthread+0x337/0x6f0 [ 24.270863] ret_from_fork+0x116/0x1d0 [ 24.271039] ret_from_fork_asm+0x1a/0x30 [ 24.271214] [ 24.271549] The buggy address belongs to the object at ffff888104cac400 [ 24.271549] which belongs to the cache kmalloc-128 of size 128 [ 24.272308] The buggy address is located 0 bytes inside of [ 24.272308] freed 128-byte region [ffff888104cac400, ffff888104cac480) [ 24.273118] [ 24.273215] The buggy address belongs to the physical page: [ 24.273862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 24.274200] flags: 0x200000000000000(node=0|zone=2) [ 24.274809] page_type: f5(slab) [ 24.275100] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.275816] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.276251] page dumped because: kasan: bad access detected [ 24.276682] [ 24.276784] Memory state around the buggy address: [ 24.276984] ffff888104cac300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.277267] ffff888104cac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.278377] >ffff888104cac400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.278684] ^ [ 24.278849] ffff888104cac480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.279143] ffff888104cac500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.279931] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 24.161483] ================================================================== [ 24.161907] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162156] Read of size 1 at addr ffff888105745273 by task kunit_try_catch/244 [ 24.162537] [ 24.162668] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.162720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.162742] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.162764] Call Trace: [ 24.162778] <TASK> [ 24.162797] dump_stack_lvl+0x73/0xb0 [ 24.162828] print_report+0xd1/0x610 [ 24.162850] ? __virt_addr_valid+0x1db/0x2d0 [ 24.162873] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162895] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.162920] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162943] kasan_report+0x141/0x180 [ 24.162965] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.162992] __asan_report_load1_noabort+0x18/0x20 [ 24.163015] ksize_unpoisons_memory+0x81c/0x9b0 [ 24.163038] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.163060] ? finish_task_switch.isra.0+0x153/0x700 [ 24.163082] ? __switch_to+0x47/0xf80 [ 24.163109] ? __schedule+0x10cc/0x2b60 [ 24.163133] ? __pfx_read_tsc+0x10/0x10 [ 24.163155] ? ktime_get_ts64+0x86/0x230 [ 24.163180] kunit_try_run_case+0x1a5/0x480 [ 24.163202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.163221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.163244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.163275] ? __kthread_parkme+0x82/0x180 [ 24.163296] ? preempt_count_sub+0x50/0x80 [ 24.163318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.163339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.163363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.163388] kthread+0x337/0x6f0 [ 24.163409] ? trace_preempt_on+0x20/0xc0 [ 24.163432] ? __pfx_kthread+0x10/0x10 [ 24.163454] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.163476] ? calculate_sigpending+0x7b/0xa0 [ 24.163500] ? __pfx_kthread+0x10/0x10 [ 24.163522] ret_from_fork+0x116/0x1d0 [ 24.163541] ? __pfx_kthread+0x10/0x10 [ 24.163562] ret_from_fork_asm+0x1a/0x30 [ 24.163593] </TASK> [ 24.163604] [ 24.170816] Allocated by task 244: [ 24.170964] kasan_save_stack+0x45/0x70 [ 24.171161] kasan_save_track+0x18/0x40 [ 24.171425] kasan_save_alloc_info+0x3b/0x50 [ 24.171657] __kasan_kmalloc+0xb7/0xc0 [ 24.171852] __kmalloc_cache_noprof+0x189/0x420 [ 24.172068] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.172236] kunit_try_run_case+0x1a5/0x480 [ 24.172510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.172695] kthread+0x337/0x6f0 [ 24.172872] ret_from_fork+0x116/0x1d0 [ 24.173043] ret_from_fork_asm+0x1a/0x30 [ 24.173176] [ 24.173242] The buggy address belongs to the object at ffff888105745200 [ 24.173242] which belongs to the cache kmalloc-128 of size 128 [ 24.173780] The buggy address is located 0 bytes to the right of [ 24.173780] allocated 115-byte region [ffff888105745200, ffff888105745273) [ 24.174497] [ 24.174625] The buggy address belongs to the physical page: [ 24.174893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 24.175210] flags: 0x200000000000000(node=0|zone=2) [ 24.175469] page_type: f5(slab) [ 24.175592] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.175893] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.176227] page dumped because: kasan: bad access detected [ 24.176566] [ 24.176654] Memory state around the buggy address: [ 24.176853] ffff888105745100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177130] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177414] >ffff888105745200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.177745] ^ [ 24.178050] ffff888105745280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178374] ffff888105745300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178620] ================================================================== [ 24.179078] ================================================================== [ 24.179403] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.179683] Read of size 1 at addr ffff888105745278 by task kunit_try_catch/244 [ 24.179907] [ 24.180012] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.180058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.180070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.180090] Call Trace: [ 24.180103] <TASK> [ 24.180117] dump_stack_lvl+0x73/0xb0 [ 24.180144] print_report+0xd1/0x610 [ 24.180165] ? __virt_addr_valid+0x1db/0x2d0 [ 24.180188] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180209] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.180234] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180256] kasan_report+0x141/0x180 [ 24.180277] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180302] __asan_report_load1_noabort+0x18/0x20 [ 24.180330] ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.180352] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.180373] ? finish_task_switch.isra.0+0x153/0x700 [ 24.180395] ? __switch_to+0x47/0xf80 [ 24.180420] ? __schedule+0x10cc/0x2b60 [ 24.180443] ? __pfx_read_tsc+0x10/0x10 [ 24.180463] ? ktime_get_ts64+0x86/0x230 [ 24.180487] kunit_try_run_case+0x1a5/0x480 [ 24.180507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.180526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.180548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.180570] ? __kthread_parkme+0x82/0x180 [ 24.180590] ? preempt_count_sub+0x50/0x80 [ 24.180611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.180632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.180655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.180680] kthread+0x337/0x6f0 [ 24.180700] ? trace_preempt_on+0x20/0xc0 [ 24.180724] ? __pfx_kthread+0x10/0x10 [ 24.180765] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.180786] ? calculate_sigpending+0x7b/0xa0 [ 24.180809] ? __pfx_kthread+0x10/0x10 [ 24.180830] ret_from_fork+0x116/0x1d0 [ 24.180848] ? __pfx_kthread+0x10/0x10 [ 24.181051] ret_from_fork_asm+0x1a/0x30 [ 24.181086] </TASK> [ 24.181098] [ 24.188814] Allocated by task 244: [ 24.188976] kasan_save_stack+0x45/0x70 [ 24.189114] kasan_save_track+0x18/0x40 [ 24.189240] kasan_save_alloc_info+0x3b/0x50 [ 24.189387] __kasan_kmalloc+0xb7/0xc0 [ 24.189510] __kmalloc_cache_noprof+0x189/0x420 [ 24.189677] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.189896] kunit_try_run_case+0x1a5/0x480 [ 24.190102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.190355] kthread+0x337/0x6f0 [ 24.190514] ret_from_fork+0x116/0x1d0 [ 24.190691] ret_from_fork_asm+0x1a/0x30 [ 24.190971] [ 24.191067] The buggy address belongs to the object at ffff888105745200 [ 24.191067] which belongs to the cache kmalloc-128 of size 128 [ 24.191874] The buggy address is located 5 bytes to the right of [ 24.191874] allocated 115-byte region [ffff888105745200, ffff888105745273) [ 24.192517] [ 24.192616] The buggy address belongs to the physical page: [ 24.192841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 24.193102] flags: 0x200000000000000(node=0|zone=2) [ 24.193412] page_type: f5(slab) [ 24.193589] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.193885] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.194155] page dumped because: kasan: bad access detected [ 24.194488] [ 24.194581] Memory state around the buggy address: [ 24.194793] ffff888105745100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.195006] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.195214] >ffff888105745200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.195425] ^ [ 24.195696] ffff888105745280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.196020] ffff888105745300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.196326] ================================================================== [ 24.196727] ================================================================== [ 24.197147] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.197570] Read of size 1 at addr ffff88810574527f by task kunit_try_catch/244 [ 24.197916] [ 24.198029] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.198076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.198088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.198110] Call Trace: [ 24.198127] <TASK> [ 24.198143] dump_stack_lvl+0x73/0xb0 [ 24.198172] print_report+0xd1/0x610 [ 24.198193] ? __virt_addr_valid+0x1db/0x2d0 [ 24.198217] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198239] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.198334] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198360] kasan_report+0x141/0x180 [ 24.198381] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198408] __asan_report_load1_noabort+0x18/0x20 [ 24.198431] ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.198470] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.198493] ? finish_task_switch.isra.0+0x153/0x700 [ 24.198515] ? __switch_to+0x47/0xf80 [ 24.198540] ? __schedule+0x10cc/0x2b60 [ 24.198563] ? __pfx_read_tsc+0x10/0x10 [ 24.198584] ? ktime_get_ts64+0x86/0x230 [ 24.198609] kunit_try_run_case+0x1a5/0x480 [ 24.198630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.198650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.198675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.198698] ? __kthread_parkme+0x82/0x180 [ 24.198718] ? preempt_count_sub+0x50/0x80 [ 24.198749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.198770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.198794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.198821] kthread+0x337/0x6f0 [ 24.198842] ? trace_preempt_on+0x20/0xc0 [ 24.198865] ? __pfx_kthread+0x10/0x10 [ 24.198886] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.198908] ? calculate_sigpending+0x7b/0xa0 [ 24.198932] ? __pfx_kthread+0x10/0x10 [ 24.198954] ret_from_fork+0x116/0x1d0 [ 24.198973] ? __pfx_kthread+0x10/0x10 [ 24.198994] ret_from_fork_asm+0x1a/0x30 [ 24.199024] </TASK> [ 24.199035] [ 24.206973] Allocated by task 244: [ 24.207126] kasan_save_stack+0x45/0x70 [ 24.207335] kasan_save_track+0x18/0x40 [ 24.207496] kasan_save_alloc_info+0x3b/0x50 [ 24.207639] __kasan_kmalloc+0xb7/0xc0 [ 24.207796] __kmalloc_cache_noprof+0x189/0x420 [ 24.208008] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.208215] kunit_try_run_case+0x1a5/0x480 [ 24.208501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.208765] kthread+0x337/0x6f0 [ 24.208900] ret_from_fork+0x116/0x1d0 [ 24.209065] ret_from_fork_asm+0x1a/0x30 [ 24.209226] [ 24.209382] The buggy address belongs to the object at ffff888105745200 [ 24.209382] which belongs to the cache kmalloc-128 of size 128 [ 24.209872] The buggy address is located 12 bytes to the right of [ 24.209872] allocated 115-byte region [ffff888105745200, ffff888105745273) [ 24.210303] [ 24.210400] The buggy address belongs to the physical page: [ 24.210648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 24.211009] flags: 0x200000000000000(node=0|zone=2) [ 24.211191] page_type: f5(slab) [ 24.211356] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.211656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.212044] page dumped because: kasan: bad access detected [ 24.212502] [ 24.212606] Memory state around the buggy address: [ 24.212808] ffff888105745100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.213054] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.213326] >ffff888105745200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.213563] ^ [ 24.213873] ffff888105745280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.214180] ffff888105745300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.214567] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 24.135998] ================================================================== [ 24.136466] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 24.136742] Free of addr ffff888104c83b60 by task kunit_try_catch/242 [ 24.136965] [ 24.137049] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.137098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.137111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.137132] Call Trace: [ 24.137146] <TASK> [ 24.137161] dump_stack_lvl+0x73/0xb0 [ 24.137190] print_report+0xd1/0x610 [ 24.137212] ? __virt_addr_valid+0x1db/0x2d0 [ 24.137237] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.137338] ? kfree_sensitive+0x2e/0x90 [ 24.137368] kasan_report_invalid_free+0x10a/0x130 [ 24.137392] ? kfree_sensitive+0x2e/0x90 [ 24.137417] ? kfree_sensitive+0x2e/0x90 [ 24.137457] check_slab_allocation+0x101/0x130 [ 24.137478] __kasan_slab_pre_free+0x28/0x40 [ 24.137498] kfree+0xf0/0x3f0 [ 24.137520] ? kfree_sensitive+0x2e/0x90 [ 24.137545] kfree_sensitive+0x2e/0x90 [ 24.137568] kmalloc_double_kzfree+0x19c/0x350 [ 24.137590] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.137613] ? __schedule+0x10cc/0x2b60 [ 24.137637] ? __pfx_read_tsc+0x10/0x10 [ 24.137658] ? ktime_get_ts64+0x86/0x230 [ 24.137683] kunit_try_run_case+0x1a5/0x480 [ 24.137705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.137725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.137757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.137780] ? __kthread_parkme+0x82/0x180 [ 24.137801] ? preempt_count_sub+0x50/0x80 [ 24.137824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.137845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.137869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.137894] kthread+0x337/0x6f0 [ 24.137913] ? trace_preempt_on+0x20/0xc0 [ 24.137936] ? __pfx_kthread+0x10/0x10 [ 24.137957] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.137978] ? calculate_sigpending+0x7b/0xa0 [ 24.138002] ? __pfx_kthread+0x10/0x10 [ 24.138024] ret_from_fork+0x116/0x1d0 [ 24.138043] ? __pfx_kthread+0x10/0x10 [ 24.138063] ret_from_fork_asm+0x1a/0x30 [ 24.138093] </TASK> [ 24.138103] [ 24.145627] Allocated by task 242: [ 24.145820] kasan_save_stack+0x45/0x70 [ 24.146026] kasan_save_track+0x18/0x40 [ 24.146212] kasan_save_alloc_info+0x3b/0x50 [ 24.146652] __kasan_kmalloc+0xb7/0xc0 [ 24.146859] __kmalloc_cache_noprof+0x189/0x420 [ 24.147080] kmalloc_double_kzfree+0xa9/0x350 [ 24.147360] kunit_try_run_case+0x1a5/0x480 [ 24.147558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.147809] kthread+0x337/0x6f0 [ 24.147974] ret_from_fork+0x116/0x1d0 [ 24.148151] ret_from_fork_asm+0x1a/0x30 [ 24.148419] [ 24.148520] Freed by task 242: [ 24.148662] kasan_save_stack+0x45/0x70 [ 24.148837] kasan_save_track+0x18/0x40 [ 24.148997] kasan_save_free_info+0x3f/0x60 [ 24.149184] __kasan_slab_free+0x56/0x70 [ 24.149422] kfree+0x222/0x3f0 [ 24.149607] kfree_sensitive+0x67/0x90 [ 24.149781] kmalloc_double_kzfree+0x12b/0x350 [ 24.149966] kunit_try_run_case+0x1a5/0x480 [ 24.150151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.150552] kthread+0x337/0x6f0 [ 24.150730] ret_from_fork+0x116/0x1d0 [ 24.150933] ret_from_fork_asm+0x1a/0x30 [ 24.151084] [ 24.151175] The buggy address belongs to the object at ffff888104c83b60 [ 24.151175] which belongs to the cache kmalloc-16 of size 16 [ 24.151800] The buggy address is located 0 bytes inside of [ 24.151800] 16-byte region [ffff888104c83b60, ffff888104c83b70) [ 24.152145] [ 24.152217] The buggy address belongs to the physical page: [ 24.152483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 24.152724] flags: 0x200000000000000(node=0|zone=2) [ 24.152931] page_type: f5(slab) [ 24.153092] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.153515] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.153856] page dumped because: kasan: bad access detected [ 24.154098] [ 24.154184] Memory state around the buggy address: [ 24.154657] ffff888104c83a00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 24.154947] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.155199] >ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.155497] ^ [ 24.155688] ffff888104c83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.156014] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.156389] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 24.114060] ================================================================== [ 24.115392] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 24.115770] Read of size 1 at addr ffff888104c83b60 by task kunit_try_catch/242 [ 24.116037] [ 24.116160] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.116220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.116233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.116256] Call Trace: [ 24.116270] <TASK> [ 24.116289] dump_stack_lvl+0x73/0xb0 [ 24.116330] print_report+0xd1/0x610 [ 24.116354] ? __virt_addr_valid+0x1db/0x2d0 [ 24.116380] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.116402] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.116428] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.116450] kasan_report+0x141/0x180 [ 24.116471] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.116495] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.116517] __kasan_check_byte+0x3d/0x50 [ 24.116538] kfree_sensitive+0x22/0x90 [ 24.116564] kmalloc_double_kzfree+0x19c/0x350 [ 24.116586] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.116609] ? __schedule+0x10cc/0x2b60 [ 24.116633] ? __pfx_read_tsc+0x10/0x10 [ 24.116655] ? ktime_get_ts64+0x86/0x230 [ 24.116681] kunit_try_run_case+0x1a5/0x480 [ 24.116705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.116726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.116880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.116904] ? __kthread_parkme+0x82/0x180 [ 24.116926] ? preempt_count_sub+0x50/0x80 [ 24.116950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.116973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.116998] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.117022] kthread+0x337/0x6f0 [ 24.117042] ? trace_preempt_on+0x20/0xc0 [ 24.117066] ? __pfx_kthread+0x10/0x10 [ 24.117086] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.117107] ? calculate_sigpending+0x7b/0xa0 [ 24.117132] ? __pfx_kthread+0x10/0x10 [ 24.117153] ret_from_fork+0x116/0x1d0 [ 24.117172] ? __pfx_kthread+0x10/0x10 [ 24.117193] ret_from_fork_asm+0x1a/0x30 [ 24.117224] </TASK> [ 24.117235] [ 24.124696] Allocated by task 242: [ 24.124909] kasan_save_stack+0x45/0x70 [ 24.125055] kasan_save_track+0x18/0x40 [ 24.125243] kasan_save_alloc_info+0x3b/0x50 [ 24.125646] __kasan_kmalloc+0xb7/0xc0 [ 24.125850] __kmalloc_cache_noprof+0x189/0x420 [ 24.126065] kmalloc_double_kzfree+0xa9/0x350 [ 24.126368] kunit_try_run_case+0x1a5/0x480 [ 24.126599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.126869] kthread+0x337/0x6f0 [ 24.126986] ret_from_fork+0x116/0x1d0 [ 24.127146] ret_from_fork_asm+0x1a/0x30 [ 24.127427] [ 24.127519] Freed by task 242: [ 24.127669] kasan_save_stack+0x45/0x70 [ 24.127857] kasan_save_track+0x18/0x40 [ 24.128028] kasan_save_free_info+0x3f/0x60 [ 24.128210] __kasan_slab_free+0x56/0x70 [ 24.128429] kfree+0x222/0x3f0 [ 24.128614] kfree_sensitive+0x67/0x90 [ 24.128819] kmalloc_double_kzfree+0x12b/0x350 [ 24.129003] kunit_try_run_case+0x1a5/0x480 [ 24.129187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.129408] kthread+0x337/0x6f0 [ 24.129578] ret_from_fork+0x116/0x1d0 [ 24.129773] ret_from_fork_asm+0x1a/0x30 [ 24.129944] [ 24.130023] The buggy address belongs to the object at ffff888104c83b60 [ 24.130023] which belongs to the cache kmalloc-16 of size 16 [ 24.130462] The buggy address is located 0 bytes inside of [ 24.130462] freed 16-byte region [ffff888104c83b60, ffff888104c83b70) [ 24.131173] [ 24.131349] The buggy address belongs to the physical page: [ 24.131571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 24.131906] flags: 0x200000000000000(node=0|zone=2) [ 24.132124] page_type: f5(slab) [ 24.132330] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.132641] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.132956] page dumped because: kasan: bad access detected [ 24.133162] [ 24.133227] Memory state around the buggy address: [ 24.133542] ffff888104c83a00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 24.133827] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.134117] >ffff888104c83b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.134607] ^ [ 24.134821] ffff888104c83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.135055] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.135471] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 24.082125] ================================================================== [ 24.082704] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 24.083101] Read of size 1 at addr ffff888104cb3c28 by task kunit_try_catch/238 [ 24.083376] [ 24.083491] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.083606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.083619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.083641] Call Trace: [ 24.083655] <TASK> [ 24.083672] dump_stack_lvl+0x73/0xb0 [ 24.083704] print_report+0xd1/0x610 [ 24.083726] ? __virt_addr_valid+0x1db/0x2d0 [ 24.083765] ? kmalloc_uaf2+0x4a8/0x520 [ 24.083784] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.083809] ? kmalloc_uaf2+0x4a8/0x520 [ 24.083830] kasan_report+0x141/0x180 [ 24.083851] ? kmalloc_uaf2+0x4a8/0x520 [ 24.083875] __asan_report_load1_noabort+0x18/0x20 [ 24.083898] kmalloc_uaf2+0x4a8/0x520 [ 24.083919] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 24.083938] ? finish_task_switch.isra.0+0x153/0x700 [ 24.083960] ? __switch_to+0x47/0xf80 [ 24.083987] ? __schedule+0x10cc/0x2b60 [ 24.084011] ? __pfx_read_tsc+0x10/0x10 [ 24.084032] ? ktime_get_ts64+0x86/0x230 [ 24.084057] kunit_try_run_case+0x1a5/0x480 [ 24.084079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.084100] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.084123] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.084146] ? __kthread_parkme+0x82/0x180 [ 24.084166] ? preempt_count_sub+0x50/0x80 [ 24.084189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.084210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.084235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.084259] kthread+0x337/0x6f0 [ 24.084325] ? trace_preempt_on+0x20/0xc0 [ 24.084350] ? __pfx_kthread+0x10/0x10 [ 24.084370] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.084392] ? calculate_sigpending+0x7b/0xa0 [ 24.084425] ? __pfx_kthread+0x10/0x10 [ 24.084446] ret_from_fork+0x116/0x1d0 [ 24.084465] ? __pfx_kthread+0x10/0x10 [ 24.084486] ret_from_fork_asm+0x1a/0x30 [ 24.084517] </TASK> [ 24.084528] [ 24.091831] Allocated by task 238: [ 24.091954] kasan_save_stack+0x45/0x70 [ 24.092092] kasan_save_track+0x18/0x40 [ 24.092325] kasan_save_alloc_info+0x3b/0x50 [ 24.092706] __kasan_kmalloc+0xb7/0xc0 [ 24.092898] __kmalloc_cache_noprof+0x189/0x420 [ 24.093117] kmalloc_uaf2+0xc6/0x520 [ 24.093422] kunit_try_run_case+0x1a5/0x480 [ 24.093623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.093850] kthread+0x337/0x6f0 [ 24.094014] ret_from_fork+0x116/0x1d0 [ 24.094175] ret_from_fork_asm+0x1a/0x30 [ 24.094438] [ 24.094508] Freed by task 238: [ 24.094656] kasan_save_stack+0x45/0x70 [ 24.094836] kasan_save_track+0x18/0x40 [ 24.095002] kasan_save_free_info+0x3f/0x60 [ 24.095186] __kasan_slab_free+0x56/0x70 [ 24.095487] kfree+0x222/0x3f0 [ 24.095636] kmalloc_uaf2+0x14c/0x520 [ 24.095774] kunit_try_run_case+0x1a5/0x480 [ 24.095911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.096078] kthread+0x337/0x6f0 [ 24.096192] ret_from_fork+0x116/0x1d0 [ 24.096354] ret_from_fork_asm+0x1a/0x30 [ 24.096543] [ 24.096634] The buggy address belongs to the object at ffff888104cb3c00 [ 24.096634] which belongs to the cache kmalloc-64 of size 64 [ 24.097172] The buggy address is located 40 bytes inside of [ 24.097172] freed 64-byte region [ffff888104cb3c00, ffff888104cb3c40) [ 24.097748] [ 24.097826] The buggy address belongs to the physical page: [ 24.097997] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cb3 [ 24.098399] flags: 0x200000000000000(node=0|zone=2) [ 24.098720] page_type: f5(slab) [ 24.098896] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.099229] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.099700] page dumped because: kasan: bad access detected [ 24.099951] [ 24.100027] Memory state around the buggy address: [ 24.100218] ffff888104cb3b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.100675] ffff888104cb3b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.100981] >ffff888104cb3c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.101219] ^ [ 24.101771] ffff888104cb3c80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 24.101993] ffff888104cb3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.102197] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 24.051837] ================================================================== [ 24.052248] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 24.053131] Write of size 33 at addr ffff888104cb3b80 by task kunit_try_catch/236 [ 24.054019] [ 24.054206] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.054340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.054356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.054378] Call Trace: [ 24.054392] <TASK> [ 24.054429] dump_stack_lvl+0x73/0xb0 [ 24.054465] print_report+0xd1/0x610 [ 24.054492] ? __virt_addr_valid+0x1db/0x2d0 [ 24.054519] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.054540] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.054566] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.054587] kasan_report+0x141/0x180 [ 24.054609] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.054633] kasan_check_range+0x10c/0x1c0 [ 24.054656] __asan_memset+0x27/0x50 [ 24.054679] kmalloc_uaf_memset+0x1a3/0x360 [ 24.054700] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 24.054721] ? __schedule+0x10cc/0x2b60 [ 24.054757] ? __pfx_read_tsc+0x10/0x10 [ 24.054779] ? ktime_get_ts64+0x86/0x230 [ 24.054806] kunit_try_run_case+0x1a5/0x480 [ 24.054831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.054851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.054874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.054897] ? __kthread_parkme+0x82/0x180 [ 24.054919] ? preempt_count_sub+0x50/0x80 [ 24.054943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.054964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.054989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.055013] kthread+0x337/0x6f0 [ 24.055033] ? trace_preempt_on+0x20/0xc0 [ 24.055057] ? __pfx_kthread+0x10/0x10 [ 24.055078] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.055099] ? calculate_sigpending+0x7b/0xa0 [ 24.055124] ? __pfx_kthread+0x10/0x10 [ 24.055146] ret_from_fork+0x116/0x1d0 [ 24.055165] ? __pfx_kthread+0x10/0x10 [ 24.055186] ret_from_fork_asm+0x1a/0x30 [ 24.055217] </TASK> [ 24.055229] [ 24.066120] Allocated by task 236: [ 24.066253] kasan_save_stack+0x45/0x70 [ 24.066677] kasan_save_track+0x18/0x40 [ 24.067022] kasan_save_alloc_info+0x3b/0x50 [ 24.067459] __kasan_kmalloc+0xb7/0xc0 [ 24.067809] __kmalloc_cache_noprof+0x189/0x420 [ 24.068460] kmalloc_uaf_memset+0xa9/0x360 [ 24.068871] kunit_try_run_case+0x1a5/0x480 [ 24.069227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.069767] kthread+0x337/0x6f0 [ 24.070101] ret_from_fork+0x116/0x1d0 [ 24.070235] ret_from_fork_asm+0x1a/0x30 [ 24.070637] [ 24.070804] Freed by task 236: [ 24.071070] kasan_save_stack+0x45/0x70 [ 24.071388] kasan_save_track+0x18/0x40 [ 24.071525] kasan_save_free_info+0x3f/0x60 [ 24.071663] __kasan_slab_free+0x56/0x70 [ 24.071806] kfree+0x222/0x3f0 [ 24.071919] kmalloc_uaf_memset+0x12b/0x360 [ 24.072054] kunit_try_run_case+0x1a5/0x480 [ 24.072188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.072377] kthread+0x337/0x6f0 [ 24.072493] ret_from_fork+0x116/0x1d0 [ 24.072681] ret_from_fork_asm+0x1a/0x30 [ 24.073062] [ 24.073158] The buggy address belongs to the object at ffff888104cb3b80 [ 24.073158] which belongs to the cache kmalloc-64 of size 64 [ 24.073837] The buggy address is located 0 bytes inside of [ 24.073837] freed 64-byte region [ffff888104cb3b80, ffff888104cb3bc0) [ 24.074232] [ 24.074322] The buggy address belongs to the physical page: [ 24.074827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cb3 [ 24.075068] flags: 0x200000000000000(node=0|zone=2) [ 24.075294] page_type: f5(slab) [ 24.075458] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.075805] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.076024] page dumped because: kasan: bad access detected [ 24.076276] [ 24.076371] Memory state around the buggy address: [ 24.076634] ffff888104cb3a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.076937] ffff888104cb3b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.077143] >ffff888104cb3b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.077426] ^ [ 24.077659] ffff888104cb3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.077901] ffff888104cb3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.078270] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 24.012064] ================================================================== [ 24.012825] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 24.013784] Read of size 1 at addr ffff88810226ac88 by task kunit_try_catch/234 [ 24.014717] [ 24.014840] CPU: 1 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 24.014895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.014908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.014930] Call Trace: [ 24.014945] <TASK> [ 24.014964] dump_stack_lvl+0x73/0xb0 [ 24.014998] print_report+0xd1/0x610 [ 24.015021] ? __virt_addr_valid+0x1db/0x2d0 [ 24.015045] ? kmalloc_uaf+0x320/0x380 [ 24.015068] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.015095] ? kmalloc_uaf+0x320/0x380 [ 24.015115] kasan_report+0x141/0x180 [ 24.015137] ? kmalloc_uaf+0x320/0x380 [ 24.015160] __asan_report_load1_noabort+0x18/0x20 [ 24.015183] kmalloc_uaf+0x320/0x380 [ 24.015203] ? __pfx_kmalloc_uaf+0x10/0x10 [ 24.015223] ? __schedule+0x10cc/0x2b60 [ 24.015247] ? __pfx_read_tsc+0x10/0x10 [ 24.015269] ? ktime_get_ts64+0x86/0x230 [ 24.015315] kunit_try_run_case+0x1a5/0x480 [ 24.015350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.015370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.015393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.015416] ? __kthread_parkme+0x82/0x180 [ 24.015438] ? preempt_count_sub+0x50/0x80 [ 24.015461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.015524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.015577] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.015615] kthread+0x337/0x6f0 [ 24.015637] ? trace_preempt_on+0x20/0xc0 [ 24.015660] ? __pfx_kthread+0x10/0x10 [ 24.015681] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.015703] ? calculate_sigpending+0x7b/0xa0 [ 24.015728] ? __pfx_kthread+0x10/0x10 [ 24.015759] ret_from_fork+0x116/0x1d0 [ 24.015778] ? __pfx_kthread+0x10/0x10 [ 24.015799] ret_from_fork_asm+0x1a/0x30 [ 24.015831] </TASK> [ 24.015843] [ 24.030317] Allocated by task 234: [ 24.030583] kasan_save_stack+0x45/0x70 [ 24.031160] kasan_save_track+0x18/0x40 [ 24.031523] kasan_save_alloc_info+0x3b/0x50 [ 24.031877] __kasan_kmalloc+0xb7/0xc0 [ 24.032009] __kmalloc_cache_noprof+0x189/0x420 [ 24.032160] kmalloc_uaf+0xaa/0x380 [ 24.032489] kunit_try_run_case+0x1a5/0x480 [ 24.032821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.032993] kthread+0x337/0x6f0 [ 24.033109] ret_from_fork+0x116/0x1d0 [ 24.033236] ret_from_fork_asm+0x1a/0x30 [ 24.033700] [ 24.033937] Freed by task 234: [ 24.034311] kasan_save_stack+0x45/0x70 [ 24.034723] kasan_save_track+0x18/0x40 [ 24.035142] kasan_save_free_info+0x3f/0x60 [ 24.035638] __kasan_slab_free+0x56/0x70 [ 24.036142] kfree+0x222/0x3f0 [ 24.036540] kmalloc_uaf+0x12c/0x380 [ 24.036967] kunit_try_run_case+0x1a5/0x480 [ 24.037145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.037532] kthread+0x337/0x6f0 [ 24.037952] ret_from_fork+0x116/0x1d0 [ 24.038358] ret_from_fork_asm+0x1a/0x30 [ 24.038828] [ 24.039062] The buggy address belongs to the object at ffff88810226ac80 [ 24.039062] which belongs to the cache kmalloc-16 of size 16 [ 24.039726] The buggy address is located 8 bytes inside of [ 24.039726] freed 16-byte region [ffff88810226ac80, ffff88810226ac90) [ 24.040080] [ 24.040147] The buggy address belongs to the physical page: [ 24.040494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10226a [ 24.041351] flags: 0x200000000000000(node=0|zone=2) [ 24.041884] page_type: f5(slab) [ 24.042226] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.043060] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.043839] page dumped because: kasan: bad access detected [ 24.044526] [ 24.044745] Memory state around the buggy address: [ 24.045237] ffff88810226ab80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.045947] ffff88810226ac00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.046228] >ffff88810226ac80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.046942] ^ [ 24.047474] ffff88810226ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.048183] ffff88810226ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.048701] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 23.974036] ================================================================== [ 23.974454] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.974707] Read of size 64 at addr ffff888104cb3904 by task kunit_try_catch/232 [ 23.975771] [ 23.976202] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.976468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.976511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.976536] Call Trace: [ 23.976550] <TASK> [ 23.976571] dump_stack_lvl+0x73/0xb0 [ 23.976607] print_report+0xd1/0x610 [ 23.976629] ? __virt_addr_valid+0x1db/0x2d0 [ 23.976654] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.976703] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976727] kasan_report+0x141/0x180 [ 23.976759] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976787] kasan_check_range+0x10c/0x1c0 [ 23.976810] __asan_memmove+0x27/0x70 [ 23.976833] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.976857] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.976881] ? __schedule+0x10cc/0x2b60 [ 23.976906] ? __pfx_read_tsc+0x10/0x10 [ 23.976929] ? ktime_get_ts64+0x86/0x230 [ 23.976956] kunit_try_run_case+0x1a5/0x480 [ 23.976979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.976999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.977022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.977045] ? __kthread_parkme+0x82/0x180 [ 23.977066] ? preempt_count_sub+0x50/0x80 [ 23.977090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.977111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.977136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.977160] kthread+0x337/0x6f0 [ 23.977181] ? trace_preempt_on+0x20/0xc0 [ 23.977204] ? __pfx_kthread+0x10/0x10 [ 23.977225] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.977246] ? calculate_sigpending+0x7b/0xa0 [ 23.977277] ? __pfx_kthread+0x10/0x10 [ 23.977298] ret_from_fork+0x116/0x1d0 [ 23.977318] ? __pfx_kthread+0x10/0x10 [ 23.977338] ret_from_fork_asm+0x1a/0x30 [ 23.977368] </TASK> [ 23.977380] [ 23.994440] Allocated by task 232: [ 23.994986] kasan_save_stack+0x45/0x70 [ 23.995575] kasan_save_track+0x18/0x40 [ 23.996088] kasan_save_alloc_info+0x3b/0x50 [ 23.996701] __kasan_kmalloc+0xb7/0xc0 [ 23.997247] __kmalloc_cache_noprof+0x189/0x420 [ 23.997964] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.998220] kunit_try_run_case+0x1a5/0x480 [ 23.998363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.999155] kthread+0x337/0x6f0 [ 23.999401] ret_from_fork+0x116/0x1d0 [ 23.999613] ret_from_fork_asm+0x1a/0x30 [ 24.000099] [ 24.000178] The buggy address belongs to the object at ffff888104cb3900 [ 24.000178] which belongs to the cache kmalloc-64 of size 64 [ 24.001320] The buggy address is located 4 bytes inside of [ 24.001320] allocated 64-byte region [ffff888104cb3900, ffff888104cb3940) [ 24.001966] [ 24.002040] The buggy address belongs to the physical page: [ 24.002211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cb3 [ 24.002938] flags: 0x200000000000000(node=0|zone=2) [ 24.003447] page_type: f5(slab) [ 24.003744] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.004434] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.004708] page dumped because: kasan: bad access detected [ 24.005185] [ 24.005511] Memory state around the buggy address: [ 24.005876] ffff888104cb3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.006089] ffff888104cb3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.006480] >ffff888104cb3900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.007088] ^ [ 24.007649] ffff888104cb3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.008243] ffff888104cb3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.008611] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 23.946507] ================================================================== [ 23.947187] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 23.947857] Read of size 18446744073709551614 at addr ffff88810579bd84 by task kunit_try_catch/230 [ 23.948752] [ 23.948881] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.948939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.948952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.948974] Call Trace: [ 23.948990] <TASK> [ 23.949010] dump_stack_lvl+0x73/0xb0 [ 23.949045] print_report+0xd1/0x610 [ 23.949156] ? __virt_addr_valid+0x1db/0x2d0 [ 23.949186] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.949210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.949249] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.949303] kasan_report+0x141/0x180 [ 23.949328] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.949356] kasan_check_range+0x10c/0x1c0 [ 23.949380] __asan_memmove+0x27/0x70 [ 23.949403] kmalloc_memmove_negative_size+0x171/0x330 [ 23.949509] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.949534] ? __schedule+0x10cc/0x2b60 [ 23.949559] ? __pfx_read_tsc+0x10/0x10 [ 23.949581] ? ktime_get_ts64+0x86/0x230 [ 23.949607] kunit_try_run_case+0x1a5/0x480 [ 23.949632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.949651] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.949675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.949697] ? __kthread_parkme+0x82/0x180 [ 23.949719] ? preempt_count_sub+0x50/0x80 [ 23.949755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.949776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.949800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.949824] kthread+0x337/0x6f0 [ 23.949845] ? trace_preempt_on+0x20/0xc0 [ 23.949869] ? __pfx_kthread+0x10/0x10 [ 23.949890] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.949912] ? calculate_sigpending+0x7b/0xa0 [ 23.949937] ? __pfx_kthread+0x10/0x10 [ 23.949959] ret_from_fork+0x116/0x1d0 [ 23.949977] ? __pfx_kthread+0x10/0x10 [ 23.949998] ret_from_fork_asm+0x1a/0x30 [ 23.950029] </TASK> [ 23.950041] [ 23.960559] Allocated by task 230: [ 23.960902] kasan_save_stack+0x45/0x70 [ 23.961057] kasan_save_track+0x18/0x40 [ 23.961243] kasan_save_alloc_info+0x3b/0x50 [ 23.961699] __kasan_kmalloc+0xb7/0xc0 [ 23.961895] __kmalloc_cache_noprof+0x189/0x420 [ 23.962100] kmalloc_memmove_negative_size+0xac/0x330 [ 23.962683] kunit_try_run_case+0x1a5/0x480 [ 23.962905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.963122] kthread+0x337/0x6f0 [ 23.963476] ret_from_fork+0x116/0x1d0 [ 23.963660] ret_from_fork_asm+0x1a/0x30 [ 23.963847] [ 23.963938] The buggy address belongs to the object at ffff88810579bd80 [ 23.963938] which belongs to the cache kmalloc-64 of size 64 [ 23.964410] The buggy address is located 4 bytes inside of [ 23.964410] 64-byte region [ffff88810579bd80, ffff88810579bdc0) [ 23.965184] [ 23.965417] The buggy address belongs to the physical page: [ 23.965804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579b [ 23.966129] flags: 0x200000000000000(node=0|zone=2) [ 23.966480] page_type: f5(slab) [ 23.966647] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.966985] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.967678] page dumped because: kasan: bad access detected [ 23.967934] [ 23.968015] Memory state around the buggy address: [ 23.968229] ffff88810579bc80: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 23.968624] ffff88810579bd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.968941] >ffff88810579bd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.969228] ^ [ 23.969482] ffff88810579be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.969780] ffff88810579be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.970065] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 23.914520] ================================================================== [ 23.915017] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.915244] Write of size 16 at addr ffff888105745169 by task kunit_try_catch/228 [ 23.916435] [ 23.916657] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.916855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.916872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.916894] Call Trace: [ 23.916907] <TASK> [ 23.916925] dump_stack_lvl+0x73/0xb0 [ 23.916958] print_report+0xd1/0x610 [ 23.916982] ? __virt_addr_valid+0x1db/0x2d0 [ 23.917008] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.917029] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.917055] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.917076] kasan_report+0x141/0x180 [ 23.917098] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.917125] kasan_check_range+0x10c/0x1c0 [ 23.917149] __asan_memset+0x27/0x50 [ 23.917172] kmalloc_oob_memset_16+0x166/0x330 [ 23.917193] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.917217] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.917242] kunit_try_run_case+0x1a5/0x480 [ 23.917263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.917283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.917307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.917329] ? __kthread_parkme+0x82/0x180 [ 23.917351] ? preempt_count_sub+0x50/0x80 [ 23.917394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.917425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.917450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.917474] kthread+0x337/0x6f0 [ 23.917495] ? trace_preempt_on+0x20/0xc0 [ 23.917518] ? __pfx_kthread+0x10/0x10 [ 23.917539] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.917566] ? calculate_sigpending+0x7b/0xa0 [ 23.917591] ? __pfx_kthread+0x10/0x10 [ 23.917612] ret_from_fork+0x116/0x1d0 [ 23.917632] ? __pfx_kthread+0x10/0x10 [ 23.917653] ret_from_fork_asm+0x1a/0x30 [ 23.917683] </TASK> [ 23.917695] [ 23.931062] Allocated by task 228: [ 23.931230] kasan_save_stack+0x45/0x70 [ 23.931771] kasan_save_track+0x18/0x40 [ 23.932054] kasan_save_alloc_info+0x3b/0x50 [ 23.932451] __kasan_kmalloc+0xb7/0xc0 [ 23.932647] __kmalloc_cache_noprof+0x189/0x420 [ 23.932856] kmalloc_oob_memset_16+0xac/0x330 [ 23.933055] kunit_try_run_case+0x1a5/0x480 [ 23.933239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.933940] kthread+0x337/0x6f0 [ 23.934118] ret_from_fork+0x116/0x1d0 [ 23.934581] ret_from_fork_asm+0x1a/0x30 [ 23.934871] [ 23.934946] The buggy address belongs to the object at ffff888105745100 [ 23.934946] which belongs to the cache kmalloc-128 of size 128 [ 23.935674] The buggy address is located 105 bytes inside of [ 23.935674] allocated 120-byte region [ffff888105745100, ffff888105745178) [ 23.936568] [ 23.936695] The buggy address belongs to the physical page: [ 23.937080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 23.937825] flags: 0x200000000000000(node=0|zone=2) [ 23.938058] page_type: f5(slab) [ 23.938194] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.938859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.939263] page dumped because: kasan: bad access detected [ 23.939726] [ 23.939836] Memory state around the buggy address: [ 23.940224] ffff888105745000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.940802] ffff888105745080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.941200] >ffff888105745100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.941753] ^ [ 23.942171] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.942716] ffff888105745200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.943100] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 23.888017] ================================================================== [ 23.888643] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 23.888983] Write of size 8 at addr ffff888104cac371 by task kunit_try_catch/226 [ 23.889265] [ 23.889489] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.889543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.889554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.889577] Call Trace: [ 23.889590] <TASK> [ 23.889607] dump_stack_lvl+0x73/0xb0 [ 23.889640] print_report+0xd1/0x610 [ 23.889662] ? __virt_addr_valid+0x1db/0x2d0 [ 23.889688] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.889709] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.889749] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.889770] kasan_report+0x141/0x180 [ 23.889792] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.889817] kasan_check_range+0x10c/0x1c0 [ 23.889839] __asan_memset+0x27/0x50 [ 23.889862] kmalloc_oob_memset_8+0x166/0x330 [ 23.889884] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.889906] ? __schedule+0x10cc/0x2b60 [ 23.889930] ? __pfx_read_tsc+0x10/0x10 [ 23.889952] ? ktime_get_ts64+0x86/0x230 [ 23.889978] kunit_try_run_case+0x1a5/0x480 [ 23.890001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.890021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.890044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.890067] ? __kthread_parkme+0x82/0x180 [ 23.890088] ? preempt_count_sub+0x50/0x80 [ 23.890112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.890133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.890158] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.890182] kthread+0x337/0x6f0 [ 23.890202] ? trace_preempt_on+0x20/0xc0 [ 23.890226] ? __pfx_kthread+0x10/0x10 [ 23.890246] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.890310] ? calculate_sigpending+0x7b/0xa0 [ 23.890340] ? __pfx_kthread+0x10/0x10 [ 23.890361] ret_from_fork+0x116/0x1d0 [ 23.890381] ? __pfx_kthread+0x10/0x10 [ 23.890402] ret_from_fork_asm+0x1a/0x30 [ 23.890445] </TASK> [ 23.890456] [ 23.899965] Allocated by task 226: [ 23.900161] kasan_save_stack+0x45/0x70 [ 23.900703] kasan_save_track+0x18/0x40 [ 23.900920] kasan_save_alloc_info+0x3b/0x50 [ 23.901117] __kasan_kmalloc+0xb7/0xc0 [ 23.901566] __kmalloc_cache_noprof+0x189/0x420 [ 23.901935] kmalloc_oob_memset_8+0xac/0x330 [ 23.902337] kunit_try_run_case+0x1a5/0x480 [ 23.902883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.903203] kthread+0x337/0x6f0 [ 23.903553] ret_from_fork+0x116/0x1d0 [ 23.903761] ret_from_fork_asm+0x1a/0x30 [ 23.903938] [ 23.904023] The buggy address belongs to the object at ffff888104cac300 [ 23.904023] which belongs to the cache kmalloc-128 of size 128 [ 23.905252] The buggy address is located 113 bytes inside of [ 23.905252] allocated 120-byte region [ffff888104cac300, ffff888104cac378) [ 23.905923] [ 23.906006] The buggy address belongs to the physical page: [ 23.906173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 23.906410] flags: 0x200000000000000(node=0|zone=2) [ 23.906566] page_type: f5(slab) [ 23.906679] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.906911] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.907122] page dumped because: kasan: bad access detected [ 23.907282] [ 23.907345] Memory state around the buggy address: [ 23.907489] ffff888104cac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.908112] ffff888104cac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.908743] >ffff888104cac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.908953] ^ [ 23.909181] ffff888104cac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.909982] ffff888104cac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.910793] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 23.865165] ================================================================== [ 23.865927] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.866227] Write of size 4 at addr ffff888104cac275 by task kunit_try_catch/224 [ 23.866556] [ 23.866760] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.866818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.866830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.866852] Call Trace: [ 23.866866] <TASK> [ 23.866885] dump_stack_lvl+0x73/0xb0 [ 23.866921] print_report+0xd1/0x610 [ 23.866945] ? __virt_addr_valid+0x1db/0x2d0 [ 23.866969] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.866991] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.867016] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.867038] kasan_report+0x141/0x180 [ 23.867059] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.867084] kasan_check_range+0x10c/0x1c0 [ 23.867107] __asan_memset+0x27/0x50 [ 23.867130] kmalloc_oob_memset_4+0x166/0x330 [ 23.867153] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.867175] ? __schedule+0x10cc/0x2b60 [ 23.867199] ? __pfx_read_tsc+0x10/0x10 [ 23.867221] ? ktime_get_ts64+0x86/0x230 [ 23.867247] kunit_try_run_case+0x1a5/0x480 [ 23.867270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.867290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.867358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.867381] ? __kthread_parkme+0x82/0x180 [ 23.867403] ? preempt_count_sub+0x50/0x80 [ 23.867426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.867448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.867473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.867497] kthread+0x337/0x6f0 [ 23.867517] ? trace_preempt_on+0x20/0xc0 [ 23.867550] ? __pfx_kthread+0x10/0x10 [ 23.867570] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.867592] ? calculate_sigpending+0x7b/0xa0 [ 23.867617] ? __pfx_kthread+0x10/0x10 [ 23.867638] ret_from_fork+0x116/0x1d0 [ 23.867657] ? __pfx_kthread+0x10/0x10 [ 23.867678] ret_from_fork_asm+0x1a/0x30 [ 23.867708] </TASK> [ 23.867720] [ 23.875235] Allocated by task 224: [ 23.875528] kasan_save_stack+0x45/0x70 [ 23.875676] kasan_save_track+0x18/0x40 [ 23.875815] kasan_save_alloc_info+0x3b/0x50 [ 23.875994] __kasan_kmalloc+0xb7/0xc0 [ 23.876173] __kmalloc_cache_noprof+0x189/0x420 [ 23.876394] kmalloc_oob_memset_4+0xac/0x330 [ 23.876633] kunit_try_run_case+0x1a5/0x480 [ 23.876909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.877086] kthread+0x337/0x6f0 [ 23.877226] ret_from_fork+0x116/0x1d0 [ 23.877635] ret_from_fork_asm+0x1a/0x30 [ 23.877849] [ 23.877948] The buggy address belongs to the object at ffff888104cac200 [ 23.877948] which belongs to the cache kmalloc-128 of size 128 [ 23.878483] The buggy address is located 117 bytes inside of [ 23.878483] allocated 120-byte region [ffff888104cac200, ffff888104cac278) [ 23.878848] [ 23.878915] The buggy address belongs to the physical page: [ 23.879160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 23.879600] flags: 0x200000000000000(node=0|zone=2) [ 23.879837] page_type: f5(slab) [ 23.880002] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.880630] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.880931] page dumped because: kasan: bad access detected [ 23.881181] [ 23.881268] Memory state around the buggy address: [ 23.881588] ffff888104cac100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.881873] ffff888104cac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.882150] >ffff888104cac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.882443] ^ [ 23.882654] ffff888104cac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.882901] ffff888104cac300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.883223] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 23.831200] ================================================================== [ 23.831910] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.832413] Write of size 2 at addr ffff888104cac177 by task kunit_try_catch/222 [ 23.832656] [ 23.832781] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.832835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.832847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.832869] Call Trace: [ 23.832883] <TASK> [ 23.832901] dump_stack_lvl+0x73/0xb0 [ 23.832935] print_report+0xd1/0x610 [ 23.832958] ? __virt_addr_valid+0x1db/0x2d0 [ 23.832982] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.833003] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.833029] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.833050] kasan_report+0x141/0x180 [ 23.833072] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.833097] kasan_check_range+0x10c/0x1c0 [ 23.833120] __asan_memset+0x27/0x50 [ 23.833142] kmalloc_oob_memset_2+0x166/0x330 [ 23.833164] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.833187] ? __schedule+0x10cc/0x2b60 [ 23.833211] ? __pfx_read_tsc+0x10/0x10 [ 23.833234] ? ktime_get_ts64+0x86/0x230 [ 23.833259] kunit_try_run_case+0x1a5/0x480 [ 23.833568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.833589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.833613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.833636] ? __kthread_parkme+0x82/0x180 [ 23.833659] ? preempt_count_sub+0x50/0x80 [ 23.833683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.833704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.833729] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.833766] kthread+0x337/0x6f0 [ 23.833786] ? trace_preempt_on+0x20/0xc0 [ 23.833810] ? __pfx_kthread+0x10/0x10 [ 23.833830] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.833852] ? calculate_sigpending+0x7b/0xa0 [ 23.833877] ? __pfx_kthread+0x10/0x10 [ 23.833898] ret_from_fork+0x116/0x1d0 [ 23.833917] ? __pfx_kthread+0x10/0x10 [ 23.833938] ret_from_fork_asm+0x1a/0x30 [ 23.833968] </TASK> [ 23.833980] [ 23.843188] Allocated by task 222: [ 23.843432] kasan_save_stack+0x45/0x70 [ 23.843590] kasan_save_track+0x18/0x40 [ 23.844407] kasan_save_alloc_info+0x3b/0x50 [ 23.844634] __kasan_kmalloc+0xb7/0xc0 [ 23.844813] __kmalloc_cache_noprof+0x189/0x420 [ 23.845016] kmalloc_oob_memset_2+0xac/0x330 [ 23.845195] kunit_try_run_case+0x1a5/0x480 [ 23.845999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.847866] kthread+0x337/0x6f0 [ 23.848283] ret_from_fork+0x116/0x1d0 [ 23.848435] ret_from_fork_asm+0x1a/0x30 [ 23.848572] [ 23.848642] The buggy address belongs to the object at ffff888104cac100 [ 23.848642] which belongs to the cache kmalloc-128 of size 128 [ 23.849011] The buggy address is located 119 bytes inside of [ 23.849011] allocated 120-byte region [ffff888104cac100, ffff888104cac178) [ 23.849364] [ 23.849433] The buggy address belongs to the physical page: [ 23.849602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 23.851543] flags: 0x200000000000000(node=0|zone=2) [ 23.852626] page_type: f5(slab) [ 23.853270] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.854322] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.855994] page dumped because: kasan: bad access detected [ 23.856748] [ 23.857701] Memory state around the buggy address: [ 23.858489] ffff888104cac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.858855] ffff888104cac080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.859125] >ffff888104cac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.859401] ^ [ 23.859697] ffff888104cac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.860083] ffff888104cac200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.860712] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 23.798959] ================================================================== [ 23.799880] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.800813] Write of size 128 at addr ffff888105745000 by task kunit_try_catch/220 [ 23.801581] [ 23.801953] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.802099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.802116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.802139] Call Trace: [ 23.802153] <TASK> [ 23.802172] dump_stack_lvl+0x73/0xb0 [ 23.802207] print_report+0xd1/0x610 [ 23.802230] ? __virt_addr_valid+0x1db/0x2d0 [ 23.802255] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.802298] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.802323] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.802346] kasan_report+0x141/0x180 [ 23.802367] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.802392] kasan_check_range+0x10c/0x1c0 [ 23.802415] __asan_memset+0x27/0x50 [ 23.802437] kmalloc_oob_in_memset+0x15f/0x320 [ 23.802458] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.802480] ? __schedule+0x10cc/0x2b60 [ 23.802504] ? __pfx_read_tsc+0x10/0x10 [ 23.802526] ? ktime_get_ts64+0x86/0x230 [ 23.802553] kunit_try_run_case+0x1a5/0x480 [ 23.802576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.802595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.802619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.802643] ? __kthread_parkme+0x82/0x180 [ 23.802665] ? preempt_count_sub+0x50/0x80 [ 23.802689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.802710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.802748] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.802772] kthread+0x337/0x6f0 [ 23.802793] ? trace_preempt_on+0x20/0xc0 [ 23.802817] ? __pfx_kthread+0x10/0x10 [ 23.802838] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.802860] ? calculate_sigpending+0x7b/0xa0 [ 23.802885] ? __pfx_kthread+0x10/0x10 [ 23.802906] ret_from_fork+0x116/0x1d0 [ 23.802925] ? __pfx_kthread+0x10/0x10 [ 23.802946] ret_from_fork_asm+0x1a/0x30 [ 23.802977] </TASK> [ 23.802989] [ 23.817098] Allocated by task 220: [ 23.817230] kasan_save_stack+0x45/0x70 [ 23.817369] kasan_save_track+0x18/0x40 [ 23.817521] kasan_save_alloc_info+0x3b/0x50 [ 23.817692] __kasan_kmalloc+0xb7/0xc0 [ 23.818143] __kmalloc_cache_noprof+0x189/0x420 [ 23.818392] kmalloc_oob_in_memset+0xac/0x320 [ 23.818849] kunit_try_run_case+0x1a5/0x480 [ 23.819139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.819355] kthread+0x337/0x6f0 [ 23.819746] ret_from_fork+0x116/0x1d0 [ 23.819897] ret_from_fork_asm+0x1a/0x30 [ 23.820212] [ 23.820310] The buggy address belongs to the object at ffff888105745000 [ 23.820310] which belongs to the cache kmalloc-128 of size 128 [ 23.820996] The buggy address is located 0 bytes inside of [ 23.820996] allocated 120-byte region [ffff888105745000, ffff888105745078) [ 23.821506] [ 23.821936] The buggy address belongs to the physical page: [ 23.822142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 23.822782] flags: 0x200000000000000(node=0|zone=2) [ 23.823115] page_type: f5(slab) [ 23.823303] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.823828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.824223] page dumped because: kasan: bad access detected [ 23.824630] [ 23.824716] Memory state around the buggy address: [ 23.824934] ffff888105744f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.825235] ffff888105744f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.825911] >ffff888105745000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.826198] ^ [ 23.826750] ffff888105745080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.827144] ffff888105745100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.827687] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 23.757171] ================================================================== [ 23.758540] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 23.759222] Read of size 16 at addr ffff888104c83b40 by task kunit_try_catch/218 [ 23.759936] [ 23.760139] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.760194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.760206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.760229] Call Trace: [ 23.760242] <TASK> [ 23.760261] dump_stack_lvl+0x73/0xb0 [ 23.760295] print_report+0xd1/0x610 [ 23.760323] ? __virt_addr_valid+0x1db/0x2d0 [ 23.760410] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.760444] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.760470] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.760490] kasan_report+0x141/0x180 [ 23.760512] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.760537] __asan_report_load16_noabort+0x18/0x20 [ 23.760560] kmalloc_uaf_16+0x47b/0x4c0 [ 23.760580] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 23.760601] ? __schedule+0x10cc/0x2b60 [ 23.760627] ? __pfx_read_tsc+0x10/0x10 [ 23.760649] ? ktime_get_ts64+0x86/0x230 [ 23.760674] kunit_try_run_case+0x1a5/0x480 [ 23.760697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.760717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.760753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.760776] ? __kthread_parkme+0x82/0x180 [ 23.760797] ? preempt_count_sub+0x50/0x80 [ 23.760820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.760841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.760865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.760891] kthread+0x337/0x6f0 [ 23.760911] ? trace_preempt_on+0x20/0xc0 [ 23.760934] ? __pfx_kthread+0x10/0x10 [ 23.760954] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.760976] ? calculate_sigpending+0x7b/0xa0 [ 23.761000] ? __pfx_kthread+0x10/0x10 [ 23.761022] ret_from_fork+0x116/0x1d0 [ 23.761040] ? __pfx_kthread+0x10/0x10 [ 23.761061] ret_from_fork_asm+0x1a/0x30 [ 23.761092] </TASK> [ 23.761103] [ 23.773503] Allocated by task 218: [ 23.774225] kasan_save_stack+0x45/0x70 [ 23.774759] kasan_save_track+0x18/0x40 [ 23.775238] kasan_save_alloc_info+0x3b/0x50 [ 23.775812] __kasan_kmalloc+0xb7/0xc0 [ 23.775953] __kmalloc_cache_noprof+0x189/0x420 [ 23.776104] kmalloc_uaf_16+0x15b/0x4c0 [ 23.776233] kunit_try_run_case+0x1a5/0x480 [ 23.776963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.777611] kthread+0x337/0x6f0 [ 23.778068] ret_from_fork+0x116/0x1d0 [ 23.778641] ret_from_fork_asm+0x1a/0x30 [ 23.779121] [ 23.779264] Freed by task 218: [ 23.779542] kasan_save_stack+0x45/0x70 [ 23.780135] kasan_save_track+0x18/0x40 [ 23.780294] kasan_save_free_info+0x3f/0x60 [ 23.781001] __kasan_slab_free+0x56/0x70 [ 23.781435] kfree+0x222/0x3f0 [ 23.781581] kmalloc_uaf_16+0x1d6/0x4c0 [ 23.781987] kunit_try_run_case+0x1a5/0x480 [ 23.782552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.782966] kthread+0x337/0x6f0 [ 23.783095] ret_from_fork+0x116/0x1d0 [ 23.783223] ret_from_fork_asm+0x1a/0x30 [ 23.783431] [ 23.783860] The buggy address belongs to the object at ffff888104c83b40 [ 23.783860] which belongs to the cache kmalloc-16 of size 16 [ 23.785379] The buggy address is located 0 bytes inside of [ 23.785379] freed 16-byte region [ffff888104c83b40, ffff888104c83b50) [ 23.786492] [ 23.786677] The buggy address belongs to the physical page: [ 23.786869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 23.787105] flags: 0x200000000000000(node=0|zone=2) [ 23.787318] page_type: f5(slab) [ 23.787896] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.788708] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.789538] page dumped because: kasan: bad access detected [ 23.790276] [ 23.790579] Memory state around the buggy address: [ 23.791104] ffff888104c83a00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 23.791610] ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.792470] >ffff888104c83b00: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 23.792947] ^ [ 23.793121] ffff888104c83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.793742] ffff888104c83c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.794462] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 23.723077] ================================================================== [ 23.723903] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 23.724584] Write of size 16 at addr ffff888104c83ae0 by task kunit_try_catch/216 [ 23.725235] [ 23.725429] CPU: 0 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.725485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.725497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.725521] Call Trace: [ 23.725535] <TASK> [ 23.725556] dump_stack_lvl+0x73/0xb0 [ 23.725591] print_report+0xd1/0x610 [ 23.725618] ? __virt_addr_valid+0x1db/0x2d0 [ 23.725645] ? kmalloc_oob_16+0x452/0x4a0 [ 23.725666] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.725692] ? kmalloc_oob_16+0x452/0x4a0 [ 23.725713] kasan_report+0x141/0x180 [ 23.725743] ? kmalloc_oob_16+0x452/0x4a0 [ 23.725768] __asan_report_store16_noabort+0x1b/0x30 [ 23.725792] kmalloc_oob_16+0x452/0x4a0 [ 23.725812] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.725834] ? __schedule+0x10cc/0x2b60 [ 23.725858] ? __pfx_read_tsc+0x10/0x10 [ 23.725881] ? ktime_get_ts64+0x86/0x230 [ 23.725908] kunit_try_run_case+0x1a5/0x480 [ 23.725932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.725952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.725975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.725998] ? __kthread_parkme+0x82/0x180 [ 23.726020] ? preempt_count_sub+0x50/0x80 [ 23.726043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.726065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.726089] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.726115] kthread+0x337/0x6f0 [ 23.726135] ? trace_preempt_on+0x20/0xc0 [ 23.726159] ? __pfx_kthread+0x10/0x10 [ 23.726179] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.726201] ? calculate_sigpending+0x7b/0xa0 [ 23.726226] ? __pfx_kthread+0x10/0x10 [ 23.726247] ret_from_fork+0x116/0x1d0 [ 23.726266] ? __pfx_kthread+0x10/0x10 [ 23.726286] ret_from_fork_asm+0x1a/0x30 [ 23.726317] </TASK> [ 23.726329] [ 23.738444] Allocated by task 216: [ 23.738881] kasan_save_stack+0x45/0x70 [ 23.739344] kasan_save_track+0x18/0x40 [ 23.739850] kasan_save_alloc_info+0x3b/0x50 [ 23.740385] __kasan_kmalloc+0xb7/0xc0 [ 23.740839] __kmalloc_cache_noprof+0x189/0x420 [ 23.741343] kmalloc_oob_16+0xa8/0x4a0 [ 23.741806] kunit_try_run_case+0x1a5/0x480 [ 23.742241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.742924] kthread+0x337/0x6f0 [ 23.743305] ret_from_fork+0x116/0x1d0 [ 23.743601] ret_from_fork_asm+0x1a/0x30 [ 23.743763] [ 23.743834] The buggy address belongs to the object at ffff888104c83ae0 [ 23.743834] which belongs to the cache kmalloc-16 of size 16 [ 23.744178] The buggy address is located 0 bytes inside of [ 23.744178] allocated 13-byte region [ffff888104c83ae0, ffff888104c83aed) [ 23.744526] [ 23.744593] The buggy address belongs to the physical page: [ 23.744863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c83 [ 23.745742] flags: 0x200000000000000(node=0|zone=2) [ 23.746182] page_type: f5(slab) [ 23.746514] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.747306] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.748067] page dumped because: kasan: bad access detected [ 23.748721] [ 23.748886] Memory state around the buggy address: [ 23.749284] ffff888104c83980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.749983] ffff888104c83a00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 23.750709] >ffff888104c83a80: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 23.751361] ^ [ 23.751969] ffff888104c83b00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.752665] ffff888104c83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.753138] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 23.682599] ================================================================== [ 23.682894] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 23.683138] Read of size 1 at addr ffff888100a16c00 by task kunit_try_catch/214 [ 23.683754] [ 23.683877] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.683927] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.683938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.683982] Call Trace: [ 23.683997] <TASK> [ 23.684012] dump_stack_lvl+0x73/0xb0 [ 23.684046] print_report+0xd1/0x610 [ 23.684086] ? __virt_addr_valid+0x1db/0x2d0 [ 23.684110] ? krealloc_uaf+0x53c/0x5e0 [ 23.684130] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.684155] ? krealloc_uaf+0x53c/0x5e0 [ 23.684176] kasan_report+0x141/0x180 [ 23.684197] ? krealloc_uaf+0x53c/0x5e0 [ 23.684222] __asan_report_load1_noabort+0x18/0x20 [ 23.684245] krealloc_uaf+0x53c/0x5e0 [ 23.684312] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.684350] ? finish_task_switch.isra.0+0x153/0x700 [ 23.684386] ? __switch_to+0x47/0xf80 [ 23.684444] ? __schedule+0x10cc/0x2b60 [ 23.684468] ? __pfx_read_tsc+0x10/0x10 [ 23.684490] ? ktime_get_ts64+0x86/0x230 [ 23.684516] kunit_try_run_case+0x1a5/0x480 [ 23.684540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.684559] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.684582] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.684605] ? __kthread_parkme+0x82/0x180 [ 23.684626] ? preempt_count_sub+0x50/0x80 [ 23.684648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.684669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.684693] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.684718] kthread+0x337/0x6f0 [ 23.684748] ? trace_preempt_on+0x20/0xc0 [ 23.684774] ? __pfx_kthread+0x10/0x10 [ 23.684908] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.684932] ? calculate_sigpending+0x7b/0xa0 [ 23.684958] ? __pfx_kthread+0x10/0x10 [ 23.684980] ret_from_fork+0x116/0x1d0 [ 23.685000] ? __pfx_kthread+0x10/0x10 [ 23.685022] ret_from_fork_asm+0x1a/0x30 [ 23.685053] </TASK> [ 23.685065] [ 23.696547] Allocated by task 214: [ 23.696684] kasan_save_stack+0x45/0x70 [ 23.697368] kasan_save_track+0x18/0x40 [ 23.697730] kasan_save_alloc_info+0x3b/0x50 [ 23.698134] __kasan_kmalloc+0xb7/0xc0 [ 23.698560] __kmalloc_cache_noprof+0x189/0x420 [ 23.698990] krealloc_uaf+0xbb/0x5e0 [ 23.699557] kunit_try_run_case+0x1a5/0x480 [ 23.699961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.700537] kthread+0x337/0x6f0 [ 23.700862] ret_from_fork+0x116/0x1d0 [ 23.701205] ret_from_fork_asm+0x1a/0x30 [ 23.701658] [ 23.701827] Freed by task 214: [ 23.702137] kasan_save_stack+0x45/0x70 [ 23.702561] kasan_save_track+0x18/0x40 [ 23.702953] kasan_save_free_info+0x3f/0x60 [ 23.703485] __kasan_slab_free+0x56/0x70 [ 23.703757] kfree+0x222/0x3f0 [ 23.703870] krealloc_uaf+0x13d/0x5e0 [ 23.703995] kunit_try_run_case+0x1a5/0x480 [ 23.704130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.704545] kthread+0x337/0x6f0 [ 23.704851] ret_from_fork+0x116/0x1d0 [ 23.705210] ret_from_fork_asm+0x1a/0x30 [ 23.705658] [ 23.705848] The buggy address belongs to the object at ffff888100a16c00 [ 23.705848] which belongs to the cache kmalloc-256 of size 256 [ 23.706979] The buggy address is located 0 bytes inside of [ 23.706979] freed 256-byte region [ffff888100a16c00, ffff888100a16d00) [ 23.708023] [ 23.708213] The buggy address belongs to the physical page: [ 23.708636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16 [ 23.708901] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.709122] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.709588] page_type: f5(slab) [ 23.709927] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.710713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.711605] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.712500] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.713463] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff [ 23.714136] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.714680] page dumped because: kasan: bad access detected [ 23.715185] [ 23.715529] Memory state around the buggy address: [ 23.715855] ffff888100a16b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.716067] ffff888100a16b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.716343] >ffff888100a16c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.717183] ^ [ 23.717515] ffff888100a16c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.718223] ffff888100a16d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.719014] ================================================================== [ 23.656869] ================================================================== [ 23.657570] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 23.657907] Read of size 1 at addr ffff888100a16c00 by task kunit_try_catch/214 [ 23.658217] [ 23.658347] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.658500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.658514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.658537] Call Trace: [ 23.658551] <TASK> [ 23.658570] dump_stack_lvl+0x73/0xb0 [ 23.658625] print_report+0xd1/0x610 [ 23.658648] ? __virt_addr_valid+0x1db/0x2d0 [ 23.658671] ? krealloc_uaf+0x1b8/0x5e0 [ 23.658692] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.658717] ? krealloc_uaf+0x1b8/0x5e0 [ 23.658749] kasan_report+0x141/0x180 [ 23.658770] ? krealloc_uaf+0x1b8/0x5e0 [ 23.658794] ? krealloc_uaf+0x1b8/0x5e0 [ 23.658815] __kasan_check_byte+0x3d/0x50 [ 23.658835] krealloc_noprof+0x3f/0x340 [ 23.658862] krealloc_uaf+0x1b8/0x5e0 [ 23.658904] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.658924] ? finish_task_switch.isra.0+0x153/0x700 [ 23.658946] ? __switch_to+0x47/0xf80 [ 23.658972] ? __schedule+0x10cc/0x2b60 [ 23.658996] ? __pfx_read_tsc+0x10/0x10 [ 23.659018] ? ktime_get_ts64+0x86/0x230 [ 23.659044] kunit_try_run_case+0x1a5/0x480 [ 23.659083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.659103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.659126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.659149] ? __kthread_parkme+0x82/0x180 [ 23.659170] ? preempt_count_sub+0x50/0x80 [ 23.659192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.659213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.659237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.659261] kthread+0x337/0x6f0 [ 23.659340] ? trace_preempt_on+0x20/0xc0 [ 23.659363] ? __pfx_kthread+0x10/0x10 [ 23.659384] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.659405] ? calculate_sigpending+0x7b/0xa0 [ 23.659437] ? __pfx_kthread+0x10/0x10 [ 23.659459] ret_from_fork+0x116/0x1d0 [ 23.659478] ? __pfx_kthread+0x10/0x10 [ 23.659499] ret_from_fork_asm+0x1a/0x30 [ 23.659530] </TASK> [ 23.659541] [ 23.668207] Allocated by task 214: [ 23.668513] kasan_save_stack+0x45/0x70 [ 23.668711] kasan_save_track+0x18/0x40 [ 23.668852] kasan_save_alloc_info+0x3b/0x50 [ 23.668993] __kasan_kmalloc+0xb7/0xc0 [ 23.669151] __kmalloc_cache_noprof+0x189/0x420 [ 23.669592] krealloc_uaf+0xbb/0x5e0 [ 23.669796] kunit_try_run_case+0x1a5/0x480 [ 23.669998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.670246] kthread+0x337/0x6f0 [ 23.670534] ret_from_fork+0x116/0x1d0 [ 23.670670] ret_from_fork_asm+0x1a/0x30 [ 23.670866] [ 23.670980] Freed by task 214: [ 23.671131] kasan_save_stack+0x45/0x70 [ 23.671446] kasan_save_track+0x18/0x40 [ 23.671608] kasan_save_free_info+0x3f/0x60 [ 23.671843] __kasan_slab_free+0x56/0x70 [ 23.672033] kfree+0x222/0x3f0 [ 23.672183] krealloc_uaf+0x13d/0x5e0 [ 23.672452] kunit_try_run_case+0x1a5/0x480 [ 23.672620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.672832] kthread+0x337/0x6f0 [ 23.673019] ret_from_fork+0x116/0x1d0 [ 23.673209] ret_from_fork_asm+0x1a/0x30 [ 23.673502] [ 23.673614] The buggy address belongs to the object at ffff888100a16c00 [ 23.673614] which belongs to the cache kmalloc-256 of size 256 [ 23.674256] The buggy address is located 0 bytes inside of [ 23.674256] freed 256-byte region [ffff888100a16c00, ffff888100a16d00) [ 23.674790] [ 23.674881] The buggy address belongs to the physical page: [ 23.675058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a16 [ 23.675295] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.675766] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.676051] page_type: f5(slab) [ 23.676220] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.677056] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.677482] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.677718] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.678195] head: 0200000000000001 ffffea0004028581 00000000ffffffff 00000000ffffffff [ 23.678576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.678934] page dumped because: kasan: bad access detected [ 23.679141] [ 23.679436] Memory state around the buggy address: [ 23.679672] ffff888100a16b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.679964] ffff888100a16b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.680488] >ffff888100a16c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.680797] ^ [ 23.680980] ffff888100a16c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.681365] ffff888100a16d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.681680] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 23.616776] ================================================================== [ 23.617133] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.617602] Write of size 1 at addr ffff888102b960ea by task kunit_try_catch/212 [ 23.617953] [ 23.618076] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.618136] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.618148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.618169] Call Trace: [ 23.618187] <TASK> [ 23.618203] dump_stack_lvl+0x73/0xb0 [ 23.618234] print_report+0xd1/0x610 [ 23.618263] ? __virt_addr_valid+0x1db/0x2d0 [ 23.618287] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.618311] ? kasan_addr_to_slab+0x11/0xa0 [ 23.618331] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.618354] kasan_report+0x141/0x180 [ 23.618375] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.618403] __asan_report_store1_noabort+0x1b/0x30 [ 23.618427] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.618451] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.618475] ? finish_task_switch.isra.0+0x153/0x700 [ 23.618496] ? __switch_to+0x47/0xf80 [ 23.618521] ? __schedule+0x10cc/0x2b60 [ 23.618545] ? __pfx_read_tsc+0x10/0x10 [ 23.618570] krealloc_large_less_oob+0x1c/0x30 [ 23.618591] kunit_try_run_case+0x1a5/0x480 [ 23.618614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.618633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.618656] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.618679] ? __kthread_parkme+0x82/0x180 [ 23.618759] ? preempt_count_sub+0x50/0x80 [ 23.618798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.618843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.618868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.618922] kthread+0x337/0x6f0 [ 23.618942] ? trace_preempt_on+0x20/0xc0 [ 23.618965] ? __pfx_kthread+0x10/0x10 [ 23.618987] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.619008] ? calculate_sigpending+0x7b/0xa0 [ 23.619032] ? __pfx_kthread+0x10/0x10 [ 23.619055] ret_from_fork+0x116/0x1d0 [ 23.619075] ? __pfx_kthread+0x10/0x10 [ 23.619096] ret_from_fork_asm+0x1a/0x30 [ 23.619153] </TASK> [ 23.619164] [ 23.627287] The buggy address belongs to the physical page: [ 23.627534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.628120] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.628555] flags: 0x200000000000040(head|node=0|zone=2) [ 23.628852] page_type: f8(unknown) [ 23.629019] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.629481] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.629789] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.630123] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.630646] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.630978] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.631334] page dumped because: kasan: bad access detected [ 23.631608] [ 23.631759] Memory state around the buggy address: [ 23.632001] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.632332] ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.632825] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.633332] ^ [ 23.633647] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.633993] ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.634314] ================================================================== [ 23.455457] ================================================================== [ 23.455774] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.456271] Write of size 1 at addr ffff88810579daea by task kunit_try_catch/208 [ 23.456635] [ 23.456908] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.456965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.456977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.456999] Call Trace: [ 23.457016] <TASK> [ 23.457032] dump_stack_lvl+0x73/0xb0 [ 23.457064] print_report+0xd1/0x610 [ 23.457086] ? __virt_addr_valid+0x1db/0x2d0 [ 23.457111] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.457304] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.457330] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.457353] kasan_report+0x141/0x180 [ 23.457375] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.457402] __asan_report_store1_noabort+0x1b/0x30 [ 23.457426] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.457451] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.457474] ? finish_task_switch.isra.0+0x153/0x700 [ 23.457495] ? __switch_to+0x47/0xf80 [ 23.457521] ? __schedule+0x10cc/0x2b60 [ 23.457577] ? __pfx_read_tsc+0x10/0x10 [ 23.457601] krealloc_less_oob+0x1c/0x30 [ 23.457622] kunit_try_run_case+0x1a5/0x480 [ 23.457655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.457674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.457698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.457721] ? __kthread_parkme+0x82/0x180 [ 23.457752] ? preempt_count_sub+0x50/0x80 [ 23.457774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.457795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.457819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.457844] kthread+0x337/0x6f0 [ 23.457863] ? trace_preempt_on+0x20/0xc0 [ 23.457887] ? __pfx_kthread+0x10/0x10 [ 23.457907] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.457928] ? calculate_sigpending+0x7b/0xa0 [ 23.457952] ? __pfx_kthread+0x10/0x10 [ 23.457973] ret_from_fork+0x116/0x1d0 [ 23.457992] ? __pfx_kthread+0x10/0x10 [ 23.458012] ret_from_fork_asm+0x1a/0x30 [ 23.458042] </TASK> [ 23.458053] [ 23.465748] Allocated by task 208: [ 23.465919] kasan_save_stack+0x45/0x70 [ 23.466114] kasan_save_track+0x18/0x40 [ 23.466282] kasan_save_alloc_info+0x3b/0x50 [ 23.466459] __kasan_krealloc+0x190/0x1f0 [ 23.466654] krealloc_noprof+0xf3/0x340 [ 23.466853] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.467063] krealloc_less_oob+0x1c/0x30 [ 23.467205] kunit_try_run_case+0x1a5/0x480 [ 23.467406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.467754] kthread+0x337/0x6f0 [ 23.467914] ret_from_fork+0x116/0x1d0 [ 23.468112] ret_from_fork_asm+0x1a/0x30 [ 23.468248] [ 23.468312] The buggy address belongs to the object at ffff88810579da00 [ 23.468312] which belongs to the cache kmalloc-256 of size 256 [ 23.468845] The buggy address is located 33 bytes to the right of [ 23.468845] allocated 201-byte region [ffff88810579da00, ffff88810579dac9) [ 23.469356] [ 23.469455] The buggy address belongs to the physical page: [ 23.469709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c [ 23.470105] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.470327] flags: 0x200000000000040(head|node=0|zone=2) [ 23.470542] page_type: f5(slab) [ 23.470711] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.471114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.471438] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.471711] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.472114] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff [ 23.472542] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.472840] page dumped because: kasan: bad access detected [ 23.473007] [ 23.473070] Memory state around the buggy address: [ 23.473218] ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.473642] ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.473975] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.474338] ^ [ 23.474621] ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.474986] ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.475301] ================================================================== [ 23.591534] ================================================================== [ 23.591778] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.592018] Write of size 1 at addr ffff888102b960da by task kunit_try_catch/212 [ 23.592234] [ 23.592323] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.592371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.592383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.592404] Call Trace: [ 23.592419] <TASK> [ 23.592433] dump_stack_lvl+0x73/0xb0 [ 23.592461] print_report+0xd1/0x610 [ 23.592482] ? __virt_addr_valid+0x1db/0x2d0 [ 23.592506] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.592528] ? kasan_addr_to_slab+0x11/0xa0 [ 23.592547] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.592569] kasan_report+0x141/0x180 [ 23.592590] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.592616] __asan_report_store1_noabort+0x1b/0x30 [ 23.592639] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.592663] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.592685] ? finish_task_switch.isra.0+0x153/0x700 [ 23.592707] ? __switch_to+0x47/0xf80 [ 23.592742] ? __schedule+0x10cc/0x2b60 [ 23.592765] ? __pfx_read_tsc+0x10/0x10 [ 23.592789] krealloc_large_less_oob+0x1c/0x30 [ 23.592810] kunit_try_run_case+0x1a5/0x480 [ 23.592831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.592850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.592934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.592971] ? __kthread_parkme+0x82/0x180 [ 23.592991] ? preempt_count_sub+0x50/0x80 [ 23.593028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.593305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.593331] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.593374] kthread+0x337/0x6f0 [ 23.593412] ? trace_preempt_on+0x20/0xc0 [ 23.593653] ? __pfx_kthread+0x10/0x10 [ 23.593700] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.594340] ? calculate_sigpending+0x7b/0xa0 [ 23.594370] ? __pfx_kthread+0x10/0x10 [ 23.594424] ret_from_fork+0x116/0x1d0 [ 23.594447] ? __pfx_kthread+0x10/0x10 [ 23.594469] ret_from_fork_asm+0x1a/0x30 [ 23.594501] </TASK> [ 23.594512] [ 23.608529] The buggy address belongs to the physical page: [ 23.609091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.610098] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.610897] flags: 0x200000000000040(head|node=0|zone=2) [ 23.611419] page_type: f8(unknown) [ 23.611850] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.612534] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.613112] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.613807] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.614041] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.614263] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.614489] page dumped because: kasan: bad access detected [ 23.614652] [ 23.614714] Memory state around the buggy address: [ 23.614871] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.615076] ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.615282] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.615483] ^ [ 23.615664] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.615905] ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.616109] ================================================================== [ 23.634725] ================================================================== [ 23.635279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.635506] Write of size 1 at addr ffff888102b960eb by task kunit_try_catch/212 [ 23.635712] [ 23.635799] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.635843] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.635855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.635874] Call Trace: [ 23.635888] <TASK> [ 23.635901] dump_stack_lvl+0x73/0xb0 [ 23.635928] print_report+0xd1/0x610 [ 23.635950] ? __virt_addr_valid+0x1db/0x2d0 [ 23.635974] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.635996] ? kasan_addr_to_slab+0x11/0xa0 [ 23.636015] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.636037] kasan_report+0x141/0x180 [ 23.636058] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.636084] __asan_report_store1_noabort+0x1b/0x30 [ 23.636107] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.636130] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.636209] ? finish_task_switch.isra.0+0x153/0x700 [ 23.636233] ? __switch_to+0x47/0xf80 [ 23.636280] ? __schedule+0x10cc/0x2b60 [ 23.636304] ? __pfx_read_tsc+0x10/0x10 [ 23.636334] krealloc_large_less_oob+0x1c/0x30 [ 23.636356] kunit_try_run_case+0x1a5/0x480 [ 23.636377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.636397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.636419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.636442] ? __kthread_parkme+0x82/0x180 [ 23.636482] ? preempt_count_sub+0x50/0x80 [ 23.636514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.636535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.636587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.636612] kthread+0x337/0x6f0 [ 23.636632] ? trace_preempt_on+0x20/0xc0 [ 23.636655] ? __pfx_kthread+0x10/0x10 [ 23.636676] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.636697] ? calculate_sigpending+0x7b/0xa0 [ 23.636721] ? __pfx_kthread+0x10/0x10 [ 23.636752] ret_from_fork+0x116/0x1d0 [ 23.636771] ? __pfx_kthread+0x10/0x10 [ 23.636792] ret_from_fork_asm+0x1a/0x30 [ 23.636822] </TASK> [ 23.636833] [ 23.645506] The buggy address belongs to the physical page: [ 23.645780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.646119] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.646471] flags: 0x200000000000040(head|node=0|zone=2) [ 23.646960] page_type: f8(unknown) [ 23.647090] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.647700] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.648243] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.648704] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.649082] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.649487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.649846] page dumped because: kasan: bad access detected [ 23.650116] [ 23.650245] Memory state around the buggy address: [ 23.650625] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.651135] ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.651475] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.651823] ^ [ 23.652273] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.652582] ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.652892] ================================================================== [ 23.548703] ================================================================== [ 23.549325] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.549573] Write of size 1 at addr ffff888102b960c9 by task kunit_try_catch/212 [ 23.549800] [ 23.549887] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.549937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.549949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.549971] Call Trace: [ 23.549984] <TASK> [ 23.550000] dump_stack_lvl+0x73/0xb0 [ 23.550031] print_report+0xd1/0x610 [ 23.550052] ? __virt_addr_valid+0x1db/0x2d0 [ 23.550077] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.550103] ? kasan_addr_to_slab+0x11/0xa0 [ 23.550124] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.550147] kasan_report+0x141/0x180 [ 23.550168] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.550194] __asan_report_store1_noabort+0x1b/0x30 [ 23.550218] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.550242] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.550264] ? finish_task_switch.isra.0+0x153/0x700 [ 23.550287] ? __switch_to+0x47/0xf80 [ 23.550313] ? __schedule+0x10cc/0x2b60 [ 23.550336] ? __pfx_read_tsc+0x10/0x10 [ 23.550361] krealloc_large_less_oob+0x1c/0x30 [ 23.550382] kunit_try_run_case+0x1a5/0x480 [ 23.550404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.550423] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.550446] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.550468] ? __kthread_parkme+0x82/0x180 [ 23.550488] ? preempt_count_sub+0x50/0x80 [ 23.550510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.550530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.550554] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.550578] kthread+0x337/0x6f0 [ 23.550598] ? trace_preempt_on+0x20/0xc0 [ 23.550622] ? __pfx_kthread+0x10/0x10 [ 23.550643] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.550664] ? calculate_sigpending+0x7b/0xa0 [ 23.550688] ? __pfx_kthread+0x10/0x10 [ 23.550709] ret_from_fork+0x116/0x1d0 [ 23.550728] ? __pfx_kthread+0x10/0x10 [ 23.551439] ret_from_fork_asm+0x1a/0x30 [ 23.551841] </TASK> [ 23.551858] [ 23.562427] The buggy address belongs to the physical page: [ 23.562674] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.563090] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.563608] flags: 0x200000000000040(head|node=0|zone=2) [ 23.563875] page_type: f8(unknown) [ 23.564056] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.564501] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.564756] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.564985] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.565352] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.565928] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.566466] page dumped because: kasan: bad access detected [ 23.566633] [ 23.566696] Memory state around the buggy address: [ 23.566889] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.567224] ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.567577] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.567982] ^ [ 23.568239] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.568591] ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.568849] ================================================================== [ 23.476039] ================================================================== [ 23.476750] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.477076] Write of size 1 at addr ffff88810579daeb by task kunit_try_catch/208 [ 23.477487] [ 23.477572] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.477651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.477663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.477695] Call Trace: [ 23.477723] <TASK> [ 23.477747] dump_stack_lvl+0x73/0xb0 [ 23.477776] print_report+0xd1/0x610 [ 23.477797] ? __virt_addr_valid+0x1db/0x2d0 [ 23.477820] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.477842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.477867] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.477890] kasan_report+0x141/0x180 [ 23.477911] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.477938] __asan_report_store1_noabort+0x1b/0x30 [ 23.477961] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.477986] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.478039] ? finish_task_switch.isra.0+0x153/0x700 [ 23.478061] ? __switch_to+0x47/0xf80 [ 23.478102] ? __schedule+0x10cc/0x2b60 [ 23.478124] ? __pfx_read_tsc+0x10/0x10 [ 23.478148] krealloc_less_oob+0x1c/0x30 [ 23.478169] kunit_try_run_case+0x1a5/0x480 [ 23.478190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.478209] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.478232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.478255] ? __kthread_parkme+0x82/0x180 [ 23.478275] ? preempt_count_sub+0x50/0x80 [ 23.478297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.478319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.478343] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.478368] kthread+0x337/0x6f0 [ 23.478387] ? trace_preempt_on+0x20/0xc0 [ 23.478477] ? __pfx_kthread+0x10/0x10 [ 23.478499] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.478520] ? calculate_sigpending+0x7b/0xa0 [ 23.478555] ? __pfx_kthread+0x10/0x10 [ 23.478576] ret_from_fork+0x116/0x1d0 [ 23.478595] ? __pfx_kthread+0x10/0x10 [ 23.478615] ret_from_fork_asm+0x1a/0x30 [ 23.478645] </TASK> [ 23.478655] [ 23.491041] Allocated by task 208: [ 23.491167] kasan_save_stack+0x45/0x70 [ 23.491307] kasan_save_track+0x18/0x40 [ 23.491502] kasan_save_alloc_info+0x3b/0x50 [ 23.491912] __kasan_krealloc+0x190/0x1f0 [ 23.492296] krealloc_noprof+0xf3/0x340 [ 23.492730] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.493193] krealloc_less_oob+0x1c/0x30 [ 23.493586] kunit_try_run_case+0x1a5/0x480 [ 23.493997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.494508] kthread+0x337/0x6f0 [ 23.494848] ret_from_fork+0x116/0x1d0 [ 23.495083] ret_from_fork_asm+0x1a/0x30 [ 23.495218] [ 23.495283] The buggy address belongs to the object at ffff88810579da00 [ 23.495283] which belongs to the cache kmalloc-256 of size 256 [ 23.496250] The buggy address is located 34 bytes to the right of [ 23.496250] allocated 201-byte region [ffff88810579da00, ffff88810579dac9) [ 23.497524] [ 23.497678] The buggy address belongs to the physical page: [ 23.498024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c [ 23.498262] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.498646] flags: 0x200000000000040(head|node=0|zone=2) [ 23.499143] page_type: f5(slab) [ 23.499445] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.500119] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.500921] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.501565] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.501801] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff [ 23.502026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.502244] page dumped because: kasan: bad access detected [ 23.502416] [ 23.502570] Memory state around the buggy address: [ 23.503002] ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.503659] ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.504540] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.505143] ^ [ 23.505857] ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.506490] ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.507104] ================================================================== [ 23.407666] ================================================================== [ 23.408196] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.408883] Write of size 1 at addr ffff88810579dad0 by task kunit_try_catch/208 [ 23.409767] [ 23.409902] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.409967] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.409979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.410001] Call Trace: [ 23.410014] <TASK> [ 23.410030] dump_stack_lvl+0x73/0xb0 [ 23.410061] print_report+0xd1/0x610 [ 23.410082] ? __virt_addr_valid+0x1db/0x2d0 [ 23.410106] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.410128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.410154] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.410176] kasan_report+0x141/0x180 [ 23.410229] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.410257] __asan_report_store1_noabort+0x1b/0x30 [ 23.410443] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.410474] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.410497] ? finish_task_switch.isra.0+0x153/0x700 [ 23.410519] ? __switch_to+0x47/0xf80 [ 23.410546] ? __schedule+0x10cc/0x2b60 [ 23.410569] ? __pfx_read_tsc+0x10/0x10 [ 23.410647] krealloc_less_oob+0x1c/0x30 [ 23.410668] kunit_try_run_case+0x1a5/0x480 [ 23.410702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.410722] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.410755] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.410778] ? __kthread_parkme+0x82/0x180 [ 23.410798] ? preempt_count_sub+0x50/0x80 [ 23.410820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.410841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.410865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.410889] kthread+0x337/0x6f0 [ 23.410908] ? trace_preempt_on+0x20/0xc0 [ 23.410930] ? __pfx_kthread+0x10/0x10 [ 23.410951] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.410972] ? calculate_sigpending+0x7b/0xa0 [ 23.410996] ? __pfx_kthread+0x10/0x10 [ 23.411016] ret_from_fork+0x116/0x1d0 [ 23.411035] ? __pfx_kthread+0x10/0x10 [ 23.411055] ret_from_fork_asm+0x1a/0x30 [ 23.411084] </TASK> [ 23.411095] [ 23.419781] Allocated by task 208: [ 23.419966] kasan_save_stack+0x45/0x70 [ 23.420195] kasan_save_track+0x18/0x40 [ 23.420330] kasan_save_alloc_info+0x3b/0x50 [ 23.420470] __kasan_krealloc+0x190/0x1f0 [ 23.420601] krealloc_noprof+0xf3/0x340 [ 23.420908] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.421156] krealloc_less_oob+0x1c/0x30 [ 23.421347] kunit_try_run_case+0x1a5/0x480 [ 23.421548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.422020] kthread+0x337/0x6f0 [ 23.422209] ret_from_fork+0x116/0x1d0 [ 23.422410] ret_from_fork_asm+0x1a/0x30 [ 23.422658] [ 23.422726] The buggy address belongs to the object at ffff88810579da00 [ 23.422726] which belongs to the cache kmalloc-256 of size 256 [ 23.423084] The buggy address is located 7 bytes to the right of [ 23.423084] allocated 201-byte region [ffff88810579da00, ffff88810579dac9) [ 23.424089] [ 23.424252] The buggy address belongs to the physical page: [ 23.424594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c [ 23.425099] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.425556] flags: 0x200000000000040(head|node=0|zone=2) [ 23.425817] page_type: f5(slab) [ 23.425991] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.426294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.426524] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.427081] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.427639] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff [ 23.428050] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.428431] page dumped because: kasan: bad access detected [ 23.428702] [ 23.428803] Memory state around the buggy address: [ 23.429003] ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.429290] ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.429570] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.429906] ^ [ 23.430145] ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.430712] ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.431084] ================================================================== [ 23.385023] ================================================================== [ 23.386318] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.386573] Write of size 1 at addr ffff88810579dac9 by task kunit_try_catch/208 [ 23.386810] [ 23.386896] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.386948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.386960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.386982] Call Trace: [ 23.386996] <TASK> [ 23.387013] dump_stack_lvl+0x73/0xb0 [ 23.387473] print_report+0xd1/0x610 [ 23.387503] ? __virt_addr_valid+0x1db/0x2d0 [ 23.387529] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.387553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.387581] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.387609] kasan_report+0x141/0x180 [ 23.387631] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.387659] __asan_report_store1_noabort+0x1b/0x30 [ 23.387683] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.387707] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.387743] ? finish_task_switch.isra.0+0x153/0x700 [ 23.387767] ? __switch_to+0x47/0xf80 [ 23.387792] ? __schedule+0x10cc/0x2b60 [ 23.387816] ? __pfx_read_tsc+0x10/0x10 [ 23.387841] krealloc_less_oob+0x1c/0x30 [ 23.387862] kunit_try_run_case+0x1a5/0x480 [ 23.387885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.387905] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.387928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.387950] ? __kthread_parkme+0x82/0x180 [ 23.387971] ? preempt_count_sub+0x50/0x80 [ 23.387993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.388014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.388038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.388062] kthread+0x337/0x6f0 [ 23.388081] ? trace_preempt_on+0x20/0xc0 [ 23.388105] ? __pfx_kthread+0x10/0x10 [ 23.388125] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.388146] ? calculate_sigpending+0x7b/0xa0 [ 23.388170] ? __pfx_kthread+0x10/0x10 [ 23.388191] ret_from_fork+0x116/0x1d0 [ 23.388209] ? __pfx_kthread+0x10/0x10 [ 23.388229] ret_from_fork_asm+0x1a/0x30 [ 23.388259] </TASK> [ 23.388270] [ 23.396280] Allocated by task 208: [ 23.396416] kasan_save_stack+0x45/0x70 [ 23.396714] kasan_save_track+0x18/0x40 [ 23.396967] kasan_save_alloc_info+0x3b/0x50 [ 23.397174] __kasan_krealloc+0x190/0x1f0 [ 23.397549] krealloc_noprof+0xf3/0x340 [ 23.397763] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.397991] krealloc_less_oob+0x1c/0x30 [ 23.398129] kunit_try_run_case+0x1a5/0x480 [ 23.398268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.398740] kthread+0x337/0x6f0 [ 23.398935] ret_from_fork+0x116/0x1d0 [ 23.399149] ret_from_fork_asm+0x1a/0x30 [ 23.399343] [ 23.399409] The buggy address belongs to the object at ffff88810579da00 [ 23.399409] which belongs to the cache kmalloc-256 of size 256 [ 23.399968] The buggy address is located 0 bytes to the right of [ 23.399968] allocated 201-byte region [ffff88810579da00, ffff88810579dac9) [ 23.400336] [ 23.400413] The buggy address belongs to the physical page: [ 23.400681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c [ 23.401042] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.401452] flags: 0x200000000000040(head|node=0|zone=2) [ 23.401622] page_type: f5(slab) [ 23.401747] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.402326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.402953] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.403371] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.403724] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff [ 23.404012] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.404511] page dumped because: kasan: bad access detected [ 23.404708] [ 23.404783] Memory state around the buggy address: [ 23.404932] ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.405243] ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.405686] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.405944] ^ [ 23.406229] ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.406655] ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.406945] ================================================================== [ 23.431686] ================================================================== [ 23.432055] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.432782] Write of size 1 at addr ffff88810579dada by task kunit_try_catch/208 [ 23.433190] [ 23.433373] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.433440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.433452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.433474] Call Trace: [ 23.433490] <TASK> [ 23.433535] dump_stack_lvl+0x73/0xb0 [ 23.433566] print_report+0xd1/0x610 [ 23.433599] ? __virt_addr_valid+0x1db/0x2d0 [ 23.433623] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.433646] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.433671] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.433694] kasan_report+0x141/0x180 [ 23.433715] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.433752] __asan_report_store1_noabort+0x1b/0x30 [ 23.433776] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.433800] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.433823] ? finish_task_switch.isra.0+0x153/0x700 [ 23.433845] ? __switch_to+0x47/0xf80 [ 23.433871] ? __schedule+0x10cc/0x2b60 [ 23.433893] ? __pfx_read_tsc+0x10/0x10 [ 23.433918] krealloc_less_oob+0x1c/0x30 [ 23.433938] kunit_try_run_case+0x1a5/0x480 [ 23.433960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.433980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.434002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.434025] ? __kthread_parkme+0x82/0x180 [ 23.434076] ? preempt_count_sub+0x50/0x80 [ 23.434098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.434141] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.434165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.434190] kthread+0x337/0x6f0 [ 23.434209] ? trace_preempt_on+0x20/0xc0 [ 23.434232] ? __pfx_kthread+0x10/0x10 [ 23.434253] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.434325] ? calculate_sigpending+0x7b/0xa0 [ 23.434351] ? __pfx_kthread+0x10/0x10 [ 23.434372] ret_from_fork+0x116/0x1d0 [ 23.434391] ? __pfx_kthread+0x10/0x10 [ 23.434423] ret_from_fork_asm+0x1a/0x30 [ 23.434453] </TASK> [ 23.434464] [ 23.442907] Allocated by task 208: [ 23.443038] kasan_save_stack+0x45/0x70 [ 23.443196] kasan_save_track+0x18/0x40 [ 23.443607] kasan_save_alloc_info+0x3b/0x50 [ 23.443837] __kasan_krealloc+0x190/0x1f0 [ 23.444143] krealloc_noprof+0xf3/0x340 [ 23.444503] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.444799] krealloc_less_oob+0x1c/0x30 [ 23.444973] kunit_try_run_case+0x1a5/0x480 [ 23.445119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.445298] kthread+0x337/0x6f0 [ 23.445465] ret_from_fork+0x116/0x1d0 [ 23.445694] ret_from_fork_asm+0x1a/0x30 [ 23.445954] [ 23.446194] The buggy address belongs to the object at ffff88810579da00 [ 23.446194] which belongs to the cache kmalloc-256 of size 256 [ 23.446718] The buggy address is located 17 bytes to the right of [ 23.446718] allocated 201-byte region [ffff88810579da00, ffff88810579dac9) [ 23.447504] [ 23.447623] The buggy address belongs to the physical page: [ 23.447882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c [ 23.448152] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.448572] flags: 0x200000000000040(head|node=0|zone=2) [ 23.449020] page_type: f5(slab) [ 23.449170] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.449559] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.449887] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.450245] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.450676] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff [ 23.450948] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.451359] page dumped because: kasan: bad access detected [ 23.451696] [ 23.451800] Memory state around the buggy address: [ 23.451984] ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.452289] ffff88810579da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.452661] >ffff88810579da80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.452951] ^ [ 23.453193] ffff88810579db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.453607] ffff88810579db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.453856] ================================================================== [ 23.569320] ================================================================== [ 23.569904] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.570215] Write of size 1 at addr ffff888102b960d0 by task kunit_try_catch/212 [ 23.570651] [ 23.570782] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.570852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.570865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.570886] Call Trace: [ 23.570902] <TASK> [ 23.570917] dump_stack_lvl+0x73/0xb0 [ 23.570947] print_report+0xd1/0x610 [ 23.570987] ? __virt_addr_valid+0x1db/0x2d0 [ 23.571011] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.571034] ? kasan_addr_to_slab+0x11/0xa0 [ 23.571054] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.571077] kasan_report+0x141/0x180 [ 23.571099] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.571126] __asan_report_store1_noabort+0x1b/0x30 [ 23.571165] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.571203] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.571226] ? finish_task_switch.isra.0+0x153/0x700 [ 23.571248] ? __switch_to+0x47/0xf80 [ 23.571317] ? __schedule+0x10cc/0x2b60 [ 23.571343] ? __pfx_read_tsc+0x10/0x10 [ 23.571367] krealloc_large_less_oob+0x1c/0x30 [ 23.571389] kunit_try_run_case+0x1a5/0x480 [ 23.571411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.571431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.571453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.571496] ? __kthread_parkme+0x82/0x180 [ 23.571531] ? preempt_count_sub+0x50/0x80 [ 23.571566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.571589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.571627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.571651] kthread+0x337/0x6f0 [ 23.571672] ? trace_preempt_on+0x20/0xc0 [ 23.571694] ? __pfx_kthread+0x10/0x10 [ 23.571716] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.571762] ? calculate_sigpending+0x7b/0xa0 [ 23.571787] ? __pfx_kthread+0x10/0x10 [ 23.571809] ret_from_fork+0x116/0x1d0 [ 23.571828] ? __pfx_kthread+0x10/0x10 [ 23.571849] ret_from_fork_asm+0x1a/0x30 [ 23.571879] </TASK> [ 23.571890] [ 23.580217] The buggy address belongs to the physical page: [ 23.580501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.580996] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.581533] flags: 0x200000000000040(head|node=0|zone=2) [ 23.581766] page_type: f8(unknown) [ 23.581891] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.582229] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.582728] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.583000] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.583437] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.583669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.585564] page dumped because: kasan: bad access detected [ 23.585750] [ 23.585815] Memory state around the buggy address: [ 23.585959] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.586160] ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.586368] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.586568] ^ [ 23.587676] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.588987] ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.590220] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 23.512161] ================================================================== [ 23.512646] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.512906] Write of size 1 at addr ffff888102b960eb by task kunit_try_catch/210 [ 23.513123] [ 23.513212] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.513264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.513275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.513297] Call Trace: [ 23.513312] <TASK> [ 23.513331] dump_stack_lvl+0x73/0xb0 [ 23.513361] print_report+0xd1/0x610 [ 23.513383] ? __virt_addr_valid+0x1db/0x2d0 [ 23.513406] ? krealloc_more_oob_helper+0x821/0x930 [ 23.513429] ? kasan_addr_to_slab+0x11/0xa0 [ 23.513448] ? krealloc_more_oob_helper+0x821/0x930 [ 23.513471] kasan_report+0x141/0x180 [ 23.513492] ? krealloc_more_oob_helper+0x821/0x930 [ 23.513519] __asan_report_store1_noabort+0x1b/0x30 [ 23.513542] krealloc_more_oob_helper+0x821/0x930 [ 23.513564] ? __schedule+0x10cc/0x2b60 [ 23.513587] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.513610] ? finish_task_switch.isra.0+0x153/0x700 [ 23.513632] ? __switch_to+0x47/0xf80 [ 23.513659] ? __schedule+0x10cc/0x2b60 [ 23.513680] ? __pfx_read_tsc+0x10/0x10 [ 23.513704] krealloc_large_more_oob+0x1c/0x30 [ 23.513727] kunit_try_run_case+0x1a5/0x480 [ 23.513762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.513782] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.513804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.513827] ? __kthread_parkme+0x82/0x180 [ 23.513847] ? preempt_count_sub+0x50/0x80 [ 23.513870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.513891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.513916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.513940] kthread+0x337/0x6f0 [ 23.513959] ? trace_preempt_on+0x20/0xc0 [ 23.513983] ? __pfx_kthread+0x10/0x10 [ 23.514005] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.514026] ? calculate_sigpending+0x7b/0xa0 [ 23.514050] ? __pfx_kthread+0x10/0x10 [ 23.514071] ret_from_fork+0x116/0x1d0 [ 23.514089] ? __pfx_kthread+0x10/0x10 [ 23.514110] ret_from_fork_asm+0x1a/0x30 [ 23.514140] </TASK> [ 23.514152] [ 23.521337] The buggy address belongs to the physical page: [ 23.521532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.521967] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.522360] flags: 0x200000000000040(head|node=0|zone=2) [ 23.522657] page_type: f8(unknown) [ 23.522851] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.523111] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.523334] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.523651] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.523999] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.524361] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.524667] page dumped because: kasan: bad access detected [ 23.524848] [ 23.524912] Memory state around the buggy address: [ 23.525117] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.525421] ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.525744] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.526179] ^ [ 23.526704] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.527029] ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.527344] ================================================================== [ 23.338725] ================================================================== [ 23.339262] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.339634] Write of size 1 at addr ffff88810579d8eb by task kunit_try_catch/206 [ 23.340177] [ 23.340279] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.340340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.340352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.340386] Call Trace: [ 23.340399] <TASK> [ 23.340418] dump_stack_lvl+0x73/0xb0 [ 23.340464] print_report+0xd1/0x610 [ 23.340488] ? __virt_addr_valid+0x1db/0x2d0 [ 23.340513] ? krealloc_more_oob_helper+0x821/0x930 [ 23.340536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.340561] ? krealloc_more_oob_helper+0x821/0x930 [ 23.340607] kasan_report+0x141/0x180 [ 23.340628] ? krealloc_more_oob_helper+0x821/0x930 [ 23.340655] __asan_report_store1_noabort+0x1b/0x30 [ 23.340689] krealloc_more_oob_helper+0x821/0x930 [ 23.340711] ? __schedule+0x10cc/0x2b60 [ 23.340745] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.340768] ? finish_task_switch.isra.0+0x153/0x700 [ 23.340791] ? __switch_to+0x47/0xf80 [ 23.340818] ? __schedule+0x10cc/0x2b60 [ 23.340848] ? __pfx_read_tsc+0x10/0x10 [ 23.340873] krealloc_more_oob+0x1c/0x30 [ 23.340894] kunit_try_run_case+0x1a5/0x480 [ 23.340928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.340948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.340970] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.340993] ? __kthread_parkme+0x82/0x180 [ 23.341013] ? preempt_count_sub+0x50/0x80 [ 23.341036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.341065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.341089] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.341114] kthread+0x337/0x6f0 [ 23.341144] ? trace_preempt_on+0x20/0xc0 [ 23.341167] ? __pfx_kthread+0x10/0x10 [ 23.341188] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.341209] ? calculate_sigpending+0x7b/0xa0 [ 23.341233] ? __pfx_kthread+0x10/0x10 [ 23.341254] ret_from_fork+0x116/0x1d0 [ 23.341273] ? __pfx_kthread+0x10/0x10 [ 23.341294] ret_from_fork_asm+0x1a/0x30 [ 23.341324] </TASK> [ 23.341336] [ 23.348723] Allocated by task 206: [ 23.348861] kasan_save_stack+0x45/0x70 [ 23.349000] kasan_save_track+0x18/0x40 [ 23.349184] kasan_save_alloc_info+0x3b/0x50 [ 23.349415] __kasan_krealloc+0x190/0x1f0 [ 23.349695] krealloc_noprof+0xf3/0x340 [ 23.349898] krealloc_more_oob_helper+0x1a9/0x930 [ 23.350131] krealloc_more_oob+0x1c/0x30 [ 23.350331] kunit_try_run_case+0x1a5/0x480 [ 23.350480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.350800] kthread+0x337/0x6f0 [ 23.350987] ret_from_fork+0x116/0x1d0 [ 23.351161] ret_from_fork_asm+0x1a/0x30 [ 23.351356] [ 23.351469] The buggy address belongs to the object at ffff88810579d800 [ 23.351469] which belongs to the cache kmalloc-256 of size 256 [ 23.351950] The buggy address is located 0 bytes to the right of [ 23.351950] allocated 235-byte region [ffff88810579d800, ffff88810579d8eb) [ 23.352489] [ 23.352576] The buggy address belongs to the physical page: [ 23.352818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c [ 23.353165] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.353423] flags: 0x200000000000040(head|node=0|zone=2) [ 23.353597] page_type: f5(slab) [ 23.353715] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.353949] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.354303] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.354706] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.355048] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff [ 23.355407] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.355741] page dumped because: kasan: bad access detected [ 23.355949] [ 23.356013] Memory state around the buggy address: [ 23.356163] ffff88810579d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.356379] ffff88810579d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.357274] >ffff88810579d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.358288] ^ [ 23.358926] ffff88810579d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.359247] ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.359952] ================================================================== [ 23.361382] ================================================================== [ 23.361993] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.362424] Write of size 1 at addr ffff88810579d8f0 by task kunit_try_catch/206 [ 23.362779] [ 23.362910] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.362958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.362969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.363002] Call Trace: [ 23.363029] <TASK> [ 23.363046] dump_stack_lvl+0x73/0xb0 [ 23.363079] print_report+0xd1/0x610 [ 23.363112] ? __virt_addr_valid+0x1db/0x2d0 [ 23.363138] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.363161] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.363186] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.363209] kasan_report+0x141/0x180 [ 23.363230] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.363257] __asan_report_store1_noabort+0x1b/0x30 [ 23.363281] krealloc_more_oob_helper+0x7eb/0x930 [ 23.363302] ? __schedule+0x10cc/0x2b60 [ 23.363335] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.363358] ? finish_task_switch.isra.0+0x153/0x700 [ 23.363391] ? __switch_to+0x47/0xf80 [ 23.363426] ? __schedule+0x10cc/0x2b60 [ 23.363447] ? __pfx_read_tsc+0x10/0x10 [ 23.363472] krealloc_more_oob+0x1c/0x30 [ 23.363492] kunit_try_run_case+0x1a5/0x480 [ 23.363516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.363536] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.363560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.363582] ? __kthread_parkme+0x82/0x180 [ 23.363612] ? preempt_count_sub+0x50/0x80 [ 23.363634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.363655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.363690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.363714] kthread+0x337/0x6f0 [ 23.363744] ? trace_preempt_on+0x20/0xc0 [ 23.363769] ? __pfx_kthread+0x10/0x10 [ 23.363798] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.363819] ? calculate_sigpending+0x7b/0xa0 [ 23.363844] ? __pfx_kthread+0x10/0x10 [ 23.363875] ret_from_fork+0x116/0x1d0 [ 23.363894] ? __pfx_kthread+0x10/0x10 [ 23.363914] ret_from_fork_asm+0x1a/0x30 [ 23.363945] </TASK> [ 23.363956] [ 23.371678] Allocated by task 206: [ 23.371861] kasan_save_stack+0x45/0x70 [ 23.372044] kasan_save_track+0x18/0x40 [ 23.372237] kasan_save_alloc_info+0x3b/0x50 [ 23.372443] __kasan_krealloc+0x190/0x1f0 [ 23.372640] krealloc_noprof+0xf3/0x340 [ 23.372825] krealloc_more_oob_helper+0x1a9/0x930 [ 23.373054] krealloc_more_oob+0x1c/0x30 [ 23.373223] kunit_try_run_case+0x1a5/0x480 [ 23.373443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.373677] kthread+0x337/0x6f0 [ 23.373857] ret_from_fork+0x116/0x1d0 [ 23.373999] ret_from_fork_asm+0x1a/0x30 [ 23.374205] [ 23.374276] The buggy address belongs to the object at ffff88810579d800 [ 23.374276] which belongs to the cache kmalloc-256 of size 256 [ 23.374826] The buggy address is located 5 bytes to the right of [ 23.374826] allocated 235-byte region [ffff88810579d800, ffff88810579d8eb) [ 23.375275] [ 23.375341] The buggy address belongs to the physical page: [ 23.375511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10579c [ 23.375753] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.376082] flags: 0x200000000000040(head|node=0|zone=2) [ 23.376368] page_type: f5(slab) [ 23.376564] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.376917] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.377245] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.377621] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.377855] head: 0200000000000001 ffffea000415e701 00000000ffffffff 00000000ffffffff [ 23.378078] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.378404] page dumped because: kasan: bad access detected [ 23.378661] [ 23.378779] Memory state around the buggy address: [ 23.378999] ffff88810579d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.379332] ffff88810579d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.379781] >ffff88810579d880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.380040] ^ [ 23.380344] ffff88810579d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.380600] ffff88810579d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.380885] ================================================================== [ 23.527853] ================================================================== [ 23.528075] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.528695] Write of size 1 at addr ffff888102b960f0 by task kunit_try_catch/210 [ 23.529462] [ 23.529590] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.529638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.529650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.529670] Call Trace: [ 23.529687] <TASK> [ 23.529703] dump_stack_lvl+0x73/0xb0 [ 23.529749] print_report+0xd1/0x610 [ 23.529771] ? __virt_addr_valid+0x1db/0x2d0 [ 23.529794] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.529816] ? kasan_addr_to_slab+0x11/0xa0 [ 23.529836] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.529859] kasan_report+0x141/0x180 [ 23.529880] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.529907] __asan_report_store1_noabort+0x1b/0x30 [ 23.529931] krealloc_more_oob_helper+0x7eb/0x930 [ 23.529952] ? __schedule+0x10cc/0x2b60 [ 23.529975] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.529999] ? finish_task_switch.isra.0+0x153/0x700 [ 23.530020] ? __switch_to+0x47/0xf80 [ 23.530046] ? __schedule+0x10cc/0x2b60 [ 23.530067] ? __pfx_read_tsc+0x10/0x10 [ 23.530092] krealloc_large_more_oob+0x1c/0x30 [ 23.530113] kunit_try_run_case+0x1a5/0x480 [ 23.530136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.530155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.530177] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.530200] ? __kthread_parkme+0x82/0x180 [ 23.530220] ? preempt_count_sub+0x50/0x80 [ 23.530243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.530264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.530608] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.530635] kthread+0x337/0x6f0 [ 23.530655] ? trace_preempt_on+0x20/0xc0 [ 23.530678] ? __pfx_kthread+0x10/0x10 [ 23.530699] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.530720] ? calculate_sigpending+0x7b/0xa0 [ 23.530758] ? __pfx_kthread+0x10/0x10 [ 23.530779] ret_from_fork+0x116/0x1d0 [ 23.530798] ? __pfx_kthread+0x10/0x10 [ 23.530819] ret_from_fork_asm+0x1a/0x30 [ 23.530850] </TASK> [ 23.530860] [ 23.538627] The buggy address belongs to the physical page: [ 23.538817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.539172] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.539821] flags: 0x200000000000040(head|node=0|zone=2) [ 23.540010] page_type: f8(unknown) [ 23.540131] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.540435] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.540795] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.541133] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.541378] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.541802] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.542141] page dumped because: kasan: bad access detected [ 23.542356] [ 23.542446] Memory state around the buggy address: [ 23.542634] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.542925] ffff888102b96000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.543511] >ffff888102b96080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.543801] ^ [ 23.544001] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.544205] ffff888102b96180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.544577] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 23.315432] ================================================================== [ 23.316055] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 23.316335] Read of size 1 at addr ffff888102bd0000 by task kunit_try_catch/204 [ 23.316933] [ 23.317052] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.317118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.317130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.317152] Call Trace: [ 23.317166] <TASK> [ 23.317185] dump_stack_lvl+0x73/0xb0 [ 23.317226] print_report+0xd1/0x610 [ 23.317248] ? __virt_addr_valid+0x1db/0x2d0 [ 23.317273] ? page_alloc_uaf+0x356/0x3d0 [ 23.317305] ? kasan_addr_to_slab+0x11/0xa0 [ 23.317325] ? page_alloc_uaf+0x356/0x3d0 [ 23.317346] kasan_report+0x141/0x180 [ 23.317368] ? page_alloc_uaf+0x356/0x3d0 [ 23.317394] __asan_report_load1_noabort+0x18/0x20 [ 23.317417] page_alloc_uaf+0x356/0x3d0 [ 23.317492] ? __pfx_page_alloc_uaf+0x10/0x10 [ 23.317520] ? __schedule+0x10cc/0x2b60 [ 23.317543] ? __pfx_read_tsc+0x10/0x10 [ 23.317590] ? ktime_get_ts64+0x86/0x230 [ 23.317616] kunit_try_run_case+0x1a5/0x480 [ 23.317647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.317668] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.317691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.317715] ? __kthread_parkme+0x82/0x180 [ 23.317746] ? preempt_count_sub+0x50/0x80 [ 23.317770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.317792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.317816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.317841] kthread+0x337/0x6f0 [ 23.317861] ? trace_preempt_on+0x20/0xc0 [ 23.317884] ? __pfx_kthread+0x10/0x10 [ 23.317904] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.317925] ? calculate_sigpending+0x7b/0xa0 [ 23.317950] ? __pfx_kthread+0x10/0x10 [ 23.317971] ret_from_fork+0x116/0x1d0 [ 23.317990] ? __pfx_kthread+0x10/0x10 [ 23.318011] ret_from_fork_asm+0x1a/0x30 [ 23.318042] </TASK> [ 23.318054] [ 23.326697] The buggy address belongs to the physical page: [ 23.326969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bd0 [ 23.328953] flags: 0x200000000000000(node=0|zone=2) [ 23.329320] page_type: f0(buddy) [ 23.329444] raw: 0200000000000000 ffff88817fffc460 ffff88817fffc460 0000000000000000 [ 23.329667] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 23.330031] page dumped because: kasan: bad access detected [ 23.330230] [ 23.330356] Memory state around the buggy address: [ 23.330627] ffff888102bcff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.330978] ffff888102bcff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.331288] >ffff888102bd0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.331493] ^ [ 23.332450] ffff888102bd0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.332670] ffff888102bd0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.333001] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 23.290477] ================================================================== [ 23.291024] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 23.291346] Free of addr ffff888102b94001 by task kunit_try_catch/200 [ 23.291659] [ 23.292067] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.292126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.292138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.292160] Call Trace: [ 23.292173] <TASK> [ 23.292190] dump_stack_lvl+0x73/0xb0 [ 23.292221] print_report+0xd1/0x610 [ 23.292243] ? __virt_addr_valid+0x1db/0x2d0 [ 23.292311] ? kasan_addr_to_slab+0x11/0xa0 [ 23.292337] ? kfree+0x274/0x3f0 [ 23.292358] kasan_report_invalid_free+0x10a/0x130 [ 23.292394] ? kfree+0x274/0x3f0 [ 23.292416] ? kfree+0x274/0x3f0 [ 23.292436] __kasan_kfree_large+0x86/0xd0 [ 23.292457] free_large_kmalloc+0x52/0x110 [ 23.292480] kfree+0x274/0x3f0 [ 23.292504] kmalloc_large_invalid_free+0x120/0x2b0 [ 23.292527] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 23.292551] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 23.292634] kunit_try_run_case+0x1a5/0x480 [ 23.292658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.292678] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.292702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.292724] ? __kthread_parkme+0x82/0x180 [ 23.292757] ? preempt_count_sub+0x50/0x80 [ 23.292781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.292802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.292826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.292851] kthread+0x337/0x6f0 [ 23.292870] ? trace_preempt_on+0x20/0xc0 [ 23.292893] ? __pfx_kthread+0x10/0x10 [ 23.292913] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.292934] ? calculate_sigpending+0x7b/0xa0 [ 23.292958] ? __pfx_kthread+0x10/0x10 [ 23.292979] ret_from_fork+0x116/0x1d0 [ 23.292999] ? __pfx_kthread+0x10/0x10 [ 23.293019] ret_from_fork_asm+0x1a/0x30 [ 23.293049] </TASK> [ 23.293061] [ 23.302013] The buggy address belongs to the physical page: [ 23.302245] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.302586] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.303105] flags: 0x200000000000040(head|node=0|zone=2) [ 23.303296] page_type: f8(unknown) [ 23.303437] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.303831] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.304431] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.304855] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.305179] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.305568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.305973] page dumped because: kasan: bad access detected [ 23.306226] [ 23.306406] Memory state around the buggy address: [ 23.306652] ffff888102b93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.306891] ffff888102b93f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.307225] >ffff888102b94000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.307545] ^ [ 23.307800] ffff888102b94080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.308057] ffff888102b94100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.308587] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 23.264427] ================================================================== [ 23.265493] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 23.265761] Read of size 1 at addr ffff888103f68000 by task kunit_try_catch/198 [ 23.266807] [ 23.267014] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.267181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.267195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.267219] Call Trace: [ 23.267234] <TASK> [ 23.267253] dump_stack_lvl+0x73/0xb0 [ 23.267401] print_report+0xd1/0x610 [ 23.267428] ? __virt_addr_valid+0x1db/0x2d0 [ 23.267455] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.267475] ? kasan_addr_to_slab+0x11/0xa0 [ 23.267495] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.267515] kasan_report+0x141/0x180 [ 23.267537] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.267562] __asan_report_load1_noabort+0x18/0x20 [ 23.267585] kmalloc_large_uaf+0x2f1/0x340 [ 23.267605] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 23.267626] ? __schedule+0x10cc/0x2b60 [ 23.267649] ? __pfx_read_tsc+0x10/0x10 [ 23.267672] ? ktime_get_ts64+0x86/0x230 [ 23.267699] kunit_try_run_case+0x1a5/0x480 [ 23.267723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.267755] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.267778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.267800] ? __kthread_parkme+0x82/0x180 [ 23.267822] ? preempt_count_sub+0x50/0x80 [ 23.267846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.267867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.267891] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.267916] kthread+0x337/0x6f0 [ 23.267935] ? trace_preempt_on+0x20/0xc0 [ 23.267959] ? __pfx_kthread+0x10/0x10 [ 23.267980] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.268001] ? calculate_sigpending+0x7b/0xa0 [ 23.268025] ? __pfx_kthread+0x10/0x10 [ 23.268046] ret_from_fork+0x116/0x1d0 [ 23.268065] ? __pfx_kthread+0x10/0x10 [ 23.268085] ret_from_fork_asm+0x1a/0x30 [ 23.268117] </TASK> [ 23.268128] [ 23.281888] The buggy address belongs to the physical page: [ 23.282072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f68 [ 23.282326] flags: 0x200000000000000(node=0|zone=2) [ 23.282568] raw: 0200000000000000 ffffea00040fdb08 ffff88815b039fc0 0000000000000000 [ 23.283027] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.283453] page dumped because: kasan: bad access detected [ 23.283774] [ 23.283889] Memory state around the buggy address: [ 23.284092] ffff888103f67f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.284416] ffff888103f67f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.284819] >ffff888103f68000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.285130] ^ [ 23.285277] ffff888103f68080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.285776] ffff888103f68100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.286081] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 23.234173] ================================================================== [ 23.235064] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 23.235555] Write of size 1 at addr ffff888102b9600a by task kunit_try_catch/196 [ 23.236646] [ 23.236870] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.236925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.236957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.236979] Call Trace: [ 23.236994] <TASK> [ 23.237013] dump_stack_lvl+0x73/0xb0 [ 23.237046] print_report+0xd1/0x610 [ 23.237068] ? __virt_addr_valid+0x1db/0x2d0 [ 23.237092] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.237114] ? kasan_addr_to_slab+0x11/0xa0 [ 23.237135] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.237156] kasan_report+0x141/0x180 [ 23.237177] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.237203] __asan_report_store1_noabort+0x1b/0x30 [ 23.237226] kmalloc_large_oob_right+0x2e9/0x330 [ 23.237247] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 23.237328] ? __schedule+0x10cc/0x2b60 [ 23.237355] ? __pfx_read_tsc+0x10/0x10 [ 23.237377] ? ktime_get_ts64+0x86/0x230 [ 23.237402] kunit_try_run_case+0x1a5/0x480 [ 23.237435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.237455] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.237477] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.237500] ? __kthread_parkme+0x82/0x180 [ 23.237523] ? preempt_count_sub+0x50/0x80 [ 23.237547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.237568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.237594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.237618] kthread+0x337/0x6f0 [ 23.237638] ? trace_preempt_on+0x20/0xc0 [ 23.237661] ? __pfx_kthread+0x10/0x10 [ 23.237681] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.237702] ? calculate_sigpending+0x7b/0xa0 [ 23.237727] ? __pfx_kthread+0x10/0x10 [ 23.237759] ret_from_fork+0x116/0x1d0 [ 23.237778] ? __pfx_kthread+0x10/0x10 [ 23.237798] ret_from_fork_asm+0x1a/0x30 [ 23.237828] </TASK> [ 23.237840] [ 23.250840] The buggy address belongs to the physical page: [ 23.251019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b94 [ 23.251259] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.252124] flags: 0x200000000000040(head|node=0|zone=2) [ 23.252745] page_type: f8(unknown) [ 23.253087] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.253862] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.254611] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.255022] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.255248] head: 0200000000000002 ffffea00040ae501 00000000ffffffff 00000000ffffffff [ 23.256134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.256982] page dumped because: kasan: bad access detected [ 23.257546] [ 23.257669] Memory state around the buggy address: [ 23.257835] ffff888102b95f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.258044] ffff888102b95f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.258249] >ffff888102b96000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.259193] ^ [ 23.259684] ffff888102b96080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.260431] ffff888102b96100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.261045] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 23.194581] ================================================================== [ 23.196139] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 23.197282] Write of size 1 at addr ffff888102c09f00 by task kunit_try_catch/194 [ 23.198084] [ 23.198433] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.198494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.198508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.198532] Call Trace: [ 23.198546] <TASK> [ 23.198565] dump_stack_lvl+0x73/0xb0 [ 23.198730] print_report+0xd1/0x610 [ 23.198769] ? __virt_addr_valid+0x1db/0x2d0 [ 23.198795] ? kmalloc_big_oob_right+0x316/0x370 [ 23.198820] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.198846] ? kmalloc_big_oob_right+0x316/0x370 [ 23.198868] kasan_report+0x141/0x180 [ 23.198891] ? kmalloc_big_oob_right+0x316/0x370 [ 23.198917] __asan_report_store1_noabort+0x1b/0x30 [ 23.198940] kmalloc_big_oob_right+0x316/0x370 [ 23.198962] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 23.198984] ? __schedule+0x10cc/0x2b60 [ 23.199007] ? __pfx_read_tsc+0x10/0x10 [ 23.199029] ? ktime_get_ts64+0x86/0x230 [ 23.199055] kunit_try_run_case+0x1a5/0x480 [ 23.199079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.199099] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.199122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.199144] ? __kthread_parkme+0x82/0x180 [ 23.199166] ? preempt_count_sub+0x50/0x80 [ 23.199190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.199210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.199235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.199259] kthread+0x337/0x6f0 [ 23.199503] ? trace_preempt_on+0x20/0xc0 [ 23.199529] ? __pfx_kthread+0x10/0x10 [ 23.199550] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.199571] ? calculate_sigpending+0x7b/0xa0 [ 23.199596] ? __pfx_kthread+0x10/0x10 [ 23.199617] ret_from_fork+0x116/0x1d0 [ 23.199636] ? __pfx_kthread+0x10/0x10 [ 23.199656] ret_from_fork_asm+0x1a/0x30 [ 23.199687] </TASK> [ 23.199699] [ 23.212708] Allocated by task 194: [ 23.212857] kasan_save_stack+0x45/0x70 [ 23.212999] kasan_save_track+0x18/0x40 [ 23.213127] kasan_save_alloc_info+0x3b/0x50 [ 23.213308] __kasan_kmalloc+0xb7/0xc0 [ 23.213741] __kmalloc_cache_noprof+0x189/0x420 [ 23.214217] kmalloc_big_oob_right+0xa9/0x370 [ 23.214779] kunit_try_run_case+0x1a5/0x480 [ 23.215174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.216001] kthread+0x337/0x6f0 [ 23.216422] ret_from_fork+0x116/0x1d0 [ 23.216791] ret_from_fork_asm+0x1a/0x30 [ 23.217133] [ 23.217202] The buggy address belongs to the object at ffff888102c08000 [ 23.217202] which belongs to the cache kmalloc-8k of size 8192 [ 23.218224] The buggy address is located 0 bytes to the right of [ 23.218224] allocated 7936-byte region [ffff888102c08000, ffff888102c09f00) [ 23.219187] [ 23.219363] The buggy address belongs to the physical page: [ 23.219857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c08 [ 23.220109] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.220661] flags: 0x200000000000040(head|node=0|zone=2) [ 23.221161] page_type: f5(slab) [ 23.221551] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 23.222243] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.222889] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 23.223571] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.223825] head: 0200000000000003 ffffea00040b0201 00000000ffffffff 00000000ffffffff [ 23.224047] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.224266] page dumped because: kasan: bad access detected [ 23.224869] [ 23.225020] Memory state around the buggy address: [ 23.225494] ffff888102c09e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.226388] ffff888102c09e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.227093] >ffff888102c09f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.227835] ^ [ 23.228054] ffff888102c09f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.228304] ffff888102c0a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.229019] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 23.153157] ================================================================== [ 23.154000] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.154667] Write of size 1 at addr ffff888105a7ae78 by task kunit_try_catch/192 [ 23.155130] [ 23.155391] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.155499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.155512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.155556] Call Trace: [ 23.155569] <TASK> [ 23.155589] dump_stack_lvl+0x73/0xb0 [ 23.155621] print_report+0xd1/0x610 [ 23.155642] ? __virt_addr_valid+0x1db/0x2d0 [ 23.155666] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.155690] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.155715] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.155749] kasan_report+0x141/0x180 [ 23.155770] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.155797] __asan_report_store1_noabort+0x1b/0x30 [ 23.155821] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.155844] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.155869] ? __schedule+0x10cc/0x2b60 [ 23.155892] ? __pfx_read_tsc+0x10/0x10 [ 23.155913] ? ktime_get_ts64+0x86/0x230 [ 23.155938] kunit_try_run_case+0x1a5/0x480 [ 23.155961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.155981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.156003] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.156026] ? __kthread_parkme+0x82/0x180 [ 23.156047] ? preempt_count_sub+0x50/0x80 [ 23.156070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.156091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.156115] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.156139] kthread+0x337/0x6f0 [ 23.156158] ? trace_preempt_on+0x20/0xc0 [ 23.156182] ? __pfx_kthread+0x10/0x10 [ 23.156202] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.156223] ? calculate_sigpending+0x7b/0xa0 [ 23.156247] ? __pfx_kthread+0x10/0x10 [ 23.156297] ret_from_fork+0x116/0x1d0 [ 23.156321] ? __pfx_kthread+0x10/0x10 [ 23.156341] ret_from_fork_asm+0x1a/0x30 [ 23.156371] </TASK> [ 23.156383] [ 23.164347] Allocated by task 192: [ 23.164475] kasan_save_stack+0x45/0x70 [ 23.164674] kasan_save_track+0x18/0x40 [ 23.164888] kasan_save_alloc_info+0x3b/0x50 [ 23.165156] __kasan_kmalloc+0xb7/0xc0 [ 23.165324] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.165603] kmalloc_track_caller_oob_right+0x99/0x520 [ 23.165930] kunit_try_run_case+0x1a5/0x480 [ 23.166099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.166267] kthread+0x337/0x6f0 [ 23.166381] ret_from_fork+0x116/0x1d0 [ 23.166524] ret_from_fork_asm+0x1a/0x30 [ 23.166675] [ 23.166799] The buggy address belongs to the object at ffff888105a7ae00 [ 23.166799] which belongs to the cache kmalloc-128 of size 128 [ 23.167335] The buggy address is located 0 bytes to the right of [ 23.167335] allocated 120-byte region [ffff888105a7ae00, ffff888105a7ae78) [ 23.167746] [ 23.167812] The buggy address belongs to the physical page: [ 23.167979] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7a [ 23.168540] flags: 0x200000000000000(node=0|zone=2) [ 23.168898] page_type: f5(slab) [ 23.169084] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.169610] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.169894] page dumped because: kasan: bad access detected [ 23.170059] [ 23.170121] Memory state around the buggy address: [ 23.170268] ffff888105a7ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.170608] ffff888105a7ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.171043] >ffff888105a7ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.171497] ^ [ 23.171832] ffff888105a7ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.172117] ffff888105a7af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.172427] ================================================================== [ 23.173069] ================================================================== [ 23.173441] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.173685] Write of size 1 at addr ffff888105a7af78 by task kunit_try_catch/192 [ 23.173909] [ 23.173994] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.174044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.174056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.174077] Call Trace: [ 23.174091] <TASK> [ 23.174106] dump_stack_lvl+0x73/0xb0 [ 23.174134] print_report+0xd1/0x610 [ 23.174155] ? __virt_addr_valid+0x1db/0x2d0 [ 23.174178] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.174202] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.174227] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.174251] kasan_report+0x141/0x180 [ 23.174271] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.174299] __asan_report_store1_noabort+0x1b/0x30 [ 23.174322] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.174346] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.174370] ? __schedule+0x10cc/0x2b60 [ 23.174436] ? __pfx_read_tsc+0x10/0x10 [ 23.174478] ? ktime_get_ts64+0x86/0x230 [ 23.174503] kunit_try_run_case+0x1a5/0x480 [ 23.174525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.174544] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.174569] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.174591] ? __kthread_parkme+0x82/0x180 [ 23.174611] ? preempt_count_sub+0x50/0x80 [ 23.174635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.174656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.174680] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.174704] kthread+0x337/0x6f0 [ 23.174723] ? trace_preempt_on+0x20/0xc0 [ 23.174755] ? __pfx_kthread+0x10/0x10 [ 23.174776] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.174797] ? calculate_sigpending+0x7b/0xa0 [ 23.174820] ? __pfx_kthread+0x10/0x10 [ 23.174841] ret_from_fork+0x116/0x1d0 [ 23.174860] ? __pfx_kthread+0x10/0x10 [ 23.174881] ret_from_fork_asm+0x1a/0x30 [ 23.174912] </TASK> [ 23.174923] [ 23.182071] Allocated by task 192: [ 23.182220] kasan_save_stack+0x45/0x70 [ 23.182438] kasan_save_track+0x18/0x40 [ 23.182654] kasan_save_alloc_info+0x3b/0x50 [ 23.182942] __kasan_kmalloc+0xb7/0xc0 [ 23.183109] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.183392] kmalloc_track_caller_oob_right+0x19a/0x520 [ 23.183687] kunit_try_run_case+0x1a5/0x480 [ 23.184002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.184250] kthread+0x337/0x6f0 [ 23.184433] ret_from_fork+0x116/0x1d0 [ 23.184684] ret_from_fork_asm+0x1a/0x30 [ 23.184891] [ 23.184996] The buggy address belongs to the object at ffff888105a7af00 [ 23.184996] which belongs to the cache kmalloc-128 of size 128 [ 23.185652] The buggy address is located 0 bytes to the right of [ 23.185652] allocated 120-byte region [ffff888105a7af00, ffff888105a7af78) [ 23.186174] [ 23.186272] The buggy address belongs to the physical page: [ 23.186521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7a [ 23.186883] flags: 0x200000000000000(node=0|zone=2) [ 23.187106] page_type: f5(slab) [ 23.187250] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.187487] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.187842] page dumped because: kasan: bad access detected [ 23.188121] [ 23.188199] Memory state around the buggy address: [ 23.188353] ffff888105a7ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.188874] ffff888105a7ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.189192] >ffff888105a7af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.189421] ^ [ 23.189626] ffff888105a7af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.189981] ffff888105a7b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.190252] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 23.114047] ================================================================== [ 23.114486] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 23.114753] Read of size 1 at addr ffff888106017000 by task kunit_try_catch/190 [ 23.114977] [ 23.115436] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.115859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.115876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.115900] Call Trace: [ 23.115915] <TASK> [ 23.115937] dump_stack_lvl+0x73/0xb0 [ 23.115973] print_report+0xd1/0x610 [ 23.115995] ? __virt_addr_valid+0x1db/0x2d0 [ 23.116021] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.116044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.116070] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.116093] kasan_report+0x141/0x180 [ 23.116114] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.116141] __asan_report_load1_noabort+0x18/0x20 [ 23.116164] kmalloc_node_oob_right+0x369/0x3c0 [ 23.116187] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 23.116210] ? __schedule+0x10cc/0x2b60 [ 23.116234] ? __pfx_read_tsc+0x10/0x10 [ 23.116256] ? ktime_get_ts64+0x86/0x230 [ 23.116302] kunit_try_run_case+0x1a5/0x480 [ 23.116333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.116353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.116376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.116399] ? __kthread_parkme+0x82/0x180 [ 23.116420] ? preempt_count_sub+0x50/0x80 [ 23.116443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.116464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.116488] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.116513] kthread+0x337/0x6f0 [ 23.116533] ? trace_preempt_on+0x20/0xc0 [ 23.116556] ? __pfx_kthread+0x10/0x10 [ 23.116577] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.116599] ? calculate_sigpending+0x7b/0xa0 [ 23.116624] ? __pfx_kthread+0x10/0x10 [ 23.116645] ret_from_fork+0x116/0x1d0 [ 23.116665] ? __pfx_kthread+0x10/0x10 [ 23.116685] ret_from_fork_asm+0x1a/0x30 [ 23.116716] </TASK> [ 23.116728] [ 23.130508] Allocated by task 190: [ 23.131008] kasan_save_stack+0x45/0x70 [ 23.131201] kasan_save_track+0x18/0x40 [ 23.131909] kasan_save_alloc_info+0x3b/0x50 [ 23.132343] __kasan_kmalloc+0xb7/0xc0 [ 23.132840] __kmalloc_cache_node_noprof+0x188/0x420 [ 23.133016] kmalloc_node_oob_right+0xab/0x3c0 [ 23.133165] kunit_try_run_case+0x1a5/0x480 [ 23.133324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.134175] kthread+0x337/0x6f0 [ 23.134646] ret_from_fork+0x116/0x1d0 [ 23.135163] ret_from_fork_asm+0x1a/0x30 [ 23.135761] [ 23.136066] The buggy address belongs to the object at ffff888106016000 [ 23.136066] which belongs to the cache kmalloc-4k of size 4096 [ 23.137485] The buggy address is located 0 bytes to the right of [ 23.137485] allocated 4096-byte region [ffff888106016000, ffff888106017000) [ 23.138068] [ 23.138150] The buggy address belongs to the physical page: [ 23.138865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106010 [ 23.139921] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.140657] flags: 0x200000000000040(head|node=0|zone=2) [ 23.141403] page_type: f5(slab) [ 23.141878] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 23.142623] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.142980] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 23.143202] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.144073] head: 0200000000000003 ffffea0004180401 00000000ffffffff 00000000ffffffff [ 23.144936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.145815] page dumped because: kasan: bad access detected [ 23.146496] [ 23.146765] Memory state around the buggy address: [ 23.147331] ffff888106016f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.147714] ffff888106016f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.148500] >ffff888106017000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.148860] ^ [ 23.148975] ffff888106017080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.149177] ffff888106017100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.149498] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 23.073101] ================================================================== [ 23.074306] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 23.075147] Read of size 1 at addr ffff88810226ac5f by task kunit_try_catch/188 [ 23.076080] [ 23.076301] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.076362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.076374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.076396] Call Trace: [ 23.076411] <TASK> [ 23.076430] dump_stack_lvl+0x73/0xb0 [ 23.076464] print_report+0xd1/0x610 [ 23.076486] ? __virt_addr_valid+0x1db/0x2d0 [ 23.076511] ? kmalloc_oob_left+0x361/0x3c0 [ 23.076531] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.076560] ? kmalloc_oob_left+0x361/0x3c0 [ 23.076582] kasan_report+0x141/0x180 [ 23.076604] ? kmalloc_oob_left+0x361/0x3c0 [ 23.076628] __asan_report_load1_noabort+0x18/0x20 [ 23.076652] kmalloc_oob_left+0x361/0x3c0 [ 23.076672] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.076694] ? __schedule+0x10cc/0x2b60 [ 23.076718] ? __pfx_read_tsc+0x10/0x10 [ 23.076752] ? ktime_get_ts64+0x86/0x230 [ 23.076778] kunit_try_run_case+0x1a5/0x480 [ 23.076802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.076821] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.076844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.076867] ? __kthread_parkme+0x82/0x180 [ 23.076888] ? preempt_count_sub+0x50/0x80 [ 23.076911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.076932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.076956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.076981] kthread+0x337/0x6f0 [ 23.077000] ? trace_preempt_on+0x20/0xc0 [ 23.077024] ? __pfx_kthread+0x10/0x10 [ 23.077046] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.077067] ? calculate_sigpending+0x7b/0xa0 [ 23.077091] ? __pfx_kthread+0x10/0x10 [ 23.077113] ret_from_fork+0x116/0x1d0 [ 23.077132] ? __pfx_kthread+0x10/0x10 [ 23.077152] ret_from_fork_asm+0x1a/0x30 [ 23.077183] </TASK> [ 23.077194] [ 23.089921] Allocated by task 21: [ 23.090383] kasan_save_stack+0x45/0x70 [ 23.090820] kasan_save_track+0x18/0x40 [ 23.091304] kasan_save_alloc_info+0x3b/0x50 [ 23.091797] __kasan_kmalloc+0xb7/0xc0 [ 23.092207] __kmalloc_cache_node_noprof+0x188/0x420 [ 23.092861] build_sched_domains+0x38c/0x5dd0 [ 23.093373] partition_sched_domains+0x471/0x9c0 [ 23.093860] rebuild_sched_domains_locked+0x97d/0xd50 [ 23.094243] cpuset_update_active_cpus+0x80f/0x1a90 [ 23.094836] sched_cpu_activate+0x2bf/0x330 [ 23.095514] cpuhp_invoke_callback+0x2a1/0xf00 [ 23.095669] cpuhp_thread_fun+0x2ce/0x5c0 [ 23.095817] smpboot_thread_fn+0x2bc/0x730 [ 23.095954] kthread+0x337/0x6f0 [ 23.096068] ret_from_fork+0x116/0x1d0 [ 23.096193] ret_from_fork_asm+0x1a/0x30 [ 23.096787] [ 23.097197] Freed by task 21: [ 23.097703] kasan_save_stack+0x45/0x70 [ 23.098255] kasan_save_track+0x18/0x40 [ 23.098726] kasan_save_free_info+0x3f/0x60 [ 23.099165] __kasan_slab_free+0x56/0x70 [ 23.099679] kfree+0x222/0x3f0 [ 23.100100] build_sched_domains+0x1fff/0x5dd0 [ 23.100754] partition_sched_domains+0x471/0x9c0 [ 23.101247] rebuild_sched_domains_locked+0x97d/0xd50 [ 23.101781] cpuset_update_active_cpus+0x80f/0x1a90 [ 23.102274] sched_cpu_activate+0x2bf/0x330 [ 23.102450] cpuhp_invoke_callback+0x2a1/0xf00 [ 23.102599] cpuhp_thread_fun+0x2ce/0x5c0 [ 23.102747] smpboot_thread_fn+0x2bc/0x730 [ 23.102882] kthread+0x337/0x6f0 [ 23.102996] ret_from_fork+0x116/0x1d0 [ 23.103122] ret_from_fork_asm+0x1a/0x30 [ 23.103276] [ 23.103355] The buggy address belongs to the object at ffff88810226ac40 [ 23.103355] which belongs to the cache kmalloc-16 of size 16 [ 23.103798] The buggy address is located 15 bytes to the right of [ 23.103798] allocated 16-byte region [ffff88810226ac40, ffff88810226ac50) [ 23.104931] [ 23.105098] The buggy address belongs to the physical page: [ 23.105299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10226a [ 23.105922] flags: 0x200000000000000(node=0|zone=2) [ 23.106201] page_type: f5(slab) [ 23.106415] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.107046] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.107432] page dumped because: kasan: bad access detected [ 23.107750] [ 23.108078] Memory state around the buggy address: [ 23.108660] ffff88810226ab00: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 23.108976] ffff88810226ab80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 23.109268] >ffff88810226ac00: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 23.109750] ^ [ 23.110003] ffff88810226ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.110441] ffff88810226ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.110767] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 23.008438] ================================================================== [ 23.009187] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 23.009948] Write of size 1 at addr ffff888105a7ad78 by task kunit_try_catch/186 [ 23.010882] [ 23.011091] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.011210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.011230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.011253] Call Trace: [ 23.011267] <TASK> [ 23.011283] dump_stack_lvl+0x73/0xb0 [ 23.011315] print_report+0xd1/0x610 [ 23.011337] ? __virt_addr_valid+0x1db/0x2d0 [ 23.011360] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.011382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.011667] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.011690] kasan_report+0x141/0x180 [ 23.011711] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.011748] __asan_report_store1_noabort+0x1b/0x30 [ 23.011771] kmalloc_oob_right+0x6bd/0x7f0 [ 23.011792] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.011814] ? __schedule+0x10cc/0x2b60 [ 23.011837] ? __pfx_read_tsc+0x10/0x10 [ 23.011858] ? ktime_get_ts64+0x86/0x230 [ 23.011883] kunit_try_run_case+0x1a5/0x480 [ 23.011904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.011924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.011947] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.011969] ? __kthread_parkme+0x82/0x180 [ 23.011989] ? preempt_count_sub+0x50/0x80 [ 23.012012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.012033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.012057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.012082] kthread+0x337/0x6f0 [ 23.012101] ? trace_preempt_on+0x20/0xc0 [ 23.012125] ? __pfx_kthread+0x10/0x10 [ 23.012145] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.012165] ? calculate_sigpending+0x7b/0xa0 [ 23.012189] ? __pfx_kthread+0x10/0x10 [ 23.012210] ret_from_fork+0x116/0x1d0 [ 23.012228] ? __pfx_kthread+0x10/0x10 [ 23.012248] ret_from_fork_asm+0x1a/0x30 [ 23.012286] </TASK> [ 23.012297] [ 23.026116] Allocated by task 186: [ 23.026243] kasan_save_stack+0x45/0x70 [ 23.026377] kasan_save_track+0x18/0x40 [ 23.026798] kasan_save_alloc_info+0x3b/0x50 [ 23.027236] __kasan_kmalloc+0xb7/0xc0 [ 23.027678] __kmalloc_cache_noprof+0x189/0x420 [ 23.028201] kmalloc_oob_right+0xa9/0x7f0 [ 23.028602] kunit_try_run_case+0x1a5/0x480 [ 23.028998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.029424] kthread+0x337/0x6f0 [ 23.029581] ret_from_fork+0x116/0x1d0 [ 23.029967] ret_from_fork_asm+0x1a/0x30 [ 23.030418] [ 23.030524] The buggy address belongs to the object at ffff888105a7ad00 [ 23.030524] which belongs to the cache kmalloc-128 of size 128 [ 23.031573] The buggy address is located 5 bytes to the right of [ 23.031573] allocated 115-byte region [ffff888105a7ad00, ffff888105a7ad73) [ 23.032376] [ 23.032552] The buggy address belongs to the physical page: [ 23.033235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7a [ 23.033834] flags: 0x200000000000000(node=0|zone=2) [ 23.033989] page_type: f5(slab) [ 23.034245] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.035018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.035820] page dumped because: kasan: bad access detected [ 23.036185] [ 23.036249] Memory state around the buggy address: [ 23.036410] ffff888105a7ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.037213] ffff888105a7ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.037712] >ffff888105a7ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.037928] ^ [ 23.038125] ffff888105a7ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.038322] ffff888105a7ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.038908] ================================================================== [ 23.039931] ================================================================== [ 23.040387] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 23.041285] Read of size 1 at addr ffff888105a7ad80 by task kunit_try_catch/186 [ 23.041600] [ 23.041817] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.041870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.041893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.041914] Call Trace: [ 23.041933] <TASK> [ 23.041950] dump_stack_lvl+0x73/0xb0 [ 23.041978] print_report+0xd1/0x610 [ 23.042037] ? __virt_addr_valid+0x1db/0x2d0 [ 23.042084] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.042104] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.042130] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.042151] kasan_report+0x141/0x180 [ 23.042172] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.042196] __asan_report_load1_noabort+0x18/0x20 [ 23.042219] kmalloc_oob_right+0x68a/0x7f0 [ 23.042240] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.042261] ? __schedule+0x10cc/0x2b60 [ 23.042312] ? __pfx_read_tsc+0x10/0x10 [ 23.042334] ? ktime_get_ts64+0x86/0x230 [ 23.042359] kunit_try_run_case+0x1a5/0x480 [ 23.042381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.042422] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.042445] ? __kthread_parkme+0x82/0x180 [ 23.042465] ? preempt_count_sub+0x50/0x80 [ 23.042488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.042534] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.042558] kthread+0x337/0x6f0 [ 23.042577] ? trace_preempt_on+0x20/0xc0 [ 23.042603] ? __pfx_kthread+0x10/0x10 [ 23.042623] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.042644] ? calculate_sigpending+0x7b/0xa0 [ 23.042667] ? __pfx_kthread+0x10/0x10 [ 23.042688] ret_from_fork+0x116/0x1d0 [ 23.042707] ? __pfx_kthread+0x10/0x10 [ 23.042727] ret_from_fork_asm+0x1a/0x30 [ 23.042768] </TASK> [ 23.042779] [ 23.055247] Allocated by task 186: [ 23.055368] kasan_save_stack+0x45/0x70 [ 23.055554] kasan_save_track+0x18/0x40 [ 23.055675] kasan_save_alloc_info+0x3b/0x50 [ 23.056112] __kasan_kmalloc+0xb7/0xc0 [ 23.056577] __kmalloc_cache_noprof+0x189/0x420 [ 23.057138] kmalloc_oob_right+0xa9/0x7f0 [ 23.057414] kunit_try_run_case+0x1a5/0x480 [ 23.057563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.058095] kthread+0x337/0x6f0 [ 23.058547] ret_from_fork+0x116/0x1d0 [ 23.058695] ret_from_fork_asm+0x1a/0x30 [ 23.058840] [ 23.058904] The buggy address belongs to the object at ffff888105a7ad00 [ 23.058904] which belongs to the cache kmalloc-128 of size 128 [ 23.059236] The buggy address is located 13 bytes to the right of [ 23.059236] allocated 115-byte region [ffff888105a7ad00, ffff888105a7ad73) [ 23.059582] [ 23.059644] The buggy address belongs to the physical page: [ 23.059814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7a [ 23.060037] flags: 0x200000000000000(node=0|zone=2) [ 23.060187] page_type: f5(slab) [ 23.060297] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.060515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.060722] page dumped because: kasan: bad access detected [ 23.061932] [ 23.062094] Memory state around the buggy address: [ 23.062959] ffff888105a7ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.063285] ffff888105a7ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.064095] >ffff888105a7ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.065696] ^ [ 23.066194] ffff888105a7ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.067041] ffff888105a7ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.067902] ================================================================== [ 22.971845] ================================================================== [ 22.972629] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.973307] Write of size 1 at addr ffff888105a7ad73 by task kunit_try_catch/186 [ 22.973696] [ 22.974679] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 22.975045] Tainted: [N]=TEST [ 22.975076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.975304] Call Trace: [ 22.975371] <TASK> [ 22.975513] dump_stack_lvl+0x73/0xb0 [ 22.975604] print_report+0xd1/0x610 [ 22.975633] ? __virt_addr_valid+0x1db/0x2d0 [ 22.975659] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.975681] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.975706] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.975727] kasan_report+0x141/0x180 [ 22.975761] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.975786] __asan_report_store1_noabort+0x1b/0x30 [ 22.975809] kmalloc_oob_right+0x6f0/0x7f0 [ 22.975830] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.975852] ? __schedule+0x10cc/0x2b60 [ 22.975876] ? __pfx_read_tsc+0x10/0x10 [ 22.975898] ? ktime_get_ts64+0x86/0x230 [ 22.975924] kunit_try_run_case+0x1a5/0x480 [ 22.975949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.975968] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.975991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.976014] ? __kthread_parkme+0x82/0x180 [ 22.976035] ? preempt_count_sub+0x50/0x80 [ 22.976059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.976080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.976105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.976129] kthread+0x337/0x6f0 [ 22.976149] ? trace_preempt_on+0x20/0xc0 [ 22.976174] ? __pfx_kthread+0x10/0x10 [ 22.976195] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.976216] ? calculate_sigpending+0x7b/0xa0 [ 22.976240] ? __pfx_kthread+0x10/0x10 [ 22.976262] ret_from_fork+0x116/0x1d0 [ 22.976295] ? __pfx_kthread+0x10/0x10 [ 22.976319] ret_from_fork_asm+0x1a/0x30 [ 22.976374] </TASK> [ 22.976439] [ 22.992617] Allocated by task 186: [ 22.993220] kasan_save_stack+0x45/0x70 [ 22.993724] kasan_save_track+0x18/0x40 [ 22.993934] kasan_save_alloc_info+0x3b/0x50 [ 22.994086] __kasan_kmalloc+0xb7/0xc0 [ 22.994215] __kmalloc_cache_noprof+0x189/0x420 [ 22.994377] kmalloc_oob_right+0xa9/0x7f0 [ 22.994512] kunit_try_run_case+0x1a5/0x480 [ 22.994653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.994834] kthread+0x337/0x6f0 [ 22.994955] ret_from_fork+0x116/0x1d0 [ 22.995083] ret_from_fork_asm+0x1a/0x30 [ 22.995269] [ 22.995418] The buggy address belongs to the object at ffff888105a7ad00 [ 22.995418] which belongs to the cache kmalloc-128 of size 128 [ 22.996581] The buggy address is located 0 bytes to the right of [ 22.996581] allocated 115-byte region [ffff888105a7ad00, ffff888105a7ad73) [ 22.997224] [ 22.997602] The buggy address belongs to the physical page: [ 22.998103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a7a [ 22.999178] flags: 0x200000000000000(node=0|zone=2) [ 22.999852] page_type: f5(slab) [ 23.000289] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.001199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.002068] page dumped because: kasan: bad access detected [ 23.002668] [ 23.002863] Memory state around the buggy address: [ 23.003681] ffff888105a7ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.004356] ffff888105a7ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.004878] >ffff888105a7ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.005229] ^ [ 23.006004] ffff888105a7ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.006674] ffff888105a7ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.006997] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 195.985956] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2924 [ 195.986473] Modules linked in: [ 195.986640] CPU: 1 UID: 0 PID: 2924 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 195.987117] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 195.987445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.987760] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 195.988013] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 195.988819] RSP: 0000:ffff88810ef2fc78 EFLAGS: 00010286 [ 195.989054] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 195.989449] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffbb85f814 [ 195.989738] RBP: ffff88810ef2fca0 R08: 0000000000000000 R09: ffffed1020b8b540 [ 195.990026] R10: ffff888105c5aa07 R11: 0000000000000000 R12: ffffffffbb85f800 [ 195.990242] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ef2fd38 [ 195.990522] FS: 0000000000000000(0000) GS:ffff88819d91d000(0000) knlGS:0000000000000000 [ 195.990980] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.991250] CR2: 00007ffff7ffe000 CR3: 000000012eebc000 CR4: 00000000000006f0 [ 195.991803] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9503 [ 195.992086] DR3: ffffffffbd8a9505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 195.992453] Call Trace: [ 195.992561] <TASK> [ 195.992700] drm_test_rect_calc_vscale+0x108/0x270 [ 195.992909] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 195.993152] ? __schedule+0x10cc/0x2b60 [ 195.993309] ? __pfx_read_tsc+0x10/0x10 [ 195.993488] ? ktime_get_ts64+0x86/0x230 [ 195.993636] kunit_try_run_case+0x1a5/0x480 [ 195.993900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.994639] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 195.994857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 195.995045] ? __kthread_parkme+0x82/0x180 [ 195.995230] ? preempt_count_sub+0x50/0x80 [ 195.995624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.995843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 195.996063] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 195.996296] kthread+0x337/0x6f0 [ 195.996533] ? trace_preempt_on+0x20/0xc0 [ 195.996739] ? __pfx_kthread+0x10/0x10 [ 195.996914] ? _raw_spin_unlock_irq+0x47/0x80 [ 195.997086] ? calculate_sigpending+0x7b/0xa0 [ 195.997290] ? __pfx_kthread+0x10/0x10 [ 195.997528] ret_from_fork+0x116/0x1d0 [ 195.997664] ? __pfx_kthread+0x10/0x10 [ 195.997961] ret_from_fork_asm+0x1a/0x30 [ 195.998173] </TASK> [ 195.998335] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 195.963798] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2922 [ 195.964791] Modules linked in: [ 195.965250] CPU: 0 UID: 0 PID: 2922 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 195.965883] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 195.966065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.966699] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 195.967246] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 195.969437] RSP: 0000:ffff88810ef1fc78 EFLAGS: 00010286 [ 195.969772] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 195.970062] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffbb85f7dc [ 195.970789] RBP: ffff88810ef1fca0 R08: 0000000000000000 R09: ffffed1021d79d00 [ 195.971123] R10: ffff88810ebce807 R11: 0000000000000000 R12: ffffffffbb85f7c8 [ 195.971451] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ef1fd38 [ 195.971797] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 195.972109] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.972459] CR2: ffffffffffffffff CR3: 000000012eebc000 CR4: 00000000000006f0 [ 195.972761] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 195.973032] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 195.973283] Call Trace: [ 195.973496] <TASK> [ 195.973601] drm_test_rect_calc_vscale+0x108/0x270 [ 195.973916] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 195.974175] ? __schedule+0x10cc/0x2b60 [ 195.974535] ? __pfx_read_tsc+0x10/0x10 [ 195.974701] ? ktime_get_ts64+0x86/0x230 [ 195.974906] kunit_try_run_case+0x1a5/0x480 [ 195.975101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.975328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 195.975568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 195.975767] ? __kthread_parkme+0x82/0x180 [ 195.975970] ? preempt_count_sub+0x50/0x80 [ 195.976157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.976316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 195.976627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 195.976983] kthread+0x337/0x6f0 [ 195.977112] ? trace_preempt_on+0x20/0xc0 [ 195.977416] ? __pfx_kthread+0x10/0x10 [ 195.977632] ? _raw_spin_unlock_irq+0x47/0x80 [ 195.977830] ? calculate_sigpending+0x7b/0xa0 [ 195.977980] ? __pfx_kthread+0x10/0x10 [ 195.978154] ret_from_fork+0x116/0x1d0 [ 195.978513] ? __pfx_kthread+0x10/0x10 [ 195.978741] ret_from_fork_asm+0x1a/0x30 [ 195.978948] </TASK> [ 195.979049] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 195.925143] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2912 [ 195.925748] Modules linked in: [ 195.926074] CPU: 0 UID: 0 PID: 2912 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 195.926925] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 195.927205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.927723] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 195.927996] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 9b 20 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 195.928860] RSP: 0000:ffff88810f02fc78 EFLAGS: 00010286 [ 195.929094] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 195.929624] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffbb85f818 [ 195.929925] RBP: ffff88810f02fca0 R08: 0000000000000000 R09: ffffed1020b8b4c0 [ 195.930244] R10: ffff888105c5a607 R11: 0000000000000000 R12: ffffffffbb85f800 [ 195.930611] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810f02fd38 [ 195.930910] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 195.931246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.931578] CR2: ffffffffffffffff CR3: 000000012eebc000 CR4: 00000000000006f0 [ 195.931870] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 195.932163] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 195.932489] Call Trace: [ 195.932653] <TASK> [ 195.932793] drm_test_rect_calc_hscale+0x108/0x270 [ 195.933035] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 195.933262] ? __schedule+0x10cc/0x2b60 [ 195.933653] ? __pfx_read_tsc+0x10/0x10 [ 195.933919] ? ktime_get_ts64+0x86/0x230 [ 195.934073] kunit_try_run_case+0x1a5/0x480 [ 195.934301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.934543] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 195.934823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 195.935059] ? __kthread_parkme+0x82/0x180 [ 195.935238] ? preempt_count_sub+0x50/0x80 [ 195.935510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.935748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 195.935996] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 195.936358] kthread+0x337/0x6f0 [ 195.936518] ? trace_preempt_on+0x20/0xc0 [ 195.936731] ? __pfx_kthread+0x10/0x10 [ 195.936925] ? _raw_spin_unlock_irq+0x47/0x80 [ 195.937094] ? calculate_sigpending+0x7b/0xa0 [ 195.937289] ? __pfx_kthread+0x10/0x10 [ 195.937481] ret_from_fork+0x116/0x1d0 [ 195.937875] ? __pfx_kthread+0x10/0x10 [ 195.938109] ret_from_fork_asm+0x1a/0x30 [ 195.938379] </TASK> [ 195.938548] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 195.906681] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2910 [ 195.907649] Modules linked in: [ 195.907936] CPU: 1 UID: 0 PID: 2910 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 195.908614] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 195.908799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.909056] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 195.909233] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 9b 20 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 195.910972] RSP: 0000:ffff88810ef77c78 EFLAGS: 00010286 [ 195.911657] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 195.912120] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffbb85f7e0 [ 195.912360] RBP: ffff88810ef77ca0 R08: 0000000000000000 R09: ffffed1020b8b480 [ 195.913077] R10: ffff888105c5a407 R11: 0000000000000000 R12: ffffffffbb85f7c8 [ 195.913711] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ef77d38 [ 195.913929] FS: 0000000000000000(0000) GS:ffff88819d91d000(0000) knlGS:0000000000000000 [ 195.914161] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.914426] CR2: 00007ffff7ffe000 CR3: 000000012eebc000 CR4: 00000000000006f0 [ 195.915122] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9503 [ 195.915721] DR3: ffffffffbd8a9505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 195.915941] Call Trace: [ 195.916044] <TASK> [ 195.916145] drm_test_rect_calc_hscale+0x108/0x270 [ 195.916344] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 195.916616] ? __schedule+0x10cc/0x2b60 [ 195.916841] ? __pfx_read_tsc+0x10/0x10 [ 195.917099] ? ktime_get_ts64+0x86/0x230 [ 195.917290] kunit_try_run_case+0x1a5/0x480 [ 195.917483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.917798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 195.917987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 195.918209] ? __kthread_parkme+0x82/0x180 [ 195.918611] ? preempt_count_sub+0x50/0x80 [ 195.918845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.919038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 195.919441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 195.919735] kthread+0x337/0x6f0 [ 195.919867] ? trace_preempt_on+0x20/0xc0 [ 195.920088] ? __pfx_kthread+0x10/0x10 [ 195.920292] ? _raw_spin_unlock_irq+0x47/0x80 [ 195.920646] ? calculate_sigpending+0x7b/0xa0 [ 195.920859] ? __pfx_kthread+0x10/0x10 [ 195.921049] ret_from_fork+0x116/0x1d0 [ 195.921256] ? __pfx_kthread+0x10/0x10 [ 195.921544] ret_from_fork_asm+0x1a/0x30 [ 195.921814] </TASK> [ 195.921933] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 195.164395] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 195.164519] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2715 [ 195.165738] Modules linked in: [ 195.165973] CPU: 0 UID: 0 PID: 2715 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 195.166576] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 195.166853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.167216] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 195.167454] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 fd c9 81 00 48 c7 c1 00 37 81 bb 4c 89 f2 48 c7 c7 20 33 81 bb 48 89 c6 e8 54 f9 71 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 195.168197] RSP: 0000:ffff88810e15fd18 EFLAGS: 00010286 [ 195.168433] RAX: 0000000000000000 RBX: ffff88810caeb000 RCX: 1ffffffff78a4b70 [ 195.168857] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 195.169241] RBP: ffff88810e15fd48 R08: 0000000000000000 R09: fffffbfff78a4b70 [ 195.169585] R10: 0000000000000003 R11: 000000000003b968 R12: ffff88810e82c000 [ 195.169941] R13: ffff88810caeb0f8 R14: ffff88810477ee00 R15: ffff8881003c7b48 [ 195.170365] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 195.170742] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.171073] CR2: ffffffffffffffff CR3: 000000012eebc000 CR4: 00000000000006f0 [ 195.171428] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 195.171758] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 195.172026] Call Trace: [ 195.172167] <TASK> [ 195.172373] ? trace_preempt_on+0x20/0xc0 [ 195.172668] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 195.172919] drm_gem_shmem_free_wrapper+0x12/0x20 [ 195.173165] __kunit_action_free+0x57/0x70 [ 195.173470] kunit_remove_resource+0x133/0x200 [ 195.173773] ? preempt_count_sub+0x50/0x80 [ 195.173952] kunit_cleanup+0x7a/0x120 [ 195.174127] kunit_try_run_case_cleanup+0xbd/0xf0 [ 195.174475] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 195.174716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 195.175017] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 195.175396] kthread+0x337/0x6f0 [ 195.175568] ? trace_preempt_on+0x20/0xc0 [ 195.175833] ? __pfx_kthread+0x10/0x10 [ 195.176002] ? _raw_spin_unlock_irq+0x47/0x80 [ 195.176242] ? calculate_sigpending+0x7b/0xa0 [ 195.176569] ? __pfx_kthread+0x10/0x10 [ 195.176798] ret_from_fork+0x116/0x1d0 [ 195.176981] ? __pfx_kthread+0x10/0x10 [ 195.177183] ret_from_fork_asm+0x1a/0x30 [ 195.177547] </TASK> [ 195.177671] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 195.024071] WARNING: drivers/gpu/drm/drm_framebuffer.c:869 at drm_framebuffer_init+0x49/0x8d0, CPU#1: kunit_try_catch/2696 [ 195.025842] Modules linked in: [ 195.026061] CPU: 1 UID: 0 PID: 2696 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 195.026912] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 195.027151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.027861] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 195.028099] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 195.029034] RSP: 0000:ffff88810e80fb20 EFLAGS: 00010246 [ 195.029311] RAX: ffff88810e80fba8 RBX: ffff88810e80fc28 RCX: 1ffff11021d01f8e [ 195.029745] RDX: dffffc0000000000 RSI: ffff88810e7c8000 RDI: ffff88810e7c8000 [ 195.030060] RBP: ffff88810e80fb70 R08: ffff88810e7c8000 R09: ffffffffbb803520 [ 195.030439] R10: 0000000000000003 R11: 00000000b5191952 R12: 1ffff11021d01f71 [ 195.030752] R13: ffff88810e80fc70 R14: ffff88810e80fdb8 R15: 0000000000000000 [ 195.031076] FS: 0000000000000000(0000) GS:ffff88819d91d000(0000) knlGS:0000000000000000 [ 195.031392] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.031732] CR2: 00007ffff7ffe000 CR3: 000000012eebc000 CR4: 00000000000006f0 [ 195.032087] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9503 [ 195.032391] DR3: ffffffffbd8a9505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 195.032655] Call Trace: [ 195.032973] <TASK> [ 195.033096] ? trace_preempt_on+0x20/0xc0 [ 195.033316] ? add_dr+0xc1/0x1d0 [ 195.033621] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 195.033989] ? add_dr+0x148/0x1d0 [ 195.034175] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 195.034458] ? __drmm_add_action+0x1a4/0x280 [ 195.034773] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 195.035082] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 195.035402] ? __drmm_add_action_or_reset+0x22/0x50 [ 195.035712] ? __schedule+0x10cc/0x2b60 [ 195.035921] ? __pfx_read_tsc+0x10/0x10 [ 195.036115] ? ktime_get_ts64+0x86/0x230 [ 195.036397] kunit_try_run_case+0x1a5/0x480 [ 195.036721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.036960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 195.037153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 195.037389] ? __kthread_parkme+0x82/0x180 [ 195.037717] ? preempt_count_sub+0x50/0x80 [ 195.037919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.038138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 195.038472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 195.038734] kthread+0x337/0x6f0 [ 195.038910] ? trace_preempt_on+0x20/0xc0 [ 195.039067] ? __pfx_kthread+0x10/0x10 [ 195.039250] ? _raw_spin_unlock_irq+0x47/0x80 [ 195.039565] ? calculate_sigpending+0x7b/0xa0 [ 195.039813] ? __pfx_kthread+0x10/0x10 [ 195.040000] ret_from_fork+0x116/0x1d0 [ 195.040181] ? __pfx_kthread+0x10/0x10 [ 195.040488] ret_from_fork_asm+0x1a/0x30 [ 195.040660] </TASK> [ 195.040747] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 194.984488] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 194.984637] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2692 [ 194.985281] Modules linked in: [ 194.986099] CPU: 0 UID: 0 PID: 2692 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 194.987441] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.988276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.989321] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 194.990003] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 bb 01 89 00 48 c7 c1 c0 df 7f bb 4c 89 fa 48 c7 c7 20 e0 7f bb 48 89 c6 e8 12 31 79 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 194.991732] RSP: 0000:ffff88810e80fb68 EFLAGS: 00010282 [ 194.991932] RAX: 0000000000000000 RBX: ffff88810e80fc40 RCX: 1ffffffff78a4b70 [ 194.992136] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 194.992764] RBP: ffff88810e80fb90 R08: 0000000000000000 R09: fffffbfff78a4b70 [ 194.993241] R10: 0000000000000003 R11: 000000000003a180 R12: ffff88810e80fc18 [ 194.994037] R13: ffff88810d3b5000 R14: ffff88810d3c3000 R15: ffff888105912200 [ 194.994452] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 194.994979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.995344] CR2: ffffffffffffffff CR3: 000000012eebc000 CR4: 00000000000006f0 [ 194.995710] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 194.995916] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.996114] Call Trace: [ 194.996214] <TASK> [ 194.996779] drm_test_framebuffer_free+0x1ab/0x610 [ 194.997282] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 194.997883] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 194.998461] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 194.998971] ? __drmm_add_action_or_reset+0x22/0x50 [ 194.999376] ? __schedule+0x10cc/0x2b60 [ 194.999699] ? __pfx_read_tsc+0x10/0x10 [ 194.999845] ? ktime_get_ts64+0x86/0x230 [ 194.999987] kunit_try_run_case+0x1a5/0x480 [ 195.000132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.000309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 195.000532] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 195.000902] ? __kthread_parkme+0x82/0x180 [ 195.001073] ? preempt_count_sub+0x50/0x80 [ 195.001271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 195.001518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 195.001701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 195.002030] kthread+0x337/0x6f0 [ 195.002207] ? trace_preempt_on+0x20/0xc0 [ 195.002390] ? __pfx_kthread+0x10/0x10 [ 195.002580] ? _raw_spin_unlock_irq+0x47/0x80 [ 195.002925] ? calculate_sigpending+0x7b/0xa0 [ 195.003153] ? __pfx_kthread+0x10/0x10 [ 195.003286] ret_from_fork+0x116/0x1d0 [ 195.003460] ? __pfx_kthread+0x10/0x10 [ 195.003675] ret_from_fork_asm+0x1a/0x30 [ 195.004040] </TASK> [ 195.004133] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 193.722674] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2140 [ 193.723113] Modules linked in: [ 193.723276] CPU: 0 UID: 0 PID: 2140 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 193.723877] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.724110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.724547] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 193.724853] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 50 79 2a 02 48 89 df e8 68 [ 193.725607] RSP: 0000:ffff88810cedfc90 EFLAGS: 00010246 [ 193.725832] RAX: dffffc0000000000 RBX: ffff88810d032000 RCX: 0000000000000000 [ 193.726082] RDX: 1ffff11021a06434 RSI: ffffffffb8a03fe8 RDI: ffff88810d0321a0 [ 193.726394] RBP: ffff88810cedfca0 R08: 1ffff11020078f6a R09: ffffed10219dbf65 [ 193.726998] R10: 0000000000000003 R11: ffffffffb7f827a8 R12: 0000000000000000 [ 193.727283] R13: ffff88810cedfd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 193.727714] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 193.728039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.728289] CR2: ffffffffffffffff CR3: 000000012eebc000 CR4: 00000000000006f0 [ 193.728898] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 193.729203] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.729578] Call Trace: [ 193.729702] <TASK> [ 193.729836] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 193.730111] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 193.730389] ? __schedule+0x10cc/0x2b60 [ 193.730719] ? __pfx_read_tsc+0x10/0x10 [ 193.730900] ? ktime_get_ts64+0x86/0x230 [ 193.731061] kunit_try_run_case+0x1a5/0x480 [ 193.731272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.731470] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.731918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.732131] ? __kthread_parkme+0x82/0x180 [ 193.732360] ? preempt_count_sub+0x50/0x80 [ 193.732733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.732965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.733202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.733450] kthread+0x337/0x6f0 [ 193.733721] ? trace_preempt_on+0x20/0xc0 [ 193.733905] ? __pfx_kthread+0x10/0x10 [ 193.734096] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.734270] ? calculate_sigpending+0x7b/0xa0 [ 193.734420] ? __pfx_kthread+0x10/0x10 [ 193.734734] ret_from_fork+0x116/0x1d0 [ 193.734929] ? __pfx_kthread+0x10/0x10 [ 193.735095] ret_from_fork_asm+0x1a/0x30 [ 193.735250] </TASK> [ 193.735372] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 193.640663] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2132 [ 193.641109] Modules linked in: [ 193.641260] CPU: 0 UID: 0 PID: 2132 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 193.641771] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.642078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.643195] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 193.643997] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 50 79 2a 02 48 89 df e8 68 [ 193.645064] RSP: 0000:ffff88810cef7c90 EFLAGS: 00010246 [ 193.645250] RAX: dffffc0000000000 RBX: ffff88810d4d2000 RCX: 0000000000000000 [ 193.646158] RDX: 1ffff11021a9a434 RSI: ffffffffb8a03fe8 RDI: ffff88810d4d21a0 [ 193.647096] RBP: ffff88810cef7ca0 R08: 1ffff11020078f6a R09: ffffed10219def65 [ 193.647993] R10: 0000000000000003 R11: ffffffffb7f827a8 R12: 0000000000000000 [ 193.648894] R13: ffff88810cef7d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 193.649112] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 193.649623] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.650342] CR2: ffffffffffffffff CR3: 000000012eebc000 CR4: 00000000000006f0 [ 193.651062] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 193.651957] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.652475] Call Trace: [ 193.652579] <TASK> [ 193.652687] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 193.652914] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 193.653136] ? __schedule+0x10cc/0x2b60 [ 193.653315] ? __pfx_read_tsc+0x10/0x10 [ 193.653848] ? ktime_get_ts64+0x86/0x230 [ 193.654398] kunit_try_run_case+0x1a5/0x480 [ 193.655006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.655698] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.656225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.656826] ? __kthread_parkme+0x82/0x180 [ 193.657228] ? preempt_count_sub+0x50/0x80 [ 193.657761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.658235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.658772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.658969] kthread+0x337/0x6f0 [ 193.659086] ? trace_preempt_on+0x20/0xc0 [ 193.659223] ? __pfx_kthread+0x10/0x10 [ 193.659664] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.660119] ? calculate_sigpending+0x7b/0xa0 [ 193.660584] ? __pfx_kthread+0x10/0x10 [ 193.661138] ret_from_fork+0x116/0x1d0 [ 193.661557] ? __pfx_kthread+0x10/0x10 [ 193.661953] ret_from_fork_asm+0x1a/0x30 [ 193.662111] </TASK> [ 193.662206] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 124.820652] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/708 [ 124.820951] Modules linked in: [ 124.821094] CPU: 0 UID: 0 PID: 708 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 124.821449] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 124.821619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 124.822328] RIP: 0010:intlog10+0x2a/0x40 [ 124.822528] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 97 2e 90 02 90 <0f> 0b 90 31 c0 e9 8c 2e 90 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 124.824059] RSP: 0000:ffff88810716fcb0 EFLAGS: 00010246 [ 124.824700] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020e2dfb4 [ 124.825215] RDX: 1ffffffff76d31f0 RSI: 1ffff11020e2dfb3 RDI: 0000000000000000 [ 124.825589] RBP: ffff88810716fd60 R08: 0000000000000000 R09: ffffed10204f7fa0 [ 124.826321] R10: ffff8881027bfd07 R11: 0000000000000000 R12: 1ffff11020e2df97 [ 124.827077] R13: ffffffffbb698f80 R14: 0000000000000000 R15: ffff88810716fd38 [ 124.827608] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 124.828146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.828755] CR2: ffff88815a940fe0 CR3: 000000012eebc000 CR4: 00000000000006f0 [ 124.829246] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 124.829887] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 124.830101] Call Trace: [ 124.830196] <TASK> [ 124.830319] ? intlog10_test+0xf2/0x220 [ 124.831041] ? __pfx_intlog10_test+0x10/0x10 [ 124.831473] ? __schedule+0x10cc/0x2b60 [ 124.831906] ? __pfx_read_tsc+0x10/0x10 [ 124.832528] ? ktime_get_ts64+0x86/0x230 [ 124.833065] kunit_try_run_case+0x1a5/0x480 [ 124.833583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.833764] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 124.833921] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 124.834082] ? __kthread_parkme+0x82/0x180 [ 124.834220] ? preempt_count_sub+0x50/0x80 [ 124.834641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.835183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 124.835833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 124.836463] kthread+0x337/0x6f0 [ 124.836976] ? trace_preempt_on+0x20/0xc0 [ 124.837474] ? __pfx_kthread+0x10/0x10 [ 124.837899] ? _raw_spin_unlock_irq+0x47/0x80 [ 124.838215] ? calculate_sigpending+0x7b/0xa0 [ 124.838458] ? __pfx_kthread+0x10/0x10 [ 124.838864] ret_from_fork+0x116/0x1d0 [ 124.839193] ? __pfx_kthread+0x10/0x10 [ 124.839567] ret_from_fork_asm+0x1a/0x30 [ 124.839920] </TASK> [ 124.840010] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 124.773658] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/690 [ 124.773982] Modules linked in: [ 124.774141] CPU: 0 UID: 0 PID: 690 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 124.774490] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 124.774639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 124.774997] RIP: 0010:intlog2+0xdf/0x110 [ 124.775829] Code: 69 bb c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 02 2f 90 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 6f c1 55 ff 8b 45 e4 eb [ 124.776850] RSP: 0000:ffff88810705fcb0 EFLAGS: 00010246 [ 124.777255] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020e0bfb4 [ 124.778021] RDX: 1ffffffff76d3244 RSI: 1ffff11020e0bfb3 RDI: 0000000000000000 [ 124.778245] RBP: ffff88810705fd60 R08: 0000000000000000 R09: ffffed10204f7e60 [ 124.779165] R10: ffff8881027bf307 R11: 0000000000000000 R12: 1ffff11020e0bf97 [ 124.780143] R13: ffffffffbb699220 R14: 0000000000000000 R15: ffff88810705fd38 [ 124.780863] FS: 0000000000000000(0000) GS:ffff88819d81d000(0000) knlGS:0000000000000000 [ 124.781598] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.781798] CR2: ffff88815a940fe0 CR3: 000000012eebc000 CR4: 00000000000006f0 [ 124.782004] DR0: ffffffffbd8a9500 DR1: ffffffffbd8a9501 DR2: ffffffffbd8a9502 [ 124.782209] DR3: ffffffffbd8a9503 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 124.782419] Call Trace: [ 124.782516] <TASK> [ 124.782600] ? intlog2_test+0xf2/0x220 [ 124.782765] ? __pfx_intlog2_test+0x10/0x10 [ 124.783695] ? __schedule+0x10cc/0x2b60 [ 124.783918] ? __pfx_read_tsc+0x10/0x10 [ 124.784118] ? ktime_get_ts64+0x86/0x230 [ 124.784648] kunit_try_run_case+0x1a5/0x480 [ 124.784932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.785226] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 124.785622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 124.785975] ? __kthread_parkme+0x82/0x180 [ 124.786167] ? preempt_count_sub+0x50/0x80 [ 124.786632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.786857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 124.787258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 124.787690] kthread+0x337/0x6f0 [ 124.788032] ? trace_preempt_on+0x20/0xc0 [ 124.788247] ? __pfx_kthread+0x10/0x10 [ 124.788519] ? _raw_spin_unlock_irq+0x47/0x80 [ 124.788741] ? calculate_sigpending+0x7b/0xa0 [ 124.788959] ? __pfx_kthread+0x10/0x10 [ 124.789146] ret_from_fork+0x116/0x1d0 [ 124.789323] ? __pfx_kthread+0x10/0x10 [ 124.789630] ret_from_fork_asm+0x1a/0x30 [ 124.789827] </TASK> [ 124.790006] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 124.167356] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI